From 69896936bacd9e706829709ce6c2a10b64de02d5 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Feb 2011 14:13:04 -0800 Subject: [PATCH] see #2042 re-ran tests --- test/pf/firewall-base-rulesets.fw.orig | 6 +- test/pf/firewall-ipv6-1.fw.orig | 6 +- test/pf/firewall-ipv6-2.fw.orig | 6 +- test/pf/firewall-ipv6-3.fw.orig | 4 +- test/pf/firewall.fw.orig | 6 +- test/pf/firewall1.fw.orig | 6 +- test/pf/firewall10-1.fw.orig | 6 +- test/pf/firewall10-2.fw.orig | 6 +- test/pf/firewall10-3.fw.orig | 6 +- test/pf/firewall10-4.fw.orig | 6 +- test/pf/firewall10-5.fw.orig | 6 +- test/pf/firewall10-6.fw.orig | 6 +- test/pf/firewall100.fw.orig | 6 +- test/pf/firewall101.fw.orig | 6 +- test/pf/firewall102.fw.orig | 4 +- test/pf/firewall103-1.conf.orig | 25 ++ test/pf/firewall103-1.fw.orig | 399 +++++++++++++++++++++++++ test/pf/firewall103-2.conf.orig | 25 ++ test/pf/firewall103-2.fw.orig | 399 +++++++++++++++++++++++++ test/pf/firewall103.fw.orig | 110 ++++++- test/pf/firewall104-1.conf.orig | 25 ++ test/pf/firewall104-1.fw.orig | 398 ++++++++++++++++++++++++ test/pf/firewall104.fw.orig | 111 ++++++- test/pf/firewall105.fw.orig | 4 +- test/pf/firewall106.fw.orig | 4 +- test/pf/firewall107.fw.orig | 108 ++++++- test/pf/firewall108.fw.orig | 4 +- test/pf/firewall11.fw.orig | 6 +- test/pf/firewall12.fw.orig | 6 +- test/pf/firewall13.fw.orig | 6 +- test/pf/firewall14-1.fw.orig | 6 +- test/pf/firewall14.fw.orig | 6 +- test/pf/firewall2-1.fw.orig | 6 +- test/pf/firewall2.fw.orig | 6 +- test/pf/firewall20.fw.orig | 6 +- test/pf/firewall21.fw.orig | 6 +- test/pf/firewall22.fw.orig | 6 +- test/pf/firewall3.fw.orig | 6 +- test/pf/firewall33.fw.orig | 7 +- test/pf/firewall34.fw.orig | 7 +- test/pf/firewall38.fw.orig | 6 +- test/pf/firewall39.fw.orig | 6 +- test/pf/firewall4.fw.orig | 6 +- test/pf/firewall40-1.fw.orig | 6 +- test/pf/firewall40.fw.orig | 6 +- test/pf/firewall41.fw.orig | 6 +- test/pf/firewall5.fw.orig | 6 +- test/pf/firewall51.fw.orig | 6 +- test/pf/firewall6.fw.orig | 6 +- test/pf/firewall62.fw.orig | 6 +- test/pf/firewall63.fw.orig | 6 +- test/pf/firewall7.fw.orig | 6 +- test/pf/firewall70.fw.orig | 6 +- test/pf/firewall8.fw.orig | 6 +- test/pf/firewall80-4.5.fw.orig | 6 +- test/pf/firewall80.fw.orig | 6 +- test/pf/firewall9.fw.orig | 6 +- test/pf/firewall91.fw.orig | 6 +- test/pf/firewall92.fw.orig | 6 +- test/pf/pf_cluster_1_openbsd-1.fw.orig | 6 +- test/pf/pf_cluster_1_openbsd-2.fw.orig | 6 +- test/pf/pf_cluster_2_freebsd-1.fw.orig | 14 +- test/pf/pf_cluster_2_freebsd-2.fw.orig | 8 +- test/pf/pf_cluster_3_openbsd-3.fw.orig | 6 +- test/pf/pf_cluster_3_openbsd-4.fw.orig | 6 +- test/pf/pf_cluster_4_rc.conf.local | 4 +- 66 files changed, 1746 insertions(+), 196 deletions(-) create mode 100644 test/pf/firewall103-1.conf.orig create mode 100755 test/pf/firewall103-1.fw.orig create mode 100644 test/pf/firewall103-2.conf.orig create mode 100755 test/pf/firewall103-2.fw.orig create mode 100644 test/pf/firewall104-1.conf.orig create mode 100755 test/pf/firewall104-1.fw.orig diff --git a/test/pf/firewall-base-rulesets.fw.orig b/test/pf/firewall-base-rulesets.fw.orig index dfb907ab5..0b0b60fce 100755 --- a/test/pf/firewall-base-rulesets.fw.orig +++ b/test/pf/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:08 2011 PST by vadim +# Generated Tue Feb 8 14:11:23 2011 PST by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf @@ -163,7 +163,7 @@ configure_interfaces() { update_addresses_of_interface "en2 192.168.100.1/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:18:08 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:23 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-1.fw.orig b/test/pf/firewall-ipv6-1.fw.orig index be798a83d..1e5daf8fb 100755 --- a/test/pf/firewall-ipv6-1.fw.orig +++ b/test/pf/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:08 2011 PST by vadim +# Generated Tue Feb 8 14:11:23 2011 PST by vadim # # files: * firewall-ipv6-1.fw pf-ipv6.fw # files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf @@ -175,7 +175,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:18:08 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:23 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-2.fw.orig b/test/pf/firewall-ipv6-2.fw.orig index a8a92c387..4505dd246 100755 --- a/test/pf/firewall-ipv6-2.fw.orig +++ b/test/pf/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:10 2011 PST by vadim +# Generated Tue Feb 8 14:11:24 2011 PST by vadim # # files: * firewall-ipv6-2.fw pf.fw # files: firewall-ipv6-2.conf pf.conf @@ -179,7 +179,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:18:10 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:24 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-3.fw.orig b/test/pf/firewall-ipv6-3.fw.orig index 86a3dcda4..76073935c 100755 --- a/test/pf/firewall-ipv6-3.fw.orig +++ b/test/pf/firewall-ipv6-3.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:10 2011 PST by vadim +# Generated Tue Feb 8 14:11:24 2011 PST by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf diff --git a/test/pf/firewall.fw.orig b/test/pf/firewall.fw.orig index 988cc583f..74cad9e30 100755 --- a/test/pf/firewall.fw.orig +++ b/test/pf/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:39 2011 PST by vadim +# Generated Tue Feb 8 14:10:52 2011 PST by vadim # # files: * firewall.fw /etc/pf.fw # files: firewall.conf /etc/pf.conf @@ -167,7 +167,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:17:39 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:52 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall1.fw.orig b/test/pf/firewall1.fw.orig index 10cb4b9bc..e787a5f11 100755 --- a/test/pf/firewall1.fw.orig +++ b/test/pf/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:40 2011 PST by vadim +# Generated Tue Feb 8 14:10:53 2011 PST by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # files: firewall1.conf /etc/fw/firewall1.conf @@ -79,7 +79,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:40 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:53 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-1.fw.orig b/test/pf/firewall10-1.fw.orig index 2a5d37931..473eb64fa 100755 --- a/test/pf/firewall10-1.fw.orig +++ b/test/pf/firewall10-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:42 2011 PST by vadim +# Generated Tue Feb 8 14:10:54 2011 PST by vadim # # files: * firewall10-1.fw /etc/fw/firewall10-1.fw # files: firewall10-1.conf /etc/fw/firewall10-1.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:42 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:54 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-2.fw.orig b/test/pf/firewall10-2.fw.orig index 8158ee4b9..6a1e74221 100755 --- a/test/pf/firewall10-2.fw.orig +++ b/test/pf/firewall10-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:43 2011 PST by vadim +# Generated Tue Feb 8 14:10:55 2011 PST by vadim # # files: * firewall10-2.fw /etc/fw/firewall10-2.fw # files: firewall10-2.conf /etc/fw/firewall10-2.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:43 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:55 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-3.fw.orig b/test/pf/firewall10-3.fw.orig index 1081744d5..e0d530a1c 100755 --- a/test/pf/firewall10-3.fw.orig +++ b/test/pf/firewall10-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:44 2011 PST by vadim +# Generated Tue Feb 8 14:10:56 2011 PST by vadim # # files: * firewall10-3.fw /etc/fw/firewall10-3.fw # files: firewall10-3.conf /etc/fw/firewall10-3.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:44 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:56 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-4.fw.orig b/test/pf/firewall10-4.fw.orig index fcadb17db..483e88f79 100755 --- a/test/pf/firewall10-4.fw.orig +++ b/test/pf/firewall10-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:45 2011 PST by vadim +# Generated Tue Feb 8 14:10:59 2011 PST by vadim # # files: * firewall10-4.fw /etc/fw/firewall10-4.fw # files: firewall10-4.conf /etc/fw/firewall10-4.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:45 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:59 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-5.fw.orig b/test/pf/firewall10-5.fw.orig index 89d22573a..e6555161f 100755 --- a/test/pf/firewall10-5.fw.orig +++ b/test/pf/firewall10-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:46 2011 PST by vadim +# Generated Tue Feb 8 14:11:00 2011 PST by vadim # # files: * firewall10-5.fw /etc/fw/firewall10-5.fw # files: firewall10-5.conf /etc/fw/firewall10-5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:46 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:00 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-6.fw.orig b/test/pf/firewall10-6.fw.orig index 38f5238e6..f7c6de6f1 100755 --- a/test/pf/firewall10-6.fw.orig +++ b/test/pf/firewall10-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:47 2011 PST by vadim +# Generated Tue Feb 8 14:11:01 2011 PST by vadim # # files: * firewall10-6.fw /etc/fw/firewall10-6.fw # files: firewall10-6.conf /etc/fw/firewall10-6.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:47 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:01 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall100.fw.orig b/test/pf/firewall100.fw.orig index 591f8480c..7f864e6fe 100755 --- a/test/pf/firewall100.fw.orig +++ b/test/pf/firewall100.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:41 2011 PST by vadim +# Generated Tue Feb 8 14:10:53 2011 PST by vadim # # files: * firewall100.fw /etc/fw/pf.fw # files: firewall100.conf /etc/fw/path\ with\ space/pf.conf @@ -160,7 +160,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:17:41 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:53 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall101.fw.orig b/test/pf/firewall101.fw.orig index 21cfa3dbf..ae2c68ad5 100755 --- a/test/pf/firewall101.fw.orig +++ b/test/pf/firewall101.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:41 2011 PST by vadim +# Generated Tue Feb 8 14:10:54 2011 PST by vadim # # files: * firewall101.fw /etc/fw/pf.fw # files: firewall101.conf /etc/fw/path\ with\ space/pf.conf @@ -163,7 +163,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:17:41 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:54 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall102.fw.orig b/test/pf/firewall102.fw.orig index f115eec87..8193f835f 100755 --- a/test/pf/firewall102.fw.orig +++ b/test/pf/firewall102.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:42 2011 PST by vadim +# Generated Tue Feb 8 14:10:55 2011 PST by vadim # # files: * firewall102.fw /etc/fw/pf.fw # files: firewall102.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall103-1.conf.orig b/test/pf/firewall103-1.conf.orig new file mode 100644 index 000000000..ec943e9de --- /dev/null +++ b/test/pf/firewall103-1.conf.orig @@ -0,0 +1,25 @@ + +set timeout udp.single 5 + +# +# Scrub rules +# +match all scrub (reassemble tcp no-df ) +match out all scrub (random-id min-ttl 1 max-mss 1460) + + +# Tables: (1) +table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } + +# +# Rule backup ssh access rule +# backup ssh access rule +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +# +# Rule 0 (global) +block log quick inet from any to any no state label "RULE 0 -- DROP " +# +# Rule fallback rule +# fallback rule +block quick inet from any to any no state label "RULE 10000 -- DROP " + diff --git a/test/pf/firewall103-1.fw.orig b/test/pf/firewall103-1.fw.orig new file mode 100755 index 000000000..fc9727ddb --- /dev/null +++ b/test/pf/firewall103-1.fw.orig @@ -0,0 +1,399 @@ +#!/bin/sh +# +# This is automatically generated file. DO NOT MODIFY ! +# +# Firewall Builder fwb_pf v4.2.0.3465 +# +# Generated Tue Feb 8 14:10:57 2011 PST by vadim +# +# files: * firewall103-1.fw /etc/fw/pf.fw +# files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf +# +# Compiled for pf 4.7 +# +# bridge interface, static address, shell script format, OpenBSD 4.7 + + + + + +FWDIR=`dirname $0` + +IFCONFIG="/sbin/ifconfig" +PFCTL="/sbin/pfctl" +SYSCTL="/sbin/sysctl" +LOGGER="/usr/bin/logger" + +log() { + echo "$1" + test -x "$LOGGER" && $LOGGER -p info "$1" +} + +diff_intf() { + func=$1 + list1=$2 + list2=$3 + cmd=$4 + for intf in $list1 + do + echo $list2 | grep -q $intf || { + # $vlan is absent in list 2 + $func $intf $cmd + } + done +} + + +missing_address() { + address=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $address + addr=$1 + interface=$2 + IFS=$oldIFS + + if echo "$addr" | grep -q ':' + then + inet="inet6" + addr=$(echo "$addr" | sed 's!/! prefixlen !') + else + inet="inet" + addr=$(echo "$addr" | sed 's!/! netmask !') + fi + + parameter="" + test "$cmd" = "add" && { + echo "# Adding ip address: $interface $addr" + parameter="alias" + } + test "$cmd" = "del" && { + echo "# Removing ip address: $interface $addr" + parameter="delete" + } + + $FWBDEBUG $IFCONFIG $interface $inet $addr $parameter + $FWBDEBUG $IFCONFIG $interface up +} + +list_addresses_by_scope() { + interface=$1 + scope=$2 + ignore_list=$3 + + scope_regex="1" + if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi + + $IFCONFIG $interface | sed "s/%$interface//" | \ + awk -v IGNORED="$ignore_list" \ + "BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + (/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \ + while read addr; do + echo "${addr}@$interface" + done | sort + +} + +update_addresses_of_interface() { + ignore_list=$2 + set $1 + interface=$1 + shift + + FWB_ADDRS=$( + for addr in $*; do + echo "${addr}@$interface" + done | sort + ) + + CURRENT_ADDRS_ALL_SCOPES="" + CURRENT_ADDRS_GLOBAL_SCOPE="" + + $IFCONFIG $interface >/dev/null 2>&1 && { + CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list") + CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list") + } || { + echo "# Interface $interface does not exist" + # Stop the script if we are not in test mode + test -z "$FWBDEBUG" && exit 1 + } + + diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add + diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del +} + +missing_vlan() { + vlan=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $vlan + subint=$1 + parent=$2 + IFS=$oldIFS + + vlan_id=$(echo $subint | sed 's/vlan//') + test "$cmd" = "add" && { + echo "# Adding VLAN interface $subint (parent: $parent)" + $FWBDEBUG $IFCONFIG $subint vlan $vlan_id vlandev $parent + $FWBDEBUG $IFCONFIG $subint up + } + test "$cmd" = "rem" && { + echo "# Removing VLAN interface $subint (parent: $parent)" + $FWBDEBUG $IFCONFIG $subint vlan $vlan_id -vlandev + $FWBDEBUG $IFCONFIG $subint destroy + } +} + +parse_fwb_vlans() { + set $1 + vlan_parent_interface=$1 + shift + + FWB_VLANS=$( + for subint in $*; do + echo "${subint}@$vlan_parent_interface" + done | sort + ) + echo $FWB_VLANS +} + +parse_current_vlans() { + vlan_parent_interface=$1 + $IFCONFIG -A | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ + while read x vlan_id parent + do + test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent" + done | sort +} + +update_vlans_of_interface() { + args="$1" + set $1 + vlan_parent_interface=$1 + + FWB_VLANS=$(parse_fwb_vlans "$args") + CURRENT_VLANS=$(parse_current_vlans $vlan_parent_interface) + + $IFCONFIG $vlan_parent_interface up + diff_intf missing_vlan "$FWB_VLANS" "$CURRENT_VLANS" add + diff_intf missing_vlan "$CURRENT_VLANS" "$FWB_VLANS" rem +} + +sync_vlan_interfaces() { + $IFCONFIG -A | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^vlan[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting vlan interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating vlan interface $intf" + $FWBDEBUG $IFCONFIG $intf create + } + done +} + + + +BRCONFIG="$IFCONFIG" + + + + +missing_port() { + intf=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $intf + port=$1 + bridge_interface=$2 + IFS=$oldIFS + + echo "# Updating bridge configuration: $bridge_interface $cmd $port" + $FWBDEBUG $BRCONFIG $bridge_interface $cmd $port + test "$cmd" = "addm" && $FWBDEBUG $IFCONFIG $port up +} + +update_bridge_interface() { + bridge_interface=$1 + shift + + FWB_PORTS="" + CURRENT_PORTS="" + + FWB_PORTS=$( + for subint in $*; do + echo "${subint}@$bridge_interface" + done | sort + ) + + # this is really redundant because we create missing bridge + # interfaces in sync_bridge_interfaces. However will leave this + # here so that function update_bridge can be used without prior + # call to sync_bridge_interfaces The difference is that + # sync_bridge_interfaces also deletes bridge interfaces that exist + # on the machine but are missing in fwbuilder confgiuration. The + # update_bridge function can only add bridge interfaces. + $BRCONFIG $bridge_interface >/dev/null 2>&1 || { + echo "# Creating bridge interface $bridge_interface" + $FWBDEBUG $IFCONFIG $bridge_interface create + $FWBDEBUG $IFCONFIG $bridge_interface up + } + + PORTS=$( + $BRCONFIG $bridge_interface | awk '($1~/member:/) { print $2; }' + ) + + test -n "$PORTS" && { + CURRENT_PORTS=$( + for subint in $PORTS; do + echo "${subint}@$bridge_interface" + done | sort + ) + } + + # first delete bridge ports, then add. This way, if an interface + # moves from one bridge to another, we remove it first and then + # add. It would not work if we tried to add it first, brctl issues + # an error: + # device eth2 is already a member of a bridge; can't enslave it to bridge br1. + # + diff_intf missing_port "$CURRENT_PORTS" "$FWB_PORTS" deletem + diff_intf missing_port "$FWB_PORTS" "$CURRENT_PORTS" addm +} + + +sync_bridge_interfaces() { + $BRCONFIG -a | awk -F: -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + ($1 ~ /^bridge[0-9]/ && !($1 in ignored_dict)) {print $1;}' | \ + while read brintf; do + echo "# Deleting bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brintf down + $FWBDEBUG $IFCONFIG $brintf destroy + done + + for brint in $*; do + $BRCONFIG $brint >/dev/null 2>&1 || { + echo "# Creating bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brint create + $FWBDEBUG $IFCONFIG $brint up + } + done +} + + +sync_carp_interfaces() { + $IFCONFIG -A | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^carp[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting carp interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating carp interface $intf" + $SYSCTL -w net.inet.carp.allow=1 + $FWBDEBUG $IFCONFIG $intf create + } + done +} + + +sync_pfsync_interfaces() { + $IFCONFIG -A | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^pfsync[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting pfsync interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating pfsync interface $intf" + $FWBDEBUG $IFCONFIG $intf create + } + done +} + +verify_interfaces() { + : + +} + +set_kernel_vars() { + : + $SYSCTL -w net.inet.ip.forwarding=1 +} + +prolog_commands() { + : + +} + +epilog_commands() { + : + +} + +run_epilog_and_exit() { + epilog_commands + exit $1 +} + +configure_interfaces() { + : + sync_vlan_interfaces + sync_bridge_interfaces bridge0 + update_bridge_interface bridge0 "em2 em3" + sync_carp_interfaces + sync_pfsync_interfaces + update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" + update_addresses_of_interface "em0 10.3.14.81/0xffffff00" "" + update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" + update_addresses_of_interface "em2" "" + update_addresses_of_interface "em3" "" +} + +log "Activating firewall script generated Tue Feb 8 14:10:57 2011 by vadim" + +set_kernel_vars +configure_interfaces +prolog_commands + +$PFCTL -f /etc/fw/path\ with\ space/pf.conf || exit 1 + + + + + + + +epilog_commands \ No newline at end of file diff --git a/test/pf/firewall103-2.conf.orig b/test/pf/firewall103-2.conf.orig new file mode 100644 index 000000000..d1fabd88f --- /dev/null +++ b/test/pf/firewall103-2.conf.orig @@ -0,0 +1,25 @@ + +set timeout udp.single 5 + +# +# Scrub rules +# +scrub all reassemble tcp no-df +scrub out all random-id min-ttl 1 max-mss 1460 + + +# Tables: (1) +table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } + +# +# Rule backup ssh access rule +# backup ssh access rule +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +# +# Rule 0 (global) +block log quick inet from any to any no state label "RULE 0 -- DROP " +# +# Rule fallback rule +# fallback rule +block quick inet from any to any no state label "RULE 10000 -- DROP " + diff --git a/test/pf/firewall103-2.fw.orig b/test/pf/firewall103-2.fw.orig new file mode 100755 index 000000000..149bcd181 --- /dev/null +++ b/test/pf/firewall103-2.fw.orig @@ -0,0 +1,399 @@ +#!/bin/sh +# +# This is automatically generated file. DO NOT MODIFY ! +# +# Firewall Builder fwb_pf v4.2.0.3465 +# +# Generated Tue Feb 8 14:10:57 2011 PST by vadim +# +# files: * firewall103-2.fw /etc/fw/pf.fw +# files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf +# +# Compiled for pf 4.0 +# +# bridge interface, static address, shell script format, OpenBSD <4.7 + + + + + +FWDIR=`dirname $0` + +IFCONFIG="/sbin/ifconfig" +PFCTL="/sbin/pfctl" +SYSCTL="/sbin/sysctl" +LOGGER="/usr/bin/logger" + +log() { + echo "$1" + test -x "$LOGGER" && $LOGGER -p info "$1" +} + +diff_intf() { + func=$1 + list1=$2 + list2=$3 + cmd=$4 + for intf in $list1 + do + echo $list2 | grep -q $intf || { + # $vlan is absent in list 2 + $func $intf $cmd + } + done +} + + +missing_address() { + address=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $address + addr=$1 + interface=$2 + IFS=$oldIFS + + if echo "$addr" | grep -q ':' + then + inet="inet6" + addr=$(echo "$addr" | sed 's!/! prefixlen !') + else + inet="inet" + addr=$(echo "$addr" | sed 's!/! netmask !') + fi + + parameter="" + test "$cmd" = "add" && { + echo "# Adding ip address: $interface $addr" + parameter="alias" + } + test "$cmd" = "del" && { + echo "# Removing ip address: $interface $addr" + parameter="delete" + } + + $FWBDEBUG $IFCONFIG $interface $inet $addr $parameter + $FWBDEBUG $IFCONFIG $interface up +} + +list_addresses_by_scope() { + interface=$1 + scope=$2 + ignore_list=$3 + + scope_regex="1" + if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi + + $IFCONFIG $interface | sed "s/%$interface//" | \ + awk -v IGNORED="$ignore_list" \ + "BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + (/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \ + while read addr; do + echo "${addr}@$interface" + done | sort + +} + +update_addresses_of_interface() { + ignore_list=$2 + set $1 + interface=$1 + shift + + FWB_ADDRS=$( + for addr in $*; do + echo "${addr}@$interface" + done | sort + ) + + CURRENT_ADDRS_ALL_SCOPES="" + CURRENT_ADDRS_GLOBAL_SCOPE="" + + $IFCONFIG $interface >/dev/null 2>&1 && { + CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list") + CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list") + } || { + echo "# Interface $interface does not exist" + # Stop the script if we are not in test mode + test -z "$FWBDEBUG" && exit 1 + } + + diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add + diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del +} + +missing_vlan() { + vlan=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $vlan + subint=$1 + parent=$2 + IFS=$oldIFS + + vlan_id=$(echo $subint | sed 's/vlan//') + test "$cmd" = "add" && { + echo "# Adding VLAN interface $subint (parent: $parent)" + $FWBDEBUG $IFCONFIG $subint vlan $vlan_id vlandev $parent + $FWBDEBUG $IFCONFIG $subint up + } + test "$cmd" = "rem" && { + echo "# Removing VLAN interface $subint (parent: $parent)" + $FWBDEBUG $IFCONFIG $subint vlan $vlan_id -vlandev + $FWBDEBUG $IFCONFIG $subint destroy + } +} + +parse_fwb_vlans() { + set $1 + vlan_parent_interface=$1 + shift + + FWB_VLANS=$( + for subint in $*; do + echo "${subint}@$vlan_parent_interface" + done | sort + ) + echo $FWB_VLANS +} + +parse_current_vlans() { + vlan_parent_interface=$1 + $IFCONFIG -A | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ + while read x vlan_id parent + do + test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent" + done | sort +} + +update_vlans_of_interface() { + args="$1" + set $1 + vlan_parent_interface=$1 + + FWB_VLANS=$(parse_fwb_vlans "$args") + CURRENT_VLANS=$(parse_current_vlans $vlan_parent_interface) + + $IFCONFIG $vlan_parent_interface up + diff_intf missing_vlan "$FWB_VLANS" "$CURRENT_VLANS" add + diff_intf missing_vlan "$CURRENT_VLANS" "$FWB_VLANS" rem +} + +sync_vlan_interfaces() { + $IFCONFIG -A | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^vlan[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting vlan interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating vlan interface $intf" + $FWBDEBUG $IFCONFIG $intf create + } + done +} + +BRCONFIG="brconfig" + + + + + + +missing_port() { + intf=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $intf + port=$1 + bridge_interface=$2 + IFS=$oldIFS + + echo "# Updating bridge configuration: $bridge_interface $cmd $port" + $FWBDEBUG $BRCONFIG $bridge_interface $cmd $port + test "$cmd" = "addm" && $FWBDEBUG $IFCONFIG $port up +} + +update_bridge_interface() { + bridge_interface=$1 + shift + + FWB_PORTS="" + CURRENT_PORTS="" + + FWB_PORTS=$( + for subint in $*; do + echo "${subint}@$bridge_interface" + done | sort + ) + + # this is really redundant because we create missing bridge + # interfaces in sync_bridge_interfaces. However will leave this + # here so that function update_bridge can be used without prior + # call to sync_bridge_interfaces The difference is that + # sync_bridge_interfaces also deletes bridge interfaces that exist + # on the machine but are missing in fwbuilder confgiuration. The + # update_bridge function can only add bridge interfaces. + $BRCONFIG $bridge_interface >/dev/null 2>&1 || { + echo "# Creating bridge interface $bridge_interface" + $FWBDEBUG $IFCONFIG $bridge_interface create + $FWBDEBUG $IFCONFIG $bridge_interface up + } + + PORTS=$( + $BRCONFIG $bridge_interface | awk '($1~/member:/) { print $2; }' + ) + + test -n "$PORTS" && { + CURRENT_PORTS=$( + for subint in $PORTS; do + echo "${subint}@$bridge_interface" + done | sort + ) + } + + # first delete bridge ports, then add. This way, if an interface + # moves from one bridge to another, we remove it first and then + # add. It would not work if we tried to add it first, brctl issues + # an error: + # device eth2 is already a member of a bridge; can't enslave it to bridge br1. + # + diff_intf missing_port "$CURRENT_PORTS" "$FWB_PORTS" deletem + diff_intf missing_port "$FWB_PORTS" "$CURRENT_PORTS" addm +} + + +sync_bridge_interfaces() { + $BRCONFIG -a | awk -F: -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + ($1 ~ /^bridge[0-9]/ && !($1 in ignored_dict)) {print $1;}' | \ + while read brintf; do + echo "# Deleting bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brintf down + $FWBDEBUG $IFCONFIG $brintf destroy + done + + for brint in $*; do + $BRCONFIG $brint >/dev/null 2>&1 || { + echo "# Creating bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brint create + $FWBDEBUG $IFCONFIG $brint up + } + done +} + + +sync_carp_interfaces() { + $IFCONFIG -A | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^carp[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting carp interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating carp interface $intf" + $SYSCTL -w net.inet.carp.allow=1 + $FWBDEBUG $IFCONFIG $intf create + } + done +} + + +sync_pfsync_interfaces() { + $IFCONFIG -A | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^pfsync[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting pfsync interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating pfsync interface $intf" + $FWBDEBUG $IFCONFIG $intf create + } + done +} + +verify_interfaces() { + : + +} + +set_kernel_vars() { + : + $SYSCTL -w net.inet.ip.forwarding=1 +} + +prolog_commands() { + : + +} + +epilog_commands() { + : + +} + +run_epilog_and_exit() { + epilog_commands + exit $1 +} + +configure_interfaces() { + : + sync_vlan_interfaces + sync_bridge_interfaces bridge0 + update_bridge_interface bridge0 "em2 em3" + sync_carp_interfaces + sync_pfsync_interfaces + update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" + update_addresses_of_interface "em0 10.3.14.81/0xffffff00" "" + update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" + update_addresses_of_interface "em2" "" + update_addresses_of_interface "em3" "" +} + +log "Activating firewall script generated Tue Feb 8 14:10:57 2011 by vadim" + +set_kernel_vars +configure_interfaces +prolog_commands + +$PFCTL -f /etc/fw/path\ with\ space/pf.conf || exit 1 + + + + + + + +epilog_commands \ No newline at end of file diff --git a/test/pf/firewall103.fw.orig b/test/pf/firewall103.fw.orig index 507e62658..fe2c63b1d 100755 --- a/test/pf/firewall103.fw.orig +++ b/test/pf/firewall103.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:43 2011 PST by vadim +# Generated Tue Feb 8 14:10:56 2011 PST by vadim # # files: * firewall103.fw /etc/fw/pf.fw # files: firewall103.conf /etc/fw/path\ with\ space/pf.conf @@ -169,7 +169,7 @@ parse_fwb_vlans() { parse_current_vlans() { vlan_parent_interface=$1 - $IFCONFIG -A | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ + $IFCONFIG | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ while read x vlan_id parent do test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent" @@ -190,7 +190,7 @@ update_vlans_of_interface() { } sync_vlan_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -210,8 +210,102 @@ sync_vlan_interfaces() { } + + + +BRCONFIG="$IFCONFIG" + + +missing_port() { + intf=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $intf + port=$1 + bridge_interface=$2 + IFS=$oldIFS + + echo "# Updating bridge configuration: $bridge_interface $cmd $port" + $FWBDEBUG $BRCONFIG $bridge_interface $cmd $port + test "$cmd" = "addm" && $FWBDEBUG $IFCONFIG $port up +} + +update_bridge_interface() { + bridge_interface=$1 + shift + + FWB_PORTS="" + CURRENT_PORTS="" + + FWB_PORTS=$( + for subint in $*; do + echo "${subint}@$bridge_interface" + done | sort + ) + + # this is really redundant because we create missing bridge + # interfaces in sync_bridge_interfaces. However will leave this + # here so that function update_bridge can be used without prior + # call to sync_bridge_interfaces The difference is that + # sync_bridge_interfaces also deletes bridge interfaces that exist + # on the machine but are missing in fwbuilder confgiuration. The + # update_bridge function can only add bridge interfaces. + $BRCONFIG $bridge_interface >/dev/null 2>&1 || { + echo "# Creating bridge interface $bridge_interface" + $FWBDEBUG $IFCONFIG $bridge_interface create + $FWBDEBUG $IFCONFIG $bridge_interface up + } + + PORTS=$( + $BRCONFIG $bridge_interface | awk '($1~/member:/) { print $2; }' + ) + + test -n "$PORTS" && { + CURRENT_PORTS=$( + for subint in $PORTS; do + echo "${subint}@$bridge_interface" + done | sort + ) + } + + # first delete bridge ports, then add. This way, if an interface + # moves from one bridge to another, we remove it first and then + # add. It would not work if we tried to add it first, brctl issues + # an error: + # device eth2 is already a member of a bridge; can't enslave it to bridge br1. + # + diff_intf missing_port "$CURRENT_PORTS" "$FWB_PORTS" deletem + diff_intf missing_port "$FWB_PORTS" "$CURRENT_PORTS" addm +} + + +sync_bridge_interfaces() { + $BRCONFIG -a | awk -F: -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + ($1 ~ /^bridge[0-9]/ && !($1 in ignored_dict)) {print $1;}' | \ + while read brintf; do + echo "# Deleting bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brintf down + $FWBDEBUG $IFCONFIG $brintf destroy + done + + for brint in $*; do + $BRCONFIG $brint >/dev/null 2>&1 || { + echo "# Creating bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brint create + $FWBDEBUG $IFCONFIG $brint up + } + done +} + + sync_carp_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -233,7 +327,7 @@ sync_carp_interfaces() { sync_pfsync_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -281,7 +375,7 @@ configure_interfaces() { : sync_vlan_interfaces sync_bridge_interfaces bridge0 - update_bridge_interface "bridge0 em2 em3" + update_bridge_interface bridge0 "em2 em3" sync_carp_interfaces sync_pfsync_interfaces update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" @@ -291,7 +385,7 @@ configure_interfaces() { update_addresses_of_interface "em3" "" } -log "Activating firewall script generated Tue Feb 8 11:17:43 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:56 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall104-1.conf.orig b/test/pf/firewall104-1.conf.orig new file mode 100644 index 000000000..87ab28d20 --- /dev/null +++ b/test/pf/firewall104-1.conf.orig @@ -0,0 +1,25 @@ + +set timeout udp.single 5 + +# +# Scrub rules +# +match all scrub (reassemble tcp no-df ) +match out all scrub (random-id min-ttl 1 max-mss 1460) + + +# Tables: (1) +table { bridge0 , 10.1.1.81 , 10.3.14.81 } + +# +# Rule backup ssh access rule +# backup ssh access rule +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +# +# Rule 0 (global) +block log quick inet from any to any no state label "RULE 0 -- DROP " +# +# Rule fallback rule +# fallback rule +block quick inet from any to any no state label "RULE 10000 -- DROP " + diff --git a/test/pf/firewall104-1.fw.orig b/test/pf/firewall104-1.fw.orig new file mode 100755 index 000000000..657a8a548 --- /dev/null +++ b/test/pf/firewall104-1.fw.orig @@ -0,0 +1,398 @@ +#!/bin/sh +# +# This is automatically generated file. DO NOT MODIFY ! +# +# Firewall Builder fwb_pf v4.2.0.3465 +# +# Generated Tue Feb 8 14:10:59 2011 PST by vadim +# +# files: * firewall104-1.fw /etc/fw/pf.fw +# files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf +# +# Compiled for pf 4.7 +# +# bridge interface, dynamic address, shell script format, OpenBSD 4.7 + + + + + +FWDIR=`dirname $0` + +IFCONFIG="/sbin/ifconfig" +PFCTL="/sbin/pfctl" +SYSCTL="/sbin/sysctl" +LOGGER="/usr/bin/logger" + +log() { + echo "$1" + test -x "$LOGGER" && $LOGGER -p info "$1" +} + +diff_intf() { + func=$1 + list1=$2 + list2=$3 + cmd=$4 + for intf in $list1 + do + echo $list2 | grep -q $intf || { + # $vlan is absent in list 2 + $func $intf $cmd + } + done +} + + +missing_address() { + address=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $address + addr=$1 + interface=$2 + IFS=$oldIFS + + if echo "$addr" | grep -q ':' + then + inet="inet6" + addr=$(echo "$addr" | sed 's!/! prefixlen !') + else + inet="inet" + addr=$(echo "$addr" | sed 's!/! netmask !') + fi + + parameter="" + test "$cmd" = "add" && { + echo "# Adding ip address: $interface $addr" + parameter="alias" + } + test "$cmd" = "del" && { + echo "# Removing ip address: $interface $addr" + parameter="delete" + } + + $FWBDEBUG $IFCONFIG $interface $inet $addr $parameter + $FWBDEBUG $IFCONFIG $interface up +} + +list_addresses_by_scope() { + interface=$1 + scope=$2 + ignore_list=$3 + + scope_regex="1" + if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi + + $IFCONFIG $interface | sed "s/%$interface//" | \ + awk -v IGNORED="$ignore_list" \ + "BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + (/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \ + while read addr; do + echo "${addr}@$interface" + done | sort + +} + +update_addresses_of_interface() { + ignore_list=$2 + set $1 + interface=$1 + shift + + FWB_ADDRS=$( + for addr in $*; do + echo "${addr}@$interface" + done | sort + ) + + CURRENT_ADDRS_ALL_SCOPES="" + CURRENT_ADDRS_GLOBAL_SCOPE="" + + $IFCONFIG $interface >/dev/null 2>&1 && { + CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list") + CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list") + } || { + echo "# Interface $interface does not exist" + # Stop the script if we are not in test mode + test -z "$FWBDEBUG" && exit 1 + } + + diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add + diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del +} + +missing_vlan() { + vlan=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $vlan + subint=$1 + parent=$2 + IFS=$oldIFS + + vlan_id=$(echo $subint | sed 's/vlan//') + test "$cmd" = "add" && { + echo "# Adding VLAN interface $subint (parent: $parent)" + $FWBDEBUG $IFCONFIG $subint vlan $vlan_id vlandev $parent + $FWBDEBUG $IFCONFIG $subint up + } + test "$cmd" = "rem" && { + echo "# Removing VLAN interface $subint (parent: $parent)" + $FWBDEBUG $IFCONFIG $subint vlan $vlan_id -vlandev + $FWBDEBUG $IFCONFIG $subint destroy + } +} + +parse_fwb_vlans() { + set $1 + vlan_parent_interface=$1 + shift + + FWB_VLANS=$( + for subint in $*; do + echo "${subint}@$vlan_parent_interface" + done | sort + ) + echo $FWB_VLANS +} + +parse_current_vlans() { + vlan_parent_interface=$1 + $IFCONFIG -A | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ + while read x vlan_id parent + do + test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent" + done | sort +} + +update_vlans_of_interface() { + args="$1" + set $1 + vlan_parent_interface=$1 + + FWB_VLANS=$(parse_fwb_vlans "$args") + CURRENT_VLANS=$(parse_current_vlans $vlan_parent_interface) + + $IFCONFIG $vlan_parent_interface up + diff_intf missing_vlan "$FWB_VLANS" "$CURRENT_VLANS" add + diff_intf missing_vlan "$CURRENT_VLANS" "$FWB_VLANS" rem +} + +sync_vlan_interfaces() { + $IFCONFIG -A | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^vlan[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting vlan interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating vlan interface $intf" + $FWBDEBUG $IFCONFIG $intf create + } + done +} + + + +BRCONFIG="$IFCONFIG" + + + + +missing_port() { + intf=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $intf + port=$1 + bridge_interface=$2 + IFS=$oldIFS + + echo "# Updating bridge configuration: $bridge_interface $cmd $port" + $FWBDEBUG $BRCONFIG $bridge_interface $cmd $port + test "$cmd" = "addm" && $FWBDEBUG $IFCONFIG $port up +} + +update_bridge_interface() { + bridge_interface=$1 + shift + + FWB_PORTS="" + CURRENT_PORTS="" + + FWB_PORTS=$( + for subint in $*; do + echo "${subint}@$bridge_interface" + done | sort + ) + + # this is really redundant because we create missing bridge + # interfaces in sync_bridge_interfaces. However will leave this + # here so that function update_bridge can be used without prior + # call to sync_bridge_interfaces The difference is that + # sync_bridge_interfaces also deletes bridge interfaces that exist + # on the machine but are missing in fwbuilder confgiuration. The + # update_bridge function can only add bridge interfaces. + $BRCONFIG $bridge_interface >/dev/null 2>&1 || { + echo "# Creating bridge interface $bridge_interface" + $FWBDEBUG $IFCONFIG $bridge_interface create + $FWBDEBUG $IFCONFIG $bridge_interface up + } + + PORTS=$( + $BRCONFIG $bridge_interface | awk '($1~/member:/) { print $2; }' + ) + + test -n "$PORTS" && { + CURRENT_PORTS=$( + for subint in $PORTS; do + echo "${subint}@$bridge_interface" + done | sort + ) + } + + # first delete bridge ports, then add. This way, if an interface + # moves from one bridge to another, we remove it first and then + # add. It would not work if we tried to add it first, brctl issues + # an error: + # device eth2 is already a member of a bridge; can't enslave it to bridge br1. + # + diff_intf missing_port "$CURRENT_PORTS" "$FWB_PORTS" deletem + diff_intf missing_port "$FWB_PORTS" "$CURRENT_PORTS" addm +} + + +sync_bridge_interfaces() { + $BRCONFIG -a | awk -F: -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + ($1 ~ /^bridge[0-9]/ && !($1 in ignored_dict)) {print $1;}' | \ + while read brintf; do + echo "# Deleting bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brintf down + $FWBDEBUG $IFCONFIG $brintf destroy + done + + for brint in $*; do + $BRCONFIG $brint >/dev/null 2>&1 || { + echo "# Creating bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brint create + $FWBDEBUG $IFCONFIG $brint up + } + done +} + + +sync_carp_interfaces() { + $IFCONFIG -A | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^carp[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting carp interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating carp interface $intf" + $SYSCTL -w net.inet.carp.allow=1 + $FWBDEBUG $IFCONFIG $intf create + } + done +} + + +sync_pfsync_interfaces() { + $IFCONFIG -A | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^pfsync[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting pfsync interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating pfsync interface $intf" + $FWBDEBUG $IFCONFIG $intf create + } + done +} + +verify_interfaces() { + : + +} + +set_kernel_vars() { + : + $SYSCTL -w net.inet.ip.forwarding=1 +} + +prolog_commands() { + : + +} + +epilog_commands() { + : + +} + +run_epilog_and_exit() { + epilog_commands + exit $1 +} + +configure_interfaces() { + : + sync_vlan_interfaces + sync_bridge_interfaces bridge0 + update_bridge_interface bridge0 "em2 em3" + sync_carp_interfaces + sync_pfsync_interfaces + update_addresses_of_interface "em0 10.3.14.81/0xffffff00" "" + update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" + update_addresses_of_interface "em2" "" + update_addresses_of_interface "em3" "" +} + +log "Activating firewall script generated Tue Feb 8 14:10:59 2011 by vadim" + +set_kernel_vars +configure_interfaces +prolog_commands + +$PFCTL -f /etc/fw/path\ with\ space/pf.conf || exit 1 + + + + + + + +epilog_commands \ No newline at end of file diff --git a/test/pf/firewall104.fw.orig b/test/pf/firewall104.fw.orig index 67898b00c..8ed9af35f 100755 --- a/test/pf/firewall104.fw.orig +++ b/test/pf/firewall104.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:44 2011 PST by vadim +# Generated Tue Feb 8 14:10:58 2011 PST by vadim # # files: * firewall104.fw /etc/fw/pf.fw # files: firewall104.conf /etc/fw/path\ with\ space/pf.conf @@ -169,7 +169,7 @@ parse_fwb_vlans() { parse_current_vlans() { vlan_parent_interface=$1 - $IFCONFIG -A | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ + $IFCONFIG | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ while read x vlan_id parent do test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent" @@ -190,7 +190,7 @@ update_vlans_of_interface() { } sync_vlan_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -210,8 +210,102 @@ sync_vlan_interfaces() { } + + + +BRCONFIG="$IFCONFIG" + + +missing_port() { + intf=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $intf + port=$1 + bridge_interface=$2 + IFS=$oldIFS + + echo "# Updating bridge configuration: $bridge_interface $cmd $port" + $FWBDEBUG $BRCONFIG $bridge_interface $cmd $port + test "$cmd" = "addm" && $FWBDEBUG $IFCONFIG $port up +} + +update_bridge_interface() { + bridge_interface=$1 + shift + + FWB_PORTS="" + CURRENT_PORTS="" + + FWB_PORTS=$( + for subint in $*; do + echo "${subint}@$bridge_interface" + done | sort + ) + + # this is really redundant because we create missing bridge + # interfaces in sync_bridge_interfaces. However will leave this + # here so that function update_bridge can be used without prior + # call to sync_bridge_interfaces The difference is that + # sync_bridge_interfaces also deletes bridge interfaces that exist + # on the machine but are missing in fwbuilder confgiuration. The + # update_bridge function can only add bridge interfaces. + $BRCONFIG $bridge_interface >/dev/null 2>&1 || { + echo "# Creating bridge interface $bridge_interface" + $FWBDEBUG $IFCONFIG $bridge_interface create + $FWBDEBUG $IFCONFIG $bridge_interface up + } + + PORTS=$( + $BRCONFIG $bridge_interface | awk '($1~/member:/) { print $2; }' + ) + + test -n "$PORTS" && { + CURRENT_PORTS=$( + for subint in $PORTS; do + echo "${subint}@$bridge_interface" + done | sort + ) + } + + # first delete bridge ports, then add. This way, if an interface + # moves from one bridge to another, we remove it first and then + # add. It would not work if we tried to add it first, brctl issues + # an error: + # device eth2 is already a member of a bridge; can't enslave it to bridge br1. + # + diff_intf missing_port "$CURRENT_PORTS" "$FWB_PORTS" deletem + diff_intf missing_port "$FWB_PORTS" "$CURRENT_PORTS" addm +} + + +sync_bridge_interfaces() { + $BRCONFIG -a | awk -F: -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + ($1 ~ /^bridge[0-9]/ && !($1 in ignored_dict)) {print $1;}' | \ + while read brintf; do + echo "# Deleting bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brintf down + $FWBDEBUG $IFCONFIG $brintf destroy + done + + for brint in $*; do + $BRCONFIG $brint >/dev/null 2>&1 || { + echo "# Creating bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brint create + $FWBDEBUG $IFCONFIG $brint up + } + done +} + + sync_carp_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -233,7 +327,7 @@ sync_carp_interfaces() { sync_pfsync_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -281,17 +375,16 @@ configure_interfaces() { : sync_vlan_interfaces sync_bridge_interfaces bridge0 - update_bridge_interface "bridge0 em2 em3" + update_bridge_interface bridge0 "em2 em3" sync_carp_interfaces sync_pfsync_interfaces - update_addresses_of_interface "bridge0" "" update_addresses_of_interface "em0 10.3.14.81/0xffffff00" "" update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" update_addresses_of_interface "em2" "" update_addresses_of_interface "em3" "" } -log "Activating firewall script generated Tue Feb 8 11:17:44 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:10:58 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall105.fw.orig b/test/pf/firewall105.fw.orig index 5da2be3ed..5a64f7ffb 100755 --- a/test/pf/firewall105.fw.orig +++ b/test/pf/firewall105.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:46 2011 PST by vadim +# Generated Tue Feb 8 14:11:00 2011 PST by vadim # # files: * firewall105.fw /etc/fw/pf.fw # files: firewall105.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall106.fw.orig b/test/pf/firewall106.fw.orig index 46b507ca5..d49a3539c 100755 --- a/test/pf/firewall106.fw.orig +++ b/test/pf/firewall106.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:47 2011 PST by vadim +# Generated Tue Feb 8 14:11:01 2011 PST by vadim # # files: * firewall106.fw /etc/fw/pf.fw # files: firewall106.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall107.fw.orig b/test/pf/firewall107.fw.orig index 08074bfc8..3e59326a8 100755 --- a/test/pf/firewall107.fw.orig +++ b/test/pf/firewall107.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:48 2011 PST by vadim +# Generated Tue Feb 8 14:11:02 2011 PST by vadim # # files: * firewall107.fw /etc/fw/pf.fw # files: firewall107.conf /etc/fw/path\ with\ space/pf.conf @@ -169,7 +169,7 @@ parse_fwb_vlans() { parse_current_vlans() { vlan_parent_interface=$1 - $IFCONFIG -A | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ + $IFCONFIG | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ while read x vlan_id parent do test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent" @@ -190,7 +190,7 @@ update_vlans_of_interface() { } sync_vlan_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -210,8 +210,102 @@ sync_vlan_interfaces() { } + + + +BRCONFIG="$IFCONFIG" + + +missing_port() { + intf=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $intf + port=$1 + bridge_interface=$2 + IFS=$oldIFS + + echo "# Updating bridge configuration: $bridge_interface $cmd $port" + $FWBDEBUG $BRCONFIG $bridge_interface $cmd $port + test "$cmd" = "addm" && $FWBDEBUG $IFCONFIG $port up +} + +update_bridge_interface() { + bridge_interface=$1 + shift + + FWB_PORTS="" + CURRENT_PORTS="" + + FWB_PORTS=$( + for subint in $*; do + echo "${subint}@$bridge_interface" + done | sort + ) + + # this is really redundant because we create missing bridge + # interfaces in sync_bridge_interfaces. However will leave this + # here so that function update_bridge can be used without prior + # call to sync_bridge_interfaces The difference is that + # sync_bridge_interfaces also deletes bridge interfaces that exist + # on the machine but are missing in fwbuilder confgiuration. The + # update_bridge function can only add bridge interfaces. + $BRCONFIG $bridge_interface >/dev/null 2>&1 || { + echo "# Creating bridge interface $bridge_interface" + $FWBDEBUG $IFCONFIG $bridge_interface create + $FWBDEBUG $IFCONFIG $bridge_interface up + } + + PORTS=$( + $BRCONFIG $bridge_interface | awk '($1~/member:/) { print $2; }' + ) + + test -n "$PORTS" && { + CURRENT_PORTS=$( + for subint in $PORTS; do + echo "${subint}@$bridge_interface" + done | sort + ) + } + + # first delete bridge ports, then add. This way, if an interface + # moves from one bridge to another, we remove it first and then + # add. It would not work if we tried to add it first, brctl issues + # an error: + # device eth2 is already a member of a bridge; can't enslave it to bridge br1. + # + diff_intf missing_port "$CURRENT_PORTS" "$FWB_PORTS" deletem + diff_intf missing_port "$FWB_PORTS" "$CURRENT_PORTS" addm +} + + +sync_bridge_interfaces() { + $BRCONFIG -a | awk -F: -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + ($1 ~ /^bridge[0-9]/ && !($1 in ignored_dict)) {print $1;}' | \ + while read brintf; do + echo "# Deleting bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brintf down + $FWBDEBUG $IFCONFIG $brintf destroy + done + + for brint in $*; do + $BRCONFIG $brint >/dev/null 2>&1 || { + echo "# Creating bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brint create + $FWBDEBUG $IFCONFIG $brint up + } + done +} + + sync_carp_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -233,7 +327,7 @@ sync_carp_interfaces() { sync_pfsync_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -291,7 +385,7 @@ configure_interfaces() { update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:17:48 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:02 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall108.fw.orig b/test/pf/firewall108.fw.orig index 5b0a68615..ab85ac046 100755 --- a/test/pf/firewall108.fw.orig +++ b/test/pf/firewall108.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:48 2011 PST by vadim +# Generated Tue Feb 8 14:11:03 2011 PST by vadim # # files: * firewall108.fw /etc/fw/pf.fw # files: firewall108.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall11.fw.orig b/test/pf/firewall11.fw.orig index c0dc25878..af280ffd0 100755 --- a/test/pf/firewall11.fw.orig +++ b/test/pf/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:49 2011 PST by vadim +# Generated Tue Feb 8 14:11:03 2011 PST by vadim # # files: * firewall11.fw /etc/firewall11.fw # files: firewall11.conf /etc/firewall11.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:49 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall12.fw.orig b/test/pf/firewall12.fw.orig index 15493cbe7..8a83b2b20 100755 --- a/test/pf/firewall12.fw.orig +++ b/test/pf/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:49 2011 PST by vadim +# Generated Tue Feb 8 14:11:04 2011 PST by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # files: firewall12.conf /etc/fw/firewall12.conf @@ -159,7 +159,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:17:49 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:04 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall13.fw.orig b/test/pf/firewall13.fw.orig index a722372d2..f9553d979 100755 --- a/test/pf/firewall13.fw.orig +++ b/test/pf/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:50 2011 PST by vadim +# Generated Tue Feb 8 14:11:04 2011 PST by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # files: firewall13.conf /etc/fw/firewall13.conf @@ -88,7 +88,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:50 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:04 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14-1.fw.orig b/test/pf/firewall14-1.fw.orig index bcf10a044..41f3c80c7 100755 --- a/test/pf/firewall14-1.fw.orig +++ b/test/pf/firewall14-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:51 2011 PST by vadim +# Generated Tue Feb 8 14:11:05 2011 PST by vadim # # files: * firewall14-1.fw /etc/firewall14-1.fw # files: firewall14-1.conf /etc/firewall14-1.conf @@ -241,7 +241,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:17:51 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:05 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14.fw.orig b/test/pf/firewall14.fw.orig index a33834931..9d98ba29b 100755 --- a/test/pf/firewall14.fw.orig +++ b/test/pf/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:51 2011 PST by vadim +# Generated Tue Feb 8 14:11:05 2011 PST by vadim # # files: * firewall14.fw /etc/firewall14.fw # files: firewall14.conf /etc/firewall14.conf @@ -241,7 +241,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:17:51 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:05 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2-1.fw.orig b/test/pf/firewall2-1.fw.orig index fb874478b..799f8026e 100755 --- a/test/pf/firewall2-1.fw.orig +++ b/test/pf/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:53 2011 PST by vadim +# Generated Tue Feb 8 14:11:08 2011 PST by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # files: firewall2-1.conf /etc/fw/firewall2-1.conf @@ -89,7 +89,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:53 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:08 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2.fw.orig b/test/pf/firewall2.fw.orig index c7a3b3b15..ebda80518 100755 --- a/test/pf/firewall2.fw.orig +++ b/test/pf/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:52 2011 PST by vadim +# Generated Tue Feb 8 14:11:06 2011 PST by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # files: firewall2.conf /etc/fw/firewall2.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:52 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:06 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall20.fw.orig b/test/pf/firewall20.fw.orig index bb8f902c9..c12e0d188 100755 --- a/test/pf/firewall20.fw.orig +++ b/test/pf/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:52 2011 PST by vadim +# Generated Tue Feb 8 14:11:07 2011 PST by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # files: firewall20.conf /etc/fw/firewall20.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:52 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:07 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall21.fw.orig b/test/pf/firewall21.fw.orig index 32ec874f1..c9750e27d 100755 --- a/test/pf/firewall21.fw.orig +++ b/test/pf/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:53 2011 PST by vadim +# Generated Tue Feb 8 14:11:07 2011 PST by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # files: firewall21.conf /etc/fw/firewall21.conf @@ -81,7 +81,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:53 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:07 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall22.fw.orig b/test/pf/firewall22.fw.orig index b557690d2..1feb30735 100755 --- a/test/pf/firewall22.fw.orig +++ b/test/pf/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:54 2011 PST by vadim +# Generated Tue Feb 8 14:11:09 2011 PST by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # files: firewall22.conf /etc/fw/firewall22.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:54 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:09 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall3.fw.orig b/test/pf/firewall3.fw.orig index cec426354..49a852508 100755 --- a/test/pf/firewall3.fw.orig +++ b/test/pf/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:54 2011 PST by vadim +# Generated Tue Feb 8 14:11:09 2011 PST by vadim # # files: * firewall3.fw /etc/firewall3.fw # files: firewall3.conf /etc/firewall3.conf @@ -159,7 +159,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:17:54 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:09 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall33.fw.orig b/test/pf/firewall33.fw.orig index b7db6a2af..39c5e1d7b 100755 --- a/test/pf/firewall33.fw.orig +++ b/test/pf/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:56 2011 PST by vadim +# Generated Tue Feb 8 14:11:10 2011 PST by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # files: firewall33.conf /etc/fw/firewall33.conf @@ -158,12 +158,11 @@ run_epilog_and_exit() { configure_interfaces() { : - update_addresses_of_interface "eth0.100" "" update_addresses_of_interface "eth1 192.168.1.100/0xffffff00" "" update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:17:56 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:10 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall34.fw.orig b/test/pf/firewall34.fw.orig index 717ffa29c..c1f8d0b25 100755 --- a/test/pf/firewall34.fw.orig +++ b/test/pf/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:56 2011 PST by vadim +# Generated Tue Feb 8 14:11:10 2011 PST by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # files: firewall34.conf /etc/fw/firewall34.conf @@ -154,12 +154,11 @@ run_epilog_and_exit() { configure_interfaces() { : - update_addresses_of_interface "eth0.100" "" update_addresses_of_interface "eth1 192.168.1.100/0xffffff00" "" update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:17:56 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:10 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall38.fw.orig b/test/pf/firewall38.fw.orig index 41f832248..77d4faadd 100755 --- a/test/pf/firewall38.fw.orig +++ b/test/pf/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:57 2011 PST by vadim +# Generated Tue Feb 8 14:11:11 2011 PST by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # files: firewall38.conf /etc/fw/firewall38.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:57 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:11 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall39.fw.orig b/test/pf/firewall39.fw.orig index c36ec3201..2d309ec66 100755 --- a/test/pf/firewall39.fw.orig +++ b/test/pf/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:57 2011 PST by vadim +# Generated Tue Feb 8 14:11:12 2011 PST by vadim # # files: * firewall39.fw pf.fw # files: firewall39.conf pf.conf @@ -79,7 +79,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:57 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:12 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall4.fw.orig b/test/pf/firewall4.fw.orig index d99406c09..6a3c5eab8 100755 --- a/test/pf/firewall4.fw.orig +++ b/test/pf/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:58 2011 PST by vadim +# Generated Tue Feb 8 14:11:12 2011 PST by vadim # # files: * firewall4.fw pf.fw # files: firewall4.conf /etc/fw/pf.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:17:58 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:12 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40-1.fw.orig b/test/pf/firewall40-1.fw.orig index b8dc2b03f..887e752d5 100755 --- a/test/pf/firewall40-1.fw.orig +++ b/test/pf/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:59 2011 PST by vadim +# Generated Tue Feb 8 14:11:14 2011 PST by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # files: firewall40-1.conf /etc/firewall40-1.conf @@ -176,7 +176,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:17:59 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:14 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40.fw.orig b/test/pf/firewall40.fw.orig index cdc9ea4a7..e1debb79c 100755 --- a/test/pf/firewall40.fw.orig +++ b/test/pf/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:58 2011 PST by vadim +# Generated Tue Feb 8 14:11:13 2011 PST by vadim # # files: * firewall40.fw /etc/firewall40.fw # files: firewall40.conf /etc/firewall40.conf @@ -160,7 +160,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:17:58 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:13 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall41.fw.orig b/test/pf/firewall41.fw.orig index 803d15cb0..082c719da 100755 --- a/test/pf/firewall41.fw.orig +++ b/test/pf/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:17:59 2011 PST by vadim +# Generated Tue Feb 8 14:11:14 2011 PST by vadim # # files: * firewall41.fw /etc/firewall41.fw # files: firewall41.conf /etc/firewall41.conf @@ -163,7 +163,7 @@ configure_interfaces() { update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:17:59 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:14 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall5.fw.orig b/test/pf/firewall5.fw.orig index de7dac29a..f9763cd5e 100755 --- a/test/pf/firewall5.fw.orig +++ b/test/pf/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:00 2011 PST by vadim +# Generated Tue Feb 8 14:11:15 2011 PST by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # files: firewall5.conf /etc/fw/firewall5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:00 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:15 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall51.fw.orig b/test/pf/firewall51.fw.orig index 589e7384c..caa5da1df 100755 --- a/test/pf/firewall51.fw.orig +++ b/test/pf/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:01 2011 PST by vadim +# Generated Tue Feb 8 14:11:16 2011 PST by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # files: firewall51.conf /etc/fw/firewall51.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:01 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:16 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall6.fw.orig b/test/pf/firewall6.fw.orig index 0810a46b8..6de0bce4d 100755 --- a/test/pf/firewall6.fw.orig +++ b/test/pf/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:01 2011 PST by vadim +# Generated Tue Feb 8 14:11:16 2011 PST by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # files: firewall6.conf /etc/fw/firewall6.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:01 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:16 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall62.fw.orig b/test/pf/firewall62.fw.orig index 49851845b..09ec3210b 100755 --- a/test/pf/firewall62.fw.orig +++ b/test/pf/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:02 2011 PST by vadim +# Generated Tue Feb 8 14:11:17 2011 PST by vadim # # files: * firewall62.fw /etc/firewall62.fw # files: firewall62.conf /etc/firewall62.conf @@ -185,7 +185,7 @@ configure_interfaces() { update_addresses_of_interface "en1 222.222.222.222/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:18:02 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:17 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall63.fw.orig b/test/pf/firewall63.fw.orig index ab424058a..67ad70f48 100755 --- a/test/pf/firewall63.fw.orig +++ b/test/pf/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:03 2011 PST by vadim +# Generated Tue Feb 8 14:11:17 2011 PST by vadim # # files: * firewall63.fw /etc/fw/firewall63.fw # files: firewall63.conf /etc/fw/firewall63.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:03 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:17 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall7.fw.orig b/test/pf/firewall7.fw.orig index c3cae2eb2..8cb3ace72 100755 --- a/test/pf/firewall7.fw.orig +++ b/test/pf/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:03 2011 PST by vadim +# Generated Tue Feb 8 14:11:18 2011 PST by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # files: firewall7.conf /etc/fw/firewall7.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:03 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:18 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall70.fw.orig b/test/pf/firewall70.fw.orig index f02246377..c41008995 100755 --- a/test/pf/firewall70.fw.orig +++ b/test/pf/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:04 2011 PST by vadim +# Generated Tue Feb 8 14:11:18 2011 PST by vadim # # files: * firewall70.fw /etc/fw/firewall70.fw # files: firewall70.conf /etc/fw/firewall70.conf @@ -82,7 +82,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:04 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:18 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall8.fw.orig b/test/pf/firewall8.fw.orig index 2f126149f..f85635aff 100755 --- a/test/pf/firewall8.fw.orig +++ b/test/pf/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:04 2011 PST by vadim +# Generated Tue Feb 8 14:11:19 2011 PST by vadim # # files: * firewall8.fw /etc/firewall8.fw # files: firewall8.conf /etc/firewall8.conf @@ -72,7 +72,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:04 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:19 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80-4.5.fw.orig b/test/pf/firewall80-4.5.fw.orig index 2744511b4..c88298f5a 100755 --- a/test/pf/firewall80-4.5.fw.orig +++ b/test/pf/firewall80-4.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:06 2011 PST by vadim +# Generated Tue Feb 8 14:11:20 2011 PST by vadim # # files: * firewall80-4.5.fw /etc/firewall80-4.5.fw # files: firewall80-4.5.conf /etc/firewall80-4.5.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:06 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:20 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80.fw.orig b/test/pf/firewall80.fw.orig index 45021ea20..f3fbecad0 100755 --- a/test/pf/firewall80.fw.orig +++ b/test/pf/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:05 2011 PST by vadim +# Generated Tue Feb 8 14:11:20 2011 PST by vadim # # files: * firewall80.fw /etc/firewall80.fw # files: firewall80.conf /etc/firewall80.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:05 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:20 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall9.fw.orig b/test/pf/firewall9.fw.orig index 35dfe93ae..95219f1bd 100755 --- a/test/pf/firewall9.fw.orig +++ b/test/pf/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:06 2011 PST by vadim +# Generated Tue Feb 8 14:11:21 2011 PST by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # files: firewall9.conf /etc/fw/firewall9.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue Feb 8 11:18:06 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:21 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall91.fw.orig b/test/pf/firewall91.fw.orig index 4eb246569..495d7de5c 100755 --- a/test/pf/firewall91.fw.orig +++ b/test/pf/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:07 2011 PST by vadim +# Generated Tue Feb 8 14:11:21 2011 PST by vadim # # files: * firewall91.fw /etc/fw/pf.fw # files: firewall91.conf /etc/fw/pf.conf @@ -240,7 +240,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:18:07 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:21 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall92.fw.orig b/test/pf/firewall92.fw.orig index d0f0152fa..b845aaf3c 100755 --- a/test/pf/firewall92.fw.orig +++ b/test/pf/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:07 2011 PST by vadim +# Generated Tue Feb 8 14:11:22 2011 PST by vadim # # files: * firewall92.fw /etc/fw/pf.fw # files: firewall92.conf /etc/fw/path\ with\ space/pf.conf @@ -160,7 +160,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:18:07 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:22 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_1_openbsd-1.fw.orig b/test/pf/pf_cluster_1_openbsd-1.fw.orig index 50272772f..f6122bf42 100755 --- a/test/pf/pf_cluster_1_openbsd-1.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:10 2011 PST by vadim +# Generated Tue Feb 8 14:11:24 2011 PST by vadim # # files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw # files: pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf @@ -289,7 +289,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:18:10 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:24 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_1_openbsd-2.fw.orig b/test/pf/pf_cluster_1_openbsd-2.fw.orig index 54c2eb895..932365b28 100755 --- a/test/pf/pf_cluster_1_openbsd-2.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:10 2011 PST by vadim +# Generated Tue Feb 8 14:11:24 2011 PST by vadim # # files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw # files: pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf @@ -186,7 +186,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue Feb 8 11:18:10 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:24 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-1.fw.orig b/test/pf/pf_cluster_2_freebsd-1.fw.orig index df4469f10..ef95bdc3c 100755 --- a/test/pf/pf_cluster_2_freebsd-1.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:10 2011 PST by vadim +# Generated Tue Feb 8 14:11:25 2011 PST by vadim # # files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw # files: pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf @@ -168,7 +168,7 @@ parse_fwb_vlans() { parse_current_vlans() { vlan_parent_interface=$1 - $IFCONFIG -A | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ + $IFCONFIG | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \ while read x vlan_id parent do test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent" @@ -189,7 +189,7 @@ update_vlans_of_interface() { } sync_vlan_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -210,7 +210,7 @@ sync_vlan_interfaces() { sync_carp_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -232,7 +232,7 @@ sync_carp_interfaces() { sync_pfsync_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -291,7 +291,7 @@ configure_interfaces() { update_addresses_of_interface "en1 192.168.1.2/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:18:10 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:25 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-2.fw.orig b/test/pf/pf_cluster_2_freebsd-2.fw.orig index c0efe554a..df8eff013 100755 --- a/test/pf/pf_cluster_2_freebsd-2.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:10 2011 PST by vadim +# Generated Tue Feb 8 14:11:25 2011 PST by vadim # # files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw # files: pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf @@ -132,7 +132,7 @@ update_addresses_of_interface() { sync_carp_interfaces() { - $IFCONFIG -A | awk -v IGNORED="$*" \ + $IFCONFIG | awk -v IGNORED="$*" \ 'BEGIN { split(IGNORED,ignored_arr); for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} @@ -188,7 +188,7 @@ configure_interfaces() { update_addresses_of_interface "en1 192.168.1.3/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:18:10 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:25 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-3.fw.orig b/test/pf/pf_cluster_3_openbsd-3.fw.orig index 2d540a6d8..0eaa8b3da 100755 --- a/test/pf/pf_cluster_3_openbsd-3.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:10 2011 PST by vadim +# Generated Tue Feb 8 14:11:25 2011 PST by vadim # # files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw # files: pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf @@ -292,7 +292,7 @@ configure_interfaces() { update_addresses_of_interface "vlan100 172.20.0.2/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:18:10 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:25 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-4.fw.orig b/test/pf/pf_cluster_3_openbsd-4.fw.orig index 110487c23..ee681a186 100755 --- a/test/pf/pf_cluster_3_openbsd-4.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:10 2011 PST by vadim +# Generated Tue Feb 8 14:11:25 2011 PST by vadim # # files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw # files: pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf @@ -190,7 +190,7 @@ configure_interfaces() { update_addresses_of_interface "vlan100 172.20.0.3/0xffffff00" "" } -log "Activating firewall script generated Tue Feb 8 11:18:10 2011 by vadim" +log "Activating firewall script generated Tue Feb 8 14:11:25 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_4_rc.conf.local b/test/pf/pf_cluster_4_rc.conf.local index d42f6a4dc..1e1287f93 100755 --- a/test/pf/pf_cluster_4_rc.conf.local +++ b/test/pf/pf_cluster_4_rc.conf.local @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3464 +# Firewall Builder fwb_pf v4.2.0.3465 # -# Generated Tue Feb 8 11:18:10 2011 PST by vadim +# Generated Tue Feb 8 14:11:25 2011 PST by vadim # # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local # files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf