mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-10-15 23:18:51 +02:00
NATCompiler_pf.cpp (_expand_addr): see #2455 NAT Compiler for PF
should use "(interface)" syntax to the right of "->" in NAT rules. This now works for all interfaces, including those that have ip addresses in fwbuilder configuration, when interface object appears in "Translated Source" in a nat rule. When firewall object appears in "Translated Source", it gets replaced with a set of its interfaces which also get translated into "-> (interface)".
This commit is contained in:
Vadim Kurland
parent
15bab71f49
commit
6a9fdbf3af
@ -1,5 +1,13 @@
|
||||
2011-06-03 vadim <vadim@netcitadel.com>
|
||||
|
||||
* NATCompiler_pf.cpp (_expand_addr): see #2455 NAT Compiler for PF
|
||||
should use "(interface)" syntax to the right of "->" in NAT rules.
|
||||
This now works for all interfaces, including those that have ip
|
||||
addresses in fwbuilder configuration, when interface object
|
||||
appears in "Translated Source" in a nat rule. When firewall object
|
||||
appears in "Translated Source", it gets replaced with a set of its
|
||||
interfaces which also get translated into "-> (interface)".
|
||||
|
||||
* NATCompiler_ipt.cpp (compile): see #2456 Added support for
|
||||
single object negation in "Inbound Interface" and "Outbound
|
||||
Interface" columns in compiler for iptables.
|
||||
|
||||
@ -119,6 +119,39 @@ string NATCompiler_pf::debugPrintRule(libfwbuilder::Rule *r)
|
||||
" (type=" + rule->getRuleTypeAsString() + ")";
|
||||
}
|
||||
|
||||
void NATCompiler_pf::_expand_addr(Rule *rule,
|
||||
FWObject *s,
|
||||
bool expand_cluster_interfaces_fully)
|
||||
{
|
||||
if (RuleElementTSrc::isA(s))
|
||||
{
|
||||
// do not replace interfaces with their ip addresses in TSrc
|
||||
// to be able to generate "nat ... -> (em0)" command later
|
||||
list<FWObject*> interfaces_in_re;
|
||||
for (FWObject::iterator i1=s->begin(); i1!=s->end(); ++i1)
|
||||
{
|
||||
FWObject *o = FWReference::getObject(*i1);
|
||||
assert(o);
|
||||
if (Interface::isA(o))
|
||||
interfaces_in_re.push_back(o);
|
||||
}
|
||||
if (interfaces_in_re.size() > 1)
|
||||
{
|
||||
for (list<FWObject*>::iterator i=interfaces_in_re.begin();
|
||||
i!=interfaces_in_re.end(); ++i) s->removeRef(*i);
|
||||
|
||||
NATCompiler::_expand_addr(
|
||||
rule, s, expand_cluster_interfaces_fully);
|
||||
|
||||
for (list<FWObject*>::iterator i=interfaces_in_re.begin();
|
||||
i!=interfaces_in_re.end(); ++i) s->addRef(*i);
|
||||
|
||||
}
|
||||
} else
|
||||
NATCompiler::_expand_addr(
|
||||
rule, s, expand_cluster_interfaces_fully);
|
||||
}
|
||||
|
||||
bool NATCompiler_pf::NATRuleType::processNext()
|
||||
{
|
||||
NATRule *rule=getNext(); if (rule==NULL) return false;
|
||||
|
||||
@ -87,6 +87,10 @@ namespace fwcompiler
|
||||
|
||||
virtual std::string debugPrintRule(libfwbuilder::Rule *rule);
|
||||
|
||||
virtual void _expand_addr(libfwbuilder::Rule *rule,
|
||||
libfwbuilder::FWObject *s,
|
||||
bool expand_cluster_interfaces_fully);
|
||||
|
||||
/**
|
||||
* analyse given address and decide which interface this NAT
|
||||
* rule should be tied to. If interface is found, use
|
||||
|
||||
@ -521,12 +521,8 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
|
||||
|
||||
if (Interface::cast(o)!=NULL)
|
||||
{
|
||||
Interface *iface=Interface::cast(o);
|
||||
if (iface->isDyn())
|
||||
{
|
||||
compiler->output << "(" << iface->getName() << ") ";
|
||||
return;
|
||||
}
|
||||
compiler->output << "(" << o->getName() << ") ";
|
||||
return;
|
||||
}
|
||||
|
||||
Address *a = Address::cast(o);
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:38 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
|
||||
# files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
|
||||
@ -169,7 +169,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:38 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:43 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:39 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall-ipv6-1.fw pf-ipv6.fw
|
||||
# files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
|
||||
@ -181,7 +181,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:39 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:43 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:39 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall-ipv6-2.fw pf.fw
|
||||
# files: firewall-ipv6-2.conf pf.conf
|
||||
@ -185,7 +185,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:39 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:44 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
|
||||
# files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf
|
||||
|
||||
@ -32,8 +32,8 @@ table <tbl.r9.s> { 211.11.11.11 , 211.22.22.22 }
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
#
|
||||
# Rule 2 (NAT)
|
||||
rdr proto tcp from any to <tbl.r2> port 25 -> 192.168.1.10 port 25
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:13 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:17 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall.fw /etc/pf.fw
|
||||
# files: firewall.conf /etc/pf.conf
|
||||
@ -173,7 +173,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:13 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:17 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -38,14 +38,14 @@ nat proto {tcp udp icmp} from 192.168.1.10 to any -> 22.22.22.23
|
||||
nat proto {tcp udp icmp} from ! 192.168.1.0/24 to 200.200.200.200 -> 22.22.22.23
|
||||
#
|
||||
# Rule 3 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1)
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth2)
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth3)
|
||||
#
|
||||
# Rule 4 (NAT)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1)
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth3)
|
||||
#
|
||||
# Rule 5 (NAT)
|
||||
# more examples
|
||||
@ -55,22 +55,22 @@ nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 22.22.22.50 , 22.22.22.51 }
|
||||
#
|
||||
# Rule 6 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.22.22
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.23.23
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth0)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth1)
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth2)
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth3)
|
||||
#
|
||||
# Rule 7 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 192.168.1.1
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 22.22.22.22
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 192.168.2.1
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 22.22.23.23
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> (eth0)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> (eth1)
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> (eth2)
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> (eth3)
|
||||
#
|
||||
# Rule 8 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.1.1
|
||||
nat on eth1 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.22.22
|
||||
nat on eth2 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.2.1
|
||||
nat on eth3 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.23.23
|
||||
nat on eth0 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> (eth0)
|
||||
nat on eth1 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> (eth1)
|
||||
nat on eth2 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> (eth2)
|
||||
nat on eth3 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> (eth3)
|
||||
#
|
||||
# Rule 9 (NAT)
|
||||
rdr proto tcp from 192.168.1.0/24 to ! <tbl.r9> port 80 -> 127.0.0.1 port 3128
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:13 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:18 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall1.fw /etc/fw/firewall1.fw
|
||||
# files: firewall1.conf /etc/fw/firewall1.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:13 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:18 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,7 +7,7 @@ scrub in all fragment reassemble
|
||||
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:14 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:19 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-1.fw /etc/fw/firewall10-1.fw
|
||||
# files: firewall10-1.conf /etc/fw/firewall10-1.conf
|
||||
@ -74,7 +74,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:14 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:19 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -8,7 +8,7 @@ scrub in all fragment reassemble
|
||||
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:15 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:20 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-2.fw /etc/fw/firewall10-2.fw
|
||||
# files: firewall10-2.conf /etc/fw/firewall10-2.conf
|
||||
@ -74,7 +74,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:15 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:20 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,7 +7,7 @@ scrub in all fragment reassemble
|
||||
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:16 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:21 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-3.fw /etc/fw/firewall10-3.fw
|
||||
# files: firewall10-3.conf /etc/fw/firewall10-3.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:16 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:21 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -8,7 +8,7 @@ scrub in all fragment reassemble
|
||||
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:18 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:22 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-4.fw /etc/fw/firewall10-4.fw
|
||||
# files: firewall10-4.conf /etc/fw/firewall10-4.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:18 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:22 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,7 +7,7 @@ scrub in all fragment reassemble
|
||||
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:20 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:24 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-5.fw /etc/fw/firewall10-5.fw
|
||||
# files: firewall10-5.conf /etc/fw/firewall10-5.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:20 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:24 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -8,7 +8,7 @@ scrub in all fragment reassemble
|
||||
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:20 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:25 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-6.fw /etc/fw/firewall10-6.fw
|
||||
# files: firewall10-6.conf /etc/fw/firewall10-6.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:20 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:25 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:13 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:18 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall100.fw /etc/fw/pf.fw
|
||||
# files: firewall100.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -167,7 +167,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:13 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:18 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:14 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:19 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall101.fw /etc/fw/pf.fw
|
||||
# files: firewall101.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -170,7 +170,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:14 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:19 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:15 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:20 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall102.fw /etc/fw/pf.fw
|
||||
# files: firewall102.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:17 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:22 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall103-1.fw /etc/fw/pf.fw
|
||||
# files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -394,7 +394,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:17 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:22 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:17 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:22 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall103-2.fw /etc/fw/pf.fw
|
||||
# files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -394,7 +394,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:17 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:22 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:16 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:21 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall103.fw /etc/fw/pf.fw
|
||||
# files: firewall103.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -397,7 +397,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:16 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:21 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:19 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:23 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall104-1.fw /etc/fw/pf.fw
|
||||
# files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -393,7 +393,7 @@ configure_interfaces() {
|
||||
$IFCONFIG bridge0 -stp em3
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:19 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:23 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:18 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:22 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall104.fw /etc/fw/pf.fw
|
||||
# files: firewall104.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -396,7 +396,7 @@ configure_interfaces() {
|
||||
$IFCONFIG bridge0 stp em3
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:18 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:22 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:19 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:23 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall105.fw /etc/fw/pf.fw
|
||||
# files: firewall105.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:20 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:24 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall106.fw /etc/fw/pf.fw
|
||||
# files: firewall106.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:21 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:25 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall107.fw /etc/fw/pf.fw
|
||||
# files: firewall107.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -395,7 +395,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:21 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:25 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:21 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:26 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall108.fw /etc/fw/pf.fw
|
||||
# files: firewall108.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:22 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:27 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall109-1.fw /etc/fw/pf.fw
|
||||
# files: firewall109-1.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:22 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:27 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall109-2.fw /etc/fw/pf.fw
|
||||
# files: firewall109-2.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -400,7 +400,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:22 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:27 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:23 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:28 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall109-3.fw /etc/fw/pf.fw
|
||||
# files: firewall109-3.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:21 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:26 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall109.fw /etc/fw/pf.fw
|
||||
# files: firewall109.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -401,7 +401,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:21 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:26 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:23 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:28 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall11.fw /etc/firewall11.fw
|
||||
# files: firewall11.conf /etc/firewall11.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:23 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:28 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:24 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:28 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall110.fw /etc/fw/firewall110.fw
|
||||
# files: firewall110.conf /etc/fw/firewall110.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:24 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:28 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:24 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:29 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall111.fw /etc/fw/firewall111.fw
|
||||
# files: firewall111.conf /etc/fw/firewall111.conf
|
||||
@ -86,7 +86,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:24 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:29 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -10,8 +10,8 @@ table <tbl.r4> { 22.22.22.22 , 22.22.23.22 }
|
||||
rdr proto tcp from any to <tbl.r4> port 80 -> 127.0.0.1 port 8080
|
||||
#
|
||||
# Rule 7 (NAT)
|
||||
nat on en0 proto udp from any port 6767 to any -> 22.22.22.22 port 67
|
||||
nat on en1 proto udp from any port 6767 to any -> 22.22.23.22 port 67
|
||||
nat on en0 proto udp from any port 6767 to any -> (en0) port 67
|
||||
nat on en1 proto udp from any port 6767 to any -> (en1) port 67
|
||||
#
|
||||
# Rule 9 (NAT)
|
||||
rdr proto tcp from any to any port 80 -> 127.0.0.1 port 8080
|
||||
@ -19,33 +19,33 @@ rdr proto tcp from any to any port 80 -> 127.0.0.1 port 8080
|
||||
# Rule 10 (NAT)
|
||||
# SDNAT
|
||||
rdr proto tcp from any to <tbl.r4> port 22 -> 192.168.1.10 port 22
|
||||
nat on en0 proto tcp from any to 192.168.1.10 port 22 -> 22.22.22.22
|
||||
nat on en1 proto tcp from any to 192.168.1.10 port 22 -> 22.22.23.22
|
||||
nat on en0 proto tcp from any to 192.168.1.10 port 22 -> (en0)
|
||||
nat on en1 proto tcp from any to 192.168.1.10 port 22 -> (en1)
|
||||
#
|
||||
# Rule 11 (NAT)
|
||||
# SDNAT with source port
|
||||
rdr proto udp from any port 123 to <tbl.r4> -> 192.168.1.10
|
||||
nat on en0 proto udp from any port 123 to 192.168.1.10 -> 22.22.22.22 port 5050
|
||||
nat on en1 proto udp from any port 123 to 192.168.1.10 -> 22.22.23.22 port 5050
|
||||
nat on en0 proto udp from any port 123 to 192.168.1.10 -> (en0) port 5050
|
||||
nat on en1 proto udp from any port 123 to 192.168.1.10 -> (en1) port 5050
|
||||
#
|
||||
# Rule 12 (NAT)
|
||||
# SDNAT with dest port
|
||||
rdr proto udp from 192.168.1.0/24 to any port 53 -> 192.168.1.10 port 1053
|
||||
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22
|
||||
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22
|
||||
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en0)
|
||||
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en1)
|
||||
#
|
||||
# Rule 13 (NAT)
|
||||
# SDNAT
|
||||
# translate src and dst addresses
|
||||
# and src and dst ports
|
||||
rdr proto udp from 192.168.1.0/24 port 1024:65535 to any port 53 -> 192.168.1.10 port 1053
|
||||
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22 port 32767:*
|
||||
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22 port 32767:*
|
||||
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en0) port 32767:*
|
||||
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en1) port 32767:*
|
||||
#
|
||||
# Rule 14 (NAT)
|
||||
# Matches destination port, translates source port
|
||||
nat on en0 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.22.22 port 5050
|
||||
nat on en1 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.23.22 port 5050
|
||||
nat on en0 proto udp from 192.168.1.0/24 to any port 53 -> (en0) port 5050
|
||||
nat on en1 proto udp from 192.168.1.0/24 to any port 53 -> (en1) port 5050
|
||||
|
||||
#
|
||||
# Rule 0 (global)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:25 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:29 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall12.fw /etc/fw/firewall12.fw
|
||||
# files: firewall12.conf /etc/fw/firewall12.conf
|
||||
@ -165,7 +165,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:25 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:29 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:25 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:29 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall13.fw /etc/fw/firewall13.fw
|
||||
# files: firewall13.conf /etc/fw/firewall13.conf
|
||||
@ -88,7 +88,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:25 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:29 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:26 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:30 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall14-1.fw /etc/firewall14-1.fw
|
||||
# files: firewall14-1.conf /etc/firewall14-1.conf
|
||||
@ -248,7 +248,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:26 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:30 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:26 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:30 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall14.fw /etc/firewall14.fw
|
||||
# files: firewall14.conf /etc/firewall14.conf
|
||||
@ -248,7 +248,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:26 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:30 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -53,7 +53,7 @@ no nat proto tcp from any to 22.22.22.22
|
||||
no rdr proto tcp from any to 22.22.22.22
|
||||
#
|
||||
# Rule 11 (NAT)
|
||||
rdr proto tcp from any to 22.22.22.22 port 1080 -> { 192.168.1.10 , 192.168.1.20 } port 1080
|
||||
rdr proto tcp from any to (eth1) port 1080 -> { 192.168.1.10 , 192.168.1.20 } port 1080
|
||||
#
|
||||
# Rule 14 (NAT)
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.0/28
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:28 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:32 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
|
||||
# files: firewall2-1.conf /etc/fw/firewall2-1.conf
|
||||
@ -88,7 +88,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:28 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:32 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:28 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:33 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall2-6.fw /etc/firewall2-6.fw
|
||||
# files: firewall2-6.conf /etc/firewall2-6.conf
|
||||
@ -170,7 +170,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:28 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:33 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -24,16 +24,17 @@ scrub out all random-id min-ttl 32 max-mss 1460
|
||||
|
||||
# Tables: (4)
|
||||
table <tbl.r1> { 192.168.1.10 , 192.168.1.20 }
|
||||
table <tbl.r16> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 }
|
||||
table <tbl.r16> { eth4 , 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 }
|
||||
table <tbl.r29> { 192.168.1.0/24 , 192.168.2.0/24 }
|
||||
table <tbl.r5.s> { self , 192.168.1.0/24 }
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1)
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth3)
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth2)
|
||||
nat on eth4 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth4)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat proto {tcp udp icmp} from <tbl.r1> to any -> 22.22.22.23
|
||||
@ -42,10 +43,11 @@ nat proto {tcp udp icmp} from <tbl.r1> to any -> 22.22.22.23
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to <tbl.r1> -> 192.168.1.1
|
||||
#
|
||||
# Rule 3 (NAT)
|
||||
nat on eth0 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.1.1
|
||||
nat on eth1 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.22.22
|
||||
nat on eth3 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.23.23
|
||||
nat on eth2 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.2.1
|
||||
nat on eth0 proto tcp from 192.168.1.0/24 to any port 80 -> (eth0)
|
||||
nat on eth1 proto tcp from 192.168.1.0/24 to any port 80 -> (eth1)
|
||||
nat on eth3 proto tcp from 192.168.1.0/24 to any port 80 -> (eth3)
|
||||
nat on eth2 proto tcp from 192.168.1.0/24 to any port 80 -> (eth2)
|
||||
nat on eth4 proto tcp from 192.168.1.0/24 to any port 80 -> (eth4)
|
||||
#
|
||||
# Rule 4 (NAT)
|
||||
nat proto tcp from <tbl.r1> to any port 80 -> 22.22.22.23
|
||||
@ -54,10 +56,11 @@ nat proto tcp from <tbl.r1> to any port 80 -> 22.22.22.23
|
||||
nat proto tcp from 192.168.1.0/24 to <tbl.r1> port 80 -> 192.168.1.1
|
||||
#
|
||||
# Rule 6 (NAT)
|
||||
nat on eth0 proto 47 from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
nat on eth3 proto 47 from 192.168.1.0/24 to any -> 22.22.23.23
|
||||
nat on eth2 proto 47 from 192.168.1.0/24 to any -> 192.168.2.1
|
||||
nat on eth0 proto 47 from 192.168.1.0/24 to any -> (eth0)
|
||||
nat on eth1 proto 47 from 192.168.1.0/24 to any -> (eth1)
|
||||
nat on eth3 proto 47 from 192.168.1.0/24 to any -> (eth3)
|
||||
nat on eth2 proto 47 from 192.168.1.0/24 to any -> (eth2)
|
||||
nat on eth4 proto 47 from 192.168.1.0/24 to any -> (eth4)
|
||||
#
|
||||
# Rule 7 (NAT)
|
||||
nat proto icmp from <tbl.r1> to any -> 22.22.22.23
|
||||
@ -110,7 +113,7 @@ rdr proto tcp from any to 22.22.22.23 port 80 -> 192.168.1.10 port 25
|
||||
rdr proto tcp from 192.168.1.0/24 to any port 80 -> 127.0.0.1 port 80
|
||||
#
|
||||
# Rule 26 (NAT)
|
||||
rdr proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.1.1 port 80
|
||||
rdr proto tcp from 192.168.1.0/24 to any port 80 -> (eth0) port 80
|
||||
#
|
||||
# Rule 27 (NAT)
|
||||
rdr proto tcp from any to <tbl.r16> port 1080 -> 127.0.0.1 port 80
|
||||
@ -145,6 +148,12 @@ nat on eth1 proto tcp from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
nat on eth1 proto udp from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
nat on eth1 proto icmp from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
#
|
||||
# Rule 34 (NAT)
|
||||
nat on eth0 proto tcp from 192.168.1.0/24 to any port 80 -> (eth0)
|
||||
#
|
||||
# Rule 35 (NAT)
|
||||
nat on eth4 proto tcp from 192.168.1.0/24 to any port 80 -> (eth4)
|
||||
|
||||
# Policy compiler errors and warnings:
|
||||
# firewall2:Policy:12: warning: Changing rule direction due to self reference
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:27 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:31 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall2.fw /etc/fw/firewall2.fw
|
||||
# files: firewall2.conf /etc/fw/firewall2.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:31 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -3,17 +3,18 @@
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on dc2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on { dc0 dc1 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 10.1.1.1 , 222.222.222.20 , 222.222.222.21 }
|
||||
nat on dc2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (dc2)
|
||||
nat on dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (dc0)
|
||||
nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (dc1)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20
|
||||
nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (dc1)
|
||||
#
|
||||
# Rule 2 (NAT)
|
||||
nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20
|
||||
#
|
||||
# Rule 3 (NAT)
|
||||
nat on dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.21
|
||||
nat on dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
|
||||
|
||||
#
|
||||
# Rule 0 (dc0)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:27 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:31 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall20.fw /etc/fw/firewall20.fw
|
||||
# files: firewall20.conf /etc/fw/firewall20.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:31 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Rule NAT_1 0 (NAT)
|
||||
nat on en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1
|
||||
nat on en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en1)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0)
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:27 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:32 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall21.fw /etc/fw/firewall21.fw
|
||||
# files: firewall21.conf /etc/fw/firewall21.conf
|
||||
@ -81,7 +81,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:32 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Rule NAT_1 0 (NAT)
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1
|
||||
nat on en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en1)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0)
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:28 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:33 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall22.fw /etc/fw/firewall22.fw
|
||||
# files: firewall22.conf /etc/fw/firewall22.conf
|
||||
@ -80,7 +80,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:28 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:33 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -22,7 +22,7 @@ scrub out all random-id
|
||||
nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.21
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 22.22.22.21 , 22.22.22.22 } bitmask
|
||||
nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le0) bitmask
|
||||
#
|
||||
# Rule 2 (NAT)
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.0/28 source-hash
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:29 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:34 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall3.fw /etc/firewall3.fw
|
||||
# files: firewall3.conf /etc/firewall3.conf
|
||||
@ -165,7 +165,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:29 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:34 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:29 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:34 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall33.fw /etc/fw/firewall33.fw
|
||||
# files: firewall33.conf /etc/fw/firewall33.conf
|
||||
@ -168,7 +168,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:29 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:34 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -30,7 +30,7 @@ no nat proto {tcp udp icmp} from 192.168.1.0/24 to <block these>
|
||||
no rdr proto {tcp udp icmp} from 192.168.1.0/24 to <block these>
|
||||
#
|
||||
# Rule 6 (NAT)
|
||||
rdr proto {tcp udp icmp} from 192.168.1.0/24 to <block these> -> 127.0.0.1
|
||||
rdr proto {tcp udp icmp} from 192.168.1.0/24 to <block these> -> (lo)
|
||||
|
||||
#
|
||||
# Rule 0 (global)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:30 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:35 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall34.fw /etc/fw/firewall34.fw
|
||||
# files: firewall34.conf /etc/fw/firewall34.conf
|
||||
@ -164,7 +164,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:30 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:35 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,12 +7,12 @@ scrub in all fragment reassemble
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1
|
||||
nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le0)
|
||||
nat on enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (enc1)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on le0 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.1.1
|
||||
nat on enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.2.1
|
||||
nat on le0 from 192.168.1.0/24 to any tagged ipsec_tag -> (le0)
|
||||
nat on enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> (enc1)
|
||||
|
||||
#
|
||||
# Rule 0 (le0)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:30 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:35 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall38.fw /etc/fw/firewall38.fw
|
||||
# files: firewall38.conf /etc/fw/firewall38.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:30 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:35 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,12 +7,12 @@ scrub in all fragment reassemble
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1
|
||||
nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le0)
|
||||
nat on enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (enc1)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on le0 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.1.1
|
||||
nat on enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.2.1
|
||||
nat on le0 from 192.168.1.0/24 to any tagged ipsec_tag -> (le0)
|
||||
nat on enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> (enc1)
|
||||
|
||||
#
|
||||
# Rule 0 (le0)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:31 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:35 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall39.fw pf.fw
|
||||
# files: firewall39.conf pf.conf
|
||||
@ -79,7 +79,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:31 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:35 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -19,16 +19,16 @@ table <tbl.r6.s> { 192.168.1.10 , 192.168.1.20 }
|
||||
#
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.10 to any -> 192.168.1.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth0)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth1)
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.10 to any -> 192.168.2.1
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.10 to any -> 222.222.222.222
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth2)
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth3)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth0)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth1)
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 222.222.222.222
|
||||
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth2)
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth3)
|
||||
#
|
||||
# Rule 2 (NAT)
|
||||
rdr proto tcp from any to <tbl.r2> port 22 -> 192.168.1.10 port 22
|
||||
@ -36,10 +36,10 @@ rdr proto tcp from any to <tbl.r2> port 22 -> 192.168.1.10 port 22
|
||||
# Rule 3 (NAT)
|
||||
# SDNAT rule
|
||||
rdr on eth3 proto tcp from 192.168.1.0/24 to 222.222.222.222 port 80 -> 192.168.1.10 port 80
|
||||
nat on eth0 proto tcp from 192.168.1.0/24 to 192.168.1.10 port 80 -> 192.168.1.1
|
||||
nat on eth0 proto tcp from 192.168.1.0/24 to 192.168.1.10 port 80 -> (eth0)
|
||||
#
|
||||
# Rule 4 (NAT)
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222
|
||||
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth3)
|
||||
#
|
||||
# Rule 5 (NAT)
|
||||
# eth1 is dynamic
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:31 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:36 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall4.fw pf.fw
|
||||
# files: firewall4.conf /etc/fw/pf.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:31 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:36 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -5,12 +5,12 @@
|
||||
# Rule 0 (NAT)
|
||||
# Translate source address
|
||||
# for outgoing connections
|
||||
nat on le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1
|
||||
nat on le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le1)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
# Translate source address
|
||||
# for outgoing connections
|
||||
nat on le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.3.1
|
||||
nat on le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le2)
|
||||
|
||||
# Policy compiler errors and warnings:
|
||||
# firewall40-1:Policy:9: error: Only one router specified with load balancing for rule action Route: 'route_through'
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:32 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:37 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall40-1.fw /etc/firewall40-1.fw
|
||||
# files: firewall40-1.conf /etc/firewall40-1.conf
|
||||
@ -182,7 +182,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:32 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:37 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -5,12 +5,12 @@
|
||||
# Rule 0 (NAT)
|
||||
# Translate source address
|
||||
# for outgoing connections
|
||||
nat on le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1
|
||||
nat on le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le1)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
# Translate source address
|
||||
# for outgoing connections
|
||||
nat on le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.3.1
|
||||
nat on le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le2)
|
||||
|
||||
#
|
||||
# Rule 0 (lo0)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:32 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:36 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall40.fw /etc/firewall40.fw
|
||||
# files: firewall40.conf /etc/firewall40.conf
|
||||
@ -166,7 +166,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:32 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:36 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:33 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:37 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall41.fw /etc/firewall41.fw
|
||||
# files: firewall41.conf /etc/firewall41.conf
|
||||
@ -169,7 +169,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:33 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:37 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:33 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:37 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall5.fw /etc/fw/firewall5.fw
|
||||
# files: firewall5.conf /etc/fw/firewall5.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:33 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:37 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:33 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:38 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall51.fw /etc/fw/firewall51.fw
|
||||
# files: firewall51.conf /etc/fw/firewall51.conf
|
||||
@ -80,7 +80,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:33 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:38 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:34 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:38 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall6.fw /etc/fw/firewall6.fw
|
||||
# files: firewall6.conf /etc/fw/firewall6.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:34 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:38 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:34 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:39 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall62.fw /etc/firewall62.fw
|
||||
# files: firewall62.conf /etc/firewall62.conf
|
||||
@ -191,7 +191,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "en1 222.222.222.222/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:34 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:39 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:34 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:39 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall63.fw /etc/fw/firewall63.fw
|
||||
# files: firewall63.conf /etc/fw/firewall63.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:34 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:39 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:35 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:40 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall7.fw /etc/fw/firewall7.fw
|
||||
# files: firewall7.conf /etc/fw/firewall7.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:35 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:40 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:35 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:40 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall70.fw /etc/fw/firewall70.fw
|
||||
# files: firewall70.conf /etc/fw/firewall70.conf
|
||||
@ -82,7 +82,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:35 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:40 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -8,12 +8,12 @@ table <tbl.r4.d> { 33.33.33.33 , 33.33.33.34 }
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 33.33.33.33 , 33.33.33.34 }
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
nat on ppp0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (ppp0)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 33.33.33.33 , 33.33.33.34 }
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1)
|
||||
#
|
||||
# Rule 2 (NAT)
|
||||
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 33.33.33.33
|
||||
@ -34,7 +34,7 @@ rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22
|
||||
rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22
|
||||
#
|
||||
# Rule 8 (NAT)
|
||||
rdr proto tcp from 192.168.1.0/24 to any port 80 -> 33.33.33.34 port 80
|
||||
rdr proto tcp from 192.168.1.0/24 to any port 80 -> (eth1) port 80
|
||||
|
||||
#
|
||||
# Rule 0 (global)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:36 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:41 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall8.fw /etc/firewall8.fw
|
||||
# files: firewall8.conf /etc/firewall8.conf
|
||||
@ -72,7 +72,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:36 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:41 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:37 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:41 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall80-4.5.fw /etc/firewall80-4.5.fw
|
||||
# files: firewall80-4.5.conf /etc/firewall80-4.5.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:37 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:41 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:36 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:41 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall80.fw /etc/firewall80.fw
|
||||
# files: firewall80.conf /etc/firewall80.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:36 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:41 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0)
|
||||
|
||||
#
|
||||
# Rule 0 (eth0)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:37 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:42 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall9.fw /etc/fw/firewall9.fw
|
||||
# files: firewall9.conf /etc/fw/firewall9.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:37 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:42 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:38 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:42 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall91.fw /etc/fw/pf.fw
|
||||
# files: firewall91.conf /etc/fw/pf.conf
|
||||
@ -247,7 +247,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:38 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:42 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -11,7 +11,7 @@ match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
# firewall92:NAT:2: error: No translation rules are not supported for PF 4.7, use negation to implement exclusions
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
match out on em0 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.81
|
||||
match out on em0 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to (em0)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
match in on em0 proto udp from ! 10.3.14.41 to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161
|
||||
@ -20,7 +20,7 @@ match in on em0 proto udp from ! 10.3.14.41 to 10.3.14.81 port 161 rdr-to 10.1.
|
||||
match in on em0 proto udp from any to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161
|
||||
#
|
||||
# Rule 4 (NAT)
|
||||
match out on em1 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.81
|
||||
match out on em1 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to (em0)
|
||||
#
|
||||
# Rule 5 (NAT)
|
||||
match out on ! em0 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.201
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:38 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:42 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall92.fw /etc/fw/pf.fw
|
||||
# files: firewall92.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -166,7 +166,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:38 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:42 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="21" lastModified="1305062906" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="21" lastModified="1307149160" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -4434,7 +4434,7 @@
|
||||
<Option name="use_tables">True</Option>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall id="id3AFB66C6" host_OS="openbsd" inactive="False" lastCompiled="1261961536" lastInstalled="0" lastModified="1297365393" platform="pf" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
|
||||
<Firewall id="id3AFB66C6" host_OS="openbsd" inactive="False" lastCompiled="1261961536" lastInstalled="0" lastModified="1307149256" platform="pf" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
|
||||
<NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id3AFB66C8" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
@ -5392,6 +5392,60 @@
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id96271X9659" disabled="False" group="" position="34" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="tcp-HTTP"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="id3AFB6703"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id68651X9659" disabled="False" group="" position="35" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="tcp-HTTP"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="id68617X9659"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id3AFB66E4" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
@ -5742,6 +5796,11 @@
|
||||
<IPv4 id="id3CD2449F-ipv4" name="lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Interface id="id68617X9659" dedicated_failover="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth4" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="type">ethernet</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Management address="192.168.2.1">
|
||||
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
|
||||
<FWBDManagement enabled="True" identity="" port="9999"/>
|
||||
@ -16244,7 +16303,7 @@
|
||||
<Option name="use_tables">True</Option>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall id="id14540X3490" host_OS="openbsd" inactive="False" lastCompiled="1226899264" lastInstalled="0" lastModified="1226899257" platform="pf" version="" name="firewall20" comment="firewall using proxy arp" ro="False">
|
||||
<Firewall id="id14540X3490" host_OS="openbsd" inactive="False" lastCompiled="1226899264" lastInstalled="0" lastModified="1307151609" platform="pf" version="" name="firewall20" comment="firewall using proxy arp" ro="False">
|
||||
<NAT id="id14569X3490" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id32714X3490" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
@ -16428,7 +16487,7 @@
|
||||
</Interface>
|
||||
<Interface id="id14574X3490" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="dc0" comment="" ro="False">
|
||||
<IPv4 id="id14576X3490" name="firewall20:dc0:ip" comment="" ro="False" address="10.1.1.1" netmask="255.255.255.0"/>
|
||||
<IPv4 id="id63095X3490" name="firewall20:dc0:ip-1" comment="" ro="False" address="222.222.222.21" netmask="255.255.255.240"/>
|
||||
<IPv4 id="id63095X3490" name="firewall20:dc0:ip-1" comment="" ro="False" address="222.222.222.40" netmask="255.255.255.240"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Interface id="id14577X3490" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="dc1" comment="" ro="False">
|
||||
@ -18856,7 +18915,7 @@
|
||||
<Option name="use_tables">True</Option>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall id="id19695X55350" host_OS="freebsd" inactive="False" lastCompiled="1258397758" lastInstalled="0" lastModified="1258397753" platform="pf" version="4.3" name="firewall22" comment="branching in NAT rules PF v4.3 and later" ro="False">
|
||||
<Firewall id="id19695X55350" host_OS="freebsd" inactive="False" lastCompiled="1258397758" lastInstalled="0" lastModified="1307152273" platform="pf" version="4.3" name="firewall22" comment="branching in NAT rules PF v4.3 and later" ro="False">
|
||||
<NAT id="id19729X55350" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id19730X55350" disabled="False" group="" position="0" action="NATBranch" comment="">
|
||||
<OSrc neg="False">
|
||||
@ -18935,7 +18994,7 @@
|
||||
</ItfOutb>
|
||||
<NATRuleOptions>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="branch_id">id28067X46601</Option>
|
||||
<Option name="branch_id">id19772X55350</Option>
|
||||
<Option name="classify_str"></Option>
|
||||
<Option name="custom_str"></Option>
|
||||
<Option name="ipf_route_opt_addr"></Option>
|
||||
@ -18985,7 +19044,7 @@
|
||||
</ItfOutb>
|
||||
<NATRuleOptions>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="branch_id">id28067X46601</Option>
|
||||
<Option name="branch_id">id19772X55350</Option>
|
||||
<Option name="classify_str"></Option>
|
||||
<Option name="custom_str"></Option>
|
||||
<Option name="ipf_route_opt_addr"></Option>
|
||||
|
||||
@ -8,7 +8,7 @@ table <tbl.r2.s> { 172.24.0.1 , 172.24.0.2 }
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (carp0)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
@ -17,13 +17,13 @@ nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
#
|
||||
# Rule 3 (NAT)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 }
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { (en0) , (en0) }
|
||||
#
|
||||
# Rule 4 (NAT)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.2
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0)
|
||||
#
|
||||
# Rule 5 (NAT)
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.3
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0)
|
||||
#
|
||||
# Rule 6 (NAT)
|
||||
rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw
|
||||
# files: pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf
|
||||
@ -299,7 +299,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:44 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -8,7 +8,7 @@ table <tbl.r2.s> { 172.24.0.1 , 172.24.0.3 }
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (carp0)
|
||||
#
|
||||
# Rule 1 (NAT)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
@ -17,13 +17,13 @@ nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
#
|
||||
# Rule 3 (NAT)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 }
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { (en0) , (en0) }
|
||||
#
|
||||
# Rule 4 (NAT)
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.2
|
||||
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0)
|
||||
#
|
||||
# Rule 5 (NAT)
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.3
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0)
|
||||
#
|
||||
# Rule 6 (NAT)
|
||||
rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw
|
||||
# files: pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf
|
||||
@ -195,7 +195,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:44 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw
|
||||
# files: pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf
|
||||
@ -301,7 +301,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:44 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw
|
||||
# files: pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf
|
||||
@ -197,7 +197,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:44 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw
|
||||
# files: pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf
|
||||
@ -302,7 +302,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:44 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw
|
||||
# files: pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf
|
||||
@ -199,7 +199,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:44 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:45 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
|
||||
# files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
# Rule 0 (NAT)
|
||||
# rule is attached to physical interface en0
|
||||
# but uses address of carp0 for translation
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (carp0)
|
||||
|
||||
#
|
||||
# Rule -3 CARP (automatic)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:45 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_5_openbsd-3.fw /etc/pf_cluster_5_openbsd-3.fw
|
||||
# files: pf_cluster_5_openbsd-3.conf /etc/pf_cluster_5_openbsd-3.conf
|
||||
@ -302,7 +302,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:45 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
# Rule 0 (NAT)
|
||||
# rule is attached to physical interface en0
|
||||
# but uses address of carp0 for translation
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
|
||||
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (carp0)
|
||||
|
||||
#
|
||||
# Rule -3 CARP (automatic)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v5.0.0.3547
|
||||
#
|
||||
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
|
||||
# Generated Fri Jun 3 18:57:45 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_5_openbsd-4.fw /etc/pf_cluster_5_openbsd-4.fw
|
||||
# files: pf_cluster_5_openbsd-4.conf /etc/pf_cluster_5_openbsd-4.conf
|
||||
@ -199,7 +199,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim"
|
||||
log "Activating firewall script generated Fri Jun 3 18:57:45 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user