onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-25 04:37:22 +01:00
Code Issues Releases Wiki Activity

* pix.g (static_command_common_last_parameters): see #2314 "Import

Browse Source 
of static NAT statements drops netmask value and uses host
instead".  "Netmask" parameter of a "static" command applies to
the real address.
This commit is contained in:
Vadim Kurland 2011-04-05 20:15:02 -07:00
parent d5f95e0f2a
commit 6f79c1d644
5 changed files with 127 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/ChangeLog
View File

@ -1,5 +1,10 @@
2011-04-05 vadim <vadim@netcitadel.com>
* pix.g (static_command_common_last_parameters): see #2314 "Import
of static NAT statements drops netmask value and uses host
instead". "Netmask" parameter of a "static" command applies to
the real address.
* PIXImporterNat.cpp (buildDNATRule): see #2313 "NAT with
access-list destination address and original service not set".
"Nat" and "static" commands that use access-list should import all

18
src/parsers/PIXCfgLexer.cpp
View File

@ -538,7 +538,7 @@ void PIXCfgLexer::mNEWLINE(bool _createToken) {
}
if ( inputState->guessing==0 ) {
#line 2430 "pix.g"
#line 2435 "pix.g"
newline();
#line 544 "PIXCfgLexer.cpp"
}
@ -662,7 +662,7 @@ void PIXCfgLexer::mWhitespace(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 2425 "pix.g"
#line 2430 "pix.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 668 "PIXCfgLexer.cpp"
}
@ -813,7 +813,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
match("oup");
}
if ( inputState->guessing==0 ) {
#line 2482 "pix.g"
#line 2487 "pix.g"
_ttype = OBJECT_GROUP;
#line 819 "PIXCfgLexer.cpp"
}
@ -821,7 +821,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
else {
match("");
if ( inputState->guessing==0 ) {
#line 2484 "pix.g"
#line 2489 "pix.g"
_ttype = OBJECT;
#line 827 "PIXCfgLexer.cpp"
}
@ -975,7 +975,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 2475 "pix.g"
#line 2480 "pix.g"
_ttype = IPV6;
#line 981 "PIXCfgLexer.cpp"
}
@ -1122,7 +1122,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 2463 "pix.g"
#line 2468 "pix.g"
_ttype = IPV4;
#line 1128 "PIXCfgLexer.cpp"
}
@ -1205,7 +1205,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 2466 "pix.g"
#line 2471 "pix.g"
_ttype = NUMBER;
#line 1211 "PIXCfgLexer.cpp"
}
@ -1226,7 +1226,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
_loop333:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 2468 "pix.g"
#line 2473 "pix.g"
_ttype = INT_CONST;
#line 1232 "PIXCfgLexer.cpp"
}
@ -1488,7 +1488,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
_loop353:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 2493 "pix.g"
#line 2498 "pix.g"
_ttype = WORD;
#line 1494 "PIXCfgLexer.cpp"
}

43
src/parsers/PIXCfgParser.cpp
View File

@ -6859,7 +6859,7 @@ void PIXCfgParser::static_starts_with_tcp_udp() {
}
}
if ( inputState->guessing==0 ) {
#line 2143 "pix.g"
#line 2147 "pix.g"
importer->protocol = LT(0)->getText();
*dbg << " SERVICE TCP/UDP " << LT(0)->getText() << " ";
@ -6869,7 +6869,7 @@ void PIXCfgParser::static_starts_with_tcp_udp() {
static_mapped_addr_match();
tcp_udp_port_spec();
if ( inputState->guessing==0 ) {
#line 2157 "pix.g"
#line 2161 "pix.g"
importer->mapped_port_spec = importer->tmp_port_spec_2;
*dbg << "mapped port " << importer->mapped_port_spec << " ";
@ -6879,7 +6879,7 @@ void PIXCfgParser::static_starts_with_tcp_udp() {
static_real_addr_match();
tcp_udp_port_spec();
if ( inputState->guessing==0 ) {
#line 2172 "pix.g"
#line 2176 "pix.g"
importer->real_port_spec = importer->tmp_port_spec_2;
*dbg << "real port " << importer->real_port_spec << " ";
@ -6923,8 +6923,9 @@ void PIXCfgParser::static_mapped_addr_match() {
importer->mapped_a = importer->tmp_a;
importer->mapped_nm = importer->tmp_nm;
*dbg << "mapped: " << importer->mapped_a;
#line 6928 "PIXCfgParser.cpp"
#line 6929 "PIXCfgParser.cpp"
}
break;
}
@ -6932,12 +6933,13 @@ void PIXCfgParser::static_mapped_addr_match() {
{
match(INTRFACE);
if ( inputState->guessing==0 ) {
#line 2120 "pix.g"
#line 2121 "pix.g"
importer->mapped_a = "interface";
importer->mapped_nm = "";
*dbg << "mapped: " << importer->mapped_a;
#line 6941 "PIXCfgParser.cpp"
#line 6943 "PIXCfgParser.cpp"
}
break;
}
@ -6969,12 +6971,13 @@ void PIXCfgParser::static_real_addr_match() {
{
single_addr();
if ( inputState->guessing==0 ) {
#line 2130 "pix.g"
#line 2132 "pix.g"
importer->real_a = importer->tmp_a;
importer->real_nm = importer->tmp_nm;
*dbg << "real: " << importer->real_a;
#line 6978 "PIXCfgParser.cpp"
#line 6981 "PIXCfgParser.cpp"
}
break;
}
@ -6984,11 +6987,12 @@ void PIXCfgParser::static_real_addr_match() {
acl_name = LT(1);
match(WORD);
if ( inputState->guessing==0 ) {
#line 2136 "pix.g"
#line 2139 "pix.g"
importer->real_addr_acl = acl_name->getText();
*dbg << "real: " << importer->real_addr_acl;
#line 6992 "PIXCfgParser.cpp"
#line 6996 "PIXCfgParser.cpp"
}
break;
}
@ -7020,12 +7024,12 @@ void PIXCfgParser::static_command_common_last_parameters() {
{
match(DNS);
if ( inputState->guessing==0 ) {
#line 2190 "pix.g"
#line 2194 "pix.g"
importer->addMessageToLog(
QString("Warning: 'static' command option 'dns' is not supported"));
#line 7029 "PIXCfgParser.cpp"
#line 7033 "PIXCfgParser.cpp"
}
break;
}
@ -7033,12 +7037,12 @@ void PIXCfgParser::static_command_common_last_parameters() {
{
match(NORANDOMSEQ);
if ( inputState->guessing==0 ) {
#line 2196 "pix.g"
#line 2200 "pix.g"
importer->addMessageToLog(
QString("Warning: 'static' command option 'norandomseq' is not supported"));
#line 7042 "PIXCfgParser.cpp"
#line 7046 "PIXCfgParser.cpp"
}
break;
}
@ -7048,11 +7052,12 @@ void PIXCfgParser::static_command_common_last_parameters() {
nm = LT(1);
match(IPV4);
if ( inputState->guessing==0 ) {
#line 2202 "pix.g"
#line 2206 "pix.g"
importer->mapped_nm = nm->getText();
importer->real_nm = nm->getText();
*dbg << "real netmask: " << importer->real_nm;
#line 7056 "PIXCfgParser.cpp"
#line 7061 "PIXCfgParser.cpp"
}
break;
}
@ -7097,13 +7102,13 @@ void PIXCfgParser::static_command_common_last_parameters() {
}
if ( inputState->guessing==0 ) {
#line 2208 "pix.g"
#line 2213 "pix.g"
importer->static_max_conn = max_conn->getText();
if (max_emb_conn)
importer->static_max_emb_conn = max_emb_conn->getText();
#line 7107 "PIXCfgParser.cpp"
#line 7112 "PIXCfgParser.cpp"
}
break;
}

7
src/parsers/pix.g
View File

@ -2114,12 +2114,14 @@ static_mapped_addr_match :
{
importer->mapped_a = importer->tmp_a;
importer->mapped_nm = importer->tmp_nm;
*dbg << "mapped: " << importer->mapped_a;
}
|
INTRFACE
{
importer->mapped_a = "interface";
importer->mapped_nm = "";
*dbg << "mapped: " << importer->mapped_a;
}
)
;
@ -2130,11 +2132,13 @@ static_real_addr_match :
{
importer->real_a = importer->tmp_a;
importer->real_nm = importer->tmp_nm;
*dbg << "real: " << importer->real_a;
}
|
ACCESS_LIST acl_name:WORD
{
importer->real_addr_acl = acl_name->getText();
*dbg << "real: " << importer->real_addr_acl;
}
)
;
@ -2200,7 +2204,8 @@ static_command_common_last_parameters :
|
NETMASK nm:IPV4
{
importer->mapped_nm = nm->getText();
importer->real_nm = nm->getText();
*dbg << "real netmask: " << importer->real_nm;
}
|
(TCP | UDP)?

166
src/unit_tests/PIXImporterTest/test_data/pix7-nat.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302058658" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302059684" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -445,48 +445,48 @@
<IPv4 id="id13" name="h-10.1.1.20" comment="Created during import of line 111" ro="False" address="10.1.1.20" netmask="255.255.255.255"/>
<IPv4 id="id14" name="h-10.1.1.1" comment="Created during import of line 146" ro="False" address="10.1.1.1" netmask="255.255.255.255"/>
<IPv4 id="id15" name="h-192.0.2.10" comment="Created during import of line 146" ro="False" address="192.0.2.10" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-10.1.1.16" comment="Created during import of line 151" ro="False" address="10.1.1.16" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-10.0.0.16" comment="Created during import of line 151" ro="False" address="10.0.0.16" netmask="255.255.255.255"/>
<IPv4 id="id17" name="h-10.0.0.100" comment="Created during import of line 152" ro="False" address="10.0.0.100" netmask="255.255.255.255"/>
<IPv4 id="id18" name="h-10.1.1.100" comment="Created during import of line 152" ro="False" address="10.1.1.100" netmask="255.255.255.255"/>
<IPv4 id="id19" name="h-10.1.1.111" comment="Created during import of line 153" ro="False" address="10.1.1.111" netmask="255.255.255.255"/>
<IPv4 id="id20" name="h-10.5.80.200" comment="Created during import of line 155" ro="False" address="10.5.80.200" netmask="255.255.255.255"/>
<IPv4 id="id21" name="h-10.10.1.200" comment="Created during import of line 155" ro="False" address="10.10.1.200" netmask="255.255.255.255"/>
<IPv4 id="id22" name="h-192.0.2.15" comment="Created during import of line 161" ro="False" address="192.0.2.15" netmask="255.255.255.255"/>
<IPv4 id="id23" name="h-192.0.2.100" comment="Created during import of line 209" ro="False" address="192.0.2.100" netmask="255.255.255.255"/>
<IPv4 id="id20" name="h-10.5.80.16" comment="Created during import of line 154" ro="False" address="10.5.80.16" netmask="255.255.255.255"/>
<IPv4 id="id21" name="h-10.5.80.200" comment="Created during import of line 155" ro="False" address="10.5.80.200" netmask="255.255.255.255"/>
<IPv4 id="id22" name="h-10.10.1.200" comment="Created during import of line 155" ro="False" address="10.10.1.200" netmask="255.255.255.255"/>
<IPv4 id="id23" name="h-192.0.2.15" comment="Created during import of line 161" ro="False" address="192.0.2.15" netmask="255.255.255.255"/>
<IPv4 id="id24" name="h-192.0.2.100" comment="Created during import of line 209" ro="False" address="192.0.2.100" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id24" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id25" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id26" name="Groups" comment="" ro="False">
<ObjectGroup id="id27" name="outside.id12051X6282.src.net.0" comment="Created during import of line 71" ro="False">
<ObjectGroup id="id25" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id26" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id27" name="Groups" comment="" ro="False">
<ObjectGroup id="id28" name="outside.id12051X6282.src.net.0" comment="Created during import of line 71" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id4"/>
</ObjectGroup>
<ObjectGroup id="id30" name="outside.id12051X6282.src.net.1" comment="Created during import of line 74" ro="False">
<ObjectGroup id="id31" name="outside.id12051X6282.src.net.1" comment="Created during import of line 74" ro="False">
<ObjectRef ref="id5"/>
<ObjectRef ref="id6"/>
<ObjectRef ref="id7"/>
<ObjectRef ref="id8"/>
</ObjectGroup>
<ObjectGroup id="id35" name="outside.id12051X6282.src.net.2" comment="Created during import of line 79" ro="False">
<ObjectGroup id="id36" name="outside.id12051X6282.src.net.2" comment="Created during import of line 79" ro="False">
<ObjectRef ref="id9"/>
<ObjectRef ref="id10"/>
</ObjectGroup>
<ObjectGroup id="id38" name="network-zone-inside" comment="Created during import of line 83" ro="False">
<ObjectRef ref="id44"/>
</ObjectGroup>
<ObjectGroup id="id40" name="network-zone-dmz20" comment="Created during import of line 85" ro="False">
<ObjectGroup id="id39" name="network-zone-inside" comment="Created during import of line 83" ro="False">
<ObjectRef ref="id45"/>
</ObjectGroup>
<ObjectGroup id="id41" name="network-zone-dmz20" comment="Created during import of line 85" ro="False">
<ObjectRef ref="id46"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id42" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id43" name="Networks" comment="" ro="False">
<Network id="id44" name="net-10.1.1.0/255.255.255.0" comment="Created during import of line 84" ro="False" address="10.1.1.0" netmask="255.255.255.0"/>
<Network id="id45" name="net-10.0.0.0/255.255.255.0" comment="Created during import of line 86" ro="False" address="10.0.0.0" netmask="255.255.255.0"/>
<Network id="id46" name="net-192.0.2.128/255.255.255.240" comment="Created during import of line 146" ro="False" address="192.0.2.128" netmask="255.255.255.240"/>
<Network id="id47" name="net-10.0.0.128/255.255.255.240" comment="Created during import of line 146" ro="False" address="10.0.0.128" netmask="255.255.255.240"/>
<Network id="id48" name="net-10.1.1.32/255.255.255.240" comment="Created during import of line 147" ro="False" address="10.1.1.32" netmask="255.255.255.240"/>
<Network id="id49" name="net-10.0.0.16/255.255.255.240" comment="Created during import of line 151" ro="False" address="10.0.0.16" netmask="255.255.255.240"/>
<Network id="id50" name="net-10.5.80.16/255.255.255.240" comment="Created during import of line 154" ro="False" address="10.5.80.16" netmask="255.255.255.240"/>
<ObjectGroup id="id43" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id44" name="Networks" comment="" ro="False">
<Network id="id45" name="net-10.1.1.0/255.255.255.0" comment="Created during import of line 84" ro="False" address="10.1.1.0" netmask="255.255.255.0"/>
<Network id="id46" name="net-10.0.0.0/255.255.255.0" comment="Created during import of line 86" ro="False" address="10.0.0.0" netmask="255.255.255.0"/>
<Network id="id47" name="net-192.0.2.128/255.255.255.240" comment="Created during import of line 146" ro="False" address="192.0.2.128" netmask="255.255.255.240"/>
<Network id="id48" name="net-10.0.0.128/255.255.255.240" comment="Created during import of line 146" ro="False" address="10.0.0.128" netmask="255.255.255.240"/>
<Network id="id49" name="net-10.1.1.32/255.255.255.240" comment="Created during import of line 147" ro="False" address="10.1.1.32" netmask="255.255.255.240"/>
<Network id="id50" name="net-10.1.1.16/255.255.255.240" comment="Created during import of line 151" ro="False" address="10.1.1.16" netmask="255.255.255.240"/>
<Network id="id51" name="net-10.1.2.0/255.255.255.0" comment="Created during import of line 208" ro="False" address="10.1.2.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id52" name="Address Ranges" comment="" ro="False">
@ -518,7 +518,7 @@
<NAT id="id279" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id282" disabled="False" group="" position="0" action="Translate" comment="Created during import of line 139">
<OSrc neg="False">
<ObjectRef ref="id44"/>
<ObjectRef ref="id45"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
@ -608,7 +608,7 @@
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id46"/>
<ObjectRef ref="id47"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -635,7 +635,7 @@
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id48"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -653,7 +653,7 @@
</NATRule>
<NATRule id="id372" disabled="False" group="" position="5" action="Translate" comment="Created during import of line 147">
<OSrc neg="False">
<ObjectRef ref="id48"/>
<ObjectRef ref="id49"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
@ -680,7 +680,7 @@
</NATRule>
<NATRule id="id390" disabled="False" group="" position="6" action="Translate" comment="Created during import of line 147">
<OSrc neg="False">
<ObjectRef ref="id48"/>
<ObjectRef ref="id49"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
@ -707,34 +707,7 @@
</NATRule>
<NATRule id="id408" disabled="False" group="" position="7" action="Translate" comment="Created during import of line 147">
<OSrc neg="False">
<ObjectRef ref="id48"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id46"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id426" disabled="False" group="" position="8" action="Translate" comment="Created during import of line 147">
<OSrc neg="False">
<ObjectRef ref="id48"/>
<ObjectRef ref="id49"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
@ -754,6 +727,33 @@
<ItfInb neg="False">
<ObjectRef ref="id636"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id426" disabled="False" group="" position="8" action="Translate" comment="Created during import of line 147">
<OSrc neg="False">
<ObjectRef ref="id49"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id48"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id633"/>
</ItfOutb>
@ -761,7 +761,7 @@
</NATRule>
<NATRule id="id444" disabled="False" group="" position="9" action="Translate" comment="Created during import of line 149">
<OSrc neg="False">
<ObjectRef ref="id44"/>
<ObjectRef ref="id45"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id12"/>
@ -791,7 +791,7 @@
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id49"/>
<ObjectRef ref="id16"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
@ -800,7 +800,7 @@
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id16"/>
<ObjectRef ref="id50"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
@ -872,7 +872,7 @@
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id50"/>
<ObjectRef ref="id20"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id61"/>
@ -881,7 +881,7 @@
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id16"/>
<ObjectRef ref="id50"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id62"/>
@ -899,7 +899,7 @@
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20"/>
<ObjectRef ref="id21"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id61"/>
@ -908,7 +908,7 @@
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id21"/>
<ObjectRef ref="id22"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id62"/>
@ -1009,7 +1009,7 @@
<ObjectRef ref="id12"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id22"/>
<ObjectRef ref="id23"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id58"/>
@ -1036,7 +1036,7 @@
<Policy id="id73" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id75" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Imported from ssh_commands_outside&#10;Created during import of line 209">
<Src neg="False">
<ObjectRef ref="id23"/>
<ObjectRef ref="id24"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id71"/>
@ -1056,7 +1056,7 @@
</PolicyRule>
<PolicyRule id="id87" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of line 207">
<Src neg="False">
<ObjectRef ref="id44"/>
<ObjectRef ref="id45"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id71"/>
@ -1099,7 +1099,7 @@
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id27"/>
<ObjectRef ref="id28"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
@ -1120,7 +1120,7 @@
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
@ -1141,7 +1141,7 @@
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id35"/>
<ObjectRef ref="id36"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
@ -1159,7 +1159,7 @@
</PolicyRule>
<PolicyRule id="id147" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 101">
<Src neg="False">
<ObjectRef ref="id44"/>
<ObjectRef ref="id45"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
@ -1200,10 +1200,10 @@
</PolicyRule>
<PolicyRule id="id171" disabled="False" group="" log="True" position="8" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 93">
<Src neg="False">
<ObjectRef ref="id27"/>
<ObjectRef ref="id28"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id44"/>
<ObjectRef ref="id45"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id66"/>
@ -1221,10 +1221,10 @@
</PolicyRule>
<PolicyRule id="id183" disabled="False" group="" log="True" position="9" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 94">
<Src neg="False">
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id44"/>
<ObjectRef ref="id45"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id66"/>
@ -1242,10 +1242,10 @@
</PolicyRule>
<PolicyRule id="id195" disabled="False" group="" log="True" position="10" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 95">
<Src neg="False">
<ObjectRef ref="id35"/>
<ObjectRef ref="id36"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id44"/>
<ObjectRef ref="id45"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id66"/>
@ -1263,7 +1263,7 @@
</PolicyRule>
<PolicyRule id="id207" disabled="False" group="" log="False" position="11" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 96">
<Src neg="False">
<ObjectRef ref="id44"/>
<ObjectRef ref="id45"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
@ -1304,7 +1304,7 @@
</PolicyRule>
<PolicyRule id="id231" disabled="False" group="" log="True" position="13" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 89">
<Src neg="False">
<ObjectRef ref="id27"/>
<ObjectRef ref="id28"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
@ -1325,7 +1325,7 @@
</PolicyRule>
<PolicyRule id="id243" disabled="False" group="" log="True" position="14" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 90">
<Src neg="False">
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
@ -1346,7 +1346,7 @@
</PolicyRule>
<PolicyRule id="id255" disabled="False" group="" log="True" position="15" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 91">
<Src neg="False">
<ObjectRef ref="id35"/>
<ObjectRef ref="id36"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
@ -1367,7 +1367,7 @@
</PolicyRule>
<PolicyRule id="id267" disabled="False" group="" log="True" position="16" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 92">
<Src neg="False">
<ObjectRef ref="id44"/>
<ObjectRef ref="id45"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>