see #2220 AutomaticRuls classes for iosacl, pix, procurve_acl

src/cisco_lib/AutomaticRules_cisco.cpp

@@ -0,0 +1,80 @@
+/* 
+
+                          Firewall Builder
+
+                 Copyright (C) 2011 NetCitadel, LLC
+
+  Author:  Vadim Kurland     vadim@fwbuilder.org
+
+  This program is free software which we release under the GNU General Public
+  License. You may redistribute and/or modify this program under the terms
+  of that license as published by the Free Software Foundation; either
+  version 2 of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+ 
+  To get a copy of the GNU General Public License, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+#include "AutomaticRules_cisco.h"
+
+#include "fwbuilder/Address.h"
+#include "fwbuilder/FWException.h"
+#include "fwbuilder/FWObjectDatabase.h"
+#include "fwbuilder/FailoverClusterGroup.h"
+#include "fwbuilder/Firewall.h"
+#include "fwbuilder/IPService.h"
+#include "fwbuilder/Interface.h"
+#include "fwbuilder/Library.h"
+#include "fwbuilder/Network.h"
+#include "fwbuilder/Policy.h"
+#include "fwbuilder/Resources.h"
+#include "fwbuilder/Rule.h"
+#include "fwbuilder/RuleElement.h"
+#include "fwbuilder/StateSyncClusterGroup.h"
+#include "fwbuilder/TCPService.h"
+#include "fwbuilder/UDPService.h"
+
+#include <QString>
+
+
+using namespace fwcompiler;
+using namespace libfwbuilder;
+using namespace std;
+
+
+void AutomaticRules_cisco::addSshAccessRule()
+{
+    if (ruleset == NULL) return;
+
+    FWOptions *fwopt = fw->getOptionsObject();
+
+    if (fwopt->getBool("mgmt_ssh") && ! fwopt->getStr("mgmt_addr").empty())
+    {
+        TCPService *ssh = ruleset->getRoot()->createTCPService();
+        ssh->setDstRangeStart(22);
+        ssh->setDstRangeEnd(22);
+        persistent_objects->add(ssh, false);
+
+        TCPService *ssh_rev = ruleset->getRoot()->createTCPService();
+        ssh_rev->setSrcRangeStart(22);
+        ssh_rev->setSrcRangeEnd(22);
+        persistent_objects->add(ssh_rev, false);
+
+        Network *mgmt_workstation = ruleset->getRoot()->createNetwork();
+        mgmt_workstation->setAddressNetmask(fwopt->getStr("mgmt_addr"));
+
+        persistent_objects->add(mgmt_workstation, false);
+
+        addMgmtRule(
+            mgmt_workstation, fw, ssh,
+            NULL, PolicyRule::Inbound, PolicyRule::Accept,
+            "backup ssh access rule");
+    }
+}
+

src/cisco_lib/AutomaticRules_cisco.h

@@ -0,0 +1,57 @@
+/* 
+
+                          Firewall Builder
+
+                 Copyright (C) 2011 NetCitadel, LLC
+
+  Author:  Vadim Kurland     vadim@fwbuilder.org
+
+  This program is free software which we release under the GNU General Public
+  License. You may redistribute and/or modify this program under the terms
+  of that license as published by the Free Software Foundation; either
+  version 2 of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+ 
+  To get a copy of the GNU General Public License, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+#ifndef __AUTOMATICRULES_CISCO_HH__
+#define __AUTOMATICRULES_CISCO_HH__
+
+#include "AutomaticRules.h"
+
+
+namespace libfwbuilder
+{
+    class Address;
+    class Firewall;
+    class Interface;
+    class Service;
+};
+
+namespace fwcompiler
+{
+    
+    class AutomaticRules_cisco : public AutomaticRules
+    {
+
+    public:
+
+        AutomaticRules_cisco(libfwbuilder::Firewall *fw,
+                   libfwbuilder::Library *presistent_objects) : 
+            AutomaticRules(fw, presistent_objects) {}
+    
+        void addSshAccessRule();
+        
+    };
+
+};
+
+
+#endif

src/cisco_lib/AutomaticRules_iosacl.cpp

@@ -0,0 +1,83 @@
+/* 
+
+                          Firewall Builder
+
+                 Copyright (C) 2011 NetCitadel, LLC
+
+  Author:  Vadim Kurland     vadim@fwbuilder.org
+
+  This program is free software which we release under the GNU General Public
+  License. You may redistribute and/or modify this program under the terms
+  of that license as published by the Free Software Foundation; either
+  version 2 of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+ 
+  To get a copy of the GNU General Public License, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+#include "AutomaticRules_iosacl.h"
+
+#include "fwbuilder/Address.h"
+#include "fwbuilder/FWException.h"
+#include "fwbuilder/FWObjectDatabase.h"
+#include "fwbuilder/FailoverClusterGroup.h"
+#include "fwbuilder/Firewall.h"
+#include "fwbuilder/IPService.h"
+#include "fwbuilder/Interface.h"
+#include "fwbuilder/Library.h"
+#include "fwbuilder/Network.h"
+#include "fwbuilder/Policy.h"
+#include "fwbuilder/Resources.h"
+#include "fwbuilder/Rule.h"
+#include "fwbuilder/RuleElement.h"
+#include "fwbuilder/StateSyncClusterGroup.h"
+#include "fwbuilder/TCPService.h"
+#include "fwbuilder/UDPService.h"
+
+#include <QString>
+
+
+using namespace fwcompiler;
+using namespace libfwbuilder;
+using namespace std;
+
+
+void AutomaticRules_iosacl::addSshAccessRule()
+{
+    if (ruleset == NULL) return;
+
+    FWOptions *fwopt = fw->getOptionsObject();
+
+    if (fwopt->getBool("mgmt_ssh") && ! fwopt->getStr("mgmt_addr").empty())
+    {
+        AutomaticRules_cisco::addSshAccessRule();
+
+        /*
+         * AutomaticRules_cisco::addDefaultPolicyRule() adds a rule to
+         * permit backup ssh access to the firewall. Since IOS ACL are
+         * stateless, we need to add another rule to permit reply
+         * packets.
+         */
+        TCPService *ssh_rev = ruleset->getRoot()->createTCPService();
+        ssh_rev->setSrcRangeStart(22);
+        ssh_rev->setSrcRangeEnd(22);
+        persistent_objects->add(ssh_rev, false);
+
+        Network *mgmt_workstation = ruleset->getRoot()->createNetwork();
+        mgmt_workstation->setAddressNetmask(fwopt->getStr("mgmt_addr"));
+
+        persistent_objects->add(mgmt_workstation, false);
+
+        addMgmtRule(
+            fw, mgmt_workstation, ssh_rev,
+            NULL, PolicyRule::Outbound, PolicyRule::Accept,
+            "backup ssh access rule (out)");
+    }
+}
+

src/cisco_lib/AutomaticRules_iosacl.h

@@ -0,0 +1,57 @@
+/* 
+
+                          Firewall Builder
+
+                 Copyright (C) 2011 NetCitadel, LLC
+
+  Author:  Vadim Kurland     vadim@fwbuilder.org
+
+  This program is free software which we release under the GNU General Public
+  License. You may redistribute and/or modify this program under the terms
+  of that license as published by the Free Software Foundation; either
+  version 2 of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+ 
+  To get a copy of the GNU General Public License, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+#ifndef __AUTOMATICRULES_IOSACL_HH__
+#define __AUTOMATICRULES_IOSACL_HH__
+
+#include "AutomaticRules_cisco.h"
+
+
+namespace libfwbuilder
+{
+    class Address;
+    class Firewall;
+    class Interface;
+    class Service;
+};
+
+namespace fwcompiler
+{
+    
+    class AutomaticRules_iosacl : public AutomaticRules_cisco
+    {
+
+    public:
+
+        AutomaticRules_iosacl(libfwbuilder::Firewall *fw,
+                   libfwbuilder::Library *presistent_objects) : 
+            AutomaticRules_cisco(fw, presistent_objects) {}
+    
+        void addSshAccessRule();
+        
+    };
+
+};
+
+
+#endif

src/cisco_lib/CompilerDriver_iosacl_run.cpp

@@ -37,6 +37,7 @@
 #include <iomanip>
 
 #include "CompilerDriver_iosacl.h"
+#include "AutomaticRules_iosacl.h"
 
 #include "PolicyCompiler_iosacl.h"
 #include "RoutingCompiler_iosacl.h"
@@ -177,6 +178,15 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
 
         list<FWObject*> all_policies = fw->getByType(Policy::TYPENAME);
 
+        try
+        {
+            AutomaticRules_iosacl auto_rules(fw, persistent_objects);
+            auto_rules.addSshAccessRule();
+        } catch (FWException &ex)
+        {
+            abort(ex.toString());
+        }
+
         // assign unique rule ids that later will be used to generate
         // chain names.  This should be done after calls to
         // findImportedRuleSets()

src/cisco_lib/CompilerDriver_pix_run.cpp

@@ -45,6 +45,7 @@
 #include "NamedObjectsAndGroupsSupport.h"
 #include "NamedObjectsManagerPIX.h"
 #include "NamedObjectsManagerASA8.h"
+#include "AutomaticRules_cisco.h"
 
 #include "Helper.h"
 
@@ -352,6 +353,16 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
          std::sort(fw->begin(), fw->end(), sort_by_net_zone() );
         */
 
+
+        try
+        {
+            AutomaticRules_cisco auto_rules(fw, persistent_objects);
+            auto_rules.addSshAccessRule();
+        } catch (FWException &ex)
+        {
+            abort(ex.toString());
+        }
+
         std::auto_ptr<Preprocessor> prep(
             new Preprocessor(objdb , fw, false));
         if (inTestMode()) prep->setTestMode();

src/cisco_lib/CompilerDriver_procurve_acl_run.cpp

@@ -37,6 +37,7 @@
 #include <iomanip>
 
 #include "CompilerDriver_procurve_acl.h"
+#include "AutomaticRules_iosacl.h"
 
 #include "PolicyCompiler_procurve_acl.h"
 #include "RoutingCompiler_procurve_acl.h"
@@ -165,6 +166,15 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
 
         list<FWObject*> all_policies = fw->getByType(Policy::TYPENAME);
 
+        try
+        {
+            AutomaticRules_iosacl auto_rules(fw, persistent_objects);
+            auto_rules.addSshAccessRule();
+        } catch (FWException &ex)
+        {
+            abort(ex.toString());
+        }
+
         // assign unique rule ids that later will be used to generate
         // chain names.  This should be done after calls to
         // findImportedRuleSets()

src/cisco_lib/PolicyCompiler_cisco.cpp

@@ -148,37 +148,6 @@ string PolicyCompiler_cisco::debugPrintRule(Rule *r)
 }
 
 
-void PolicyCompiler_cisco::addDefaultPolicyRule()
-{
-/*
- * set up backup ssh access to the firewall if told to do so
- */
-    if ( getCachedFwOpt()->getBool("mgmt_ssh") &&
-         !getCachedFwOpt()->getStr("mgmt_addr").empty() )
-    {
-        TCPService *ssh = dbcopy->createTCPService();
-        ssh->setDstRangeStart(22);
-        ssh->setDstRangeEnd(22);
-        persistent_objects->add(ssh, false);
-
-        TCPService *ssh_rev = dbcopy->createTCPService();
-        ssh_rev->setSrcRangeStart(22);
-        ssh_rev->setSrcRangeEnd(22);
-        persistent_objects->add(ssh_rev, false);
-
-        Network *mgmt_workstation = dbcopy->createNetwork();
-        mgmt_workstation->setAddressNetmask(
-            getCachedFwOpt()->getStr("mgmt_addr"));
-
-        persistent_objects->add(mgmt_workstation, false);
-
-        PolicyCompiler::addMgmtRule(
-            mgmt_workstation, fw, ssh,
-            NULL, PolicyRule::Inbound, PolicyRule::Accept,
-            "backup ssh access rule");
-    }
-}
-
 bool PolicyCompiler_cisco::splitIfSrcAny::processNext()
 {
     PolicyRule *rule=getNext(); if (rule==NULL) return false;

src/cisco_lib/PolicyCompiler_cisco.h

@@ -55,15 +55,6 @@ namespace fwcompiler {
 
 protected:
 
-	/**
-	 * our firewall policy must block everything by default even
-	 * if there are no rules. In iptables we do this by setting
-	 * default chain policies to DROP. Here we do this by adding
-	 * this unconditional blocking rule in the end. See also comment
-	 * in the code regarding "pass_all_out" option
-	 */
-	virtual void addDefaultPolicyRule();
-
         /**
          * prints rule in some universal format (close to that visible
          * to user in the GUI). Used for debugging purposes. This method

src/cisco_lib/PolicyCompiler_iosacl.cpp

@@ -95,36 +95,6 @@ int PolicyCompiler_iosacl::prolog()
     return PolicyCompiler::prolog();
 }
 
-void PolicyCompiler_iosacl::addDefaultPolicyRule()
-{
-    PolicyCompiler_cisco::addDefaultPolicyRule();
-
-/*
- * PolicyCompiler_cisco::addDefaultPolicyRule() adds a rule to permit
- * backup ssh access to the firewall. Since IOS ACL are stateless, we
- * need to add another rule to permit reply packets.
- */
-    if ( getCachedFwOpt()->getBool("mgmt_ssh") &&
-         !getCachedFwOpt()->getStr("mgmt_addr").empty() )
-    {
-        TCPService *ssh_rev = dbcopy->createTCPService();
-        ssh_rev->setSrcRangeStart(22);
-        ssh_rev->setSrcRangeEnd(22);
-        persistent_objects->add(ssh_rev, false);
-
-        Network *mgmt_workstation = dbcopy->createNetwork();
-        mgmt_workstation->setAddressNetmask(
-            getCachedFwOpt()->getStr("mgmt_addr"));
-
-        persistent_objects->add(mgmt_workstation, false);
-
-        PolicyCompiler::addMgmtRule(
-            fw, mgmt_workstation, ssh_rev,
-            NULL, PolicyRule::Outbound, PolicyRule::Accept,
-            "backup ssh access rule (out)");
-    }
-}
-
 bool PolicyCompiler_iosacl::checkForDynamicInterface::findDynamicInterface(
     PolicyRule *rule, RuleElement *rel)
 {
@@ -312,8 +282,6 @@ void PolicyCompiler_iosacl::compile()
 
     Compiler::compile();
 
-    addDefaultPolicyRule();
-
     if ( fw->getOptionsObject()->getBool ("check_shading") &&
          ! inSingleRuleCompileMode())
     {

src/cisco_lib/PolicyCompiler_iosacl.h

@@ -57,8 +57,6 @@ namespace fwcompiler {
 
         std::string comment_symbol;
         
-	virtual void addDefaultPolicyRule();
-
         /**
          * dynamic interfaces can not be used in policy rules in IOS ACLs
          */

src/cisco_lib/PolicyCompiler_pix.cpp

@@ -440,8 +440,6 @@ void PolicyCompiler_pix::compile()
 
     Compiler::compile();
 
-    addDefaultPolicyRule();
-
     if ( fw->getOptionsObject()->getBool ("check_shading") &&
          ! inSingleRuleCompileMode())
     {

src/cisco_lib/cisco_lib.pro

@@ -54,7 +54,9 @@ SOURCES	 =  PolicyCompiler_cisco.cpp           \
 			PolicyCompiler_pix_v6_acls.cpp   \
 			PolicyCompiler_pix_replace_translations.cpp   \
 			RoutingCompiler_pix.cpp          \
-			RoutingCompiler_pix_writers.cpp
+			RoutingCompiler_pix_writers.cpp  \
+			AutomaticRules_cisco.cpp         \
+			AutomaticRules_iosacl.cpp
 
 HEADERS	 = ../../config.h                   \
 			splitByNetworkZonesForRE.h      \
@@ -89,6 +91,9 @@ HEADERS	 = ../../config.h                   \
 			IOSObjectGroup.h                \
 			PolicyCompiler_pix.h            \
 			RoutingCompiler_pix.h           \
+			AutomaticRules_cisco.h          \
+			AutomaticRules_iosacl.h
+
 
 macx:LIBS  += $$LIBS_FWCOMPILER
 

test/iosacl/auto-interface-test.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:47 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:13 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !

test/iosacl/c3620.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:47 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:13 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !

test/iosacl/ccie4u-r1.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:48 2011 PST by vadim
+!  Generated Sat Mar 12 16:09:13 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
@@ -60,10 +60,10 @@ interface FastEthernet0/0
   no ip access-group out
   ip access-group tmp_acl in
 exit
-no ip access-list extended r1-ipv4_fe0_0_in
-no ip access-list extended r1-ipv4_fe0_0_out
-no ip access-list extended r1-ipv4_fe0_1_in
-no ip access-list extended r1-ipv4_fe0_1_out
+no ip access-list extended fe0_0_in
+no ip access-list extended fe0_0_out
+no ip access-list extended fe0_1_in
+no ip access-list extended fe0_1_out
 no ipv6 access-list ipv6_fe0_0_in
 no ipv6 access-list ipv6_fe0_0_out
 no ipv6 access-list ipv6_fe0_1_in
@@ -72,7 +72,7 @@ no ipv6 access-list ipv6_fe0_1_out
 ! ================ IPv4
 
 
-ip access-list extended r1-ipv4_fe0_0_in
+ip access-list extended fe0_0_in
 ! 
 ! Rule  -1 backup ssh access rule (automatic)
   permit tcp  host 10.1.1.100 host 10.1.1.1 eq 22 
@@ -89,7 +89,7 @@ ip access-list extended r1-ipv4_fe0_0_in
   permit icmp  host 192.168.1.0 any  8 
 exit
 
-ip access-list extended r1-ipv4_fe0_0_out
+ip access-list extended fe0_0_out
 ! 
 ! Rule  -2 backup ssh access rule (out) (automatic)
   permit tcp  host 10.1.1.1 eq 22 host 10.1.1.100 
@@ -106,7 +106,7 @@ ip access-list extended r1-ipv4_fe0_0_out
   permit icmp  host 192.168.1.0 any  8 
 exit
 
-ip access-list extended r1-ipv4_fe0_1_in
+ip access-list extended fe0_1_in
 ! 
 ! Rule  -1 backup ssh access rule (automatic)
   permit tcp  host 10.1.1.100 host 10.1.1.1 eq 22 
@@ -123,7 +123,7 @@ ip access-list extended r1-ipv4_fe0_1_in
   permit icmp  host 192.168.1.0 any  8 
 exit
 
-ip access-list extended r1-ipv4_fe0_1_out
+ip access-list extended fe0_1_out
 ! 
 ! Rule  -2 backup ssh access rule (out) (automatic)
   permit tcp  host 10.1.1.1 eq 22 host 10.1.1.100 
@@ -141,6 +141,18 @@ ip access-list extended r1-ipv4_fe0_1_out
 exit
 
 
+interface FastEthernet0/0
+  ip access-group fe0_0_in in
+exit
+interface FastEthernet0/0
+  ip access-group fe0_0_out out
+exit
+interface FastEthernet0/1
+  ip access-group fe0_1_in in
+exit
+interface FastEthernet0/1
+  ip access-group fe0_1_out out
+exit
 
 
 

test/iosacl/dynamips1-og.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:48 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:13 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !

test/iosacl/firewall-ipv6-1.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:48 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:13 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !

test/iosacl/firewall-ipv6-2.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:48 2011 PST by vadim
+!  Generated Sat Mar 12 16:10:42 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
@@ -58,15 +58,15 @@ interface Ethernet0/0
   no ip access-group out
   ip access-group tmp_acl in
 exit
-no ip access-list extended fw-ipv6-2-ipv4_e0_0_in
-no ip access-list extended fw-ipv6-2-ipv4_e0_0_out
+no ip access-list extended e0_0_in
+no ip access-list extended e0_0_out
 no ipv6 access-list ipv6_e0_0_in
 no ipv6 access-list ipv6_e0_0_out
 
 ! ================ IPv4
 
 
-ip access-list extended fw-ipv6-2-ipv4_e0_0_in
+ip access-list extended e0_0_in
 ! 
 ! Rule  -1 backup ssh access rule (automatic)
   permit tcp  host 1.1.1.100 host 1.1.1.1 eq 22 
@@ -76,7 +76,7 @@ ip access-list extended fw-ipv6-2-ipv4_e0_0_in
   permit 50  host 192.168.1.0 any  dscp af12 
 exit
 
-ip access-list extended fw-ipv6-2-ipv4_e0_0_out
+ip access-list extended e0_0_out
 ! 
 ! Rule  -2 backup ssh access rule (out) (automatic)
   permit tcp  host 1.1.1.1 eq 22 host 1.1.1.100 
@@ -87,6 +87,12 @@ ip access-list extended fw-ipv6-2-ipv4_e0_0_out
 exit
 
 
+interface Ethernet0/0
+  ip access-group e0_0_in in
+exit
+interface Ethernet0/0
+  ip access-group e0_0_out out
+exit
 
 
 

test/iosacl/firewall-ipv6-3.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:49 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:13 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !

test/iosacl/testios1-1.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:49 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !

test/iosacl/testios1.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:49 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !

test/iosacl/testios2.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:49 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !

test/iosacl/testios20-v12.3.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:49 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.3
 !

test/iosacl/testios20.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:49 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !

test/iosacl/testios3.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:50 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !

test/iosacl/testios4.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:50 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !

test/iosacl/testios5-1.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:50 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:15 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !

test/iosacl/testios5.fw.orig

@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_iosacl v4.2.0.3499
 !
-!  Generated Fri Mar 11 12:19:50 2011 PST by vadim
+!  Generated Sat Mar 12 16:07:15 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !