onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 18:57:14 +01:00
Code Issues Releases Wiki Activity

refs #1908 "ASA NAT - cannot configure static NAT translations with (inside,outside)". Added radio buttons

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-12 15:03:57 -08:00
parent a3d7e3d89b
commit 77ae2185f2
43 changed files with 303 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
doc/ChangeLog
View File

@ -3,17 +3,16 @@
* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1908 "ASA NAT -
cannot configure static NAT translations with (inside,outside)".
Added NAT rule option to make source nat rules "static". The
option is presented to the user as a checkbox in a NAT rule
options dialog which is only enabled when platform is "pix" and
version >= 8.3. Policy compiler generates "twice nat" rules with
keyword "static" in the following cases: when TSrc is "original",
so the rule translates destination and not source or when numbers
of ip addresses represented by OSrc and TSrc are equal. If TSrc is
not "original" and represents different number of ip addresses
than OSrc, compiler looks at the new rule option. If the checkbox
is turned off, then it generates "twice nat" rule with option
"dynamic". If the checkbox is turned on, then it generates the
rule with option "static".
option is presented to the user as three radio buttons in the NAT
rule options dialog which is only enabled when platform is "pix"
and version >= 8.3. Policy compiler generates "twice nat" rules
with keyword "static" in the following cases: when TSrc is
"original", so the rule translates destination and not source or
when numbers of ip addresses represented by OSrc and TSrc are
equal. If TSrc is not "original" and represents different number
of ip addresses than OSrc, compiler looks at the new rule
option. User can use or override automatic algorithm using radio
buttons in the NAT rule options dialog.
* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1902 "Add NAT
rule option "translate dns" for PIX". The option is only available

32
src/cisco_lib/ASA8TwiceNatLogic.cpp
View File

@ -26,6 +26,8 @@
#include "fwbuilder/RuleElement.h"
#include "fwbuilder/FWOptions.h"
#include <QtDebug>
using namespace libfwbuilder;
using namespace std;
@ -36,19 +38,17 @@ ASA8TwiceNatStaticLogic::ASA8TwiceNatStaticLogic(NATRule *_rule)
rule = _rule;
}
bool ASA8TwiceNatStaticLogic::isStatic()
ASA8TwiceNatStaticLogic::TwiceNatRuleType ASA8TwiceNatStaticLogic::getAutomaticType()
{
RuleElementOSrc *osrc_re = rule->getOSrc();
assert(osrc_re!=NULL);
Address *osrc = Address::cast(FWReference::getObject(osrc_re->front()));
RuleElementOSrc *tsrc_re = rule->getOSrc();
RuleElementTSrc *tsrc_re = rule->getTSrc();
assert(tsrc_re!=NULL);
Address *tsrc = Address::cast(FWReference::getObject(tsrc_re->front()));
FWOptions *ropt = rule->getOptionsObject();
if (tsrc->isAny()) return true;
if (tsrc->isAny()) return STATIC;
else
{
/*
@ -56,12 +56,20 @@ bool ASA8TwiceNatStaticLogic::isStatic()
* that in TSrc, then use "static". Otherwise use "dynamic". However if
* rule option "asa8_nat_static" is true, use "static".
*/
if (osrc->dimension() == tsrc->dimension()) return true;
else
{
if (ropt->getBool("asa8_nat_static")) return true;
else return false;
}
if (osrc->dimension() == tsrc->dimension()) return STATIC;
else return DYNAMIC;
}
return false;
return DYNAMIC;
}
ASA8TwiceNatStaticLogic::TwiceNatRuleType ASA8TwiceNatStaticLogic::getType()
{
TwiceNatRuleType res = getAutomaticType();
FWOptions *ropt = rule->getOptionsObject();
if (ropt->getBool("asa8_nat_dynamic")) res = DYNAMIC;
if (ropt->getBool("asa8_nat_static")) res = STATIC;
return res;
}

8
src/cisco_lib/ASA8TwiceNatLogic.h
View File

@ -30,12 +30,14 @@
class ASA8TwiceNatStaticLogic
{
libfwbuilder::NATRule *rule;
public:
enum TwiceNatRuleType {STATIC, DYNAMIC};
ASA8TwiceNatStaticLogic(libfwbuilder::NATRule *rule);
bool isStatic();
TwiceNatRuleType getAutomaticType();
TwiceNatRuleType getType();
};
#endif

11
src/cisco_lib/NATCompiler_asa8_writers.cpp
View File

@ -206,8 +206,15 @@ void NATCompiler_asa8::PrintRule::printSDNAT(NATRule *rule)
cmd << "source";
if (ASA8TwiceNatStaticLogic(rule).isStatic()) cmd << "static";
else cmd << "ddynamic";
switch (ASA8TwiceNatStaticLogic(rule).getType())
{
case ASA8TwiceNatStaticLogic::STATIC:
cmd << "static";
break;
case ASA8TwiceNatStaticLogic::DYNAMIC:
cmd << "dynamic";
break;
}
cmd << pix_comp->getASA8Object(osrc)->getCommandWord();
if (tsrc->isAny())

72
src/libgui/NATRuleOptionsDialog.cpp
View File

@ -38,6 +38,8 @@
#include "fwbuilder/FWOptions.h"
#include "fwbuilder/Resources.h"
#include "../cisco_lib/ASA8TwiceNatLogic.h"
#include <memory>
#include <qpushbutton.h>
@ -103,18 +105,21 @@ void NATRuleOptionsDialog::loadFWObject(FWObject *o)
{
data.registerOption(m_dialog->ipt_use_snat_instead_of_masq, ropt,
"ipt_use_snat_instead_of_masq");
data.registerOption(m_dialog->ipt_nat_random, ropt, "ipt_nat_random");
data.registerOption(m_dialog->ipt_nat_persistent,ropt,"ipt_nat_persistent");
data.registerOption(m_dialog->ipt_nat_random, ropt,
"ipt_nat_random");
data.registerOption(m_dialog->ipt_nat_persistent, ropt,
"ipt_nat_persistent");
}
if (platform=="pf")
{
data.registerOption(m_dialog->pf_pool_type_none, ropt, "pf_pool_type_none");
data.registerOption(m_dialog->pf_bitmask , ropt, "pf_bitmask" );
data.registerOption(m_dialog->pf_random , ropt, "pf_random" );
data.registerOption(m_dialog->pf_source_hash , ropt, "pf_source_hash" );
data.registerOption(m_dialog->pf_round_robin , ropt, "pf_round_robin" );
data.registerOption(m_dialog->pf_static_port , ropt, "pf_static_port" );
data.registerOption(m_dialog->pf_pool_type_none, ropt,
"pf_pool_type_none");
data.registerOption(m_dialog->pf_bitmask, ropt, "pf_bitmask");
data.registerOption(m_dialog->pf_random, ropt, "pf_random");
data.registerOption(m_dialog->pf_source_hash, ropt, "pf_source_hash");
data.registerOption(m_dialog->pf_round_robin, ropt, "pf_round_robin");
data.registerOption(m_dialog->pf_static_port, ropt, "pf_static_port");
}
if (platform=="pix" || platform=="fwsm")
@ -122,12 +127,54 @@ void NATRuleOptionsDialog::loadFWObject(FWObject *o)
if (libfwbuilder::XMLTools::version_compare(version,"8.3")>=0)
{
m_dialog->asa8_nat_dns->setEnabled(true);
m_dialog->asa8_nat_auto->setEnabled(true);
m_dialog->asa8_nat_dynamic->setEnabled(true);
m_dialog->asa8_nat_static->setEnabled(true);
data.registerOption(m_dialog->asa8_nat_dns, ropt, "asa8_nat_dns");
data.registerOption(m_dialog->asa8_nat_static, ropt, "asa8_nat_static");
data.registerOption(m_dialog->asa8_nat_dns, ropt,
"asa8_nat_dns");
NATRule *nat_rule = NATRule::cast(rule);
ASA8TwiceNatStaticLogic twice_nat_logic(nat_rule);
// set asa8_nat_auto to True if none of these are set yet
if (!ropt->getBool("asa8_nat_dynamic") &&
!ropt->getBool("asa8_nat_static"))
{
ropt->setBool("asa8_nat_auto", true);
}
data.registerOption(m_dialog->asa8_nat_auto, ropt,
"asa8_nat_auto");
data.registerOption(m_dialog->asa8_nat_dynamic, ropt,
"asa8_nat_dynamic");
data.registerOption(m_dialog->asa8_nat_static, ropt,
"asa8_nat_static");
// update text label of radio button asa8_nat_auto
QString rule_state_auto;
switch (twice_nat_logic.getAutomaticType())
{
case ASA8TwiceNatStaticLogic::STATIC:
rule_state_auto = "static";
break;
case ASA8TwiceNatStaticLogic::DYNAMIC:
rule_state_auto = "dynamic";
break;
}
QString button_txt = tr(
"Automatically detect NAT type \"static\" or \"dynamic\". "
"This rule is currently set to type \"%1\"");
m_dialog->asa8_nat_auto->setText(button_txt.arg(rule_state_auto));
} else
{
m_dialog->asa8_nat_dns->setEnabled(false);
m_dialog->asa8_nat_auto->setEnabled(false);
m_dialog->asa8_nat_dynamic->setEnabled(false);
m_dialog->asa8_nat_static->setEnabled(false);
}
}
@ -140,13 +187,14 @@ void NATRuleOptionsDialog::loadFWObject(FWObject *o)
void NATRuleOptionsDialog::validate(bool *res)
{
*res=true;
*res = true;
}
void NATRuleOptionsDialog::applyChanges()
{
std::auto_ptr<FWCmdRuleChange> cmd(
new FWCmdRuleChangeOptions(m_project, obj));
std::auto_ptr<FWCmdRuleChange> cmd( new FWCmdRuleChangeOptions(m_project, obj));
// new_state is a copy of the rule object
FWObject* new_state = cmd->getNewState();
FWOptions* new_rule_options = Rule::cast(new_state)->getOptionsObject();

89
src/libgui/natruleoptionsdialog_q.ui
View File

@ -284,17 +284,11 @@
</layout>
</widget>
<widget class="QWidget" name="ASA8NATRuleOptions">
<layout class="QGridLayout" name="gridLayout_3">
<property name="margin">
<number>12</number>
</property>
<property name="spacing">
<number>12</number>
</property>
<layout class="QGridLayout" name="gridLayout_4">
<item row="0" column="0">
<widget class="QLabel" name="label_2">
<property name="text">
<string>Need nice long explanation of the meaning of the &quot;static&quot; option below</string>
<string>Starting with v8.3 ASAs support NAT type &quot;static&quot; and &quot;dynamic&quot; for source NAT rules. Firewall Builder attempts to determine the correct type based on the information in the rule, but the calculated value can be overridden below.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
@ -302,20 +296,53 @@
</widget>
</item>
<item row="1" column="0">
<widget class="QCheckBox" name="asa8_nat_static">
<property name="text">
<string>Build &quot;static&quot; twice-nat rule</string>
<widget class="QGroupBox" name="groupBox">
<property name="title">
<string/>
</property>
<property name="flat">
<bool>true</bool>
</property>
<layout class="QGridLayout" name="gridLayout_3">
<item row="0" column="0">
<widget class="QRadioButton" name="asa8_nat_auto">
<property name="text">
<string>Automatically detect NAT type &quot;static&quot; or &quot;dynamic&quot;. This rule is currently set to type &quot;%1&quot;</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QRadioButton" name="asa8_nat_dynamic">
<property name="text">
<string>Force rule to be NAT type &quot;dynamic&quot;. Note, rules with destination translation defined cannot be &quot;dynamic&quot;</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QRadioButton" name="asa8_nat_static">
<property name="text">
<string>Force rule to be NAT type &quot;static&quot;.</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item row="2" column="0">
<widget class="Line" name="line">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QCheckBox" name="asa8_nat_dns">
<property name="text">
<string>Make this NAT rule translate DNS replies. You also need to enable DNS inspection in the firewall object advanced settings dialog.</string>
</property>
</widget>
</item>
<item row="3" column="0">
<item row="4" column="0">
<spacer name="verticalSpacer_3">
<property name="orientation">
<enum>Qt::Vertical</enum>
@ -497,14 +524,46 @@
</hints>
</connection>
<connection>
<sender>asa8_nat_static</sender>
<signal>stateChanged(int)</signal>
<sender>asa8_nat_auto</sender>
<signal>toggled(bool)</signal>
<receiver>NATRuleOptionsDialog_q</receiver>
<slot>changed()</slot>
<hints>
<hint type="sourcelabel">
<x>470</x>
<y>60</y>
<y>64</y>
</hint>
<hint type="destinationlabel">
<x>470</x>
<y>172</y>
</hint>
</hints>
</connection>
<connection>
<sender>asa8_nat_dynamic</sender>
<signal>toggled(bool)</signal>
<receiver>NATRuleOptionsDialog_q</receiver>
<slot>changed()</slot>
<hints>
<hint type="sourcelabel">
<x>470</x>
<y>93</y>
</hint>
<hint type="destinationlabel">
<x>470</x>
<y>172</y>
</hint>
</hints>
</connection>
<connection>
<sender>asa8_nat_static</sender>
<signal>toggled(bool)</signal>
<receiver>NATRuleOptionsDialog_q</receiver>
<slot>changed()</slot>
<hints>
<hint type="sourcelabel">
<x>470</x>
<y>122</y>
</hint>
<hint type="destinationlabel">
<x>470</x>

4
src/libgui/platforms.cpp
View File

@ -364,7 +364,9 @@ bool isDefaultNATRuleOptions(FWOptions *opt)
if (platform=="pix" || platform=="fwsm")
{
res = (! opt->getBool("asa8_nat_dns") &&
! opt->getBool("asa8_nat_static"));
! opt->getBool("asa8_nat_static") &&
! opt->getBool("asa8_nat_dynamic"));
}
}
return res;

4
test/pix/cluster1-1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:41 2011 PST by vadim
! Generated Wed Jan 12 15:01:11 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1-1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:41 2011 PST by vadim
! Generated Wed Jan 12 15:01:11 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:41 2011 PST by vadim
! Generated Wed Jan 12 15:01:10 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:41 2011 PST by vadim
! Generated Wed Jan 12 15:01:10 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:16 2011 PST by vadim
! Generated Wed Jan 12 15:00:37 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:17 2011 PST by vadim
! Generated Wed Jan 12 15:00:38 2011 PST by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported

4
test/pix/firewall10.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:18 2011 PST by vadim
! Generated Wed Jan 12 15:00:39 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall11.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:18 2011 PST by vadim
! Generated Wed Jan 12 15:00:40 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall12.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:19 2011 PST by vadim
! Generated Wed Jan 12 15:00:41 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall13.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:20 2011 PST by vadim
! Generated Wed Jan 12 15:00:42 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall14.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:20 2011 PST by vadim
! Generated Wed Jan 12 15:00:43 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:21 2011 PST by vadim
! Generated Wed Jan 12 15:00:44 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall20.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:22 2011 PST by vadim
! Generated Wed Jan 12 15:00:45 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:23 2011 PST by vadim
! Generated Wed Jan 12 15:00:47 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:22 2011 PST by vadim
! Generated Wed Jan 12 15:00:46 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall22.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:24 2011 PST by vadim
! Generated Wed Jan 12 15:00:48 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:25 2011 PST by vadim
! Generated Wed Jan 12 15:00:49 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall33.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:26 2011 PST by vadim
! Generated Wed Jan 12 15:00:50 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall34.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:27 2011 PST by vadim
! Generated Wed Jan 12 15:00:51 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:27 2011 PST by vadim
! Generated Wed Jan 12 15:00:52 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall50.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:28 2011 PST by vadim
! Generated Wed Jan 12 15:00:53 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall6.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:29 2011 PST by vadim
! Generated Wed Jan 12 15:00:54 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall8.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:30 2011 PST by vadim
! Generated Wed Jan 12 15:00:55 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall80.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:31 2011 PST by vadim
! Generated Wed Jan 12 15:00:56 2011 PST by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported

4
test/pix/firewall81.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:31 2011 PST by vadim
! Generated Wed Jan 12 15:00:57 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall82.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:32 2011 PST by vadim
! Generated Wed Jan 12 15:00:58 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall83.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:33 2011 PST by vadim
! Generated Wed Jan 12 15:00:59 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall9.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:33 2011 PST by vadim
! Generated Wed Jan 12 15:01:00 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

12
test/pix/firewall90.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:34 2011 PST by vadim
! Generated Wed Jan 12 15:01:01 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -94,7 +94,7 @@ clear config object-group
clear config icmp
clear config telnet
!
! Rule 0 (global)
! Rule 1 (global)
access-list inside_acl_in deny ip any any
access-list outside_acl_in deny ip any any
@ -145,6 +145,9 @@ quit
object network external_gw2
host 22.22.22.100
quit
object service squid
service tcp destination eq 3128
quit
!
! Rule 0 (NAT)
nat (inside,outside) source dynamic Internal_net interface service http http
@ -222,6 +225,9 @@ nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:i
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source static internal_subnet_1 firewall90:FastEthernet1:ip-1
!
! Rule 17 (NAT)
nat (outside,inside) source static any any destination static interface hostA:eth0 service http squid

4
test/pix/firewall91.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:35 2011 PST by vadim
! Generated Wed Jan 12 15:01:02 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall92.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:35 2011 PST by vadim
! Generated Wed Jan 12 15:01:03 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/fwsm1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:36 2011 PST by vadim
! Generated Wed Jan 12 15:01:04 2011 PST by vadim
!
! Compiled for fwsm 2.3
! Outbound ACLs: supported

4
test/pix/fwsm2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:37 2011 PST by vadim
! Generated Wed Jan 12 15:01:05 2011 PST by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported

47
test/pix/objects-for-regression-tests.fwb
View File

@ -18228,7 +18228,7 @@ no sysopt nodnsalias outbound
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294851771" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294873229" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -18503,6 +18503,7 @@ no sysopt nodnsalias outbound
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">True</Option>
<Option name="asa8_nat_dns">True</Option>
<Option name="color">#8BC065</Option>
</NATRuleOptions>
@ -18527,6 +18528,10 @@ no sysopt nodnsalias outbound
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">True</Option>
<Option name="asa8_nat_dns">False</Option>
<Option name="asa8_nat_dynamic">False</Option>
<Option name="asa8_nat_static">False</Option>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
@ -18550,6 +18555,10 @@ no sysopt nodnsalias outbound
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">True</Option>
<Option name="asa8_nat_dns">False</Option>
<Option name="asa8_nat_dynamic">False</Option>
<Option name="asa8_nat_static">False</Option>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
@ -18573,6 +18582,10 @@ no sysopt nodnsalias outbound
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">True</Option>
<Option name="asa8_nat_dns">False</Option>
<Option name="asa8_nat_dynamic">False</Option>
<Option name="asa8_nat_static">False</Option>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
@ -18596,6 +18609,7 @@ no sysopt nodnsalias outbound
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">True</Option>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
@ -18619,15 +18633,44 @@ no sysopt nodnsalias outbound
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">False</Option>
<Option name="asa8_nat_dns">False</Option>
<Option name="asa8_nat_dynamic">False</Option>
<Option name="asa8_nat_static">True</Option>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id301880X21607" disabled="False" group="" position="17" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20111X3981"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">True</Option>
<Option name="asa8_nat_dns">False</Option>
<Option name="asa8_nat_dynamic">False</Option>
<Option name="asa8_nat_static">False</Option>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id19857X26146" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id78630X30274" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="">
<PolicyRule id="id78630X30274" disabled="True" group="" log="False" position="0" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3FA34EFA"/>
<ObjectRef ref="id68966X11724"/>

4
test/pix/pix515.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:38 2011 PST by vadim
! Generated Wed Jan 12 15:01:07 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/real.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3429
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Tue Jan 11 18:31:39 2011 PST by vadim
! Generated Wed Jan 12 15:01:08 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported