fixes #2054 add support for load anchor command

doc/ChangeLog

@@ -1,3 +1,13 @@
+2011-02-08  vadim  <vadim@netcitadel.com>
+
+	* CompilerDriver_pf_run.cpp (run): fixes #2054 "Add support for
+	load anchor PF command". Instead of loading anchors using "pfctl
+	-a anchor -f file" command in the .fw initialization script, now
+	generated PF configuration uses "load anchor" commands in the
+	pf.conf file. This way, we can load anchors correctly when PF
+	configuration is activated from the generated rc.conf.local file
+	where only one pf.conf file can be referenced.
+
 2011-02-07  Vadim Kurland  <vadim@netcitadel.com>
 
 	* CompilerDriver_pix_run.cpp (run): fixes #2055 "Compiler shows

src/pflib/CompilerDriver_pf_run.cpp

@@ -78,11 +78,15 @@
 #include <QFileInfo>
 #include <QFile>
 #include <QTextStream>
+#include <QtDebug>
+
 
 using namespace std;
 using namespace libfwbuilder;
 using namespace fwcompiler;
 
+// #define DEBUG_FILE_NAMES 1
+
 
 QString CompilerDriver_pf::composeActivationCommand(Firewall *fw,
                                                     const string &pfctl_debug,
@@ -118,6 +122,13 @@ QString CompilerDriver_pf::printActivationCommands(Firewall *fw)
     bool debug = options->getBool("debug");
     string pfctl_dbg = (debug)?"-v ":"";
 
+    QString remote_file_name = escapeFileName(remote_file_names[CONF1_FILE]);
+
+    return composeActivationCommand(
+        fw, pfctl_dbg, "",
+        fw->getStr("version"), remote_file_name.toUtf8().constData());
+
+#if 0
     QStringList activation_commands;
 
     // skip first item in the list since it is .fw script
@@ -132,6 +143,7 @@ QString CompilerDriver_pf::printActivationCommands(Firewall *fw)
     }
 
     return activation_commands.join("\n");
+#endif
 }
 
 QString CompilerDriver_pf::assembleManifest(Cluster*, Firewall* , bool )
@@ -273,11 +285,109 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
         list<FWObject*> all_policies = fw->getByType(Policy::TYPENAME);
         list<FWObject*> all_nat = fw->getByType(NAT::TYPENAME);
 
-        int routing_rules_count = 0;
-
         findImportedRuleSets(fw, all_policies);
         findImportedRuleSets(fw, all_nat);
 
+        list<FWObject*> all_rulesets;
+        all_rulesets.insert(
+            all_rulesets.begin(), all_policies.begin(), all_policies.end());
+        all_rulesets.insert(
+            all_rulesets.begin(), all_nat.begin(), all_nat.end());
+
+        // establish mapping of rule sets to file names so it can be used
+        // for "load anchor" commands
+        
+        QMap<QString, QString> rulesets_to_file_names;
+        QMap<QString, QString> rulesets_to_remote_file_names;
+        QMap<QString, int> rulesets_to_indexes;
+        QStringList file_extensions;
+        QStringList remote_file_options;
+
+        anchor_names.clear();
+
+        anchor_names << ""; // for fw_file
+        anchor_names << ""; // for main .conf file (both policy and nat top rule sets)
+
+        // Can not make extension .conf when generating rc.conf file
+        // because the second file also has extension .conf and this
+        // causes conflict if both names are generated using default
+        // algorithm from the fw name
+        //
+
+        file_extensions << "fw";
+        file_extensions << "conf";
+
+        remote_file_options << "script_name_on_firewall";
+        remote_file_options << "conf_file_name_on_firewall";
+
+        rulesets_to_indexes["__main__"] = CONF1_FILE;
+
+        int idx = CONF2_FILE;
+        for (list<FWObject*>::iterator p=all_rulesets.begin();
+             p!=all_rulesets.end(); ++p)
+        {
+            RuleSet *rs = RuleSet::cast(*p);
+            QString ruleset_name = QString::fromUtf8(rs->getName().c_str());
+
+            if (ruleset_name.endsWith("/*"))
+            {
+                QString err("The name of the %1 ruleset %2"
+                            " ends with '/*', assuming it is externally"
+                            " controlled and skipping it.");
+                warning(fw, rs, NULL,
+                        err.arg(rs->getTypeName().c_str())
+                        .arg(ruleset_name).toStdString());
+                rs->setBool(".skip_ruleset", true);
+                continue;
+            }
+
+            if (rs->isTop()) continue;
+
+            // record index of this ruleset in file_names and remote_file_names
+            if (rulesets_to_indexes.count(ruleset_name) == 0)
+            {
+                anchor_names << ruleset_name;
+                file_extensions << "conf";
+                remote_file_options << ""; // to make sure it has right number of items
+                rulesets_to_indexes[ruleset_name] = idx;
+                idx++;
+            }
+        }
+
+#ifdef DEBUG_FILE_NAMES
+        qDebug() << "anchor_names=" << anchor_names;
+        qDebug() << "file_extensions=" << file_extensions;
+        qDebug() << "remote_file_options=" << remote_file_options;
+#endif
+
+        // The order of file names in file_names and remote_file_names
+        // is the same as the order of rule sets in all_rulesets
+        determineOutputFileNames(cluster, fw, !cluster_id.empty(),
+                                 anchor_names, file_extensions,
+                                 remote_file_options);
+
+
+        for (list<FWObject*>::iterator p=all_rulesets.begin();
+             p!=all_rulesets.end(); ++p)
+        {
+            RuleSet *rs = RuleSet::cast(*p);
+            if (rs->getBool(".skip_ruleset")) continue;
+            QString ruleset_name = QString::fromUtf8(rs->getName().c_str());
+            if (rs->isTop()) ruleset_name = "__main__";
+            int idx = rulesets_to_indexes[ruleset_name];
+            rulesets_to_file_names[ruleset_name] = file_names[idx];
+            rulesets_to_remote_file_names[ruleset_name] = remote_file_names[idx];
+        }
+
+#ifdef DEBUG_FILE_NAMES
+        qDebug() << "file_names=" << file_names;
+        qDebug() << "remote_file_names=" << remote_file_names;
+        qDebug() << "rulesets_to_file_names=" << rulesets_to_file_names;
+        qDebug() << "rulesets_to_remote_file_names=" << rulesets_to_remote_file_names;
+#endif
+
+        int routing_rules_count = 0;
+
         vector<int> ipv4_6_runs;
 
         // command line options -4 and -6 control address family for which
@@ -342,21 +452,10 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
                 NAT *nat = NAT::cast(*p);
 
                 if (!nat->matchingAddressFamily(policy_af)) continue;
+                if (nat->getBool(".skip_ruleset")) continue;
 
                 QString ruleset_name = QString::fromUtf8(nat->getName().c_str());
-
+                if (nat->isTop()) ruleset_name = "__main__";
-                if (ruleset_name.endsWith("/*"))
-                {
-                    QString err("The name of the policy ruleset %1"
-                                " ends with '/*', assuming it is externally"
-                                " controlled and skipping it.");
-                    warning(fw, nat, NULL,
-                            err.arg(ruleset_name).toStdString());
-                    continue;
-                }
-
-                if (nat->isTop())
-                    ruleset_name = "__main__";
 
                 if (table_factories.count(ruleset_name) == 0)
                 {
@@ -364,7 +463,8 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
                 }
 
                 NATCompiler_pf n( objdb, fw, ipv6_policy, oscnf.get(),
-                                  table_factories[ruleset_name] );
+                                  table_factories[ruleset_name]
+                );
 
                 n.setSourceRuleSet( nat );
                 n.setRuleSetName(nat->getName());
@@ -418,26 +518,17 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
                                            lst.begin(), lst.end());
             }
 
+
             for (list<FWObject*>::iterator p=all_policies.begin();
                  p!=all_policies.end(); ++p )
             {
                 Policy *policy = Policy::cast(*p);
-                QString ruleset_name = QString::fromUtf8(policy->getName().c_str());
-
-                if (ruleset_name.endsWith("/*"))
-                {
-                    QString err("The name of the policy ruleset %1"
-                                " ends with '/*', assuming it is externally"
-                                " controlled and skipping it.");
-                    warning(fw, policy, NULL,
-                            err.arg(ruleset_name).toStdString());
-                    continue;
-                }
 
                 if (!policy->matchingAddressFamily(policy_af)) continue;
+                if (policy->getBool(".skip_ruleset")) continue;
 
-                if (policy->isTop())
+                QString ruleset_name = QString::fromUtf8(policy->getName().c_str());
-                    ruleset_name = "__main__";
+                if (policy->isTop()) ruleset_name = "__main__";
 
                 if (table_factories.count(ruleset_name) == 0)
                 {
@@ -446,7 +537,8 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
 
                 PolicyCompiler_pf c( objdb, fw, ipv6_policy, oscnf.get(),
                                      &redirect_rules_info,
-                                     table_factories[ruleset_name] );
+                                     table_factories[ruleset_name]
+                );
 
                 c.setSourceRuleSet( policy );
                 c.setRuleSetName(policy->getName());
@@ -468,7 +560,7 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
 
                 if (policy->isTop())
                 {
-                    generated_scripts[ruleset_name] = main_str;
+                    generated_scripts["__main__"] = main_str;
                 } else
                 {
                     generated_scripts[ruleset_name] = new ostringstream();
@@ -493,6 +585,7 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
                 all_errors.push_back(c.getErrors("").c_str());
 
             }
+
         }
 
         std::auto_ptr<RoutingCompiler> routing_compiler;
@@ -565,50 +658,30 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
             return formSingleRuleCompileOutput(buffer);
         }
 
-/*
+        /* add commands to load anchors to the bottom of the main .conf file */
- * now write generated scripts to files
+        QMap<QString, QString>::iterator it;
- */
+        for (it=rulesets_to_remote_file_names.begin();
-        QStringList file_extensions;
+             it!=rulesets_to_remote_file_names.end(); ++it)
-        QStringList remote_file_options;
-
-        anchor_names.clear();
-
-        anchor_names << "";      // for fw_file
-        // Can not make extension .conf when generating rc.conf file
-        // because the second file also has extension .conf and this
-        // causes conflict if both names are generated using default
-        // algorithm from the fw name
-        file_extensions << "fw";
-        remote_file_options << "script_name_on_firewall";
-
-        for (map<QString, ostringstream*>::iterator fi=generated_scripts.begin();
-             fi!=generated_scripts.end(); fi++)
         {
-            QString ruleset_name = fi->first;
+            QString ruleset_name = it.key();
-
+            if (ruleset_name == "__main__") continue;
-            if (ruleset_name == "__main__")
+            QString remote_file_name = it.value();
-                anchor_names << "";
+            *(generated_scripts["__main__"]) << QString("load anchor %1 from \"%2\"")
-            else
+                .arg(ruleset_name).arg(remote_file_name).toUtf8().constData()
-                anchor_names << ruleset_name;
+                                             << endl;
-            file_extensions << "conf";
-            remote_file_options << ""; // to make sure it has right number of items
         }
 
-        remote_file_options[CONF1_FILE] = "conf_file_name_on_firewall";
 
-        // The order of file names in file_names and remote_file_names
+        /*
-        // is the same as the order of rule sets in generated_scripts
+         * now write generated scripts to files
-        determineOutputFileNames(cluster, fw, !cluster_id.empty(),
+         */
-                                 anchor_names, file_extensions,
-                                 remote_file_options);
 
-
+        idx = CONF1_FILE;
-        int idx = 1;
         for (map<QString, ostringstream*>::iterator fi=generated_scripts.begin();
              fi!=generated_scripts.end(); fi++)
         {
             QString ruleset_name = fi->first;
-            QString file_name = file_names[idx];
+            QString file_name = rulesets_to_file_names[ruleset_name]; // file_names[idx];
             ostringstream *strm = fi->second;
 
             if (ruleset_name.contains("/*")) continue;

src/pflib/NATCompiler_pf.h

@@ -33,8 +33,13 @@
 
 
 #include <map>
+#include <QMap>
+#include <QSet>
+#include <QString>
 
-namespace libfwbuilder {
+
+namespace libfwbuilder
+{
     class Host;
     class IPv4;
     class IPService;
@@ -49,15 +54,15 @@ namespace libfwbuilder {
     class RuleElementTSrv;
 };
 
-namespace fwcompiler {
+namespace fwcompiler
-
+{
-
-    class NATCompiler_pf : public NATCompiler {
 
+    class NATCompiler_pf : public NATCompiler
+    {
         public:
 
-
+        struct redirectRuleInfo
-        struct redirectRuleInfo {
+        {
             std::string            natrule_label;
             libfwbuilder::FWObject *old_tdst;
             libfwbuilder::FWObject *new_tdst;
@@ -75,7 +80,6 @@ namespace fwcompiler {
 	libfwbuilder::FWObject *loopback_address;
         TableFactory   *tables;
 
-
         virtual std::string debugPrintRule(libfwbuilder::Rule *rule);
 
         /**
@@ -383,7 +387,8 @@ namespace fwcompiler {
 		       libfwbuilder::Firewall *fw,
                        bool ipv6_policy,
 		       fwcompiler::OSConfigurator *_oscnf,
-                       TableFactory *tbf = NULL) :
+                       TableFactory *tbf = NULL
+        ) :
         NATCompiler(_db, fw, ipv6_policy, _oscnf)
         {
             tables = tbf;

src/pflib/NATCompiler_pf_writers.cpp

@@ -342,6 +342,8 @@ void NATCompiler_pf::PrintRule::_printAnchorRule(const string &anchor_command,
                                                  const std::string &interface_name,
                                                  NATRule *rule)
 {
+    NATCompiler_pf *pf_comp = dynamic_cast<NATCompiler_pf*>(compiler);
+
     RuleElementOSrc *osrcrel = rule->getOSrc();
     RuleElementODst *odstrel = rule->getODst();
     RuleElementOSrv *osrvrel = rule->getOSrv();

src/pflib/PolicyCompiler_pf.h

@@ -32,7 +32,13 @@
 #include "NATCompiler_pf.h"
 #include "TableFactory.h"
 
-namespace libfwbuilder {
+#include <QMap>
+#include <QSet>
+#include <QString>
+
+
+namespace libfwbuilder
+{
     class IPService;
     class ICMPService;
     class TCPService;
@@ -44,10 +50,11 @@ namespace libfwbuilder {
 };
 
 
-namespace fwcompiler {
+namespace fwcompiler
-
+{
-    class PolicyCompiler_pf : public PolicyCompiler {
 
+    class PolicyCompiler_pf : public PolicyCompiler
+    {
 	public:
 
 	/**
@@ -413,7 +420,6 @@ namespace fwcompiler {
 
 	virtual std::string myPlatformName();
 
-
 	public:
 
 	PolicyCompiler_pf(libfwbuilder::FWObjectDatabase *_db,

src/pflib/PolicyCompiler_pf_writers.cpp

@@ -70,8 +70,8 @@ using namespace std;
  */
 void PolicyCompiler_pf::PrintRule::_printAction(PolicyRule *rule)
 {
-    FWOptions *ruleopt =rule->getOptionsObject();
+    FWOptions *ruleopt = rule->getOptionsObject();
-    Service *srv=compiler->getFirstSrv(rule);    assert(srv);
+    Service *srv = compiler->getFirstSrv(rule);    assert(srv);
     string version = compiler->fw->getStr("version");
 
     switch (rule->getAction())
@@ -152,8 +152,7 @@ void PolicyCompiler_pf::PrintRule::_printAction(PolicyRule *rule)
             compiler->output << "anchor \"UNDEFINED\" ";
         }else
         {
-            string ruleset_name = ruleset->getName();
+            compiler->output << "anchor \"" << ruleset->getName() << "\" ";
-            compiler->output << "anchor \"" << ruleset_name << "\" ";
         }
         break;
     }
@@ -931,9 +930,9 @@ PolicyCompiler_pf::PrintRule::PrintRule(const std::string &name) : PolicyRulePro
 
 bool PolicyCompiler_pf::PrintRule::processNext()
 {
-    PolicyRule *rule=getNext(); if (rule==NULL) return false;
+    PolicyRule *rule = getNext(); if (rule==NULL) return false;
-    FWOptions  *ruleopt =rule->getOptionsObject();
+    FWOptions  *ruleopt = rule->getOptionsObject();
-    string version=compiler->fw->getStr("version");
+    string version = compiler->fw->getStr("version");
 
     tmp_queue.push_back(rule);
 

src/res/configlets/pf/activation

@@ -11,6 +11,4 @@
 ## {{$var}} is variable expansion
 ## {{if var}} is conditional operator.
 ##
-$PFCTL {{$pfctl_debug}} {{if anchor}}-a {{$anchor_name}}{{endif}} \
+$PFCTL {{$pfctl_debug}} {{if anchor}}-a {{$anchor_name}}{{endif}} {{if pf_version_lt_3_2}}-R{{endif}} {{if pf_version_ge_3_2}}-f{{endif}} {{$remote_file}} || exit 1
-    {{if pf_version_lt_3_2}}-R{{endif}} {{if pf_version_ge_3_2}}-f{{endif}} \
-    {{$remote_file}} || exit 1

test/pf/firewall-base-rulesets.conf.orig

@@ -1,3 +1,7 @@
 
 
 
+load anchor mail_server_inbound from "/etc/fw/firewall-base-rulesets-mail_server_inbound.conf"
+load anchor mail_server_outbound from "/etc/fw/firewall-base-rulesets-mail_server_outbound.conf"
+load anchor web_server_inbound from "/etc/fw/firewall-base-rulesets-web_server_inbound.conf"
+load anchor web_server_outbound from "/etc/fw/firewall-base-rulesets-web_server_outbound.conf"

test/pf/firewall-base-rulesets.fw.orig

@@ -2,15 +2,15 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:03 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:08 2011 PST by vadim
 #
 # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
 # files:   firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
+# files:   firewall-base-rulesets-web_server_inbound.conf /etc/fw/firewall-base-rulesets-web_server_inbound.conf
 # files:   firewall-base-rulesets-mail_server_inbound.conf /etc/fw/firewall-base-rulesets-mail_server_inbound.conf
 # files:   firewall-base-rulesets-mail_server_outbound.conf /etc/fw/firewall-base-rulesets-mail_server_outbound.conf
-# files:   firewall-base-rulesets-web_server_inbound.conf /etc/fw/firewall-base-rulesets-web_server_inbound.conf
 # files:   firewall-base-rulesets-web_server_outbound.conf /etc/fw/firewall-base-rulesets-web_server_outbound.conf
 #
 # Compiled for pf 
@@ -163,27 +163,13 @@ configure_interfaces() {
     update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:03 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:08 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall-base-rulesets.conf || exit 1
-     -f \
-    /etc/fw/firewall-base-rulesets.conf || exit 1
-$PFCTL  -a mail_server_inbound \
-     -f \
-    /etc/fw/firewall-base-rulesets-mail_server_inbound.conf || exit 1
-$PFCTL  -a mail_server_outbound \
-     -f \
-    /etc/fw/firewall-base-rulesets-mail_server_outbound.conf || exit 1
-$PFCTL  -a web_server_inbound \
-     -f \
-    /etc/fw/firewall-base-rulesets-web_server_inbound.conf || exit 1
-$PFCTL  -a web_server_outbound \
-     -f \
-    /etc/fw/firewall-base-rulesets-web_server_outbound.conf || exit 1
 
 
 

test/pf/firewall-ipv6-1.conf.orig

@@ -68,3 +68,4 @@ pass  log  quick inet6  from <tbl.r5.s>  to any keep state  label "RULE 11 -- AC
 #    fallback rule 
 block  quick inet6  from any  to any  label "RULE 10000 -- DROP "  
 
+load anchor Policy_ipv4 from "/etc/firewall-ipv6-1-Policy_ipv4.conf"

test/pf/firewall-ipv6-1.fw.orig

@@ -2,13 +2,13 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:03 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:08 2011 PST by vadim
 #
 # files: * firewall-ipv6-1.fw pf-ipv6.fw
-# files:   firewall-ipv6-1-Policy_ipv4.conf /etc/fw/pf-ipv6.conf
+# files:   firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
-# files:   firewall-ipv6-1.conf /etc/firewall-ipv6-1.conf
+# files:   firewall-ipv6-1-Policy_ipv4.conf /etc/firewall-ipv6-1-Policy_ipv4.conf
 #
 # Compiled for pf 
 #
@@ -175,18 +175,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:03 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:08 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL  -a Policy_ipv4 \
+$PFCTL    -f /etc/fw/pf-ipv6.conf || exit 1
-     -f \
-    /etc/fw/pf-ipv6.conf || exit 1
-$PFCTL   \
-     -f \
-    /etc/firewall-ipv6-1.conf || exit 1
 
 
 

test/pf/firewall-ipv6-2.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:04 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:10 2011 PST by vadim
 #
 # files: * firewall-ipv6-2.fw pf.fw
 # files:   firewall-ipv6-2.conf pf.conf
@@ -179,15 +179,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:04 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:10 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f pf.conf || exit 1
-     -f \
-    pf.conf || exit 1
 
 
 

test/pf/firewall-ipv6-3.conf.orig

@@ -9,3 +9,4 @@ pass  quick on lo0 inet6  from any  to any keep state  label "RULE 0 -- ACCEPT "
 #    fallback rule 
 block  quick inet6  from any  to any  label "RULE 10000 -- DROP "  
 
+load anchor Policy_ipv4 from "/etc/firewall-ipv6-3-Policy_ipv4.conf"

test/pf/firewall-ipv6-3.fw.orig

@@ -1,13 +1,13 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:04 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:10 2011 PST by vadim
 #
 # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
-# files:   firewall-ipv6-3-Policy_ipv4.conf /etc/firewall-ipv6-3-Policy_ipv4.conf
 # files:   firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf
+# files:   firewall-ipv6-3-Policy_ipv4.conf /etc/firewall-ipv6-3-Policy_ipv4.conf
 #
 # Compiled for pf 
 #
@@ -38,7 +38,6 @@ ifconfig_ed0_alias1="2001:db8::2/64"
 ifconfig_lo0="::1/128"
 
 pf_enable="YES"
-pf_rules="/etc/firewall-ipv6-3-Policy_ipv4.conf"
 pf_rules="/etc/firewall-ipv6-3.conf"
 
 

test/pf/firewall.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:32 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:39 2011 PST by vadim
 #
 # files: * firewall.fw /etc/pf.fw
 # files:   firewall.conf /etc/pf.conf
@@ -167,15 +167,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:32 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:39 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/pf.conf || exit 1
-     -f \
-    /etc/pf.conf || exit 1
 
 
 

test/pf/firewall1.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:32 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:40 2011 PST by vadim
 #
 # files: * firewall1.fw /etc/fw/firewall1.fw
 # files:   firewall1.conf /etc/fw/firewall1.conf
@@ -79,15 +79,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:32 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:40 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall1.conf || exit 1
-     -f \
-    /etc/fw/firewall1.conf || exit 1
 
 
 

test/pf/firewall10-1.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:35 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:42 2011 PST by vadim
 #
 # files: * firewall10-1.fw /etc/fw/firewall10-1.fw
 # files:   firewall10-1.conf /etc/fw/firewall10-1.conf
@@ -74,15 +74,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:35 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:42 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall10-1.conf || exit 1
-     -f \
-    /etc/fw/firewall10-1.conf || exit 1
 
 
 

test/pf/firewall10-2.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:35 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:43 2011 PST by vadim
 #
 # files: * firewall10-2.fw /etc/fw/firewall10-2.fw
 # files:   firewall10-2.conf /etc/fw/firewall10-2.conf
@@ -74,15 +74,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:35 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:43 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall10-2.conf || exit 1
-     -f \
-    /etc/fw/firewall10-2.conf || exit 1
 
 
 

test/pf/firewall10-3.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:37 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:44 2011 PST by vadim
 #
 # files: * firewall10-3.fw /etc/fw/firewall10-3.fw
 # files:   firewall10-3.conf /etc/fw/firewall10-3.conf
@@ -76,15 +76,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:37 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:44 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall10-3.conf || exit 1
-     -f \
-    /etc/fw/firewall10-3.conf || exit 1
 
 
 

test/pf/firewall10-4.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:37 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:45 2011 PST by vadim
 #
 # files: * firewall10-4.fw /etc/fw/firewall10-4.fw
 # files:   firewall10-4.conf /etc/fw/firewall10-4.conf
@@ -76,15 +76,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:37 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:45 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall10-4.conf || exit 1
-     -f \
-    /etc/fw/firewall10-4.conf || exit 1
 
 
 

test/pf/firewall10-5.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:40 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:46 2011 PST by vadim
 #
 # files: * firewall10-5.fw /etc/fw/firewall10-5.fw
 # files:   firewall10-5.conf /etc/fw/firewall10-5.conf
@@ -77,15 +77,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:40 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:46 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall10-5.conf || exit 1
-     -f \
-    /etc/fw/firewall10-5.conf || exit 1
 
 
 

test/pf/firewall10-6.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:40 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:47 2011 PST by vadim
 #
 # files: * firewall10-6.fw /etc/fw/firewall10-6.fw
 # files:   firewall10-6.conf /etc/fw/firewall10-6.conf
@@ -77,15 +77,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:40 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:47 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall10-6.conf || exit 1
-     -f \
-    /etc/fw/firewall10-6.conf || exit 1
 
 
 

test/pf/firewall100.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:32 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:41 2011 PST by vadim
 #
 # files: * firewall100.fw /etc/fw/pf.fw
 # files:   firewall100.conf /etc/fw/path\ with\ space/pf.conf
@@ -15,7 +15,7 @@
 
 # firewall100:Routing:1: error: Gateway and interface are both empty in the rule
 # firewall100:Routing:1: error: Rules 0 (main) and 1 (main) define routes to the same destination 0.0.0.0/0.0.0.0 via different gateways. This configuration is not supported for openbsd
-# firewall100:Routing:4: warning: Two of the routing rules created from the gui routing rules 3 (main) and 4 (main) are identical, skipping the second. Revise them to avoid this warning
+# firewall100:Routing:4: warning: Two of the routing commands created from the gui routing rules 3 (main) and 4 (main) are identical, skipping the second. Revise them to avoid this warning
 
 
 
@@ -160,15 +160,13 @@ configure_interfaces() {
     update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:32 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:41 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/path\ with\ space/pf.conf || exit 1
-     -f \
-    /etc/fw/path\ with\ space/pf.conf || exit 1
 
 
 

test/pf/firewall101.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:33 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:41 2011 PST by vadim
 #
 # files: * firewall101.fw /etc/fw/pf.fw
 # files:   firewall101.conf /etc/fw/path\ with\ space/pf.conf
@@ -15,7 +15,7 @@
 
 # firewall101:Routing:1: error: Gateway and interface are both empty in the rule
 # firewall101:Routing:1: error: Rules 0 (main) and 1 (main) define routes to the same destination 0.0.0.0/0.0.0.0 via different gateways. This configuration is not supported for freebsd
-# firewall101:Routing:4: warning: Two of the routing rules created from the gui routing rules 3 (main) and 4 (main) are identical, skipping the second. Revise them to avoid this warning
+# firewall101:Routing:4: warning: Two of the routing commands created from the gui routing rules 3 (main) and 4 (main) are identical, skipping the second. Revise them to avoid this warning
 
 
 
@@ -163,15 +163,13 @@ configure_interfaces() {
     update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:33 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:41 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/path\ with\ space/pf.conf || exit 1
-     -f \
-    /etc/fw/path\ with\ space/pf.conf || exit 1
 
 
 

test/pf/firewall102.fw.orig

@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:35 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:42 2011 PST by vadim
 #
 # files: * firewall102.fw /etc/fw/pf.fw
 # files:   firewall102.conf /etc/fw/path\ with\ space/pf.conf
@@ -14,7 +14,7 @@
 
 # firewall102:Routing:1: error: Gateway and interface are both empty in the rule
 # firewall102:Routing:1: error: Rules 0 (main) and 1 (main) define routes to the same destination 0.0.0.0/0.0.0.0 via different gateways. This configuration is not supported for freebsd
-# firewall102:Routing:4: warning: Two of the routing rules created from the gui routing rules 3 (main) and 4 (main) are identical, skipping the second. Revise them to avoid this warning
+# firewall102:Routing:4: warning: Two of the routing commands created from the gui routing rules 3 (main) and 4 (main) are identical, skipping the second. Revise them to avoid this warning
 
 gateway_enable="YES"
 

test/pf/firewall103.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:35 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:43 2011 PST by vadim
 #
 # files: * firewall103.fw /etc/fw/pf.fw
 # files:   firewall103.conf /etc/fw/path\ with\ space/pf.conf
@@ -291,15 +291,13 @@ configure_interfaces() {
     update_addresses_of_interface "em3" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:35 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:43 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/path\ with\ space/pf.conf || exit 1
-     -f \
-    /etc/fw/path\ with\ space/pf.conf || exit 1
 
 
 

test/pf/firewall104.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:37 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:44 2011 PST by vadim
 #
 # files: * firewall104.fw /etc/fw/pf.fw
 # files:   firewall104.conf /etc/fw/path\ with\ space/pf.conf
@@ -291,15 +291,13 @@ configure_interfaces() {
     update_addresses_of_interface "em3" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:37 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:44 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/path\ with\ space/pf.conf || exit 1
-     -f \
-    /etc/fw/path\ with\ space/pf.conf || exit 1
 
 
 

test/pf/firewall105.fw.orig

@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:38 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:46 2011 PST by vadim
 #
 # files: * firewall105.fw /etc/fw/pf.fw
 # files:   firewall105.conf /etc/fw/path\ with\ space/pf.conf

test/pf/firewall106.fw.orig

@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:40 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:47 2011 PST by vadim
 #
 # files: * firewall106.fw /etc/fw/pf.fw
 # files:   firewall106.conf /etc/fw/path\ with\ space/pf.conf
@@ -14,7 +14,7 @@
 
 # firewall106:Routing:1: error: Gateway and interface are both empty in the rule
 # firewall106:Routing:1: error: Rules 0 (main) and 1 (main) define routes to the same destination 0.0.0.0/0.0.0.0 via different gateways. This configuration is not supported for freebsd
-# firewall106:Routing:4: warning: Two of the routing rules created from the gui routing rules 3 (main) and 4 (main) are identical, skipping the second. Revise them to avoid this warning
+# firewall106:Routing:4: warning: Two of the routing commands created from the gui routing rules 3 (main) and 4 (main) are identical, skipping the second. Revise them to avoid this warning
 
 gateway_enable="YES"
 

test/pf/firewall107.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:40 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:48 2011 PST by vadim
 #
 # files: * firewall107.fw /etc/fw/pf.fw
 # files:   firewall107.conf /etc/fw/path\ with\ space/pf.conf
@@ -291,15 +291,13 @@ configure_interfaces() {
     update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:40 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:48 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/path\ with\ space/pf.conf || exit 1
-     -f \
-    /etc/fw/path\ with\ space/pf.conf || exit 1
 
 
 

test/pf/firewall108.fw.orig

@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:42 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:48 2011 PST by vadim
 #
 # files: * firewall108.fw /etc/fw/pf.fw
 # files:   firewall108.conf /etc/fw/path\ with\ space/pf.conf

test/pf/firewall11.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:43 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:49 2011 PST by vadim
 #
 # files: * firewall11.fw /etc/firewall11.fw
 # files:   firewall11.conf /etc/firewall11.conf
@@ -77,15 +77,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:43 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:49 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall11.conf || exit 1
-     -f \
-    /etc/firewall11.conf || exit 1
 
 
 

test/pf/firewall12.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:43 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:49 2011 PST by vadim
 #
 # files: * firewall12.fw /etc/fw/firewall12.fw
 # files:   firewall12.conf /etc/fw/firewall12.conf
@@ -159,15 +159,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:43 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:49 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall12.conf || exit 1
-     -f \
-    /etc/fw/firewall12.conf || exit 1
 
 
 

test/pf/firewall13.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:43 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:50 2011 PST by vadim
 #
 # files: * firewall13.fw /etc/fw/firewall13.fw
 # files:   firewall13.conf /etc/fw/firewall13.conf
@@ -88,15 +88,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:43 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:50 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall13.conf || exit 1
-     -f \
-    /etc/fw/firewall13.conf || exit 1
 
 
 

test/pf/firewall14-1.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:46 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:51 2011 PST by vadim
 #
 # files: * firewall14-1.fw /etc/firewall14-1.fw
 # files:   firewall14-1.conf /etc/firewall14-1.conf
@@ -241,15 +241,13 @@ configure_interfaces() {
     update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:46 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:51 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall14-1.conf || exit 1
-     -f \
-    /etc/firewall14-1.conf || exit 1
 
 
 

test/pf/firewall14.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:44 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:51 2011 PST by vadim
 #
 # files: * firewall14.fw /etc/firewall14.fw
 # files:   firewall14.conf /etc/firewall14.conf
@@ -241,15 +241,13 @@ configure_interfaces() {
     update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:44 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:51 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall14.conf || exit 1
-     -f \
-    /etc/firewall14.conf || exit 1
 
 
 

test/pf/firewall2-1.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:48 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:53 2011 PST by vadim
 #
 # files: * firewall2-1.fw /etc/fw/firewall2-1.fw
 # files:   firewall2-1.conf /etc/fw/firewall2-1.conf
@@ -89,15 +89,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:48 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:53 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall2-1.conf || exit 1
-     -f \
-    /etc/fw/firewall2-1.conf || exit 1
 
 
 

test/pf/firewall2.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:46 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:52 2011 PST by vadim
 #
 # files: * firewall2.fw /etc/fw/firewall2.fw
 # files:   firewall2.conf /etc/fw/firewall2.conf
@@ -73,15 +73,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:46 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:52 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall2.conf || exit 1
-     -f \
-    /etc/fw/firewall2.conf || exit 1
 
 
 

test/pf/firewall20.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:46 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:52 2011 PST by vadim
 #
 # files: * firewall20.fw /etc/fw/firewall20.fw
 # files:   firewall20.conf /etc/fw/firewall20.conf
@@ -73,15 +73,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:46 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:52 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall20.conf || exit 1
-     -f \
-    /etc/fw/firewall20.conf || exit 1
 
 
 

test/pf/firewall21.conf.orig

@@ -31,3 +31,4 @@ pass  quick inet proto tcp  from any  to 127.0.0.1 port 8021 flags any
 #    fallback rule 
 block  quick inet  from any  to any no state 
 
+load anchor NAT_1 from "/etc/fw/firewall21-NAT_1.conf"

test/pf/firewall21.fw.orig

@@ -2,22 +2,21 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:47 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:53 2011 PST by vadim
 #
 # files: * firewall21.fw /etc/fw/firewall21.fw
-# files:   firewall21-NAT_1.conf /etc/fw/firewall21-NAT_1.conf
 # files:   firewall21.conf /etc/fw/firewall21.conf
+# files:   firewall21-NAT_1.conf /etc/fw/firewall21-NAT_1.conf
 #
 # Compiled for pf 4.0
 #
 # branching in NAT rules
 # PF v4.0-4.2
 
-# firewall21:ftp-proxy/*:: warning: The name of the policy ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
+# firewall21:ftp-proxy/*:: warning: The name of the NAT ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
-# firewall21:ftp-proxy/*:: warning: The name of the policy ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
+# firewall21:ftp-proxy/*:: warning: The name of the Policy ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
-# firewall21:ftp-proxy/*:: warning: The name of the policy ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
 
 # firewall21:NAT:3: warning: Translated Src, Dst and Srv are ignored in the NAT rule with action 'Branch'
 
@@ -82,18 +81,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:47 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:53 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL  -a NAT_1 \
+$PFCTL    -f /etc/fw/firewall21.conf || exit 1
-     -f \
-    /etc/fw/firewall21-NAT_1.conf || exit 1
-$PFCTL   \
-     -f \
-    /etc/fw/firewall21.conf || exit 1
 
 
 

test/pf/firewall22.conf.orig

@@ -30,3 +30,4 @@ block  log  quick inet  from any  to any no state
 #    fallback rule 
 block  quick inet  from any  to any no state 
 
+load anchor NAT_1 from "/etc/fw/firewall22-NAT_1.conf"

test/pf/firewall22.fw.orig

@@ -2,20 +2,20 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:49 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:54 2011 PST by vadim
 #
 # files: * firewall22.fw /etc/fw/firewall22.fw
-# files:   firewall22-NAT_1.conf /etc/fw/firewall22-NAT_1.conf
 # files:   firewall22.conf /etc/fw/firewall22.conf
+# files:   firewall22-NAT_1.conf /etc/fw/firewall22-NAT_1.conf
 #
 # Compiled for pf 4.3
 #
 # branching in NAT rules
 # PF v4.3 and later
 
-# firewall22:ftp-proxy/*:: warning: The name of the policy ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
+# firewall22:ftp-proxy/*:: warning: The name of the NAT ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
 
 # firewall22:NAT:2: warning: Translated Src, Dst and Srv are ignored in the NAT rule with action 'Branch'
 
@@ -80,18 +80,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:49 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:54 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL  -a NAT_1 \
+$PFCTL    -f /etc/fw/firewall22.conf || exit 1
-     -f \
-    /etc/fw/firewall22-NAT_1.conf || exit 1
-$PFCTL   \
-     -f \
-    /etc/fw/firewall22.conf || exit 1
 
 
 

test/pf/firewall3.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:48 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:54 2011 PST by vadim
 #
 # files: * firewall3.fw /etc/firewall3.fw
 # files:   firewall3.conf /etc/firewall3.conf
@@ -159,15 +159,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:48 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:54 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall3.conf || exit 1
-     -f \
-    /etc/firewall3.conf || exit 1
 
 
 

test/pf/firewall33.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:49 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:56 2011 PST by vadim
 #
 # files: * firewall33.fw /etc/fw/firewall33.fw
 # files:   firewall33.conf /etc/fw/firewall33.conf
@@ -163,15 +163,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:49 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:56 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall33.conf || exit 1
-     -f \
-    /etc/fw/firewall33.conf || exit 1
 
 
 

test/pf/firewall34.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:50 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:56 2011 PST by vadim
 #
 # files: * firewall34.fw /etc/fw/firewall34.fw
 # files:   firewall34.conf /etc/fw/firewall34.conf
@@ -159,15 +159,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:50 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:56 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall34.conf || exit 1
-     -f \
-    /etc/fw/firewall34.conf || exit 1
 
 
 

test/pf/firewall38.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:51 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:57 2011 PST by vadim
 #
 # files: * firewall38.fw /etc/fw/firewall38.fw
 # files:   firewall38.conf /etc/fw/firewall38.conf
@@ -76,15 +76,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:51 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:57 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall38.conf || exit 1
-     -f \
-    /etc/fw/firewall38.conf || exit 1
 
 
 

test/pf/firewall39.conf.orig

@@ -55,3 +55,6 @@ block  log  quick inet  from any  to any
 #    fallback rule 
 block  quick inet  from any  to any 
 
+load anchor rule2_branch from "/etc/fw/firewall39-rule2_branch.conf"
+load anchor rule3_branch from "/etc/fw/firewall39-rule3_branch.conf"
+load anchor rule5_branch from "/etc/fw/firewall39-rule5_branch.conf"

test/pf/firewall39.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:52 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:57 2011 PST by vadim
 #
 # files: * firewall39.fw pf.fw
 # files:   firewall39.conf pf.conf
@@ -79,24 +79,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:52 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:57 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f pf.conf || exit 1
-     -f \
-    pf.conf || exit 1
-$PFCTL  -a rule2_branch \
-     -f \
-    /etc/fw/firewall39-rule2_branch.conf || exit 1
-$PFCTL  -a rule3_branch \
-     -f \
-    /etc/fw/firewall39-rule3_branch.conf || exit 1
-$PFCTL  -a rule5_branch \
-     -f \
-    /etc/fw/firewall39-rule5_branch.conf || exit 1
 
 
 

test/pf/firewall4.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:51 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:58 2011 PST by vadim
 #
 # files: * firewall4.fw pf.fw
 # files:   firewall4.conf /etc/fw/pf.conf
@@ -14,8 +14,7 @@
 # this object is used to test a configuration where firewall has dynamic address
 
 # firewall4::: error: Dynamic interface eth1 should not have an IP address object attached to it. This IP address object will be ignored.
-# firewall4:ftp-proxy/*:: warning: The name of the policy ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
+# firewall4:ftp-proxy/*:: warning: The name of the Policy ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
-# firewall4:ftp-proxy/*:: warning: The name of the policy ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
 
 
 # firewall4:Policy:6: warning: Changing rule direction due to self reference
@@ -78,15 +77,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:51 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:58 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/pf.conf || exit 1
-     -f \
-    /etc/fw/pf.conf || exit 1
 
 
 

test/pf/firewall40-1.conf.orig

@@ -72,3 +72,4 @@ pass in   quick on fxp0 route-to { ( le2 192.0.300.1/32 ) } round-robin inet pro
 #    fallback rule 
 block  quick inet  from any  to any  label "RULE 10000 -- DROP "  
 
+load anchor routes from "/etc/firewall40-1-routes.conf"

test/pf/firewall40-1.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:53 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:59 2011 PST by vadim
 #
 # files: * firewall40-1.fw /etc/firewall40-1.fw
 # files:   firewall40-1.conf /etc/firewall40-1.conf
@@ -176,18 +176,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:53 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:59 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall40-1.conf || exit 1
-     -f \
-    /etc/firewall40-1.conf || exit 1
-$PFCTL  -a routes \
-     -f \
-    /etc/firewall40-1-routes.conf || exit 1
 
 
 

test/pf/firewall40.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:52 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:58 2011 PST by vadim
 #
 # files: * firewall40.fw /etc/firewall40.fw
 # files:   firewall40.conf /etc/firewall40.conf
@@ -160,15 +160,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:52 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:58 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall40.conf || exit 1
-     -f \
-    /etc/firewall40.conf || exit 1
 
 
 

test/pf/firewall41.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:54 2011 PST by vadim
+#  Generated Tue Feb  8 11:17:59 2011 PST by vadim
 #
 # files: * firewall41.fw /etc/firewall41.fw
 # files:   firewall41.conf /etc/firewall41.conf
@@ -163,15 +163,13 @@ configure_interfaces() {
     update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:54 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:17:59 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall41.conf || exit 1
-     -f \
-    /etc/firewall41.conf || exit 1
 
 
 

test/pf/firewall5.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:54 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:00 2011 PST by vadim
 #
 # files: * firewall5.fw /etc/fw/firewall5.fw
 # files:   firewall5.conf /etc/fw/firewall5.conf
@@ -77,15 +77,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:54 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:00 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall5.conf || exit 1
-     -f \
-    /etc/fw/firewall5.conf || exit 1
 
 
 

test/pf/firewall51.conf.orig

@@ -21,3 +21,8 @@ anchor "rule2_branch" inet  from 192.168.1.0/24  to any
 #    fallback rule 
 block  quick inet  from any  to any 
 
+load anchor mail_server_inbound from "/etc/fw/firewall51-mail_server_inbound.conf"
+load anchor mail_server_outbound from "/etc/fw/firewall51-mail_server_outbound.conf"
+load anchor rule2_branch from "/etc/fw/firewall51-rule2_branch.conf"
+load anchor web_server_inbound from "/etc/fw/firewall51-web_server_inbound.conf"
+load anchor web_server_outbound from "/etc/fw/firewall51-web_server_outbound.conf"

test/pf/firewall51.fw.orig

@@ -2,15 +2,15 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:55 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:01 2011 PST by vadim
 #
 # files: * firewall51.fw /etc/fw/firewall51.fw
 # files:   firewall51.conf /etc/fw/firewall51.conf
+# files:   firewall51-rule2_branch.conf /etc/fw/firewall51-rule2_branch.conf
 # files:   firewall51-mail_server_inbound.conf /etc/fw/firewall51-mail_server_inbound.conf
 # files:   firewall51-mail_server_outbound.conf /etc/fw/firewall51-mail_server_outbound.conf
-# files:   firewall51-rule2_branch.conf /etc/fw/firewall51-rule2_branch.conf
 # files:   firewall51-web_server_inbound.conf /etc/fw/firewall51-web_server_inbound.conf
 # files:   firewall51-web_server_outbound.conf /etc/fw/firewall51-web_server_outbound.conf
 #
@@ -80,30 +80,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:55 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:01 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall51.conf || exit 1
-     -f \
-    /etc/fw/firewall51.conf || exit 1
-$PFCTL  -a mail_server_inbound \
-     -f \
-    /etc/fw/firewall51-mail_server_inbound.conf || exit 1
-$PFCTL  -a mail_server_outbound \
-     -f \
-    /etc/fw/firewall51-mail_server_outbound.conf || exit 1
-$PFCTL  -a rule2_branch \
-     -f \
-    /etc/fw/firewall51-rule2_branch.conf || exit 1
-$PFCTL  -a web_server_inbound \
-     -f \
-    /etc/fw/firewall51-web_server_inbound.conf || exit 1
-$PFCTL  -a web_server_outbound \
-     -f \
-    /etc/fw/firewall51-web_server_outbound.conf || exit 1
 
 
 

test/pf/firewall6.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:56 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:01 2011 PST by vadim
 #
 # files: * firewall6.fw /etc/fw/firewall6.fw
 # files:   firewall6.conf /etc/fw/firewall6.conf
@@ -73,15 +73,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:56 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:01 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall6.conf || exit 1
-     -f \
-    /etc/fw/firewall6.conf || exit 1
 
 
 

test/pf/firewall62.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:56 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:02 2011 PST by vadim
 #
 # files: * firewall62.fw /etc/firewall62.fw
 # files:   firewall62.conf /etc/firewall62.conf
@@ -185,15 +185,13 @@ configure_interfaces() {
     update_addresses_of_interface "en1 222.222.222.222/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:56 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:02 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall62.conf || exit 1
-     -f \
-    /etc/firewall62.conf || exit 1
 
 
 

test/pf/firewall63.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:57 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:03 2011 PST by vadim
 #
 # files: * firewall63.fw /etc/fw/firewall63.fw
 # files:   firewall63.conf /etc/fw/firewall63.conf
@@ -77,15 +77,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:57 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:03 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall63.conf || exit 1
-     -f \
-    /etc/fw/firewall63.conf || exit 1
 
 
 

test/pf/firewall7.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:58 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:03 2011 PST by vadim
 #
 # files: * firewall7.fw /etc/fw/firewall7.fw
 # files:   firewall7.conf /etc/fw/firewall7.conf
@@ -73,15 +73,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:58 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:03 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall7.conf || exit 1
-     -f \
-    /etc/fw/firewall7.conf || exit 1
 
 
 

test/pf/firewall70.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:58 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:04 2011 PST by vadim
 #
 # files: * firewall70.fw /etc/fw/firewall70.fw
 # files:   firewall70.conf /etc/fw/firewall70.conf
@@ -82,15 +82,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:58 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:04 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall70.conf || exit 1
-     -f \
-    /etc/fw/firewall70.conf || exit 1
 
 
 

test/pf/firewall8.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:59 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:04 2011 PST by vadim
 #
 # files: * firewall8.fw /etc/firewall8.fw
 # files:   firewall8.conf /etc/firewall8.conf
@@ -72,15 +72,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:59 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:04 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall8.conf || exit 1
-     -f \
-    /etc/firewall8.conf || exit 1
 
 
 

test/pf/firewall80-4.5.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:00 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:06 2011 PST by vadim
 #
 # files: * firewall80-4.5.fw /etc/firewall80-4.5.fw
 # files:   firewall80-4.5.conf /etc/firewall80-4.5.conf
@@ -73,15 +73,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:00 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:06 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall80-4.5.conf || exit 1
-     -f \
-    /etc/firewall80-4.5.conf || exit 1
 
 
 

test/pf/firewall80.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:02:59 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:05 2011 PST by vadim
 #
 # files: * firewall80.fw /etc/firewall80.fw
 # files:   firewall80.conf /etc/firewall80.conf
@@ -73,15 +73,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:02:59 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:05 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/firewall80.conf || exit 1
-     -f \
-    /etc/firewall80.conf || exit 1
 
 
 

test/pf/firewall9.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:00 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:06 2011 PST by vadim
 #
 # files: * firewall9.fw /etc/fw/firewall9.fw
 # files:   firewall9.conf /etc/fw/firewall9.conf
@@ -76,15 +76,13 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:00 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:06 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/firewall9.conf || exit 1
-     -f \
-    /etc/fw/firewall9.conf || exit 1
 
 
 

test/pf/firewall91.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:01 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:07 2011 PST by vadim
 #
 # files: * firewall91.fw /etc/fw/pf.fw
 # files:   firewall91.conf /etc/fw/pf.conf
@@ -240,15 +240,13 @@ configure_interfaces() {
     update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:01 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:07 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/pf.conf || exit 1
-     -f \
-    /etc/fw/pf.conf || exit 1
 
 
 

test/pf/firewall92.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:01 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:07 2011 PST by vadim
 #
 # files: * firewall92.fw /etc/fw/pf.fw
 # files:   firewall92.conf /etc/fw/path\ with\ space/pf.conf
@@ -160,15 +160,13 @@ configure_interfaces() {
     update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:01 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:07 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/fw/path\ with\ space/pf.conf || exit 1
-     -f \
-    /etc/fw/path\ with\ space/pf.conf || exit 1
 
 
 

test/pf/objects-for-regression-tests.fwb

@@ -13481,6 +13481,7 @@
           <Option name="freebsd_path_ipfw"></Option>
           <Option name="freebsd_path_ipnat"></Option>
           <Option name="freebsd_path_sysctl"></Option>
+          <Option name="generate_shell_script">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
           <Option name="iosacl_add_clear_statements">true</Option>

test/pf/openbsd-1.conf.orig

@@ -1,71 +0,0 @@
-
-
-
-
-# Tables: (2)
-table <tbl.r1.d> { 172.24.0.1 , 172.24.0.2 , 192.168.1.1 , 192.168.1.2 } 
-table <tbl.r2.s> { 172.24.0.1 , 172.24.0.2 } 
-
-# 
-# Rule  0 (NAT)
-nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
-# 
-# Rule  1 (NAT)
-nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
-# 
-# Rule  2 (NAT)
-nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
-# 
-# Rule  3 (NAT)
-nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 } 
-# 
-# Rule  4 (NAT)
-nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.2 
-# 
-# Rule  5 (NAT)
-nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.3 
-# 
-# Rule  6 (NAT)
-rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 
-# 
-# Rule  7 (NAT)
-rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 
-# 
-# Rule  8 (NAT)
-rdr proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 
-
-# 
-# Rule  -3 pfsync (automatic)
-pass  quick on en0 inet proto pfsync  from any  to any  label "RULE -3 -- ACCEPT "  
-# 
-# Rule  -2 CARP (automatic)
-pass  quick on en1 inet proto carp  from any  to any  label "RULE -2 -- ACCEPT "  
-# 
-# Rule  -1 CARP (automatic)
-pass  quick on en0 inet proto carp  from any  to any  label "RULE -1 -- ACCEPT "  
-# 
-# Rule  0 (lo)
-pass  quick on lo inet  from any  to any  label "RULE 0 -- ACCEPT "  
-# 
-# Rule  1 (global)
-pass  quick inet  from any  to <tbl.r1.d>  label "RULE 1 -- ACCEPT "  
-# 
-# Rule  2 (global)
-pass  quick inet  from <tbl.r2.s>  to any  label "RULE 2 -- ACCEPT "  
-# 
-# Rule  3 (global)
-pass  quick inet  from any  to <tbl.r2.s>  label "RULE 3 -- ACCEPT "  
-# 
-# Rule  4 (carp0)
-pass in   quick on en0 inet  from any  to any  label "RULE 4 -- ACCEPT "  
-# 
-# Rule  5 (carp0)
-pass in   quick on en1 inet  from any  to any  label "RULE 5 -- ACCEPT "  
-# 
-# Rule  6 (global)
-block  log  quick inet  from any  to any no state  label "RULE 6 -- DROP "  
-# 
-# Rule  fallback rule
-#    fallback rule 
-block  quick inet  from any  to any no state  label "RULE 10000 -- DROP "  
-

test/pf/openbsd-1.fw.orig

@@ -1,308 +0,0 @@
-#!/bin/sh
-#
-#  This is automatically generated file. DO NOT MODIFY !
-#
-#  Firewall Builder  fwb_pf v4.2.0.3425
-#
-#  Generated Fri Jan  7 13:02:11 2011 PST by vadim
-#
-# files: * openbsd-1.fw
-# files:   openbsd-1.conf
-#
-# Compiled for pf 4.x
-#
-
-
-
-
-
-FWDIR=`dirname $0`
-
-IFCONFIG="/sbin/ifconfig"
-PFCTL="/sbin/pfctl"
-SYSCTL="/sbin/sysctl"
-LOGGER="/usr/bin/logger"
-
-log() {
-    echo "$1"
-    test -x "$LOGGER" && $LOGGER -p info "$1"
-}
-
-diff_intf() {
-    func=$1
-    list1=$2
-    list2=$3
-    cmd=$4
-    for intf in $list1
-    do
-        echo $list2 | grep -q $intf || {
-        # $vlan is absent in list 2
-            $func $intf $cmd
-        }
-    done
-}
-
-
-missing_address() {
-    address=$1
-    cmd=$2
-
-    oldIFS=$IFS
-    IFS="@"
-    set $address
-    addr=$1
-    interface=$2
-    IFS=$oldIFS
-
-    if echo "$addr" | grep -q ':'
-    then
-        inet="inet6"
-        addr=$(echo "$addr" | sed 's!/! prefixlen !')
-    else
-        inet="inet"
-        addr=$(echo "$addr" | sed 's!/! netmask !')
-    fi
-
-    parameter=""
-    test "$cmd" = "add" && {
-      echo "# Adding ip address: $interface $addr"
-      parameter="alias"
-    }
-    test "$cmd" = "del" && {
-      echo "# Removing ip address: $interface $addr"
-      parameter="delete"
-    }
-
-    $FWBDEBUG $IFCONFIG $interface $inet $addr $parameter
-    $FWBDEBUG $IFCONFIG $interface up
-}
-
-list_addresses_by_scope() {
-    interface=$1
-    scope=$2
-    ignore_list=$3
-
-    scope_regex="1"
-    if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi
-
-    $IFCONFIG $interface | sed "s/%$interface//" | \
-      awk -v IGNORED="$ignore_list" \
-        "BEGIN {  
-           split(IGNORED,ignored_arr);
-           for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;}
-         }
-         (/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \
-        while read addr; do
-          echo "${addr}@$interface"
-        done | sort
-   
-}
-
-update_addresses_of_interface() {
-    ignore_list=$2
-    set $1 
-    interface=$1 
-    shift
-
-    FWB_ADDRS=$(
-      for addr in $*; do
-        echo "${addr}@$interface"
-      done | sort
-    )
-
-    CURRENT_ADDRS_ALL_SCOPES=""
-    CURRENT_ADDRS_GLOBAL_SCOPE=""
-
-    $IFCONFIG $interface >/dev/null 2>&1 && {
-      CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list")
-      CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list")
-    } || {
-      echo "# Interface $interface does not exist"
-      # Stop the script if we are not in test mode
-      test -z "$FWBDEBUG" && exit 1
-    }
-
-    diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add
-    diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del
-}
-
-missing_vlan() {
-    vlan=$1
-    cmd=$2
-
-    oldIFS=$IFS
-    IFS="@"
-    set $vlan
-    subint=$1
-    parent=$2
-    IFS=$oldIFS
-
-    vlan_id=$(echo $subint | sed 's/vlan//')
-    test "$cmd" = "add" && {
-        echo "# Adding VLAN interface $subint (parent: $parent)"
-        $FWBDEBUG $IFCONFIG $subint vlan $vlan_id vlandev $parent
-        $FWBDEBUG $IFCONFIG $subint up
-    }
-    test "$cmd" = "rem" && {
-        echo "# Removing VLAN interface $subint (parent: $parent)"
-        $FWBDEBUG $IFCONFIG $subint vlan $vlan_id -vlandev
-        $FWBDEBUG $IFCONFIG $subint destroy
-    }
-}
-
-parse_fwb_vlans() {
-    set $1 
-    vlan_parent_interface=$1 
-    shift
-
-    FWB_VLANS=$(
-      for subint in $*; do
-        echo "${subint}@$vlan_parent_interface"
-      done | sort
-    )
-    echo $FWB_VLANS
-}
-
-parse_current_vlans() {
-    vlan_parent_interface=$1
-    $IFCONFIG -A | grep 'vlan: ' | sed 's/priority:.*parent interface://' | \
-    while read x vlan_id parent
-    do
-       test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent"
-    done | sort
-}
-
-update_vlans_of_interface() {
-    args="$1"
-    set $1 
-    vlan_parent_interface=$1 
-
-    FWB_VLANS=$(parse_fwb_vlans "$args")
-    CURRENT_VLANS=$(parse_current_vlans $vlan_parent_interface)
-
-    $IFCONFIG $vlan_parent_interface up
-    diff_intf missing_vlan "$FWB_VLANS" "$CURRENT_VLANS" add
-    diff_intf missing_vlan "$CURRENT_VLANS" "$FWB_VLANS" rem
-}
-
-sync_vlan_interfaces() {
-    $IFCONFIG -A | awk -v IGNORED="$*" \
-        'BEGIN {
-           split(IGNORED,ignored_arr);
-           for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;}
-         }
-         ($1 ~ /^vlan[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\
-         while read intf; do
-            echo "# Deleting vlan interface $intf"
-             $FWBDEBUG $IFCONFIG $intf destroy
-         done
-
-    for intf in $*; do
-        $IFCONFIG $intf >/dev/null 2>&1 || {
-            echo "# Creating vlan interface $intf"
-            $FWBDEBUG $IFCONFIG $intf create
-        }
-    done
-}
-
-
-sync_carp_interfaces() {
-    $IFCONFIG -A | awk -v IGNORED="$*" \
-        'BEGIN {
-           split(IGNORED,ignored_arr);
-           for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;}
-         }
-         ($1 ~ /^carp[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\
-         while read intf; do
-            echo "# Deleting carp interface $intf"
-             $FWBDEBUG $IFCONFIG $intf destroy
-         done
-
-    for intf in $*; do
-        $IFCONFIG $intf >/dev/null 2>&1 || {
-            echo "# Creating carp interface $intf"
-            $SYSCTL -w net.inet.carp.allow=1
-            $FWBDEBUG $IFCONFIG $intf create
-        }
-    done
-}
-
-
-sync_pfsync_interfaces() {
-    $IFCONFIG -A | awk -v IGNORED="$*" \
-        'BEGIN {
-           split(IGNORED,ignored_arr);
-           for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;}
-         }
-         ($1 ~ /^pfsync[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\
-         while read intf; do
-            echo "# Deleting pfsync interface $intf"
-             $FWBDEBUG $IFCONFIG $intf destroy
-         done
-
-    for intf in $*; do
-        $IFCONFIG $intf >/dev/null 2>&1 || {
-            echo "# Creating pfsync interface $intf"
-            $FWBDEBUG $IFCONFIG $intf create
-        }
-    done
-}
-
-verify_interfaces() {
-    :
-    
-}
-
-set_kernel_vars() {
-    :
-    $SYSCTL -w net.inet.ip.forwarding=1
-}
-
-prolog_commands() {
-    :
-    
-}
-
-epilog_commands() {
-    :
-    
-}
-
-run_epilog_and_exit() {
-    epilog_commands
-    exit $1
-}
-
-configure_interfaces() {
-    :
-    sync_vlan_interfaces 
-    sync_carp_interfaces carp0 carp1
-    $IFCONFIG carp0 vhid 101 pass secret    carpdev en0
-    $IFCONFIG carp1 vhid 100 pass secret    carpdev en1
-
-
-    update_addresses_of_interface "en0 172.24.0.2/0xffffff00 172.24.0.3/0xffffff00" ""
-    update_addresses_of_interface "en1 192.168.1.2/0xffffff00" ""
-    update_addresses_of_interface "carp0 172.24.0.1/0xffffff00" ""
-    update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
-
-    sync_pfsync_interfaces pfsync0
-    $IFCONFIG pfsync0 syncdev en0  syncpeer 172.24.0.3
-    $IFCONFIG pfsync0 up
-}
-
-log "Activating firewall script generated Fri Jan  7 13:02:11 2011 by vadim"
-
-set_kernel_vars
-configure_interfaces
-prolog_commands
-
-$PFCTL   \
-     -f \
-    ${FWDIR}/openbsd-1.conf || exit 1
-
-
-
-
-
-epilog_commands

test/pf/openbsd-2.conf.orig

@@ -1,71 +0,0 @@
-
-
-
-
-# Tables: (2)
-table <tbl.r1.d> { 172.24.0.1 , 172.24.0.3 , 192.168.1.1 , 192.168.1.3 } 
-table <tbl.r2.s> { 172.24.0.1 , 172.24.0.3 } 
-
-# 
-# Rule  0 (NAT)
-nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
-# 
-# Rule  1 (NAT)
-nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
-# 
-# Rule  2 (NAT)
-nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
-# 
-# Rule  3 (NAT)
-nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 } 
-# 
-# Rule  4 (NAT)
-nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.2 
-# 
-# Rule  5 (NAT)
-nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.3 
-# 
-# Rule  6 (NAT)
-rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 
-# 
-# Rule  7 (NAT)
-rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 
-# 
-# Rule  8 (NAT)
-rdr proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 
-
-# 
-# Rule  -3 pfsync (automatic)
-pass  quick on en0 inet proto pfsync  from any  to any  label "RULE -3 -- ACCEPT "  
-# 
-# Rule  -2 CARP (automatic)
-pass  quick on en1 inet proto carp  from any  to any  label "RULE -2 -- ACCEPT "  
-# 
-# Rule  -1 CARP (automatic)
-pass  quick on en0 inet proto carp  from any  to any  label "RULE -1 -- ACCEPT "  
-# 
-# Rule  0 (lo)
-pass  quick on lo inet  from any  to any  label "RULE 0 -- ACCEPT "  
-# 
-# Rule  1 (global)
-pass  quick inet  from any  to <tbl.r1.d>  label "RULE 1 -- ACCEPT "  
-# 
-# Rule  2 (global)
-pass  quick inet  from <tbl.r2.s>  to any  label "RULE 2 -- ACCEPT "  
-# 
-# Rule  3 (global)
-pass  quick inet  from any  to <tbl.r2.s>  label "RULE 3 -- ACCEPT "  
-# 
-# Rule  4 (carp0)
-pass in   quick on en0 inet  from any  to any  label "RULE 4 -- ACCEPT "  
-# 
-# Rule  5 (carp0)
-pass in   quick on en1 inet  from any  to any  label "RULE 5 -- ACCEPT "  
-# 
-# Rule  6 (global)
-block  log  quick inet  from any  to any no state  label "RULE 6 -- DROP "  
-# 
-# Rule  fallback rule
-#    fallback rule 
-block  quick inet  from any  to any no state  label "RULE 10000 -- DROP "  
-

test/pf/openbsd-2.fw.orig

@@ -1,204 +0,0 @@
-#!/bin/sh
-#
-#  This is automatically generated file. DO NOT MODIFY !
-#
-#  Firewall Builder  fwb_pf v4.2.0.3425
-#
-#  Generated Fri Jan  7 13:02:11 2011 PST by vadim
-#
-# files: * openbsd-2.fw
-# files:   openbsd-2.conf
-#
-# Compiled for pf 4.x
-#
-
-
-
-
-
-FWDIR=`dirname $0`
-
-IFCONFIG="/sbin/ifconfig"
-PFCTL="/sbin/pfctl"
-SYSCTL="/sbin/sysctl"
-LOGGER="/usr/bin/logger"
-
-log() {
-    echo "$1"
-    test -x "$LOGGER" && $LOGGER -p info "$1"
-}
-
-diff_intf() {
-    func=$1
-    list1=$2
-    list2=$3
-    cmd=$4
-    for intf in $list1
-    do
-        echo $list2 | grep -q $intf || {
-        # $vlan is absent in list 2
-            $func $intf $cmd
-        }
-    done
-}
-
-
-missing_address() {
-    address=$1
-    cmd=$2
-
-    oldIFS=$IFS
-    IFS="@"
-    set $address
-    addr=$1
-    interface=$2
-    IFS=$oldIFS
-
-    if echo "$addr" | grep -q ':'
-    then
-        inet="inet6"
-        addr=$(echo "$addr" | sed 's!/! prefixlen !')
-    else
-        inet="inet"
-        addr=$(echo "$addr" | sed 's!/! netmask !')
-    fi
-
-    parameter=""
-    test "$cmd" = "add" && {
-      echo "# Adding ip address: $interface $addr"
-      parameter="alias"
-    }
-    test "$cmd" = "del" && {
-      echo "# Removing ip address: $interface $addr"
-      parameter="delete"
-    }
-
-    $FWBDEBUG $IFCONFIG $interface $inet $addr $parameter
-    $FWBDEBUG $IFCONFIG $interface up
-}
-
-list_addresses_by_scope() {
-    interface=$1
-    scope=$2
-    ignore_list=$3
-
-    scope_regex="1"
-    if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi
-
-    $IFCONFIG $interface | sed "s/%$interface//" | \
-      awk -v IGNORED="$ignore_list" \
-        "BEGIN {  
-           split(IGNORED,ignored_arr);
-           for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;}
-         }
-         (/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \
-        while read addr; do
-          echo "${addr}@$interface"
-        done | sort
-   
-}
-
-update_addresses_of_interface() {
-    ignore_list=$2
-    set $1 
-    interface=$1 
-    shift
-
-    FWB_ADDRS=$(
-      for addr in $*; do
-        echo "${addr}@$interface"
-      done | sort
-    )
-
-    CURRENT_ADDRS_ALL_SCOPES=""
-    CURRENT_ADDRS_GLOBAL_SCOPE=""
-
-    $IFCONFIG $interface >/dev/null 2>&1 && {
-      CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list")
-      CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list")
-    } || {
-      echo "# Interface $interface does not exist"
-      # Stop the script if we are not in test mode
-      test -z "$FWBDEBUG" && exit 1
-    }
-
-    diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add
-    diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del
-}
-
-
-
-sync_carp_interfaces() {
-    $IFCONFIG -A | awk -v IGNORED="$*" \
-        'BEGIN {
-           split(IGNORED,ignored_arr);
-           for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;}
-         }
-         ($1 ~ /^carp[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\
-         while read intf; do
-            echo "# Deleting carp interface $intf"
-             $FWBDEBUG $IFCONFIG $intf destroy
-         done
-
-    for intf in $*; do
-        $IFCONFIG $intf >/dev/null 2>&1 || {
-            echo "# Creating carp interface $intf"
-            $SYSCTL -w net.inet.carp.allow=1
-            $FWBDEBUG $IFCONFIG $intf create
-        }
-    done
-}
-
-verify_interfaces() {
-    :
-    
-}
-
-set_kernel_vars() {
-    :
-    $SYSCTL -w net.inet.ip.forwarding=1
-}
-
-prolog_commands() {
-    :
-    
-}
-
-epilog_commands() {
-    :
-    
-}
-
-run_epilog_and_exit() {
-    epilog_commands
-    exit $1
-}
-
-configure_interfaces() {
-    :
-    sync_carp_interfaces carp0 carp1
-    $IFCONFIG carp0 vhid 101 pass secret   advskew 1  carpdev en0
-    $IFCONFIG carp1 vhid 100 pass secret   advskew 1  carpdev en1
-
-
-    update_addresses_of_interface "en0 172.24.0.3/0xffffff00 172.24.0.2/0xffffff00" ""
-    update_addresses_of_interface "en1 192.168.1.3/0xffffff00" ""
-    update_addresses_of_interface "carp0 172.24.0.1/0xffffff00" ""
-    update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
-}
-
-log "Activating firewall script generated Fri Jan  7 13:02:11 2011 by vadim"
-
-set_kernel_vars
-configure_interfaces
-prolog_commands
-
-$PFCTL   \
-     -f \
-    ${FWDIR}/openbsd-2.conf || exit 1
-
-
-
-
-
-epilog_commands

test/pf/pf_cluster_1_openbsd-1.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:03 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:10 2011 PST by vadim
 #
 # files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw
 # files:   pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf
@@ -289,15 +289,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:03 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:10 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/pf_cluster_1_openbsd-1.conf || exit 1
-     -f \
-    /etc/pf_cluster_1_openbsd-1.conf || exit 1
 
 
 

test/pf/pf_cluster_1_openbsd-2.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:03 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:10 2011 PST by vadim
 #
 # files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw
 # files:   pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf
@@ -186,15 +186,13 @@ configure_interfaces() {
     update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:03 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:10 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/pf_cluster_1_openbsd-2.conf || exit 1
-     -f \
-    /etc/pf_cluster_1_openbsd-2.conf || exit 1
 
 
 

test/pf/pf_cluster_2_freebsd-1.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:03 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:10 2011 PST by vadim
 #
 # files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw
 # files:   pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf
@@ -291,15 +291,13 @@ configure_interfaces() {
     update_addresses_of_interface "en1 192.168.1.2/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:03 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:10 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/pf_cluster_2_freebsd-1.conf || exit 1
-     -f \
-    /etc/pf_cluster_2_freebsd-1.conf || exit 1
 
 
 

test/pf/pf_cluster_2_freebsd-2.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:03 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:10 2011 PST by vadim
 #
 # files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw
 # files:   pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf
@@ -188,15 +188,13 @@ configure_interfaces() {
     update_addresses_of_interface "en1 192.168.1.3/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:03 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:10 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/pf_cluster_2_freebsd-2.conf || exit 1
-     -f \
-    /etc/pf_cluster_2_freebsd-2.conf || exit 1
 
 
 

test/pf/pf_cluster_3_openbsd-3.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:04 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:10 2011 PST by vadim
 #
 # files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw
 # files:   pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf
@@ -292,15 +292,13 @@ configure_interfaces() {
     update_addresses_of_interface "vlan100 172.20.0.2/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:04 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:10 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/pf_cluster_3_openbsd-3.conf || exit 1
-     -f \
-    /etc/pf_cluster_3_openbsd-3.conf || exit 1
 
 
 

test/pf/pf_cluster_3_openbsd-4.fw.orig

@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:04 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:10 2011 PST by vadim
 #
 # files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw
 # files:   pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf
@@ -190,15 +190,13 @@ configure_interfaces() {
     update_addresses_of_interface "vlan100 172.20.0.3/0xffffff00" ""
 }
 
-log "Activating firewall script generated Mon Feb  7 17:03:04 2011 by vadim"
+log "Activating firewall script generated Tue Feb  8 11:18:10 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
 prolog_commands
 
-$PFCTL   \
+$PFCTL    -f /etc/pf_cluster_3_openbsd-4.conf || exit 1
-     -f \
-    /etc/pf_cluster_3_openbsd-4.conf || exit 1
 
 
 

test/pf/pf_cluster_4_rc.conf.local

@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.2.0.3462
+#  Firewall Builder  fwb_pf v4.2.0.3464
 #
-#  Generated Mon Feb  7 17:03:04 2011 PST by vadim
+#  Generated Tue Feb  8 11:18:10 2011 PST by vadim
 #
 # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
 # files:   pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf