see #1958 consistently use "exit" to get out of nested context in pix config

2026-05-01 22:57:33 +02:00 · 2011-01-24 16:41:34 -08:00 · 2011-01-24 16:41:34 -08:00 · 7c1108204e
commit 7c1108204e
parent 7e7f5509d2
39 changed files with 89 additions and 84 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,5 +1,10 @@
 2011-01-24  Vadim Kurland  <vadim@netcitadel.com>

+	* NamedObject.cpp (createServiceObjectCommand): See #1958
+	"consistently use "exit" to get out of nested context in pix
+	config". Using "exit" to exit from nested context while adding
+	network or service object in generated PIX/ASA configuraton.
+
 	* PolicyCompiler_pix.cpp (compile): see #1970 "ASA Policy - single
 	IPv6 icmp object allowed in rules". Since we do not support ipv6
 	for PIX/ASA at this time, policy compiler should drop the rule
--- a/src/cisco_lib/NamedObject.cpp
+++ b/src/cisco_lib/NamedObject.cpp
@ -296,7 +296,7 @@ QString NamedObject::createNetworkObjectCommand(const Address *addr_obj)
    }


-    res << "quit";
+    res << "exit";
    res << "";
    return res.join("\n");
 }
@ -370,7 +370,7 @@ QString NamedObject::createServiceObjectCommand(const Service *serv_obj)
    }

    res << service_line.join(" ");
-    res << "quit";
+    res << "exit";
    res << "";
    return res.join("\n");
 }
--- a/test/pix/cluster1-1_pix1.fw.orig
+++ b/test/pix/cluster1-1_pix1.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:09 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/cluster1-1_pix2.fw.orig
+++ b/test/pix/cluster1-1_pix2.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:10 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/cluster1_pix1.fw.orig
+++ b/test/pix/cluster1_pix1.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:09 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/cluster1_pix2.fw.orig
+++ b/test/pix/cluster1_pix2.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:10 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/firewall.fw.orig
+++ b/test/pix/firewall.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:18 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:52 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall1.fw.orig
+++ b/test/pix/firewall1.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:17 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:52 2011 PST by vadim
 !
 ! Compiled for pix 6.1
 ! Outbound ACLs: not supported
--- a/test/pix/firewall10.fw.orig
+++ b/test/pix/firewall10.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:17 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:52 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall11.fw.orig
+++ b/test/pix/firewall11.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:17 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:52 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall12.fw.orig
+++ b/test/pix/firewall12.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:19 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:54 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall13.fw.orig
+++ b/test/pix/firewall13.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:19 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:54 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall14.fw.orig
+++ b/test/pix/firewall14.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:20 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:54 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall2.fw.orig
+++ b/test/pix/firewall2.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:20 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:55 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall20.fw.orig
+++ b/test/pix/firewall20.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:21 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:56 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall21-1.fw.orig
+++ b/test/pix/firewall21-1.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:22 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:57 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall21.fw.orig
+++ b/test/pix/firewall21.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:21 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:56 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/firewall22.fw.orig
+++ b/test/pix/firewall22.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:22 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:57 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/firewall3.fw.orig
+++ b/test/pix/firewall3.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:23 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:58 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall33.fw.orig
+++ b/test/pix/firewall33.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:24 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:59 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall34.fw.orig
+++ b/test/pix/firewall34.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:24 2011 PST by vadim
+!  Generated Mon Jan 24 16:41:05 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall4.fw.orig
+++ b/test/pix/firewall4.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:24 2011 PST by vadim
+!  Generated Mon Jan 24 16:39:59 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall50.fw.orig
+++ b/test/pix/firewall50.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:25 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:00 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/firewall6.fw.orig
+++ b/test/pix/firewall6.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:26 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:01 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall8.fw.orig
+++ b/test/pix/firewall8.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:26 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:01 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall80.fw.orig
+++ b/test/pix/firewall80.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:27 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:02 2011 PST by vadim
 !
 ! Compiled for pix 8.2
 ! Outbound ACLs: supported
--- a/test/pix/firewall81.fw.orig
+++ b/test/pix/firewall81.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:27 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:02 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@ -99,11 +99,11 @@ clear conf object

 object service http.0
  service tcp destination eq 80
-quit
+exit

 object network hostA:eth0.0
  host 192.168.1.10
-quit
+exit


 !################
--- a/test/pix/firewall82.fw.orig
+++ b/test/pix/firewall82.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:28 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:02 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@ -99,11 +99,11 @@ clear conf object

 object service http.0
  service tcp destination eq 80
-quit
+exit

 object network hostA:eth0.0
  host 192.168.1.10
-quit
+exit


 !################
--- a/test/pix/firewall83.fw.orig
+++ b/test/pix/firewall83.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:28 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:03 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@ -97,11 +97,11 @@ clear conf object

 object service http.0
  service tcp destination eq 80
-quit
+exit

 object network hostA:eth0.0
  host 192.168.1.10
-quit
+exit


 !################
--- a/test/pix/firewall9.fw.orig
+++ b/test/pix/firewall9.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:29 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:04 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall90.fw.orig
+++ b/test/pix/firewall90.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:29 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:05 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@ -101,79 +101,79 @@ clear conf object

 object service http.0
  service tcp destination eq 80
-quit
+exit

 object service smtp.0
  service tcp destination eq 25
-quit
+exit

 object service smtps.0
  service tcp destination eq 465
-quit
+exit

 object service squid.0
  service tcp destination eq 3128
-quit
+exit

 object network spamhost1.0
  host 61.150.47.112
-quit
+exit

 object network external_gw_1.0
  host 22.22.22.254
-quit
+exit

 object network external_gw2.0
  host 22.22.22.100
-quit
+exit

 object network spamhost2.0
  host 61.150.47.113
-quit
+exit

 object network hostA:eth0.0
  host 192.168.1.10
-quit
+exit

 object network Internal_net.0
  subnet 192.168.1.0 255.255.255.0
-quit
+exit

 object network internal_subnet_1.0
  subnet 192.168.1.0 255.255.255.192
-quit
+exit

 object network internal_subnet_2.0
  subnet 192.168.1.64 255.255.255.192
-quit
+exit

 object network ext_subnet.0
  subnet 22.22.22.128 255.255.255.224
-quit
+exit

 object network ext_subnet-192.0
  subnet 22.22.22.128 255.255.255.192
-quit
+exit

 object network test_range_1.0
  range 192.168.1.11 192.168.1.15
-quit
+exit

 object network outside_range.0
  range 22.22.22.21 22.22.22.25
-quit
+exit

 object network outside_range-1.0
  range 22.22.22.30 22.22.22.40
-quit
+exit

 object network firewall90:FastEthernet1:ip.0
  host 22.22.22.22
-quit
+exit

 object network firewall90:FastEthernet1:ip-1.0
  host 22.22.22.23
-quit
+exit

 object-group network id178211X29963.osrc.net.0
  network-object object internal_subnet_1.0
--- a/test/pix/firewall91.fw.orig
+++ b/test/pix/firewall91.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:30 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:05 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@ -102,35 +102,35 @@ clear conf object

 object service http.0
  service tcp destination eq 80
-quit
+exit

 object service https.0
  service tcp destination eq 443
-quit
+exit

 object service squid.0
  service tcp destination eq 3128
-quit
+exit

 object network external_gw2.0
  host 22.22.22.100
-quit
+exit

 object network hostA:eth0.0
  host 192.168.1.10
-quit
+exit

 object network internal_subnet_1.0
  subnet 192.168.1.0 255.255.255.192
-quit
+exit

 object network test_range_1.0
  range 192.168.1.11 192.168.1.15
-quit
+exit

 object network outside_range.0
  range 22.22.22.21 22.22.22.25
-quit
+exit


 !################
--- a/test/pix/firewall92.fw.orig
+++ b/test/pix/firewall92.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:30 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:05 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@ -98,35 +98,35 @@ clear conf object

 object service http.0
  service tcp destination eq 80
-quit
+exit

 object service smtp.0
  service tcp destination eq 25
-quit
+exit

 object network spamhost1.0
  host 61.150.47.112
-quit
+exit

 object network hostA:eth0.0
  host 192.168.1.10
-quit
+exit

 object network Internal_net.0
  subnet 192.168.1.0 255.255.255.0
-quit
+exit

 object network internal_subnet_1.0
  subnet 192.168.1.0 255.255.255.192
-quit
+exit

 object network internal_subnet_2.0
  subnet 192.168.1.64 255.255.255.192
-quit
+exit

 object network test_range_1.0
  range 192.168.1.11 192.168.1.15
-quit
+exit

 object-group network id20655X6113.osrc.net.0
  network-object object internal_subnet_1.0
--- a/test/pix/firewall93.fw.orig
+++ b/test/pix/firewall93.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:30 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:06 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@ -96,11 +96,11 @@ clear conf object

 object network dmz-range-1.0
  range 172.16.0.10 172.16.0.15
-quit
+exit

 object network inside-range-1.0
  range 10.0.0.1 10.0.0.5
-quit
+exit


 !################
--- a/test/pix/firewall94.fw.orig
+++ b/test/pix/firewall94.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:31 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:07 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@ -83,11 +83,11 @@ clear conf object

 object network inside-range-1.0
  range 10.0.0.5 10.0.0.10
-quit
+exit

 object network inside-range-2.0
  range 10.0.0.8 10.0.0.15
-quit
+exit

 object-group network id26782X14355.src.net.0
  network-object object inside-range-1.0
--- a/test/pix/fwsm1.fw.orig
+++ b/test/pix/fwsm1.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:32 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:07 2011 PST by vadim
 !
 ! Compiled for fwsm 2.3
 ! Outbound ACLs: supported
--- a/test/pix/fwsm2.fw.orig
+++ b/test/pix/fwsm2.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:32 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:07 2011 PST by vadim
 !
 ! Compiled for fwsm 4.x
 ! Outbound ACLs: supported
--- a/test/pix/pix515.fw.orig
+++ b/test/pix/pix515.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:33 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:09 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/real.fw.orig
+++ b/test/pix/real.fw.orig
@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
+!  Generated Mon Jan 24 16:40:09 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported