onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-22 19:27:13 +01:00
Code Issues Releases Wiki Activity

see #1867 Since action Tag is non-terminating, rules with

Browse Source 
this action should not shadow other rules.
This commit is contained in:
Vadim Kurland 2011-02-13 18:03:12 -08:00
parent d2217033a4
commit 7de1edab4b
69 changed files with 673 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/ChangeLog
View File

@ -1,5 +1,10 @@
2011-02-13 vadim <vadim@netcitadel.com>
* PolicyCompiler_pf.cpp (checkForShadowingPlatformSpecific): see
#1867 "PF: rule with non-terminating action Tag shadows other
rules below it". Since action Tag is non-terminating, rules with
this action should not shadow other rules.
* instConf.cpp (clear): see #2088 "Installer caches putty session".
Need to initialize putty_session properly and clear it in clear().

20
src/pflib/PolicyCompiler_pf.cpp
View File

@ -49,6 +49,8 @@
#include <iomanip>
#include <assert.h>
#include <QtDebug>
using namespace libfwbuilder;
using namespace fwcompiler;
@ -1161,3 +1163,21 @@ void PolicyCompiler_pf::insertPfsyncRule()
}
}
/**
* virtual method to let policy compiler check rules using
* options specific for the given fw platform. Base class
* PolicyCompiler has no visibility into platform-specific
* options and can not do this.
*/
bool PolicyCompiler_pf::checkForShadowingPlatformSpecific(PolicyRule *r1,
PolicyRule *r2)
{
PolicyRule::Action r2_action = r2->getAction();
// Tag action is non-terminating and does not shadow anything
if (r2_action == PolicyRule::Tag) return false;
return true;
}

9
src/pflib/PolicyCompiler_pf.h
View File

@ -70,6 +70,15 @@ namespace fwcompiler
protected:
/**
* virtual method to let policy compiler check rules using
* options specific for the given fw platform. Base class
* PolicyCompiler has no visibility into platform-specific
* options and can not do this.
*/
virtual bool checkForShadowingPlatformSpecific(libfwbuilder::PolicyRule *r1,
libfwbuilder::PolicyRule *r2);
/**
* splits rule if one of the objects in Src * is firewall
* itself. This is needed to properly choose direction *

6
test/pf/firewall-base-rulesets.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:22 2011 PST by vadim
# Generated Sun Feb 13 18:01:27 2011 PST by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
# files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
@ -163,7 +163,7 @@ configure_interfaces() {
update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:22 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:27 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall-ipv6-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:22 2011 PST by vadim
# Generated Sun Feb 13 18:01:27 2011 PST by vadim
#
# files: * firewall-ipv6-1.fw pf-ipv6.fw
# files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
@ -175,7 +175,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:22 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:27 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall-ipv6-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:24 2011 PST by vadim
# Generated Sun Feb 13 18:01:28 2011 PST by vadim
#
# files: * firewall-ipv6-2.fw pf.fw
# files: firewall-ipv6-2.conf pf.conf
@ -179,7 +179,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:24 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:28 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall-ipv6-3.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:24 2011 PST by vadim
# Generated Sun Feb 13 18:01:28 2011 PST by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
# files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf

6
test/pf/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:53 2011 PST by vadim
# Generated Sun Feb 13 18:00:56 2011 PST by vadim
#
# files: * firewall.fw /etc/pf.fw
# files: firewall.conf /etc/pf.conf
@ -167,7 +167,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:47:53 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:00:56 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:53 2011 PST by vadim
# Generated Sun Feb 13 18:00:57 2011 PST by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
# files: firewall1.conf /etc/fw/firewall1.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:47:53 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:00:57 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall10-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:55 2011 PST by vadim
# Generated Sun Feb 13 18:00:59 2011 PST by vadim
#
# files: * firewall10-1.fw /etc/fw/firewall10-1.fw
# files: firewall10-1.conf /etc/fw/firewall10-1.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:47:55 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:00:59 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall10-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:56 2011 PST by vadim
# Generated Sun Feb 13 18:01:00 2011 PST by vadim
#
# files: * firewall10-2.fw /etc/fw/firewall10-2.fw
# files: firewall10-2.conf /etc/fw/firewall10-2.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:47:56 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:00 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall10-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:57 2011 PST by vadim
# Generated Sun Feb 13 18:01:01 2011 PST by vadim
#
# files: * firewall10-3.fw /etc/fw/firewall10-3.fw
# files: firewall10-3.conf /etc/fw/firewall10-3.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:47:57 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:01 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall10-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:59 2011 PST by vadim
# Generated Sun Feb 13 18:01:03 2011 PST by vadim
#
# files: * firewall10-4.fw /etc/fw/firewall10-4.fw
# files: firewall10-4.conf /etc/fw/firewall10-4.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:47:59 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:03 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall10-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:01 2011 PST by vadim
# Generated Sun Feb 13 18:01:05 2011 PST by vadim
#
# files: * firewall10-5.fw /etc/fw/firewall10-5.fw
# files: firewall10-5.conf /etc/fw/firewall10-5.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:01 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:05 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall10-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:02 2011 PST by vadim
# Generated Sun Feb 13 18:01:06 2011 PST by vadim
#
# files: * firewall10-6.fw /etc/fw/firewall10-6.fw
# files: firewall10-6.conf /etc/fw/firewall10-6.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:02 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:06 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall100.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:54 2011 PST by vadim
# Generated Sun Feb 13 18:00:58 2011 PST by vadim
#
# files: * firewall100.fw /etc/fw/pf.fw
# files: firewall100.conf /etc/fw/path\ with\ space/pf.conf
@ -160,7 +160,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:47:54 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:00:58 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall101.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:55 2011 PST by vadim
# Generated Sun Feb 13 18:00:58 2011 PST by vadim
#
# files: * firewall101.fw /etc/fw/pf.fw
# files: firewall101.conf /etc/fw/path\ with\ space/pf.conf
@ -163,7 +163,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:47:55 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:00:58 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall102.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:56 2011 PST by vadim
# Generated Sun Feb 13 18:00:59 2011 PST by vadim
#
# files: * firewall102.fw /etc/fw/pf.fw
# files: firewall102.conf /etc/fw/path\ with\ space/pf.conf

6
test/pf/firewall103-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:58 2011 PST by vadim
# Generated Sun Feb 13 18:01:01 2011 PST by vadim
#
# files: * firewall103-1.fw /etc/fw/pf.fw
# files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf
@ -385,7 +385,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Fri Feb 11 13:47:58 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:01 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall103-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:58 2011 PST by vadim
# Generated Sun Feb 13 18:01:02 2011 PST by vadim
#
# files: * firewall103-2.fw /etc/fw/pf.fw
# files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf
@ -385,7 +385,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Fri Feb 11 13:47:58 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:02 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall103.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:57 2011 PST by vadim
# Generated Sun Feb 13 18:01:00 2011 PST by vadim
#
# files: * firewall103.fw /etc/fw/pf.fw
# files: firewall103.conf /etc/fw/path\ with\ space/pf.conf
@ -388,7 +388,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Fri Feb 11 13:47:57 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:00 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall104-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:00 2011 PST by vadim
# Generated Sun Feb 13 18:01:03 2011 PST by vadim
#
# files: * firewall104-1.fw /etc/fw/pf.fw
# files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf
@ -384,7 +384,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:00 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:03 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall104.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:47:59 2011 PST by vadim
# Generated Sun Feb 13 18:01:02 2011 PST by vadim
#
# files: * firewall104.fw /etc/fw/pf.fw
# files: firewall104.conf /etc/fw/path\ with\ space/pf.conf
@ -387,7 +387,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Fri Feb 11 13:47:59 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:02 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall105.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:00 2011 PST by vadim
# Generated Sun Feb 13 18:01:04 2011 PST by vadim
#
# files: * firewall105.fw /etc/fw/pf.fw
# files: firewall105.conf /etc/fw/path\ with\ space/pf.conf

4
test/pf/firewall106.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:01 2011 PST by vadim
# Generated Sun Feb 13 18:01:05 2011 PST by vadim
#
# files: * firewall106.fw /etc/fw/pf.fw
# files: firewall106.conf /etc/fw/path\ with\ space/pf.conf

6
test/pf/firewall107.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:02 2011 PST by vadim
# Generated Sun Feb 13 18:01:06 2011 PST by vadim
#
# files: * firewall107.fw /etc/fw/pf.fw
# files: firewall107.conf /etc/fw/path\ with\ space/pf.conf
@ -388,7 +388,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:02 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:06 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall108.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:03 2011 PST by vadim
# Generated Sun Feb 13 18:01:07 2011 PST by vadim
#
# files: * firewall108.fw /etc/fw/pf.fw
# files: firewall108.conf /etc/fw/path\ with\ space/pf.conf

6
test/pf/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:04 2011 PST by vadim
# Generated Sun Feb 13 18:01:07 2011 PST by vadim
#
# files: * firewall11.fw /etc/firewall11.fw
# files: firewall11.conf /etc/firewall11.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:04 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:07 2011 by vadim"
set_kernel_vars
configure_interfaces

24
test/pf/firewall110.conf.orig Normal file
View File

@ -0,0 +1,24 @@
#
# Scrub rules
#
scrub in all fragment reassemble
# Policy compiler errors and warnings:
# firewall110:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it
#
# Rule 0 (global)
# see #1867 this rule is non-terminating and should not shadow next
pass inet from any to any tag tag2
#
# Rule 1 (global)
pass quick inet from any to any keep state queue ssh_q
#
# Rule 2 (global)
pass inet from any to any tag INTNET keep state
#
# Rule fallback rule
# fallback rule
block quick inet from any to any

91
test/pf/firewall110.fw.orig Executable file
View File

@ -0,0 +1,91 @@
#!/bin/sh
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Sun Feb 13 18:01:08 2011 PST by vadim
#
# files: * firewall110.fw /etc/fw/firewall110.fw
# files: firewall110.conf /etc/fw/firewall110.conf
#
# Compiled for pf
#
# testing shadowing of rules with tag action
# firewall110:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it
FWDIR=`dirname $0`
IFCONFIG="/sbin/ifconfig"
PFCTL="/sbin/pfctl"
IPFW="/sbin/ipfw"
IPF="/sbin/ipf"
IPNAT="/sbin/ipnat"
SYSCTL="/sbin/sysctl"
LOGGER="/usr/bin/logger"
log() {
echo "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
func=$1
list1=$2
list2=$3
cmd=$4
for intf in $list1
do
echo $list2 | grep -q $intf || {
# $vlan is absent in list 2
$func $intf $cmd
}
done
}
verify_interfaces() {
:
}
set_kernel_vars() {
:
}
prolog_commands() {
:
}
epilog_commands() {
:
}
run_epilog_and_exit() {
epilog_commands
exit $1
}
configure_interfaces() {
:
}
log "Activating firewall script generated Sun Feb 13 18:01:08 2011 by vadim"
set_kernel_vars
configure_interfaces
prolog_commands
$PFCTL -f /etc/fw/firewall110.conf || exit 1
epilog_commands

6
test/pf/firewall12.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:04 2011 PST by vadim
# Generated Sun Feb 13 18:01:08 2011 PST by vadim
#
# files: * firewall12.fw /etc/fw/firewall12.fw
# files: firewall12.conf /etc/fw/firewall12.conf
@ -159,7 +159,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:04 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:08 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall13.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:05 2011 PST by vadim
# Generated Sun Feb 13 18:01:09 2011 PST by vadim
#
# files: * firewall13.fw /etc/fw/firewall13.fw
# files: firewall13.conf /etc/fw/firewall13.conf
@ -88,7 +88,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:05 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:09 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall14-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:06 2011 PST by vadim
# Generated Sun Feb 13 18:01:10 2011 PST by vadim
#
# files: * firewall14-1.fw /etc/firewall14-1.fw
# files: firewall14-1.conf /etc/firewall14-1.conf
@ -241,7 +241,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:06 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:10 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall14.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:05 2011 PST by vadim
# Generated Sun Feb 13 18:01:09 2011 PST by vadim
#
# files: * firewall14.fw /etc/firewall14.fw
# files: firewall14.conf /etc/firewall14.conf
@ -241,7 +241,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:05 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:09 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall2-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:08 2011 PST by vadim
# Generated Sun Feb 13 18:01:12 2011 PST by vadim
#
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
# files: firewall2-1.conf /etc/fw/firewall2-1.conf
@ -88,7 +88,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:08 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:12 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:06 2011 PST by vadim
# Generated Sun Feb 13 18:01:11 2011 PST by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
# files: firewall2.conf /etc/fw/firewall2.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:06 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:11 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall20.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:07 2011 PST by vadim
# Generated Sun Feb 13 18:01:11 2011 PST by vadim
#
# files: * firewall20.fw /etc/fw/firewall20.fw
# files: firewall20.conf /etc/fw/firewall20.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:07 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:11 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall21.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:08 2011 PST by vadim
# Generated Sun Feb 13 18:01:12 2011 PST by vadim
#
# files: * firewall21.fw /etc/fw/firewall21.fw
# files: firewall21.conf /etc/fw/firewall21.conf
@ -81,7 +81,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:08 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:12 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall22.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:09 2011 PST by vadim
# Generated Sun Feb 13 18:01:13 2011 PST by vadim
#
# files: * firewall22.fw /etc/fw/firewall22.fw
# files: firewall22.conf /etc/fw/firewall22.conf
@ -80,7 +80,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:09 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:13 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:09 2011 PST by vadim
# Generated Sun Feb 13 18:01:13 2011 PST by vadim
#
# files: * firewall3.fw /etc/firewall3.fw
# files: firewall3.conf /etc/firewall3.conf
@ -159,7 +159,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:09 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:13 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall33.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:10 2011 PST by vadim
# Generated Sun Feb 13 18:01:15 2011 PST by vadim
#
# files: * firewall33.fw /etc/fw/firewall33.fw
# files: firewall33.conf /etc/fw/firewall33.conf
@ -162,7 +162,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:10 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:15 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:10 2011 PST by vadim
# Generated Sun Feb 13 18:01:14 2011 PST by vadim
#
# files: * firewall34.fw /etc/fw/firewall34.fw
# files: firewall34.conf /etc/fw/firewall34.conf
@ -158,7 +158,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:10 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:14 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall38.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:11 2011 PST by vadim
# Generated Sun Feb 13 18:01:15 2011 PST by vadim
#
# files: * firewall38.fw /etc/fw/firewall38.fw
# files: firewall38.conf /etc/fw/firewall38.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:11 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:15 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall39.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:12 2011 PST by vadim
# Generated Sun Feb 13 18:01:16 2011 PST by vadim
#
# files: * firewall39.fw pf.fw
# files: firewall39.conf pf.conf
@ -79,7 +79,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:12 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:16 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:12 2011 PST by vadim
# Generated Sun Feb 13 18:01:17 2011 PST by vadim
#
# files: * firewall4.fw pf.fw
# files: firewall4.conf /etc/fw/pf.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:12 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:17 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall40-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:14 2011 PST by vadim
# Generated Sun Feb 13 18:01:18 2011 PST by vadim
#
# files: * firewall40-1.fw /etc/firewall40-1.fw
# files: firewall40-1.conf /etc/firewall40-1.conf
@ -176,7 +176,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:14 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:18 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall40.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:13 2011 PST by vadim
# Generated Sun Feb 13 18:01:17 2011 PST by vadim
#
# files: * firewall40.fw /etc/firewall40.fw
# files: firewall40.conf /etc/firewall40.conf
@ -160,7 +160,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:13 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:17 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall41.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:14 2011 PST by vadim
# Generated Sun Feb 13 18:01:18 2011 PST by vadim
#
# files: * firewall41.fw /etc/firewall41.fw
# files: firewall41.conf /etc/firewall41.conf
@ -163,7 +163,7 @@ configure_interfaces() {
update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:14 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:18 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:15 2011 PST by vadim
# Generated Sun Feb 13 18:01:19 2011 PST by vadim
#
# files: * firewall5.fw /etc/fw/firewall5.fw
# files: firewall5.conf /etc/fw/firewall5.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:15 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:19 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall51.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:15 2011 PST by vadim
# Generated Sun Feb 13 18:01:20 2011 PST by vadim
#
# files: * firewall51.fw /etc/fw/firewall51.fw
# files: firewall51.conf /etc/fw/firewall51.conf
@ -80,7 +80,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:15 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:20 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:16 2011 PST by vadim
# Generated Sun Feb 13 18:01:20 2011 PST by vadim
#
# files: * firewall6.fw /etc/fw/firewall6.fw
# files: firewall6.conf /etc/fw/firewall6.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:16 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:20 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall62.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:16 2011 PST by vadim
# Generated Sun Feb 13 18:01:21 2011 PST by vadim
#
# files: * firewall62.fw /etc/firewall62.fw
# files: firewall62.conf /etc/firewall62.conf
@ -185,7 +185,7 @@ configure_interfaces() {
update_addresses_of_interface "en1 222.222.222.222/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:16 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:21 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall63.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:17 2011 PST by vadim
# Generated Sun Feb 13 18:01:21 2011 PST by vadim
#
# files: * firewall63.fw /etc/fw/firewall63.fw
# files: firewall63.conf /etc/fw/firewall63.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:17 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:21 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:18 2011 PST by vadim
# Generated Sun Feb 13 18:01:22 2011 PST by vadim
#
# files: * firewall7.fw /etc/fw/firewall7.fw
# files: firewall7.conf /etc/fw/firewall7.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:18 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:22 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall70.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:18 2011 PST by vadim
# Generated Sun Feb 13 18:01:22 2011 PST by vadim
#
# files: * firewall70.fw /etc/fw/firewall70.fw
# files: firewall70.conf /etc/fw/firewall70.conf
@ -82,7 +82,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:18 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:22 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:19 2011 PST by vadim
# Generated Sun Feb 13 18:01:23 2011 PST by vadim
#
# files: * firewall8.fw /etc/firewall8.fw
# files: firewall8.conf /etc/firewall8.conf
@ -72,7 +72,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:19 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:23 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall80-4.5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:20 2011 PST by vadim
# Generated Sun Feb 13 18:01:24 2011 PST by vadim
#
# files: * firewall80-4.5.fw /etc/firewall80-4.5.fw
# files: firewall80-4.5.conf /etc/firewall80-4.5.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:20 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:24 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall80.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:19 2011 PST by vadim
# Generated Sun Feb 13 18:01:23 2011 PST by vadim
#
# files: * firewall80.fw /etc/firewall80.fw
# files: firewall80.conf /etc/firewall80.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:19 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:23 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:20 2011 PST by vadim
# Generated Sun Feb 13 18:01:24 2011 PST by vadim
#
# files: * firewall9.fw /etc/fw/firewall9.fw
# files: firewall9.conf /etc/fw/firewall9.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Feb 11 13:48:20 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:24 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall91.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:21 2011 PST by vadim
# Generated Sun Feb 13 18:01:25 2011 PST by vadim
#
# files: * firewall91.fw /etc/fw/pf.fw
# files: firewall91.conf /etc/fw/pf.conf
@ -240,7 +240,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:21 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:25 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall92.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:21 2011 PST by vadim
# Generated Sun Feb 13 18:01:26 2011 PST by vadim
#
# files: * firewall92.fw /etc/fw/pf.fw
# files: firewall92.conf /etc/fw/path\ with\ space/pf.conf
@ -160,7 +160,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:21 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:26 2011 by vadim"
set_kernel_vars
configure_interfaces

343
test/pf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1297198241" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1297645439" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -318,6 +318,12 @@
<TCPService id="id41291887" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-1" comment="Java VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5801" dst_range_end="5801"/>
<TCPService id="id41291888" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-1" comment="Regular VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5901" dst_range_end="5901"/>
<TCPService id="id463FE5FE11008" ack_flag="False" ack_flag_mask="False" established="True" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP established" comment="Some firewall platforms can match TCP packets with flags ACK or RST set; the option is usually called &quot;established&quot;.&#10;&#10;Note that you can use this object only in the policy rules of the firewall that supports this option.&#10;&#10;If you need to match reply packets for a specific TCP service and wish to use option &quot;established&quot;, make a copy of this object and set source port range to match the service.&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id1577X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtmp" comment="Real Time Messaging Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1935" dst_range_end="1935"/>
<TCPService id="id1590X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5222" dst_range_end="5222"/>
<TCPService id="id1609X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5269" dst_range_end="5269"/>
<TCPService id="id1622X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client-ssl" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5223" dst_range_end="5223"/>
<TCPService id="id1631X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server-ssl" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5270" dst_range_end="5270"/>
<TCPService id="id1644X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nrpe" comment="NRPE add-on for Nagios http://www.nagios.org/&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5666" dst_range_end="5666"/>
<TCPService id="tcp-DNS_zone_transf" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="dns-tcp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
</ServiceGroup>
<ServiceGroup id="stdid08" name="UDP" comment="" ro="False">
@ -7919,7 +7925,7 @@
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id43EC5DDC2355" host_OS="freebsd" inactive="False" lastCompiled="1215308407" lastInstalled="0" lastModified="1215308308" platform="pf" version="" name="firewall38" comment="testing rules with tag service" ro="False">
<Firewall id="id43EC5DDC2355" host_OS="freebsd" inactive="False" lastCompiled="1215308407" lastInstalled="0" lastModified="1297645431" platform="pf" version="" name="firewall38" comment="testing rules with tag service" ro="False">
<NAT id="id43EC5E1F2355" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43EC5E2E2355" disabled="False" group="" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -8240,7 +8246,13 @@
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conf1_file"></Option>
<Option name="conf_file_name_on_firewall"></Option>
<Option name="configure_bridge_interfaces">False</Option>
<Option name="configure_carp_interfaces">False</Option>
<Option name="configure_interfaces">False</Option>
<Option name="configure_pfsync_interfaces">False</Option>
<Option name="configure_vlan_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
@ -8251,11 +8263,14 @@
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="generate_rc_conf_file">False</Option>
<Option name="generate_shell_script">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
@ -8283,14 +8298,22 @@
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
<Option name="pf_do_limit_frags">False</Option>
<Option name="pf_do_limit_src_nodes">False</Option>
<Option name="pf_do_limit_states">False</Option>
<Option name="pf_do_limit_table_entries">False</Option>
<Option name="pf_do_limit_tables">False</Option>
<Option name="pf_do_scrub">True</Option>
<Option name="pf_do_timeout_frag">False</Option>
<Option name="pf_do_timeout_interval">False</Option>
<Option name="pf_flush_states">False</Option>
<Option name="pf_icmp_error">0</Option>
<Option name="pf_icmp_first">0</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_src_nodes">0</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
@ -8302,6 +8325,7 @@
<Option name="pf_scrub_no_df">False</Option>
<Option name="pf_scrub_random_id">False</Option>
<Option name="pf_scrub_reassemble">True</Option>
<Option name="pf_scrub_reassemble_tcp">False</Option>
<Option name="pf_scrub_use_maxmss">False</Option>
<Option name="pf_scrub_use_minttl">False</Option>
<Option name="pf_set_adaptive">False</Option>
@ -8319,6 +8343,7 @@
<Option name="pf_set_udp_first">False</Option>
<Option name="pf_set_udp_multiple">False</Option>
<Option name="pf_set_udp_single">False</Option>
<Option name="pf_state_policy"></Option>
<Option name="pf_tcp_closed">0</Option>
<Option name="pf_tcp_closing">0</Option>
<Option name="pf_tcp_established">0</Option>
@ -8331,9 +8356,12 @@
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="proxy_arp">False</Option>
<Option name="scpArgs"></Option>
<Option name="script_env_path"></Option>
<Option name="script_name_on_firewall"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
@ -22186,6 +22214,317 @@
<Option name="sshArgs"></Option>
</FirewallOptions>
</Firewall>
<Firewall id="id164588X20402" host_OS="freebsd" inactive="False" lastCompiled="1297645524" lastInstalled="0" lastModified="1297648836" platform="pf" version="" name="firewall110" comment="testing shadowing of rules with tag action " ro="False">
<NAT id="id164956X20402" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id164614X20402" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id345014X20402" disabled="False" group="" log="False" position="0" action="Tag" direction="Both" comment="see #1867 this rule is non-terminating and should not shadow next&#10;">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="color">#C0BA44</Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">route_reply_through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_tee">False</Option>
<Option name="log_prefix"></Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_keep_state">False</Option>
<Option name="pf_max_src_conn">0</Option>
<Option name="pf_max_src_conn_flush">False</Option>
<Option name="pf_max_src_conn_global">False</Option>
<Option name="pf_max_src_conn_overload_table"></Option>
<Option name="pf_max_src_conn_rate_num">0</Option>
<Option name="pf_max_src_conn_rate_seconds">0</Option>
<Option name="pf_max_src_nodes">0</Option>
<Option name="pf_max_src_states">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_no_sync">False</Option>
<Option name="pf_pflow">False</Option>
<Option name="pf_route_load_option">none</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">none</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_sloppy_tracker">False</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="pf_synproxy">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id">id1391120443</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id344958X20402" disabled="False" group="" log="False" position="1" action="Classify" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str">ssh_q</Option>
<Option name="color">#C0BA44</Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">route_reply_through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_tee">False</Option>
<Option name="log_prefix"></Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_keep_state">False</Option>
<Option name="pf_max_src_conn">0</Option>
<Option name="pf_max_src_conn_flush">False</Option>
<Option name="pf_max_src_conn_global">False</Option>
<Option name="pf_max_src_conn_overload_table"></Option>
<Option name="pf_max_src_conn_rate_num">0</Option>
<Option name="pf_max_src_conn_rate_seconds">0</Option>
<Option name="pf_max_src_nodes">0</Option>
<Option name="pf_max_src_states">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_no_sync">False</Option>
<Option name="pf_pflow">False</Option>
<Option name="pf_route_load_option">none</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">none</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_sloppy_tracker">False</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="pf_synproxy">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id164616X20402" disabled="False" group="" log="False" position="2" action="Tag" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipfw_pipe_method">0</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="rule_name_accounting"></Option>
<Option name="tagobject_id">id43F4556A28869</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id165025X20402" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id164596X20402" dedicated_failover="False" dyn="False" label="int_if" mgmt="False" security_level="100" unnum="False" unprotected="False" name="le0" comment="" ro="False">
<IPv4 id="id164599X20402" name="firewall110:le0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id164601X20402" dedicated_failover="False" dyn="False" label="ext_if" mgmt="False" security_level="0" unnum="True" unprotected="False" name="enc0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id164604X20402" dedicated_failover="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id164607X20402" name="firewall110:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id164609X20402" dedicated_failover="False" dyn="False" label="wifi_int" mgmt="False" security_level="0" unnum="False" unprotected="False" name="enc1" comment="" ro="False">
<IPv4 id="id164612X20402" name="firewall110:enc1:ip" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conf1_file"></Option>
<Option name="conf_file_name_on_firewall"></Option>
<Option name="configure_bridge_interfaces">False</Option>
<Option name="configure_carp_interfaces">False</Option>
<Option name="configure_interfaces">False</Option>
<Option name="configure_pfsync_interfaces">False</Option>
<Option name="configure_vlan_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="generate_rc_conf_file">False</Option>
<Option name="generate_shell_script">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_path_pfctl"></Option>
<Option name="openbsd_path_sysctl"></Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">False</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
<Option name="pf_do_limit_frags">False</Option>
<Option name="pf_do_limit_src_nodes">False</Option>
<Option name="pf_do_limit_states">False</Option>
<Option name="pf_do_limit_table_entries">False</Option>
<Option name="pf_do_limit_tables">False</Option>
<Option name="pf_do_scrub">True</Option>
<Option name="pf_do_timeout_frag">False</Option>
<Option name="pf_do_timeout_interval">False</Option>
<Option name="pf_flush_states">False</Option>
<Option name="pf_icmp_error">0</Option>
<Option name="pf_icmp_first">0</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_src_nodes">0</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
<Option name="pf_scrub_fragm_crop">False</Option>
<Option name="pf_scrub_fragm_drop_ovl">False</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_scrub_minttl">1</Option>
<Option name="pf_scrub_no_df">False</Option>
<Option name="pf_scrub_random_id">False</Option>
<Option name="pf_scrub_reassemble">True</Option>
<Option name="pf_scrub_reassemble_tcp">False</Option>
<Option name="pf_scrub_use_maxmss">False</Option>
<Option name="pf_scrub_use_minttl">False</Option>
<Option name="pf_set_adaptive">False</Option>
<Option name="pf_set_icmp_error">False</Option>
<Option name="pf_set_icmp_first">False</Option>
<Option name="pf_set_other_first">False</Option>
<Option name="pf_set_other_multiple">False</Option>
<Option name="pf_set_other_single">False</Option>
<Option name="pf_set_tcp_closed">False</Option>
<Option name="pf_set_tcp_closing">False</Option>
<Option name="pf_set_tcp_established">False</Option>
<Option name="pf_set_tcp_finwait">False</Option>
<Option name="pf_set_tcp_first">False</Option>
<Option name="pf_set_tcp_opening">False</Option>
<Option name="pf_set_udp_first">False</Option>
<Option name="pf_set_udp_multiple">False</Option>
<Option name="pf_set_udp_single">False</Option>
<Option name="pf_state_policy"></Option>
<Option name="pf_tcp_closed">0</Option>
<Option name="pf_tcp_closing">0</Option>
<Option name="pf_tcp_established">0</Option>
<Option name="pf_tcp_finwait">0</Option>
<Option name="pf_tcp_first">0</Option>
<Option name="pf_tcp_opening">0</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pf_udp_first">0</Option>
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="proxy_arp">False</Option>
<Option name="scpArgs"></Option>
<Option name="script_env_path"></Option>
<Option name="script_name_on_firewall"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time" comment="" ro="False"/>
</Library>

6
test/pf/pf_cluster_1_openbsd-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:24 2011 PST by vadim
# Generated Sun Feb 13 18:01:29 2011 PST by vadim
#
# files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw
# files: pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf
@ -293,7 +293,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:24 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:29 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/pf_cluster_1_openbsd-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:24 2011 PST by vadim
# Generated Sun Feb 13 18:01:29 2011 PST by vadim
#
# files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw
# files: pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf
@ -190,7 +190,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:24 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:29 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/pf_cluster_2_freebsd-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:24 2011 PST by vadim
# Generated Sun Feb 13 18:01:29 2011 PST by vadim
#
# files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw
# files: pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf
@ -294,7 +294,7 @@ configure_interfaces() {
update_addresses_of_interface "en1 192.168.1.2/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:24 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:29 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/pf_cluster_2_freebsd-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:24 2011 PST by vadim
# Generated Sun Feb 13 18:01:29 2011 PST by vadim
#
# files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw
# files: pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf
@ -191,7 +191,7 @@ configure_interfaces() {
update_addresses_of_interface "en1 192.168.1.3/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:24 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:29 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/pf_cluster_3_openbsd-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:25 2011 PST by vadim
# Generated Sun Feb 13 18:01:29 2011 PST by vadim
#
# files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw
# files: pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf
@ -296,7 +296,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan100 172.20.0.2/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:25 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:29 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/pf_cluster_3_openbsd-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:25 2011 PST by vadim
# Generated Sun Feb 13 18:01:29 2011 PST by vadim
#
# files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw
# files: pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf
@ -194,7 +194,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan100 172.20.0.3/0xffffff00" ""
}
log "Activating firewall script generated Fri Feb 11 13:48:25 2011 by vadim"
log "Activating firewall script generated Sun Feb 13 18:01:29 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/pf_cluster_4_rc.conf.local
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3471
# Firewall Builder fwb_pf v4.2.0.3474
#
# Generated Fri Feb 11 13:48:25 2011 PST by vadim
# Generated Sun Feb 13 18:01:29 2011 PST by vadim
#
# files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
# files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf