onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-24 12:17:26 +01:00
Code Issues Releases Wiki Activity

sync with 2.1.17

Browse Source
This commit is contained in:
Vadim Kurland 2008-02-13 04:19:45 +00:00
parent f51f178483
commit 85e722d574
11 changed files with 895 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/ChangeLog
View File

@ -1,3 +1,20 @@
2008-02-10 vadim <vadim@vk.crocodile.org>
* pt_BR.po: updated Brazilian Portuguese translation by Rubens
Ferreira Neto <rubens.ferreiraneto@ig.com.br> and Jose
Carlos Medeiros <jose@psabs.com.br>
* PrefsDialog.cpp (PrefsDialog::PrefsDialog): fixed bug #1886570:
Diagnostic related to Edit->Preferences. Removed harmless but
annoying error message that appeared on stderr when user opened
Preferences dialog.
* IPTImporter.cpp (IPTImporter::pushPolicyRule): Fixed bug
1883536: "fwbuilder segfaults when importing iptables conf". Added
support for TCPMSS target with option --clamp-mss-to-pmtu in
iptables importer; also made importer upderstand option
--tcp-option but skip it since it is not supported in fwbuilder.
2008-02-06 <vadim@vk.crocodile.org>
* RCS.cpp (RCSEnvFix::RCSEnvFix): fixed bug #1849392: "RCS using

13
src/gui/IPTImporter.cpp
View File

@ -6,7 +6,7 @@
Author: Vadim Kurland vadim@fwbuilder.org
$Id: IPTImporter.cpp,v 1.9 2007/08/06 07:07:22 vkurland Exp $
$Id: IPTImporter.cpp,v 1.10 2008/02/11 01:30:39 vkurland Exp $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
@ -479,11 +479,22 @@ void IPTImporter::pushPolicyRule()
ropt->setBool("ipt_continue", !action_params["route_continue"].empty());
ropt->setBool("ipt_tee", !action_params["route_tee"].empty());
}
if (target=="RETURN")
{
action = PolicyRule::Continue;
}
if (target=="TCPMSS" && action_params["clamp-mss-to-pmtu"]=="--clamp-mss-to-pmtu")
{
fwopt->setBool("clamp_mss_to_mtu", true);
skip_rule = true;
*Importer::logger
<< "Using automatic rule controlled by option "
<< "Clamp MSS to MTU"
<< "\n";
}
if (action==PolicyRule::Unknown)
{
// unknown target, consider it a branch

4
src/gui/PrefsDialog.cpp
View File

@ -90,7 +90,9 @@ PrefsDialog::PrefsDialog(QWidget *parent) : QDialog(parent)
m_dialog->setupUi(this);
m_dialog->wDir->setText( st->getWDir() );
m_dialog->startupAction->setCurrentIndex( st->getStartupAction() );
int sa_itm = st->getStartupAction();
if (sa_itm < 0 || sa_itm > 1) sa_itm = 0;
m_dialog->startupAction->setCurrentIndex( sa_itm );
m_dialog->expandTree->setChecked( st->getExpandTree() );
// mergeLibs->setChecked( st->getMergeLibs() );

340
src/parsers/IPTCfgLexer.cpp
View File

@ -50,29 +50,29 @@ IPTCfgLexer::IPTCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState&
void IPTCfgLexer::initLiterals()
{
literals["SYN"] = 81;
literals["SYN"] = 82;
literals["udp"] = 31;
literals["multiport"] = 70;
literals["multiport"] = 71;
literals["tcp"] = 30;
literals["NEW"] = 59;
literals["NEW"] = 60;
literals["INPUT"] = 9;
literals["mark"] = 65;
literals["PSH"] = 86;
literals["FIN"] = 83;
literals["RST"] = 84;
literals["RELATED"] = 61;
literals["state"] = 62;
literals["mark"] = 66;
literals["PSH"] = 87;
literals["FIN"] = 84;
literals["RST"] = 85;
literals["RELATED"] = 62;
literals["state"] = 63;
literals["icmp"] = 32;
literals["ALL"] = 87;
literals["URG"] = 85;
literals["limit"] = 67;
literals["ALL"] = 88;
literals["URG"] = 86;
literals["limit"] = 68;
literals["COMMIT"] = 6;
literals["INVALID"] = 58;
literals["ESTABLISHED"] = 60;
literals["INVALID"] = 59;
literals["ESTABLISHED"] = 61;
literals["OUTPUT"] = 11;
literals["ACK"] = 82;
literals["ACK"] = 83;
literals["PREROUTING"] = 12;
literals["NONE"] = 88;
literals["NONE"] = 89;
literals["FORWARD"] = 10;
literals["POSTROUTING"] = 13;
}
@ -375,6 +375,14 @@ ANTLR_USE_NAMESPACE(antlr)RefToken IPTCfgLexer::nextToken()
mULOG_CPR(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x74 /* 't' */ ) && (LA(4) == 0x63 /* 'c' */ ) && (LA(5) == 0x70 /* 'p' */ ) && (LA(6) == 0x2d /* '-' */ ) && (LA(7) == 0x66 /* 'f' */ )) {
mMATCH_TCP_FLAGS(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x74 /* 't' */ ) && (LA(4) == 0x63 /* 'c' */ ) && (LA(5) == 0x70 /* 'p' */ ) && (LA(6) == 0x2d /* '-' */ ) && (LA(7) == 0x6f /* 'o' */ )) {
mMATCH_TCP_OPTION(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x70 /* 'p' */ ) && (LA(5) == 0x6f /* 'o' */ ) && (LA(6) == 0x72 /* 'r' */ ) && (LA(7) == 0x74 /* 't' */ ) && (true)) {
mMATCH_SRC_PORT_SHORT(true);
theRetToken=_returnToken;
@ -447,10 +455,6 @@ ANTLR_USE_NAMESPACE(antlr)RefToken IPTCfgLexer::nextToken()
mMATCH_SYN(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x74 /* 't' */ ) && (LA(4) == 0x63 /* 'c' */ )) {
mMATCH_TCP_FLAGS(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x69 /* 'i' */ ) && (LA(4) == 0x63 /* 'c' */ )) {
mMATCH_ICMP_TYPE(true);
theRetToken=_returnToken;
@ -459,6 +463,10 @@ ANTLR_USE_NAMESPACE(antlr)RefToken IPTCfgLexer::nextToken()
mSAVE_MARK(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x63 /* 'c' */ ) && (LA(4) == 0x6f /* 'o' */ )) {
mCONTINUE(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x69 /* 'i' */ ) && (LA(4) == 0x69 /* 'i' */ )) {
mROUTE_IIF(true);
theRetToken=_returnToken;
@ -471,12 +479,12 @@ ANTLR_USE_NAMESPACE(antlr)RefToken IPTCfgLexer::nextToken()
mTO_NETMAP(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6d /* 'm' */ )) {
mMATCH_MARK(true);
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x63 /* 'c' */ ) && (LA(4) == 0x6c /* 'l' */ )) {
mCLAMP_MSS(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x63 /* 'c' */ )) {
mCONTINUE(true);
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6d /* 'm' */ )) {
mMATCH_MARK(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6f /* 'o' */ )) {
@ -583,11 +591,11 @@ void IPTCfgLexer::mLINE_COMMENT(bool _createToken) {
}
}
else {
goto _loop125;
goto _loop127;
}
}
_loop125:;
_loop127:;
} // ( ... )*
mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -619,9 +627,9 @@ void IPTCfgLexer::mNEWLINE(bool _createToken) {
}
if ( inputState->guessing==0 ) {
#line 964 "iptables.g"
#line 973 "iptables.g"
newline();
#line 625 "IPTCfgLexer.cpp"
#line 633 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -700,9 +708,9 @@ void IPTCfgLexer::mWhitespace(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 962 "iptables.g"
#line 971 "iptables.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 706 "IPTCfgLexer.cpp"
#line 714 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -814,29 +822,14 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
int _saveIndex;
{
bool synPredMatched144 = false;
bool synPredMatched146 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (_tokenSet_2.member(LA(4))) && (_tokenSet_2.member(LA(5))) && (_tokenSet_2.member(LA(6))) && (_tokenSet_2.member(LA(7))) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) {
int _m144 = mark();
synPredMatched144 = true;
int _m146 = mark();
synPredMatched146 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt139=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt139>=1 ) { goto _loop139; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt139++;
}
_loop139:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt141=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
@ -865,32 +858,32 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
_loop143:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt145=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt145>=1 ) { goto _loop145; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt145++;
}
_loop145:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched144 = false;
synPredMatched146 = false;
}
rewind(_m144);
rewind(_m146);
inputState->guessing--;
}
if ( synPredMatched144 ) {
if ( synPredMatched146 ) {
{
{ // ( ... )+
int _cnt147=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt147>=1 ) { goto _loop147; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt147++;
}
_loop147:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt149=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
@ -934,37 +927,37 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
_loop153:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt155=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt155>=1 ) { goto _loop155; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt155++;
}
_loop155:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 984 "iptables.g"
#line 993 "iptables.g"
_ttype = IPV4;
#line 942 "IPTCfgLexer.cpp"
#line 950 "IPTCfgLexer.cpp"
}
}
else {
bool synPredMatched159 = false;
bool synPredMatched161 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) {
int _m159 = mark();
synPredMatched159 = true;
int _m161 = mark();
synPredMatched161 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt156=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt156>=1 ) { goto _loop156; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt156++;
}
_loop156:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt158=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
@ -978,32 +971,32 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
_loop158:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt160=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt160>=1 ) { goto _loop160; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt160++;
}
_loop160:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched159 = false;
synPredMatched161 = false;
}
rewind(_m159);
rewind(_m161);
inputState->guessing--;
}
if ( synPredMatched159 ) {
if ( synPredMatched161 ) {
{
{ // ( ... )+
int _cnt162=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt162>=1 ) { goto _loop162; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt162++;
}
_loop162:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt164=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
@ -1017,34 +1010,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
_loop164:;
} // ( ... )+
}
}
else if ((LA(1) == 0x30 /* '0' */ ) && (LA(2) == 0x78 /* 'x' */ )) {
{
match('0');
match('x');
{ // ( ... )+
int _cnt169=0;
for (;;) {
if ((_tokenSet_3.member(LA(1)))) {
mHEXDIGIT(false);
}
else {
if ( _cnt169>=1 ) { goto _loop169; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt169++;
}
_loop169:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 990 "iptables.g"
_ttype = HEX_CONST;
#line 1045 "IPTCfgLexer.cpp"
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true)) {
mDOT(false);
{ // ( ... )+
int _cnt166=0;
for (;;) {
@ -1059,10 +1025,52 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
_loop166:;
} // ( ... )+
}
}
else if ((LA(1) == 0x30 /* '0' */ ) && (LA(2) == 0x78 /* 'x' */ )) {
{
match('0');
match('x');
{ // ( ... )+
int _cnt171=0;
for (;;) {
if ((_tokenSet_3.member(LA(1)))) {
mHEXDIGIT(false);
}
else {
if ( _cnt171>=1 ) { goto _loop171; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt171++;
}
_loop171:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 988 "iptables.g"
#line 999 "iptables.g"
_ttype = HEX_CONST;
#line 1053 "IPTCfgLexer.cpp"
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true)) {
{ // ( ... )+
int _cnt168=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt168>=1 ) { goto _loop168; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt168++;
}
_loop168:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 997 "iptables.g"
_ttype = INT_CONST;
#line 1066 "IPTCfgLexer.cpp"
#line 1074 "IPTCfgLexer.cpp"
}
}
else {
@ -1329,11 +1337,11 @@ void IPTCfgLexer::mWORD(bool _createToken) {
}
default:
{
goto _loop173;
goto _loop175;
}
}
}
_loop173:;
_loop175:;
} // ( ... )*
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -1355,11 +1363,11 @@ void IPTCfgLexer::mSTRING(bool _createToken) {
matchNot('"');
}
else {
goto _loop176;
goto _loop178;
}
}
_loop176:;
_loop178:;
} // ( ... )*
match('"');
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -1390,9 +1398,9 @@ void IPTCfgLexer::mSECONDS(bool _createToken) {
match("--seconds");
if ( inputState->guessing==0 ) {
#line 1006 "iptables.g"
#line 1015 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 1396 "IPTCfgLexer.cpp"
#line 1404 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -1409,9 +1417,9 @@ void IPTCfgLexer::mSET(bool _createToken) {
match("--set");
if ( inputState->guessing==0 ) {
#line 1009 "iptables.g"
#line 1018 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 1415 "IPTCfgLexer.cpp"
#line 1423 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -1428,9 +1436,9 @@ void IPTCfgLexer::mRSOURCE(bool _createToken) {
match("--rsource");
if ( inputState->guessing==0 ) {
#line 1012 "iptables.g"
#line 1021 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 1434 "IPTCfgLexer.cpp"
#line 1442 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -1580,6 +1588,20 @@ void IPTCfgLexer::mMATCH_TCP_FLAGS(bool _createToken) {
_saveIndex=0;
}
void IPTCfgLexer::mMATCH_TCP_OPTION(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length();
_ttype = MATCH_TCP_OPTION;
int _saveIndex;
match("--tcp-option");
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void IPTCfgLexer::mMATCH_SRC_PORT_SHORT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length();
_ttype = MATCH_SRC_PORT_SHORT;
@ -1895,9 +1917,9 @@ void IPTCfgLexer::mULOG_QTHR(bool _createToken) {
match("--ulog-qthreshold");
if ( inputState->guessing==0 ) {
#line 1059 "iptables.g"
#line 1069 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 1901 "IPTCfgLexer.cpp"
#line 1923 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -1914,9 +1936,9 @@ void IPTCfgLexer::mULOG_NLG(bool _createToken) {
match("--ulog-nlgroup");
if ( inputState->guessing==0 ) {
#line 1060 "iptables.g"
#line 1070 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 1920 "IPTCfgLexer.cpp"
#line 1942 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -1933,9 +1955,9 @@ void IPTCfgLexer::mULOG_CPR(bool _createToken) {
match("--ulog-cprange");
if ( inputState->guessing==0 ) {
#line 1061 "iptables.g"
#line 1071 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 1939 "IPTCfgLexer.cpp"
#line 1961 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -2001,6 +2023,20 @@ void IPTCfgLexer::mTO_NETMAP(bool _createToken) {
_saveIndex=0;
}
void IPTCfgLexer::mCLAMP_MSS(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length();
_ttype = CLAMP_MSS;
int _saveIndex;
match("--clamp-mss-to-pmtu");
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void IPTCfgLexer::mOPT_MODULE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length();
_ttype = OPT_MODULE;
@ -2487,7 +2523,7 @@ const unsigned long IPTCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 429496729
// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! " # $ % &
// \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H
// I J K L M N O P Q R S T U V W X Y Z [ \\ ] ^ _ ` a b c d e f g h i j
// k l m n o p q r s t u v
// k l m n o p q r s t u v w x
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
const unsigned long IPTCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// . 0 1 2 3 4 5 6 7 8 9
@ -2500,6 +2536,6 @@ const unsigned long IPTCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 429496729
// 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $
// % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F
// G H I J K L M N O P Q R S T U V W X Y Z [ \\ ] ^ _ ` a b c d e f g h
// i j k l m n o p q r s t u v
// i j k l m n o p q r s t u v w x
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_4(_tokenSet_4_data_,16);

2
src/parsers/IPTCfgLexer.hpp
View File

@ -72,6 +72,7 @@ public:
public: void mMATCH_DST_PORT(bool _createToken);
public: void mMATCH_SYN(bool _createToken);
public: void mMATCH_TCP_FLAGS(bool _createToken);
public: void mMATCH_TCP_OPTION(bool _createToken);
public: void mMATCH_SRC_PORT_SHORT(bool _createToken);
public: void mMATCH_DST_PORT_SHORT(bool _createToken);
public: void mMATCH_ICMP_TYPE(bool _createToken);
@ -101,6 +102,7 @@ public:
public: void mTO_DESTINATION(bool _createToken);
public: void mTO_PORTS(bool _createToken);
public: void mTO_NETMAP(bool _createToken);
public: void mCLAMP_MSS(bool _createToken);
public: void mOPT_MODULE(bool _createToken);
public: void mOPT_SRC(bool _createToken);
public: void mOPT_DST(bool _createToken);

426
src/parsers/IPTCfgParser.cpp
View File

@ -381,6 +381,7 @@ void IPTCfgParser::ipt_option() {
case EXCLAMATION:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
tcp_options();
break;
@ -488,7 +489,7 @@ void IPTCfgParser::src() {
*dbg << " SRC=";
#line 492 "IPTCfgParser.cpp"
#line 493 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case EXCLAMATION:
@ -498,7 +499,7 @@ void IPTCfgParser::src() {
importer->src_neg = true;
#line 502 "IPTCfgParser.cpp"
#line 503 "IPTCfgParser.cpp"
break;
}
case WORD:
@ -536,7 +537,7 @@ void IPTCfgParser::src() {
importer->src_a = LT(0)->getText();
*dbg << LT(0)->getText();
#line 540 "IPTCfgParser.cpp"
#line 541 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case SLASH:
@ -565,7 +566,7 @@ void IPTCfgParser::src() {
importer->src_nm = LT(0)->getText();
*dbg << "/" << LT(0)->getText();
#line 569 "IPTCfgParser.cpp"
#line 570 "IPTCfgParser.cpp"
break;
}
case NEWLINE:
@ -594,6 +595,7 @@ void IPTCfgParser::src() {
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
@ -620,7 +622,7 @@ void IPTCfgParser::dst() {
*dbg << " DST=";
#line 624 "IPTCfgParser.cpp"
#line 626 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case EXCLAMATION:
@ -630,7 +632,7 @@ void IPTCfgParser::dst() {
importer->dst_neg = true;
#line 634 "IPTCfgParser.cpp"
#line 636 "IPTCfgParser.cpp"
break;
}
case WORD:
@ -668,7 +670,7 @@ void IPTCfgParser::dst() {
importer->dst_a = LT(0)->getText();
*dbg << LT(0)->getText();
#line 672 "IPTCfgParser.cpp"
#line 674 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case SLASH:
@ -697,7 +699,7 @@ void IPTCfgParser::dst() {
importer->dst_nm = LT(0)->getText();
*dbg << "/" << LT(0)->getText();
#line 701 "IPTCfgParser.cpp"
#line 703 "IPTCfgParser.cpp"
break;
}
case NEWLINE:
@ -726,6 +728,7 @@ void IPTCfgParser::dst() {
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
@ -758,7 +761,7 @@ void IPTCfgParser::i_intf() {
importer->intf_neg = true;
#line 762 "IPTCfgParser.cpp"
#line 765 "IPTCfgParser.cpp"
break;
}
case WORD:
@ -778,7 +781,7 @@ void IPTCfgParser::i_intf() {
importer->i_intf = LT(0)->getText();
*dbg << " I_INTF=" << i->getText();
#line 782 "IPTCfgParser.cpp"
#line 785 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -801,7 +804,7 @@ void IPTCfgParser::o_intf() {
importer->intf_neg = true;
#line 805 "IPTCfgParser.cpp"
#line 808 "IPTCfgParser.cpp"
break;
}
case WORD:
@ -821,7 +824,7 @@ void IPTCfgParser::o_intf() {
importer->o_intf = LT(0)->getText();
*dbg << " O_INTF=" << i->getText();
#line 825 "IPTCfgParser.cpp"
#line 828 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -843,7 +846,7 @@ void IPTCfgParser::proto() {
importer->srv_neg = true;
#line 847 "IPTCfgParser.cpp"
#line 850 "IPTCfgParser.cpp"
break;
}
case WORD:
@ -871,7 +874,7 @@ void IPTCfgParser::proto() {
::tolower);
*dbg << " PROTO=" << importer->protocol;
#line 875 "IPTCfgParser.cpp"
#line 878 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -892,7 +895,7 @@ void IPTCfgParser::target() {
importer->target = LT(0)->getText();
*dbg << " TARGET=" << t->getText();
#line 896 "IPTCfgParser.cpp"
#line 899 "IPTCfgParser.cpp"
{ // ( ... )*
for (;;) {
if ((_tokenSet_5.member(LA(1)))) {
@ -917,12 +920,12 @@ void IPTCfgParser::fragm() {
try { // for error handling
match(OPT_FRAGM);
#line 565 "iptables.g"
#line 571 "iptables.g"
importer->fragments = true;
*dbg << " FRAGM";
#line 926 "IPTCfgParser.cpp"
#line 929 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -940,37 +943,37 @@ void IPTCfgParser::icmp_type_spec() {
case WORD:
{
match(WORD);
#line 711 "iptables.g"
#line 717 "iptables.g"
importer->icmp_spec = LT(0)->getText();
*dbg << " ICMP_SPEC=" << LT(0)->getText();
#line 949 "IPTCfgParser.cpp"
#line 952 "IPTCfgParser.cpp"
break;
}
case INT_CONST:
{
{
match(INT_CONST);
#line 718 "iptables.g"
#line 724 "iptables.g"
importer->icmp_type = LT(0)->getText();
importer->icmp_code = "-1";
*dbg << " ICMP_TYPE=" << LT(0)->getText();
#line 962 "IPTCfgParser.cpp"
#line 965 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case SLASH:
{
match(SLASH);
match(INT_CONST);
#line 725 "iptables.g"
#line 731 "iptables.g"
importer->icmp_code = LT(0)->getText();
*dbg << " ICMP_CODE=" << LT(0)->getText();
#line 974 "IPTCfgParser.cpp"
#line 977 "IPTCfgParser.cpp"
break;
}
case NEWLINE:
@ -999,6 +1002,7 @@ void IPTCfgParser::icmp_type_spec() {
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
@ -1055,11 +1059,11 @@ void IPTCfgParser::basic_tcp_udp_port_spec() {
case EXCLAMATION:
{
match(EXCLAMATION);
#line 786 "iptables.g"
#line 792 "iptables.g"
importer->srv_neg = true;
#line 1063 "IPTCfgParser.cpp"
#line 1067 "IPTCfgParser.cpp"
break;
}
case WORD:
@ -1074,11 +1078,11 @@ void IPTCfgParser::basic_tcp_udp_port_spec() {
}
}
port_def_with_range();
#line 791 "iptables.g"
#line 797 "iptables.g"
importer->pushTmpPortSpecToSrcPortList();
#line 1082 "IPTCfgParser.cpp"
#line 1086 "IPTCfgParser.cpp"
break;
}
case MATCH_DST_PORT:
@ -1107,11 +1111,11 @@ void IPTCfgParser::basic_tcp_udp_port_spec() {
case EXCLAMATION:
{
match(EXCLAMATION);
#line 798 "iptables.g"
#line 804 "iptables.g"
importer->srv_neg = true;
#line 1115 "IPTCfgParser.cpp"
#line 1119 "IPTCfgParser.cpp"
break;
}
case WORD:
@ -1126,11 +1130,11 @@ void IPTCfgParser::basic_tcp_udp_port_spec() {
}
}
port_def_with_range();
#line 803 "iptables.g"
#line 809 "iptables.g"
importer->pushTmpPortSpecToDstPortList();
#line 1134 "IPTCfgParser.cpp"
#line 1138 "IPTCfgParser.cpp"
break;
}
default:
@ -1173,29 +1177,29 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
}
}
}
#line 667 "iptables.g"
#line 673 "iptables.g"
importer->startSrcMultiPort();
*dbg << " SRC MULTIPORT=";
#line 1182 "IPTCfgParser.cpp"
#line 1186 "IPTCfgParser.cpp"
port_def_no_range();
#line 672 "iptables.g"
#line 678 "iptables.g"
importer->pushTmpPortSpecToSrcPortList();
#line 1188 "IPTCfgParser.cpp"
#line 1192 "IPTCfgParser.cpp"
{ // ( ... )+
int _cnt85=0;
for (;;) {
if ((LA(1) == COMMA)) {
match(COMMA);
port_def_no_range();
#line 676 "iptables.g"
#line 682 "iptables.g"
importer->pushTmpPortSpecToSrcPortList();
#line 1199 "IPTCfgParser.cpp"
#line 1203 "IPTCfgParser.cpp"
}
else {
if ( _cnt85>=1 ) { goto _loop85; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());}
@ -1230,29 +1234,29 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
}
}
}
#line 682 "iptables.g"
#line 688 "iptables.g"
importer->startDstMultiPort();
*dbg << " DST MULTIPORT=";
#line 1239 "IPTCfgParser.cpp"
#line 1243 "IPTCfgParser.cpp"
port_def_no_range();
#line 687 "iptables.g"
#line 693 "iptables.g"
importer->pushTmpPortSpecToDstPortList();
#line 1245 "IPTCfgParser.cpp"
#line 1249 "IPTCfgParser.cpp"
{ // ( ... )+
int _cnt89=0;
for (;;) {
if ((LA(1) == COMMA)) {
match(COMMA);
port_def_no_range();
#line 691 "iptables.g"
#line 697 "iptables.g"
importer->pushTmpPortSpecToDstPortList();
#line 1256 "IPTCfgParser.cpp"
#line 1260 "IPTCfgParser.cpp"
}
else {
if ( _cnt89>=1 ) { goto _loop89; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());}
@ -1295,6 +1299,11 @@ void IPTCfgParser::tcp_options() {
tcp_flags();
break;
}
case MATCH_TCP_OPTION:
{
tcp_option();
break;
}
default:
{
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
@ -1314,12 +1323,12 @@ void IPTCfgParser::match_mark() {
try { // for error handling
match(MATCH_MARK);
match(INT_CONST);
#line 617 "iptables.g"
#line 623 "iptables.g"
importer->match_mark = LT(0)->getText();
*dbg << " MATCH MARK " << LT(0)->getText();
#line 1323 "IPTCfgParser.cpp"
#line 1332 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1346,12 +1355,12 @@ void IPTCfgParser::match_limit_burst() {
try { // for error handling
match(MATCH_LIMIT_BURST);
match(INT_CONST);
#line 648 "iptables.g"
#line 654 "iptables.g"
importer->limit_burst = LT(0)->getText();
*dbg << " LIMIT BURST " << LT(0)->getText();
#line 1355 "IPTCfgParser.cpp"
#line 1364 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1373,7 +1382,7 @@ void IPTCfgParser::unknown_option() {
std::string("Unknown option: -")+LT(0)->getText());
*dbg << " UNKNOWN OPTION=-" << LT(0)->getText();
#line 1377 "IPTCfgParser.cpp"
#line 1386 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case WORD:
@ -1409,6 +1418,7 @@ void IPTCfgParser::unknown_option() {
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
@ -1433,7 +1443,7 @@ void IPTCfgParser::unknown_option() {
std::string("Unknown option: --")+LT(0)->getText());
*dbg << " UNKNOWN OPTION=--" << LT(0)->getText();
#line 1437 "IPTCfgParser.cpp"
#line 1447 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case WORD:
@ -1469,6 +1479,7 @@ void IPTCfgParser::unknown_option() {
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
@ -1489,7 +1500,7 @@ void IPTCfgParser::unknown_option() {
std::string("Unknown option: ")+LT(0)->getText());
*dbg << " UNKNOWN OPTION=" << LT(0)->getText();
#line 1493 "IPTCfgParser.cpp"
#line 1504 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case WORD:
@ -1525,6 +1536,7 @@ void IPTCfgParser::unknown_option() {
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
@ -1554,7 +1566,7 @@ void IPTCfgParser::unknown_parameter() {
if ((LA(1) == INT_CONST || LA(1) == DIGIT) && (LA(2) == SLASH)) {
#line 240 "iptables.g"
std::string s;
#line 1558 "IPTCfgParser.cpp"
#line 1570 "IPTCfgParser.cpp"
{
{
{
@ -1564,7 +1576,7 @@ void IPTCfgParser::unknown_parameter() {
match(DIGIT);
#line 244 "iptables.g"
s+=LT(0)->getText();
#line 1568 "IPTCfgParser.cpp"
#line 1580 "IPTCfgParser.cpp"
break;
}
case INT_CONST:
@ -1572,7 +1584,7 @@ void IPTCfgParser::unknown_parameter() {
match(INT_CONST);
#line 246 "iptables.g"
s+=LT(0)->getText();
#line 1576 "IPTCfgParser.cpp"
#line 1588 "IPTCfgParser.cpp"
break;
}
default:
@ -1584,11 +1596,11 @@ void IPTCfgParser::unknown_parameter() {
match(SLASH);
#line 248 "iptables.g"
s+=LT(0)->getText();
#line 1588 "IPTCfgParser.cpp"
#line 1600 "IPTCfgParser.cpp"
match(WORD);
#line 249 "iptables.g"
s+=LT(0)->getText();
#line 1592 "IPTCfgParser.cpp"
#line 1604 "IPTCfgParser.cpp"
}
#line 251 "iptables.g"
@ -1596,7 +1608,7 @@ void IPTCfgParser::unknown_parameter() {
std::string("Unknown parameter: ")+s);
*dbg << " UNKNOWN PARMETER=" << s;
#line 1600 "IPTCfgParser.cpp"
#line 1612 "IPTCfgParser.cpp"
}
}
else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == DIGIT) && (_tokenSet_4.member(LA(2)))) {
@ -1630,7 +1642,7 @@ void IPTCfgParser::unknown_parameter() {
std::string("Unknown parameter: ")+LT(0)->getText());
*dbg << " UNKNOWN PARMETER=" << LT(0)->getText();
#line 1634 "IPTCfgParser.cpp"
#line 1646 "IPTCfgParser.cpp"
}
}
else {
@ -1650,28 +1662,28 @@ void IPTCfgParser::m_state() {
try { // for error handling
match(M_STATE);
match(MATCH_STATE);
#line 587 "iptables.g"
#line 593 "iptables.g"
importer->current_state = "";
#line 1658 "IPTCfgParser.cpp"
#line 1670 "IPTCfgParser.cpp"
state_word();
#line 591 "iptables.g"
#line 597 "iptables.g"
importer->current_state += LT(0)->getText();
#line 1664 "IPTCfgParser.cpp"
#line 1676 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case COMMA:
{
match(COMMA);
state_word();
#line 596 "iptables.g"
#line 602 "iptables.g"
importer->current_state += std::string(",") + LT(0)->getText();
#line 1675 "IPTCfgParser.cpp"
#line 1687 "IPTCfgParser.cpp"
break;
}
case NEWLINE:
@ -1700,6 +1712,7 @@ void IPTCfgParser::m_state() {
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
@ -1709,11 +1722,11 @@ void IPTCfgParser::m_state() {
}
}
}
#line 600 "iptables.g"
#line 606 "iptables.g"
*dbg << " STATE MATCH=" << importer->current_state;
#line 1717 "IPTCfgParser.cpp"
#line 1730 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1726,11 +1739,11 @@ void IPTCfgParser::m_mport() {
try { // for error handling
match(M_MPORT);
#line 657 "iptables.g"
#line 663 "iptables.g"
*dbg << " MULTIPORT";
#line 1734 "IPTCfgParser.cpp"
#line 1747 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1743,12 +1756,12 @@ void IPTCfgParser::m_icmp() {
try { // for error handling
match(ICMP);
#line 701 "iptables.g"
#line 707 "iptables.g"
importer->protocol = "icmp";
*dbg << " ICMP";
#line 1752 "IPTCfgParser.cpp"
#line 1765 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1761,12 +1774,12 @@ void IPTCfgParser::m_tcp() {
try { // for error handling
match(TCP);
#line 821 "iptables.g"
#line 827 "iptables.g"
importer->protocol = "tcp";
*dbg << " TCP";
#line 1770 "IPTCfgParser.cpp"
#line 1783 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1779,12 +1792,12 @@ void IPTCfgParser::m_udp() {
try { // for error handling
match(UDP);
#line 812 "iptables.g"
#line 818 "iptables.g"
importer->protocol = "udp";
*dbg << " UDP";
#line 1788 "IPTCfgParser.cpp"
#line 1801 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1797,11 +1810,11 @@ void IPTCfgParser::m_mark() {
try { // for error handling
match(M_MARK);
#line 609 "iptables.g"
#line 615 "iptables.g"
*dbg << " MARK";
#line 1805 "IPTCfgParser.cpp"
#line 1818 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1814,11 +1827,11 @@ void IPTCfgParser::m_limit() {
try { // for error handling
match(M_LIMIT);
#line 626 "iptables.g"
#line 632 "iptables.g"
*dbg << " LIMIT";
#line 1822 "IPTCfgParser.cpp"
#line 1835 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1831,13 +1844,13 @@ void IPTCfgParser::m_unknown_module() {
try { // for error handling
match(WORD);
#line 574 "iptables.g"
#line 580 "iptables.g"
*dbg << " UNKNOWN MODULE=" << LT(0)->getText();
importer->markCurrentRuleBad(
std::string("Unknown module: ")+LT(0)->getText());
#line 1841 "IPTCfgParser.cpp"
#line 1854 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -1904,7 +1917,7 @@ void IPTCfgParser::target_options() {
importer->action_params["reject_with"] = LT(0)->getText();
*dbg << " REJECT WITH=" << LT(0)->getText();
#line 1908 "IPTCfgParser.cpp"
#line 1921 "IPTCfgParser.cpp"
break;
}
case LOG_PREFIX:
@ -1933,7 +1946,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_prefix"] = LT(0)->getText();
*dbg << " LOG PREFIX=" << LT(0)->getText();
#line 1937 "IPTCfgParser.cpp"
#line 1950 "IPTCfgParser.cpp"
break;
}
case LOG_TCP_SEQ:
@ -1944,7 +1957,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_tcp_seq"] = LT(0)->getText();
*dbg << " LOG TCP SEQUENCE=";
#line 1948 "IPTCfgParser.cpp"
#line 1961 "IPTCfgParser.cpp"
break;
}
case LOG_TCP_OPT:
@ -1955,7 +1968,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_tcp_options"] = LT(0)->getText();
*dbg << " LOG TCP OPTIONS=";
#line 1959 "IPTCfgParser.cpp"
#line 1972 "IPTCfgParser.cpp"
break;
}
case LOG_IP_OPT:
@ -1966,7 +1979,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_ip_options"] = LT(0)->getText();
*dbg << " LOG IP OPTIONS=";
#line 1970 "IPTCfgParser.cpp"
#line 1983 "IPTCfgParser.cpp"
break;
}
case ULOG_PREFIX:
@ -1995,7 +2008,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_prefix"] = LT(0)->getText();
*dbg << " ULOG PREFIX=" << LT(0)->getText();
#line 1999 "IPTCfgParser.cpp"
#line 2012 "IPTCfgParser.cpp"
break;
}
case LOG_LEVEL:
@ -2007,7 +2020,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_level"] = LT(0)->getText();
*dbg << " LOG LEVEL=" << LT(0)->getText();
#line 2011 "IPTCfgParser.cpp"
#line 2024 "IPTCfgParser.cpp"
break;
}
case SET_MARK:
@ -2019,7 +2032,7 @@ void IPTCfgParser::target_options() {
importer->action_params["set_mark"] = LT(0)->getText();
*dbg << " SET MARK=" << LT(0)->getText();
#line 2023 "IPTCfgParser.cpp"
#line 2036 "IPTCfgParser.cpp"
break;
}
case SAVE_MARK:
@ -2030,7 +2043,7 @@ void IPTCfgParser::target_options() {
importer->action_params["connmark_save_mark"] = "--save-mark";
*dbg << " SAVE MARK";
#line 2034 "IPTCfgParser.cpp"
#line 2047 "IPTCfgParser.cpp"
break;
}
case RESTORE_MARK:
@ -2041,7 +2054,7 @@ void IPTCfgParser::target_options() {
importer->action_params["connmark_restore_mark"] = "--restore-mark";
*dbg << " RESTORE MARK";
#line 2045 "IPTCfgParser.cpp"
#line 2058 "IPTCfgParser.cpp"
break;
}
case CONTINUE:
@ -2052,7 +2065,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_continue"] = "--continue";
*dbg << " CONTINUE";
#line 2056 "IPTCfgParser.cpp"
#line 2069 "IPTCfgParser.cpp"
break;
}
case ROUTE_IIF:
@ -2064,7 +2077,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_iif"] = LT(0)->getText();
*dbg << " ROUTE_IIF=" << LT(0)->getText();
#line 2068 "IPTCfgParser.cpp"
#line 2081 "IPTCfgParser.cpp"
break;
}
case ROUTE_OIF:
@ -2076,7 +2089,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_oif"] = LT(0)->getText();
*dbg << " ROUTE_OIF=" << LT(0)->getText();
#line 2080 "IPTCfgParser.cpp"
#line 2093 "IPTCfgParser.cpp"
break;
}
case ROUTE_GW:
@ -2088,7 +2101,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_gw"] = LT(0)->getText();
*dbg << " ROUTE_GW=" << LT(0)->getText();
#line 2092 "IPTCfgParser.cpp"
#line 2105 "IPTCfgParser.cpp"
break;
}
case ROUTE_TEE:
@ -2099,7 +2112,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_tee"] = "--tee";
*dbg << " ROUTE_TEE";
#line 2103 "IPTCfgParser.cpp"
#line 2116 "IPTCfgParser.cpp"
break;
}
case TO_SOURCE:
@ -2109,7 +2122,7 @@ void IPTCfgParser::target_options() {
*dbg << " TO-SOURCE";
#line 2113 "IPTCfgParser.cpp"
#line 2126 "IPTCfgParser.cpp"
nat_spec();
break;
}
@ -2120,7 +2133,7 @@ void IPTCfgParser::target_options() {
*dbg << " TO-DESTINATION";
#line 2124 "IPTCfgParser.cpp"
#line 2137 "IPTCfgParser.cpp"
nat_spec();
break;
}
@ -2137,7 +2150,7 @@ void IPTCfgParser::target_options() {
*dbg << " TO-NETMAP";
#line 2141 "IPTCfgParser.cpp"
#line 2154 "IPTCfgParser.cpp"
{
match(IPV4);
#line 506 "iptables.g"
@ -2146,7 +2159,7 @@ void IPTCfgParser::target_options() {
importer->nat_addr2 = LT(0)->getText();
*dbg << LT(0)->getText();
#line 2150 "IPTCfgParser.cpp"
#line 2163 "IPTCfgParser.cpp"
match(SLASH);
{
switch ( LA(1)) {
@ -2171,10 +2184,21 @@ void IPTCfgParser::target_options() {
importer->nat_nm = LT(0)->getText();
*dbg << "/" << LT(0)->getText();
#line 2175 "IPTCfgParser.cpp"
#line 2188 "IPTCfgParser.cpp"
}
break;
}
case CLAMP_MSS:
{
match(CLAMP_MSS);
#line 519 "iptables.g"
importer->action_params["clamp-mss-to-pmtu"] = "--clamp-mss-to-pmtu";
*dbg << " TO-NETMAP";
#line 2200 "IPTCfgParser.cpp"
break;
}
default:
if ((LA(1) == SET_TOS) && (LA(2) == HEX_CONST)) {
match(SET_TOS);
@ -2183,7 +2207,7 @@ void IPTCfgParser::target_options() {
*dbg << " SET TOS=" << LT(0)->getText() << "(unsupported)";
#line 2187 "IPTCfgParser.cpp"
#line 2211 "IPTCfgParser.cpp"
}
else if ((LA(1) == SET_TOS) && (LA(2) == WORD)) {
match(SET_TOS);
@ -2192,7 +2216,7 @@ void IPTCfgParser::target_options() {
*dbg << " SET TOS=" << LT(0)->getText() << "(unsupported)";
#line 2196 "IPTCfgParser.cpp"
#line 2220 "IPTCfgParser.cpp"
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
@ -2250,6 +2274,7 @@ void IPTCfgParser::nat_spec() {
case TO_DESTINATION:
case TO_PORTS:
case TO_NETMAP:
case CLAMP_MSS:
case OPT_FRAGM:
case MATCH_MARK:
case MATCH_LIMIT:
@ -2265,6 +2290,7 @@ void IPTCfgParser::nat_spec() {
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
@ -2274,7 +2300,7 @@ void IPTCfgParser::nat_spec() {
}
}
}
#line 524 "iptables.g"
#line 530 "iptables.g"
*dbg << " "
<< importer->nat_addr1
@ -2285,7 +2311,7 @@ void IPTCfgParser::nat_spec() {
<< "-"
<< importer->nat_port_range_end;
#line 2289 "IPTCfgParser.cpp"
#line 2315 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -2298,7 +2324,7 @@ void IPTCfgParser::redirect_spec() {
try { // for error handling
nat_port_def_with_range();
#line 552 "iptables.g"
#line 558 "iptables.g"
*dbg << " TO-PORTS "
<< importer->nat_addr1
@ -2308,7 +2334,7 @@ void IPTCfgParser::redirect_spec() {
<< importer->nat_port_range_start
<< importer->nat_port_range_end;
#line 2312 "IPTCfgParser.cpp"
#line 2338 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -2321,21 +2347,21 @@ void IPTCfgParser::nat_addr_range() {
try { // for error handling
match(IPV4);
#line 539 "iptables.g"
#line 545 "iptables.g"
importer->nat_port_range_start = "";
importer->nat_port_range_end = "";
importer->nat_addr1 = LT(0)->getText();
importer->nat_addr2 = LT(0)->getText();
#line 2332 "IPTCfgParser.cpp"
#line 2358 "IPTCfgParser.cpp"
{
if ((LA(1) == MINUS) && (LA(2) == IPV4)) {
match(MINUS);
match(IPV4);
#line 546 "iptables.g"
#line 552 "iptables.g"
importer->nat_addr2 = LT(0)->getText();
#line 2339 "IPTCfgParser.cpp"
#line 2365 "IPTCfgParser.cpp"
}
else if ((_tokenSet_7.member(LA(1))) && (_tokenSet_8.member(LA(2)))) {
}
@ -2373,13 +2399,13 @@ void IPTCfgParser::nat_port_def_with_range() {
}
}
}
#line 767 "iptables.g"
#line 773 "iptables.g"
importer->nat_port_range_start = LT(0)->getText();
importer->nat_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 2383 "IPTCfgParser.cpp"
#line 2409 "IPTCfgParser.cpp"
{
if ((LA(1) == MINUS) && (LA(2) == WORD || LA(2) == INT_CONST)) {
match(MINUS);
@ -2401,12 +2427,12 @@ void IPTCfgParser::nat_port_def_with_range() {
}
}
}
#line 774 "iptables.g"
#line 780 "iptables.g"
importer->nat_port_range_end = LT(0)->getText();
*dbg << ":" << LT(0)->getText();
#line 2410 "IPTCfgParser.cpp"
#line 2436 "IPTCfgParser.cpp"
}
else if ((_tokenSet_6.member(LA(1))) && (_tokenSet_8.member(LA(2)))) {
}
@ -2466,21 +2492,21 @@ void IPTCfgParser::limit_rate() {
try { // for error handling
match(INT_CONST);
#line 637 "iptables.g"
#line 643 "iptables.g"
importer->limit_val = LT(0)->getText();
#line 2472 "IPTCfgParser.cpp"
#line 2498 "IPTCfgParser.cpp"
match(SLASH);
match(WORD);
#line 639 "iptables.g"
#line 645 "iptables.g"
importer->limit_suffix = LT(0)->getText();
#line 2477 "IPTCfgParser.cpp"
#line 640 "iptables.g"
#line 2503 "IPTCfgParser.cpp"
#line 646 "iptables.g"
*dbg << " MATCH LIMIT "
<< importer->limit_val << "/"
<< importer->limit_suffix;
#line 2484 "IPTCfgParser.cpp"
#line 2510 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -2510,13 +2536,13 @@ void IPTCfgParser::port_def_no_range() {
}
}
}
#line 737 "iptables.g"
#line 743 "iptables.g"
importer->tmp_port_range_start = LT(0)->getText();
importer->tmp_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 2520 "IPTCfgParser.cpp"
#line 2546 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -2546,13 +2572,13 @@ void IPTCfgParser::port_def_with_range() {
}
}
}
#line 748 "iptables.g"
#line 754 "iptables.g"
importer->tmp_port_range_start = LT(0)->getText();
importer->tmp_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 2556 "IPTCfgParser.cpp"
#line 2582 "IPTCfgParser.cpp"
{
switch ( LA(1)) {
case COLON:
@ -2576,12 +2602,12 @@ void IPTCfgParser::port_def_with_range() {
}
}
}
#line 755 "iptables.g"
#line 761 "iptables.g"
importer->tmp_port_range_end = LT(0)->getText();
*dbg << ":" << LT(0)->getText();
#line 2585 "IPTCfgParser.cpp"
#line 2611 "IPTCfgParser.cpp"
break;
}
case NEWLINE:
@ -2610,6 +2636,7 @@ void IPTCfgParser::port_def_with_range() {
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
@ -2635,11 +2662,11 @@ void IPTCfgParser::syn() {
case EXCLAMATION:
{
match(EXCLAMATION);
#line 836 "iptables.g"
#line 842 "iptables.g"
importer->srv_neg = true;
#line 2643 "IPTCfgParser.cpp"
#line 2670 "IPTCfgParser.cpp"
break;
}
case MATCH_SYN:
@ -2653,7 +2680,7 @@ void IPTCfgParser::syn() {
}
}
match(MATCH_SYN);
#line 841 "iptables.g"
#line 847 "iptables.g"
importer->tcp_flags_mask.clear();
importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::SYN);
@ -2663,7 +2690,7 @@ void IPTCfgParser::syn() {
importer->tcp_flags_comp.clear();
importer->tcp_flags_comp.push_back(libfwbuilder::TCPService::SYN);
#line 2667 "IPTCfgParser.cpp"
#line 2694 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -2677,14 +2704,14 @@ void IPTCfgParser::tcp_flags() {
try { // for error handling
match(MATCH_TCP_FLAGS);
tcp_flags_list();
#line 892 "iptables.g"
#line 898 "iptables.g"
importer->tcp_flags_mask = importer->tmp_tcp_flags_list;
importer->tmp_tcp_flags_list.clear();
#line 2686 "IPTCfgParser.cpp"
#line 2713 "IPTCfgParser.cpp"
tcp_flags_list();
#line 897 "iptables.g"
#line 903 "iptables.g"
importer->tcp_flags_comp = importer->tmp_tcp_flags_list;
importer->tmp_tcp_flags_list.clear();
@ -2698,7 +2725,38 @@ void IPTCfgParser::tcp_flags() {
i!=importer->tcp_flags_comp.end(); ++i)
*dbg << *i << "|";
#line 2702 "IPTCfgParser.cpp"
#line 2729 "IPTCfgParser.cpp"
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
consume();
consumeUntil(_tokenSet_4);
}
}
void IPTCfgParser::tcp_option() {
try { // for error handling
match(MATCH_TCP_OPTION);
{
switch ( LA(1)) {
case NUMBER:
{
match(NUMBER);
break;
}
case EXCLAMATION:
{
match(EXCLAMATION);
match(NUMBER);
break;
}
default:
{
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
}
}
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
reportError(ex);
@ -2715,65 +2773,65 @@ void IPTCfgParser::tcp_flag_word() {
case SYN:
{
match(SYN);
#line 854 "iptables.g"
#line 860 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::SYN;
#line 2721 "IPTCfgParser.cpp"
#line 2779 "IPTCfgParser.cpp"
break;
}
case ACK:
{
match(ACK);
#line 856 "iptables.g"
#line 862 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::ACK;
#line 2729 "IPTCfgParser.cpp"
#line 2787 "IPTCfgParser.cpp"
break;
}
case FIN:
{
match(FIN);
#line 858 "iptables.g"
#line 864 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::FIN;
#line 2737 "IPTCfgParser.cpp"
#line 2795 "IPTCfgParser.cpp"
break;
}
case RST:
{
match(RST);
#line 860 "iptables.g"
#line 866 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::RST;
#line 2745 "IPTCfgParser.cpp"
#line 2803 "IPTCfgParser.cpp"
break;
}
case URG:
{
match(URG);
#line 862 "iptables.g"
#line 868 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::URG;
#line 2753 "IPTCfgParser.cpp"
#line 2811 "IPTCfgParser.cpp"
break;
}
case PSH:
{
match(PSH);
#line 864 "iptables.g"
#line 870 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::PSH;
#line 2761 "IPTCfgParser.cpp"
#line 2819 "IPTCfgParser.cpp"
break;
}
case ALL:
{
match(ALL);
#line 866 "iptables.g"
#line 872 "iptables.g"
importer->tmp_tcp_flag_code = 99;
#line 2769 "IPTCfgParser.cpp"
#line 2827 "IPTCfgParser.cpp"
break;
}
case NONE:
{
match(NONE);
#line 868 "iptables.g"
#line 874 "iptables.g"
importer->tmp_tcp_flag_code = 98;
#line 2777 "IPTCfgParser.cpp"
#line 2835 "IPTCfgParser.cpp"
break;
}
default:
@ -2793,29 +2851,29 @@ void IPTCfgParser::tcp_flag_word() {
void IPTCfgParser::tcp_flags_list() {
try { // for error handling
#line 873 "iptables.g"
#line 879 "iptables.g"
importer->tmp_tcp_flags_list.clear();
importer->tmp_tcp_flag_code = 0;
#line 2802 "IPTCfgParser.cpp"
#line 2860 "IPTCfgParser.cpp"
tcp_flag_word();
#line 878 "iptables.g"
#line 884 "iptables.g"
importer->tmp_tcp_flags_list.push_back(importer->tmp_tcp_flag_code);
#line 2808 "IPTCfgParser.cpp"
#line 2866 "IPTCfgParser.cpp"
{ // ( ... )*
for (;;) {
if ((LA(1) == COMMA)) {
match(COMMA);
tcp_flag_word();
#line 883 "iptables.g"
#line 889 "iptables.g"
importer->tmp_tcp_flags_list.push_back(
importer->tmp_tcp_flag_code);
#line 2819 "IPTCfgParser.cpp"
#line 2877 "IPTCfgParser.cpp"
}
else {
goto _loop120;
@ -2893,6 +2951,7 @@ const char* IPTCfgParser::tokenNames[] = {
"TO_DESTINATION",
"TO_PORTS",
"TO_NETMAP",
"CLAMP_MSS",
"OPT_FRAGM",
"\"INVALID\"",
"\"NEW\"",
@ -2926,10 +2985,11 @@ const char* IPTCfgParser::tokenNames[] = {
"\"ALL\"",
"\"NONE\"",
"MATCH_TCP_FLAGS",
"MATCH_TCP_OPTION",
"NUMBER",
"Whitespace",
"NEG_INT_CONST",
"HEXDIGIT",
"NUMBER",
"SECONDS",
"SET",
"RSOURCE",
@ -2964,87 +3024,91 @@ const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_0(_tokenSet_0_dat
const unsigned long IPTCfgParser::_tokenSet_1_data_[] = { 540914UL, 0UL, 0UL, 0UL };
// EOF NEWLINE LINE_COMMENT "COMMIT" STAR COLON ADD_RULE
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_1(_tokenSet_1_data_,4);
const unsigned long IPTCfgParser::_tokenSet_2_data_[] = { 999325696UL, 33554438UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_2_data_[] = { 999325696UL, 67108870UL, 201588584UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST OPT_IN_INTF
// OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM MATCH_MARK MATCH_LIMIT MATCH_LIMIT_BURST
// MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT MATCH_DST_MULTIPORT_SHORT
// MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT MATCH_DST_PORT MATCH_DST_PORT_SHORT
// MATCH_SYN MATCH_TCP_FLAGS
// MATCH_SYN MATCH_TCP_FLAGS MATCH_TCP_OPTION
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_2(_tokenSet_2_data_,8);
const unsigned long IPTCfgParser::_tokenSet_3_data_[] = { 999325952UL, 33554438UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_3_data_[] = { 999325952UL, 67108870UL, 201588584UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// WORD MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST
// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM MATCH_MARK MATCH_LIMIT
// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT
// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT
// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS
// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS MATCH_TCP_OPTION
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_3(_tokenSet_3_data_,8);
const unsigned long IPTCfgParser::_tokenSet_4_data_[] = { 999325712UL, 33554438UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_4_data_[] = { 999325712UL, 67108870UL, 201588584UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST
// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM MATCH_MARK MATCH_LIMIT
// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT
// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT
// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS
// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS MATCH_TCP_OPTION
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_4(_tokenSet_4_data_,8);
const unsigned long IPTCfgParser::_tokenSet_5_data_[] = { 0UL, 33546200UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_5_data_[] = { 0UL, 67100632UL, 0UL, 0UL };
// REJECT_WITH LOG_PREFIX LOG_TCP_SEQ LOG_TCP_OPT LOG_IP_OPT ULOG_PREFIX
// LOG_LEVEL SET_MARK SET_TOS SAVE_MARK RESTORE_MARK CONTINUE ROUTE_IIF
// ROUTE_OIF ROUTE_GW ROUTE_TEE TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP
// CLAMP_MSS
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_5(_tokenSet_5_data_,4);
const unsigned long IPTCfgParser::_tokenSet_6_data_[] = { 999325712UL, 67100638UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_6_data_[] = { 999325712UL, 134209502UL, 201588584UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST
// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET REJECT_WITH LOG_PREFIX
// LOG_TCP_SEQ LOG_TCP_OPT LOG_IP_OPT ULOG_PREFIX LOG_LEVEL SET_MARK SET_TOS
// SAVE_MARK RESTORE_MARK CONTINUE ROUTE_IIF ROUTE_OIF ROUTE_GW ROUTE_TEE
// TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP OPT_FRAGM MATCH_MARK MATCH_LIMIT
// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT
// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT
// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS
// TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP CLAMP_MSS OPT_FRAGM MATCH_MARK
// MATCH_LIMIT MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT
// MATCH_DST_MULTIPORT MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT
// MATCH_SRC_PORT_SHORT MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS
// MATCH_TCP_OPTION
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_6(_tokenSet_6_data_,8);
const unsigned long IPTCfgParser::_tokenSet_7_data_[] = { 999342096UL, 67100638UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_7_data_[] = { 999342096UL, 134209502UL, 201588584UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// NEWLINE COLON MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION
// OPT_DST OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET REJECT_WITH LOG_PREFIX
// LOG_TCP_SEQ LOG_TCP_OPT LOG_IP_OPT ULOG_PREFIX LOG_LEVEL SET_MARK SET_TOS
// SAVE_MARK RESTORE_MARK CONTINUE ROUTE_IIF ROUTE_OIF ROUTE_GW ROUTE_TEE
// TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP OPT_FRAGM MATCH_MARK MATCH_LIMIT
// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT
// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT
// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS
// TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP CLAMP_MSS OPT_FRAGM MATCH_MARK
// MATCH_LIMIT MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT
// MATCH_DST_MULTIPORT MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT
// MATCH_SRC_PORT_SHORT MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS
// MATCH_TCP_OPTION
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_7(_tokenSet_7_data_,8);
const unsigned long IPTCfgParser::_tokenSet_8_data_[] = { 4290429426UL, 1140850687UL, 67108862UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_8_data_[] = { 4290429426UL, 2281701375UL, 536870908UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// EOF NEWLINE LINE_COMMENT "COMMIT" STAR WORD COLON MINUS INT_CONST ADD_RULE
// UNSUPPORTED_OPTION DIGIT OPT_MODULE OPT_SRC EXCLAMATION IPV4 OPT_DST
// OPT_IN_INTF OPT_OUT_INTF "tcp" "udp" "icmp" OPT_PROTO OPT_TARGET REJECT_WITH
// LOG_PREFIX STRING LOG_TCP_SEQ LOG_TCP_OPT LOG_IP_OPT ULOG_PREFIX LOG_LEVEL
// SET_MARK SET_TOS HEX_CONST SAVE_MARK RESTORE_MARK CONTINUE ROUTE_IIF
// ROUTE_OIF ROUTE_GW ROUTE_TEE TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP
// OPT_FRAGM "state" "mark" MATCH_MARK "limit" MATCH_LIMIT MATCH_LIMIT_BURST
// CLAMP_MSS OPT_FRAGM "state" "mark" MATCH_MARK "limit" MATCH_LIMIT MATCH_LIMIT_BURST
// "multiport" MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT
// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT
// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN "SYN" "ACK" "FIN" "RST"
// "URG" "PSH" "ALL" "NONE" MATCH_TCP_FLAGS
// "URG" "PSH" "ALL" "NONE" MATCH_TCP_FLAGS MATCH_TCP_OPTION NUMBER
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_8(_tokenSet_8_data_,8);
const unsigned long IPTCfgParser::_tokenSet_9_data_[] = { 999325712UL, 33554438UL, 33685429UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_9_data_[] = { 999325712UL, 67108870UL, 201588586UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST
// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM COMMA MATCH_MARK
// MATCH_LIMIT MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT
// MATCH_DST_MULTIPORT MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT
// MATCH_SRC_PORT_SHORT MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS
// MATCH_TCP_OPTION
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_9(_tokenSet_9_data_,8);
const unsigned long IPTCfgParser::_tokenSet_10_data_[] = { 999325712UL, 33554438UL, 67108789UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_10_data_[] = { 999325712UL, 67108870UL, 268435306UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST
// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM COMMA MATCH_MARK
// MATCH_LIMIT MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT
// MATCH_DST_MULTIPORT MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT
// MATCH_SRC_PORT_SHORT MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN "SYN"
// "ACK" "FIN" "RST" "URG" "PSH" "ALL" "NONE" MATCH_TCP_FLAGS
// "ACK" "FIN" "RST" "URG" "PSH" "ALL" "NONE" MATCH_TCP_FLAGS MATCH_TCP_OPTION
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_10(_tokenSet_10_data_,8);
const unsigned long IPTCfgParser::_tokenSet_11_data_[] = { 999325712UL, 33554438UL, 67108788UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgParser::_tokenSet_11_data_[] = { 999325712UL, 67108870UL, 268435304UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST
// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM MATCH_MARK MATCH_LIMIT
// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT
// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT
// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN "SYN" "ACK" "FIN" "RST"
// "URG" "PSH" "ALL" "NONE" MATCH_TCP_FLAGS
// "URG" "PSH" "ALL" "NONE" MATCH_TCP_FLAGS MATCH_TCP_OPTION
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_11(_tokenSet_11_data_,8);

5
src/parsers/IPTCfgParser.hpp
View File

@ -110,6 +110,7 @@ public:
public: void port_def_with_range();
public: void syn();
public: void tcp_flags();
public: void tcp_option();
public: void tcp_flag_word();
public: void tcp_flags_list();
public:
@ -123,10 +124,10 @@ protected:
private:
static const char* tokenNames[];
#ifndef NO_STATIC_CONSTS
static const int NUM_TOKENS = 119;
static const int NUM_TOKENS = 121;
#else
enum {
NUM_TOKENS = 119
NUM_TOKENS = 121
};
#endif

126
src/parsers/IPTCfgParserTokenTypes.hpp
View File

@ -65,68 +65,70 @@ struct CUSTOM_API IPTCfgParserTokenTypes {
TO_DESTINATION = 54,
TO_PORTS = 55,
TO_NETMAP = 56,
OPT_FRAGM = 57,
INVALID = 58,
NEW = 59,
ESTABLISHED = 60,
RELATED = 61,
M_STATE = 62,
MATCH_STATE = 63,
COMMA = 64,
M_MARK = 65,
MATCH_MARK = 66,
M_LIMIT = 67,
MATCH_LIMIT = 68,
MATCH_LIMIT_BURST = 69,
M_MPORT = 70,
MATCH_SRC_MULTIPORT = 71,
MATCH_SRC_MULTIPORT_SHORT = 72,
MATCH_DST_MULTIPORT = 73,
MATCH_DST_MULTIPORT_SHORT = 74,
MATCH_ICMP_TYPE = 75,
MATCH_SRC_PORT = 76,
MATCH_SRC_PORT_SHORT = 77,
MATCH_DST_PORT = 78,
MATCH_DST_PORT_SHORT = 79,
MATCH_SYN = 80,
SYN = 81,
ACK = 82,
FIN = 83,
RST = 84,
URG = 85,
PSH = 86,
ALL = 87,
NONE = 88,
MATCH_TCP_FLAGS = 89,
Whitespace = 90,
NEG_INT_CONST = 91,
HEXDIGIT = 92,
NUMBER = 93,
SECONDS = 94,
SET = 95,
RSOURCE = 96,
ULOG_QTHR = 97,
ULOG_NLG = 98,
ULOG_CPR = 99,
NUMBER_SIGN = 100,
PERCENT = 101,
AMPERSAND = 102,
APOSTROPHE = 103,
OPENING_PAREN = 104,
CLOSING_PAREN = 105,
PLUS = 106,
DOT = 107,
SEMICOLON = 108,
LESS_THAN = 109,
EQUALS = 110,
GREATER_THAN = 111,
QUESTION = 112,
COMMERCIAL_AT = 113,
CARET = 114,
UNDERLINE = 115,
OPENING_BRACE = 116,
CLOSING_BRACE = 117,
TILDE = 118,
CLAMP_MSS = 57,
OPT_FRAGM = 58,
INVALID = 59,
NEW = 60,
ESTABLISHED = 61,
RELATED = 62,
M_STATE = 63,
MATCH_STATE = 64,
COMMA = 65,
M_MARK = 66,
MATCH_MARK = 67,
M_LIMIT = 68,
MATCH_LIMIT = 69,
MATCH_LIMIT_BURST = 70,
M_MPORT = 71,
MATCH_SRC_MULTIPORT = 72,
MATCH_SRC_MULTIPORT_SHORT = 73,
MATCH_DST_MULTIPORT = 74,
MATCH_DST_MULTIPORT_SHORT = 75,
MATCH_ICMP_TYPE = 76,
MATCH_SRC_PORT = 77,
MATCH_SRC_PORT_SHORT = 78,
MATCH_DST_PORT = 79,
MATCH_DST_PORT_SHORT = 80,
MATCH_SYN = 81,
SYN = 82,
ACK = 83,
FIN = 84,
RST = 85,
URG = 86,
PSH = 87,
ALL = 88,
NONE = 89,
MATCH_TCP_FLAGS = 90,
MATCH_TCP_OPTION = 91,
NUMBER = 92,
Whitespace = 93,
NEG_INT_CONST = 94,
HEXDIGIT = 95,
SECONDS = 96,
SET = 97,
RSOURCE = 98,
ULOG_QTHR = 99,
ULOG_NLG = 100,
ULOG_CPR = 101,
NUMBER_SIGN = 102,
PERCENT = 103,
AMPERSAND = 104,
APOSTROPHE = 105,
OPENING_PAREN = 106,
CLOSING_PAREN = 107,
PLUS = 108,
DOT = 109,
SEMICOLON = 110,
LESS_THAN = 111,
EQUALS = 112,
GREATER_THAN = 113,
QUESTION = 114,
COMMERCIAL_AT = 115,
CARET = 116,
UNDERLINE = 117,
OPENING_BRACE = 118,
CLOSING_BRACE = 119,
TILDE = 120,
NULL_TREE_LOOKAHEAD = 3
};
#ifdef __cplusplus

14
src/parsers/iptables.g
View File

@ -514,6 +514,12 @@ target_options :
*dbg << "/" << LT(0)->getText();
}
)
|
CLAMP_MSS
{
importer->action_params["clamp-mss-to-pmtu"] = "--clamp-mss-to-pmtu";
*dbg << " TO-NETMAP";
}
)
;
@ -828,7 +834,7 @@ m_tcp : TCP
// tcp options can follow "-p tcp", the "-m tcp" seems to be optional,
// at least in the older versions of iptables
tcp_options : ( syn | tcp_flags)
tcp_options : ( syn | tcp_flags | tcp_option)
;
syn : (
@ -909,6 +915,9 @@ tcp_flags : MATCH_TCP_FLAGS
}
;
// --tcp-option is not supported in fwbuilder at this time
tcp_option : MATCH_TCP_OPTION (NUMBER | EXCLAMATION NUMBER)
;
//****************************************************************
@ -1026,6 +1035,7 @@ MATCH_DST_PORT : "--destination-port" ;
MATCH_SYN : "--syn" ;
MATCH_TCP_FLAGS : "--tcp-flags" ;
MATCH_TCP_OPTION : "--tcp-option" ;
MATCH_SRC_PORT_SHORT : "--sport" ;
MATCH_DST_PORT_SHORT : "--dport" ;
@ -1065,6 +1075,8 @@ TO_DESTINATION : "--to-destination" ;
TO_PORTS : "--to-ports" ;
TO_NETMAP : "--to" ;
CLAMP_MSS : "--clamp-mss-to-pmtu" ;
// ----------------------------------------------------------------
// these are the basic iptables options, not too many really
OPT_MODULE : "-m" ;

1
src/res/os/pix_os.xml
View File

@ -41,7 +41,6 @@
<test>
<pre_config_commands>
terminal pager lines 0
</pre_config_commands>
<post_config_commands>

374
test/pf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="2.1.16" lastModified="1200415283" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="2.1.17" lastModified="1202686020" id="root">
<Library color="#d2ffd0" comment="User defined objects" id="syslib001" name="User" ro="False">
<ObjectGroup id="stdid01_1" name="Objects">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables">
@ -498,7 +498,7 @@
</ServiceGroup>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls">
<Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" host_OS="openbsd" id="fw-firewall2" inactive="False" lastCompiled="1157930800" lastInstalled="0" lastModified="1200415143" name="firewall" platform="pf" ro="False" version="">
<Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" host_OS="openbsd" id="fw-firewall2" inactive="False" lastCompiled="1157930800" lastInstalled="0" lastModified="1202682308" name="firewall" platform="pf" ro="False" version="">
<NAT id="nat-firewall2">
<NATRule comment="" disabled="False" id="nat-firewall2-0" position="0">
<OSrc neg="False">
@ -7368,7 +7368,7 @@
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="PF 3.x, testing &#10;&quot;flags S/SA keep state&quot;" host_OS="openbsd" id="id4699449021967" inactive="False" lastCompiled="1190517987" lastInstalled="0" lastModified="1200415220" name="firewall10-1" platform="pf" ro="False" version="3.x">
<Firewall comment="PF 3.x, testing &#10;&quot;flags S/SA keep state&quot;" host_OS="openbsd" id="id4699449021967" inactive="False" lastCompiled="1202682006" lastInstalled="0" lastModified="1202681966" name="firewall10-1" platform="pf" ro="False" version="3.x">
<NAT id="id469944D321967">
<NATRule disabled="True" id="id469944D421967" position="0">
<OSrc neg="False">
@ -7581,8 +7581,8 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="mgmt_addr">192.168.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
@ -7660,7 +7660,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="PF 4.x, testing &#10;&quot;flags S/SA keep state&quot;" host_OS="openbsd" id="id4699570022254" inactive="False" lastCompiled="1190517989" lastInstalled="0" lastModified="1193632589" name="firewall10-2" platform="pf" ro="False" version="4.x">
<Firewall comment="PF 4.x, testing &#10;&quot;flags S/SA keep state&quot;" host_OS="openbsd" id="id4699570022254" inactive="False" lastCompiled="1202682007" lastInstalled="0" lastModified="1202682031" name="firewall10-2" platform="pf" ro="False" version="4.x">
<NAT id="id4699573822254">
<NATRule disabled="True" id="id4699573922254" position="0">
<OSrc neg="False">
@ -7873,8 +7873,8 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="mgmt_addr">192.168.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
@ -7952,7 +7952,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="PF 3.x, testing &#10;&quot;flags S/SA keep state&quot;&#10;&quot;Accept tcp sessions opened&#10;prior to restart&quot; ON&#10;" host_OS="openbsd" id="id469948EA22616" inactive="False" lastCompiled="1190517992" lastInstalled="0" lastModified="1193632596" name="firewall10-3" platform="pf" ro="False" version="3.x">
<Firewall comment="PF 3.x, testing &#10;&quot;flags S/SA keep state&quot;&#10;&quot;Accept tcp sessions opened&#10;prior to restart&quot; ON&#10;" host_OS="openbsd" id="id469948EA22616" inactive="False" lastCompiled="1202682008" lastInstalled="0" lastModified="1202681977" name="firewall10-3" platform="pf" ro="False" version="3.x">
<NAT id="id4699492222616">
<NATRule disabled="True" id="id4699492322616" position="0">
<OSrc neg="False">
@ -8165,8 +8165,8 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="mgmt_addr">192.168.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
@ -8244,7 +8244,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="PF 4.x, testing &#10;&quot;flags S/SA keep state&quot;&#10;&quot;Accept tcp sessions opened&#10;prior to restart&quot; is ON&#10;" host_OS="openbsd" id="id4699494C22616" inactive="False" lastCompiled="1190517994" lastInstalled="0" lastModified="1193632600" name="firewall10-4" platform="pf" ro="False" version="4.x">
<Firewall comment="PF 4.x, testing &#10;&quot;flags S/SA keep state&quot;&#10;&quot;Accept tcp sessions opened&#10;prior to restart&quot; is ON&#10;" host_OS="openbsd" id="id4699494C22616" inactive="False" lastCompiled="1202682010" lastInstalled="0" lastModified="1202681983" name="firewall10-4" platform="pf" ro="False" version="4.x">
<NAT id="id4699498422616">
<NATRule disabled="True" id="id4699498522616" position="0">
<OSrc neg="False">
@ -8457,8 +8457,8 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="mgmt_addr">192.168.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
@ -8536,7 +8536,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="PF 3.x, testing &#10;&quot;flags S/SA keep state&quot;&#10;&quot;Accept tcp sessions opened&#10;prior to restart&quot; ON&#10;Using &quot;pass all outgoing&quot;&#10;" host_OS="openbsd" id="id46F605DE10002" inactive="False" lastCompiled="1190518248" lastInstalled="0" lastModified="1193632637" name="firewall10-5" platform="pf" ro="False" version="3.x">
<Firewall comment="PF 3.x, testing &#10;&quot;flags S/SA keep state&quot;&#10;&quot;Accept tcp sessions opened&#10;prior to restart&quot; ON&#10;Using &quot;pass all outgoing&quot;&#10;" host_OS="openbsd" id="id46F605DE10002" inactive="False" lastCompiled="1202682011" lastInstalled="0" lastModified="1202681989" name="firewall10-5" platform="pf" ro="False" version="3.x">
<NAT id="id46F6061610002">
<NATRule disabled="True" id="id46F6061710002" position="0">
<OSrc neg="False">
@ -8784,8 +8784,8 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="mgmt_addr">192.168.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
@ -8863,7 +8863,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="PF 4.x, testing &#10;&quot;flags S/SA keep state&quot;&#10;&quot;Accept tcp sessions opened&#10;prior to restart&quot; is ON&#10;Using &quot;pass all outgoing&quot;&#10;" host_OS="openbsd" id="id46F6064010002" inactive="False" lastCompiled="1190517998" lastInstalled="0" lastModified="1190517917" name="firewall10-6" platform="pf" ro="False" version="4.x">
<Firewall comment="PF 4.x, testing &#10;&quot;flags S/SA keep state&quot;&#10;&quot;Accept tcp sessions opened&#10;prior to restart&quot; is ON&#10;Using &quot;pass all outgoing&quot;&#10;" host_OS="openbsd" id="id46F6064010002" inactive="False" lastCompiled="1202682012" lastInstalled="0" lastModified="1202681995" name="firewall10-6" platform="pf" ro="False" version="4.x">
<NAT id="id46F6067810002">
<NATRule disabled="True" id="id46F6067910002" position="0">
<OSrc neg="False">
@ -9076,8 +9076,8 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="mgmt_addr">192.168.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
@ -10818,10 +10818,30 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="firewall protects host it is running on&#10;&#10;Note that we set output file name to /tmp/labfw.fw to test what compiler is going to do (since it generates three files rather than one), as well as to test installer in this case&#10;" host_OS="openbsd" id="id45DE9C5B2560" inactive="False" lastCompiled="1172207768" lastInstalled="1172207785" lastModified="1172207759" name="openbsd-4.0" platform="pf" ro="False" version="">
<Firewall comment="firewall protects host it is running on&#10;&#10;Note that we set output file name to /tmp/labfw.fw to test what compiler is going to do (since it generates three files rather than one), as well as to test installer in this case&#10;" host_OS="openbsd" id="id45DE9C5B2560" inactive="False" lastCompiled="1202683169" lastInstalled="1202683190" lastModified="1202683163" name="openbsd-4.0" platform="pf" ro="False" version="ge_3.7">
<NAT id="id45DE9CDB2560"/>
<Policy id="id45DE9C612560">
<PolicyRule action="Deny" direction="Outbound" disabled="False" id="id45DE9C6F2560" log="True" position="0">
<PolicyRule action="Accept" direction="Both" disabled="True" id="id47B0069F19082" log="False" position="0">
<Src neg="False">
<ObjectRef ref="id4144D5A0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id45DE9C5B2560"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Outbound" disabled="False" id="id45DE9C6F2560" log="True" position="1">
<Src neg="True">
<ObjectRef ref="id45DE9C5B2560"/>
</Src>
@ -10841,7 +10861,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id45DE9C7C2560" log="False" position="1">
<PolicyRule action="Accept" direction="Both" disabled="False" id="id45DE9C7C2560" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -10859,7 +10879,7 @@
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Branch" direction="Inbound" disabled="False" id="id45DE9C882560" log="False" position="2">
<PolicyRule action="Branch" direction="Inbound" disabled="False" id="id45DE9C882560" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -10928,7 +10948,7 @@
</PolicyRule>
</Policy>
</PolicyRule>
<PolicyRule action="Accept" comment="allow all outgoing connections" direction="Both" disabled="False" id="id45DE9CC22560" log="False" position="3">
<PolicyRule action="Accept" comment="allow all outgoing connections" direction="Both" disabled="False" id="id45DE9CC22560" log="False" position="4">
<Src neg="False">
<ObjectRef ref="id45DE9C5B2560"/>
</Src>
@ -10946,7 +10966,7 @@
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="'catch all' rule" direction="Both" disabled="False" id="id45DE9CCF2560" log="True" position="4">
<PolicyRule action="Deny" comment="'catch all' rule" direction="Both" disabled="False" id="id45DE9CCF2560" log="True" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -11094,6 +11114,308 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="firewall protects host it is running on&#10;&#10;Note that we set output file name to /tmp/labfw.fw to test what compiler is going to do (since it generates three files rather than one), as well as to test installer in this case&#10;" host_OS="openbsd" id="id47B07CD419082" inactive="False" lastCompiled="1202686003" lastInstalled="1202686020" lastModified="1202685992" name="openbsd-4.2" platform="pf" ro="False" version="4.x">
<NAT id="id47B07D4319082"/>
<Policy id="id47B07CDA19082">
<PolicyRule action="Accept" direction="Both" disabled="True" id="id47B07CDB19082" log="False" position="0">
<Src neg="False">
<ObjectRef ref="id4144D5A0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47B07CD419082"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Outbound" disabled="False" id="id47B07CE719082" log="True" position="1">
<Src neg="True">
<ObjectRef ref="id47B07CD419082"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id47B07D4519082"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id47B07CF319082" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id47B07D4819082"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Branch" direction="Inbound" disabled="False" id="id47B07CFF19082" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47B07CD419082"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id47B07D4519082"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_name">rule3_branch</Option>
<Option name="color">#C0BA44</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
<Policy id="id47B07D0B19082">
<PolicyRule action="Deny" comment="block fragments" direction="Both" disabled="False" id="id47B07D0C19082" log="True" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47B07CD419082"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id47B07D1819082" log="False" position="1">
<Src neg="True">
<ObjectRef ref="id4144D59F"/>
<ObjectRef ref="id4144D5A0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47B07CD419082"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-Telnet"/>
<ServiceRef ref="icmp-Unreachables"/>
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
</Policy>
</PolicyRule>
<PolicyRule action="Accept" comment="allow all outgoing connections" direction="Both" disabled="False" id="id47B07D2B19082" log="False" position="4">
<Src neg="False">
<ObjectRef ref="id47B07CD419082"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="'catch all' rule" direction="Both" disabled="False" id="id47B07D3719082" log="True" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id47B07D4419082"/>
<Interface bridgeport="False" comment="" dyn="False" id="id47B07D4519082" label="" mgmt="True" name="pcn0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="10.3.14.50" comment="" id="id47B07D4719082" name="openbsd-4.2:pcn0:ip" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id47B07D4819082" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id47B07D4A19082" name="openbsd-4.2:lo:ip" netmask="255.0.0.0"/>
</Interface>
<Management address="10.3.14.50">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="activationCmd"></Option>
<Option name="admUser">root</Option>
<Option name="altAddress"></Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="configure_interfaces">False</Option>
<Option name="debug">True</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc/fw</Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="mgmt_addr">10.3.14.42</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_ip_directed_broadcast"></Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect"></Option>
<Option name="openbsd_ip_sourceroute"></Option>
<Option name="openbsd_path_pfctl"></Option>
<Option name="openbsd_path_sysctl"></Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">False</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
<Option name="pf_do_limit_frags">False</Option>
<Option name="pf_do_limit_src_nodes">False</Option>
<Option name="pf_do_limit_states">False</Option>
<Option name="pf_do_limit_table_entries">False</Option>
<Option name="pf_do_limit_tables">False</Option>
<Option name="pf_do_scrub">True</Option>
<Option name="pf_do_timeout_frag">False</Option>
<Option name="pf_do_timeout_interval">False</Option>
<Option name="pf_icmp_error">0</Option>
<Option name="pf_icmp_first">0</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_src_nodes">0</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
<Option name="pf_scrub_fragm_crop">False</Option>
<Option name="pf_scrub_fragm_drop_ovl">False</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_scrub_minttl">1</Option>
<Option name="pf_scrub_no_df">False</Option>
<Option name="pf_scrub_random_id">False</Option>
<Option name="pf_scrub_reassemble">True</Option>
<Option name="pf_scrub_use_maxmss">False</Option>
<Option name="pf_scrub_use_minttl">False</Option>
<Option name="pf_set_adaptive">False</Option>
<Option name="pf_set_icmp_error">False</Option>
<Option name="pf_set_icmp_first">False</Option>
<Option name="pf_set_other_first">False</Option>
<Option name="pf_set_other_multiple">False</Option>
<Option name="pf_set_other_single">False</Option>
<Option name="pf_set_tcp_closed">False</Option>
<Option name="pf_set_tcp_closing">False</Option>
<Option name="pf_set_tcp_established">False</Option>
<Option name="pf_set_tcp_finwait">False</Option>
<Option name="pf_set_tcp_first">False</Option>
<Option name="pf_set_tcp_opening">False</Option>
<Option name="pf_set_udp_first">False</Option>
<Option name="pf_set_udp_multiple">False</Option>
<Option name="pf_set_udp_single">False</Option>
<Option name="pf_tcp_closed">0</Option>
<Option name="pf_tcp_closing">0</Option>
<Option name="pf_tcp_established">0</Option>
<Option name="pf_tcp_finwait">0</Option>
<Option name="pf_tcp_first">0</Option>
<Option name="pf_tcp_opening">0</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pf_udp_first">0</Option>
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="id415276D7" name="Time"/>
</Library>