onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 17:57:22 +01:00
Code Issues Releases Wiki Activity

see #2367 merge from development

Browse Source
This commit is contained in:
Vadim Kurland 2011-05-05 19:16:47 -07:00
commit 8773642198
18 changed files with 16949 additions and 8458 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
doc/ChangeLog
View File

@ -1,3 +1,24 @@
2011-05-05 Vadim Kurland <vadim@netcitadel.com>
* FWObjectDatabase_19.xslt: see #2385 "PF action Classify uses
wrong parameter". This change fixes a bug introduced in 4.2.0
that affects rules with action Classify in PF firewalls.
The bug causes the following problems:
For users who built their rules before v4.2.0:
- rules compile normally, both in the single rule compile and
when the whole firewall is compiled
- if they opened the action of one of such rules in the action
editor, the classification string would look empty
- if they entered new classification string in the editor,
compiler kept using the old one (which they can not see or
change in the editor)
For users who tried to build rules with action Classify with v4.2.0:
- no matter what classification string they enter in the action
dialog, generated code does not use it
2011-05-04 Vadim Kurland <vadim@netcitadel.com>
* FWObjectDatabase_18.xslt: XSLT transformation to upgrade data

73
src/libfwbuilder/migration/FWObjectDatabase_19.xslt Normal file
View File

@ -0,0 +1,73 @@
<!--
FWObjectDatabase_19.xslt 2011-05-05
Author: Vadim Kurland
Description: translates fwbuilder object database from v19 to 20
#2385 copy value of the option "classify_str" to
the option "pf_classify_str" for PF policy rules
with action Classify
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fwb="http://www.fwbuilder.org/1.0/"
exclude-result-prefixes="fwb">
<xsl:output method="xml" version="1.0"
doctype-system="fwbuilder.dtd" indent="yes" encoding="utf-8"/>
<xsl:template match="*" mode="copy">
<xsl:copy>
<xsl:copy-of select="@*"/>
<xsl:apply-templates mode="copy"/>
</xsl:copy>
</xsl:template>
<xsl:template match="//fwb:PolicyRuleOptions" mode="copy">
<xsl:variable name="classify_str">
<xsl:value-of select="fwb:Option[@name='classify_str']"/>
</xsl:variable>
<xsl:copy-of select="@*"/>
<xsl:choose>
<xsl:when test="fwb:PolicyRuleOptions/fwb:Option[@name='pf_classify_str']">
<xsl:apply-templates mode="copy"/>
</xsl:when>
<xsl:otherwise>
<xsl:element name="PolicyRuleOptions"
namespace="http://www.fwbuilder.org/1.0/">
<xsl:apply-templates mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">pf_classify_str</xsl:attribute><xsl:value-of select="$classify_str"/></xsl:element>
<xsl:text>
</xsl:text>
</xsl:element>
</xsl:otherwise>
</xsl:choose>
<xsl:text>
</xsl:text>
</xsl:template>
<xsl:template match="*[attribute::id='root']">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="version">20</xsl:attribute>
<xsl:attribute name="lastModified"><xsl:value-of select="@lastModified"/></xsl:attribute>
<xsl:attribute name="id">root</xsl:attribute>
<xsl:apply-templates select="*" mode="copy"/>
</FWObjectDatabase>
</xsl:template>
</xsl:stylesheet>

3
src/libgui/ProjectPanel_file_ops.cpp
View File

@ -211,7 +211,8 @@ bool ProjectPanel::fileNew()
if (fwbdebug)
qDebug("ProjectPanel::fileNew() rcs=%p rcs->getFileName()='%s'",
rcs, rcs->getFileName().toAscii().constData());
rcs, rcs == 0 ? "<null>" :
rcs->getFileName().toAscii().constData());
return (rcs!=NULL);
}

35
src/res/help/en_US/release_notes_4.2.1.html
View File

@ -50,6 +50,41 @@
</p>
</li>
<li>
<p>
fixes #2385 "PF action Classify uses wrong parameter". This
change fixes a bug introduced in 4.2.0 that affects rules with
action Classify in PF firewalls. The bug causes the following
problems:
</p>
<p>
For users who built their rules before v4.2.0:
</p>
<p>
<ul>
<li>rules compile normally, both in the single rule compile and
when the whole firewall is compiled</li>
<li>if they opened the action of one of such rules in the action
editor, the classification string would look empty</li>
<li>if they entered new classification string in the editor,
compiler kept using the old one (which they can not see or
change in the editor)</li>
</ul>
</p>
<p>
For users who tried to build rules with action Classify with v4.2.0:
</p>
<p>
<ul>
<li>no matter what classification string they enter in the action
dialog, generated code does not use it</li>
</ul>
</p>
</li>
</ul>

243
test/iosacl/cluster-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1253911075" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1253911075" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -669,7 +669,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7136X39764" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -689,7 +692,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7162X39764" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -709,7 +715,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7149X39764" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -729,7 +738,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5942X26920" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -749,7 +761,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1365,7 +1380,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1609,7 +1627,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3478X13311" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -1628,7 +1649,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3491X13311" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1646,7 +1670,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3503X13311" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -1664,7 +1691,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3515X13311" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -1682,7 +1712,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3527X13311" disabled="False" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -1700,7 +1733,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4369X67939" disabled="False" group="" log="False" position="6" action="Branch" direction="Both" comment="branch rule set is different in members linux-1 and linux-2">
<Src neg="False">
@ -1765,7 +1801,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3539X13311" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1807,7 +1846,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3551X13311" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1825,7 +1867,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3563X13311" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1843,7 +1888,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3575X13311" disabled="False" group="" log="True" position="10" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1863,7 +1911,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1976,7 +2027,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4447X28690" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -1995,7 +2049,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4460X28690" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2013,7 +2070,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4472X28690" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -2031,7 +2091,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4484X28690" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -2049,7 +2112,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4496X28690" disabled="False" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -2067,7 +2133,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4508X28690" disabled="False" group="" log="False" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2109,7 +2178,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4520X28690" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2151,7 +2223,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4532X28690" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2169,7 +2244,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4544X28690" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2187,7 +2265,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4556X28690" disabled="False" group="" log="True" position="10" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2207,7 +2288,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2329,7 +2413,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2781X94039" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -2348,7 +2435,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2794X94039" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2366,7 +2456,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2806X94039" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -2384,7 +2477,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3725X2234" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -2402,7 +2498,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2818X94039" disabled="False" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -2420,7 +2519,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2830X94039" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -2462,7 +2564,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2842X94039" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2480,7 +2585,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2854X94039" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2498,7 +2606,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3087X2234" disabled="False" group="" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2518,7 +2629,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2629,7 +2743,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5239X25627" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -2648,7 +2765,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5222X25627" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2666,7 +2786,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5205X25627" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -2684,7 +2807,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5188X25627" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -2702,7 +2828,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5171X25627" disabled="False" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -2720,7 +2849,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5154X25627" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -2762,7 +2894,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5137X25627" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2780,7 +2915,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5120X25627" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2798,7 +2936,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5103X25627" disabled="False" group="" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2818,7 +2959,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3062,7 +3206,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2896X78273" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3080,7 +3227,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2879X78273" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -3098,7 +3248,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2862X78273" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -3116,7 +3269,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2845X78273" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -3134,7 +3290,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2828X78273" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3152,7 +3311,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2811X78273" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3170,7 +3332,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3292,7 +3457,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3478,7 +3646,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>

1271
test/iosacl/objects-for-regression-tests.fwb
View File

File diff suppressed because it is too large Load Diff

33
test/ipf/large_policy_test.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1_clusters" name="Clusters" comment="" ro="False"/>
@ -56,7 +56,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F9AF2C0" disabled="False" log="True" position="1" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -78,7 +81,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F9A1BF6" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -96,7 +102,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F9A1BEC" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -114,7 +123,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F9A1C2E" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -132,7 +144,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F9A1C96" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -150,7 +165,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F9A1C3A" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -170,7 +188,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>

511
test/ipf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1257363322" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1257363322" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -1266,9 +1266,13 @@
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-0" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="Automatically generated rule blocking short fragments">
<Src neg="False">
@ -1288,7 +1292,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-1" disabled="False" log="True" position="2" action="Deny" direction="Inbound" comment="Automatically generated anti-spoofing rule">
<Src neg="False">
@ -1309,7 +1316,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3EDC2CC7" disabled="False" log="False" position="3" action="Accept" direction="Inbound" comment="комментарий по-русски">
<Src neg="False">
@ -1327,7 +1337,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B92DFC5" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1342,7 +1355,11 @@
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C4E4C38" disabled="False" log="True" position="5" action="Deny" direction="Inbound" comment="">
<Src neg="False">
@ -1357,9 +1374,13 @@
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B58E39D" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1385,7 +1406,10 @@
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B6659FC" disabled="False" log="True" position="7" action="Reject" direction="Both" comment="">
<Src neg="False">
@ -1411,7 +1435,10 @@
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CE74D81" disabled="False" log="False" position="8" action="Reject" direction="Both" comment="">
<Src neg="False">
@ -1431,7 +1458,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3BF1B45E" disabled="True" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1454,7 +1484,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3BF1B44E" disabled="True" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1477,7 +1510,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-3" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1503,7 +1539,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-2" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1526,7 +1565,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-4" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1550,7 +1592,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD8770E" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1574,7 +1619,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D98E652" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1598,7 +1646,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD87B1E" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1622,7 +1673,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B58E180" disabled="False" log="True" position="17" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1640,7 +1694,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3EE262C2" disabled="True" log="False" position="18" action="Accept" direction="Both" comment="illegal rule - firewall8 has dynamic interface">
<Src neg="False">
@ -1660,7 +1717,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3EE261FB" disabled="False" log="False" position="19" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1682,7 +1742,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-5" disabled="False" log="False" position="20" action="Accept" direction="Both" comment="Automatically generated 'masquerading' rule">
<Src neg="False">
@ -1706,7 +1769,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-7" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="Automatically generated 'catch all' rule">
<Src neg="False">
@ -1735,7 +1801,10 @@
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2174,9 +2243,13 @@
<Itf neg="False">
<ObjectRef ref="id3AF5AA96"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD34BEF" disabled="False" log="False" position="1" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2196,7 +2269,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAB4" disabled="False" log="True" position="2" action="Deny" direction="Inbound" comment="Anti-spoofing rule">
<Src neg="False">
@ -2212,9 +2288,13 @@
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAAB" disabled="False" log="True" position="3" action="Deny" direction="Outbound" comment="Anti-spoofing rule">
<Src neg="True">
@ -2229,9 +2309,13 @@
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CDDF2FA" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2249,7 +2333,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CCA26E4" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2269,7 +2356,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B9AB902" disabled="True" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2289,7 +2379,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFC0F90" disabled="False" log="True" position="7" action="Accept" direction="Both" comment="hostF has the same IP address as firewal.">
<Src neg="False">
@ -2307,7 +2400,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B021E10" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="testing negation in the policy rule">
<Src neg="True">
@ -2332,7 +2428,10 @@
<Option name="limit_value">10</Option>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0B4A13" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="True">
@ -2353,7 +2452,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B5535B7" disabled="False" log="True" position="10" action="Deny" direction="Both" comment="">
<Src neg="True">
@ -2374,7 +2476,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B11F63D" disabled="False" log="True" position="11" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2396,7 +2501,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CDDF0AA" disabled="False" log="False" position="12" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2416,7 +2524,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B021E6F" disabled="True" log="True" position="13" action="Deny" direction="Both" comment="testing negation in service field">
<Src neg="False">
@ -2438,7 +2549,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CCA2CF4" disabled="True" log="True" position="14" action="Accept" direction="Both" comment="testing negation in service field">
<Src neg="False">
@ -2458,7 +2572,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B45739A" disabled="False" log="True" position="15" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2478,7 +2595,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAC8" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="'masquerading' rule">
<Src neg="False">
@ -2496,7 +2616,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAE3" disabled="False" log="True" position="17" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
@ -2516,7 +2639,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3238,13 +3364,17 @@
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB6710" disabled="False" log="True" position="1" action="Deny" direction="Outbound" comment="Anti-spoofing rule">
<Src neg="True">
@ -3260,13 +3390,17 @@
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB66E5" disabled="False" log="True" position="2" action="Deny" direction="Both" comment="block fragments">
<Src neg="False">
@ -3287,7 +3421,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C6FD2" disabled="False" log="True" position="3" action="Reject" direction="Both" comment="sends TCP RST and makes custom record in the log">
<Src neg="False">
@ -3313,7 +3450,10 @@
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D333A66" disabled="False" log="True" position="4" action="Reject" direction="Both" comment="sends TCP RST and makes custom record in the log">
<Src neg="False">
@ -3339,7 +3479,10 @@
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D8FF63F" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3358,7 +3501,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D8FF660" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3377,7 +3523,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB66EF" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="'masquerading' rule">
<Src neg="False">
@ -3397,7 +3546,10 @@
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C447B8D" disabled="False" log="True" position="8" action="Accept" direction="Both" comment="host-fw2 has the same address as &#10; one of the firewall's interfaces">
<Src neg="False">
@ -3415,7 +3567,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C447BCB" disabled="False" log="True" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3433,7 +3588,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB66F9" disabled="False" log="True" position="10" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
@ -3454,7 +3612,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3875,9 +4036,13 @@
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63EB" disabled="False" log="True" position="1" action="Deny" direction="Outbound" comment="Anti-spoofing rule">
<Src neg="True">
@ -3893,9 +4058,13 @@
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B54C977" disabled="False" log="True" position="2" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3910,9 +4079,13 @@
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B54F071" disabled="False" log="True" position="3" action="Deny" direction="Both" comment="">
<Src neg="True">
@ -3927,9 +4100,13 @@
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C639F" disabled="False" log="True" position="4" action="Accept" direction="Both" comment="hostF has the same IP address as firewal.">
<Src neg="False">
@ -3949,7 +4126,10 @@
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63A9" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="testing negation in the policy rule">
<Src neg="True">
@ -3971,7 +4151,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63B4" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="True">
@ -3993,7 +4176,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63BF" disabled="True" log="True" position="7" action="Deny" direction="Both" comment="testing negation in service field">
<Src neg="False">
@ -4016,7 +4202,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63CB" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="'masquerading' rule">
<Src neg="False">
@ -4036,7 +4225,10 @@
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D85069A" disabled="True" log="True" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4055,7 +4247,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63D5" disabled="False" log="True" position="10" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
@ -4076,7 +4271,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -4206,7 +4404,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CF5B373" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="">
<Src neg="False">
@ -4226,7 +4427,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C69BF13" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4244,7 +4448,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -4352,7 +4559,11 @@
<Itf neg="False">
<ObjectRef ref="id3AF5A2CB"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB70C7" disabled="False" log="False" position="1" action="Accept" direction="Inbound" comment="allow everything on loopback">
<Src neg="False">
@ -4367,7 +4578,11 @@
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB70CF" disabled="False" log="False" position="2" action="Accept" direction="Outbound" comment="allow everything on loopback">
<Src neg="False">
@ -4382,7 +4597,11 @@
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3BD8ECC6" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4397,7 +4616,11 @@
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5A74B" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="block fragments">
<Src neg="False">
@ -4417,7 +4640,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5A73A" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4440,7 +4666,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5A757" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="allow all outgoing connections">
<Src neg="False">
@ -4458,7 +4687,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5A762" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
@ -4478,7 +4710,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -4791,7 +5026,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D5822B5" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4809,7 +5047,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D582294" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4827,7 +5068,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D58228A" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4845,7 +5089,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D5822A0" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -4865,7 +5112,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -5185,7 +5435,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3E09E" disabled="False" log="False" position="1" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -5204,7 +5457,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3D16E" disabled="False" log="False" position="2" action="Accept" direction="Inbound" comment="">
<Src neg="True">
@ -5223,7 +5479,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3E5F1BBD" disabled="False" log="False" position="3" action="Accounting" direction="Both" comment="">
<Src neg="False">
@ -5243,7 +5502,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3E5F1BB3" disabled="False" log="True" position="4" action="Accounting" direction="Both" comment="">
<Src neg="False">
@ -5263,7 +5525,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3D12E" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5281,7 +5546,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3D563" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5299,7 +5567,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3D156" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5319,7 +5590,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -5397,7 +5671,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FCA520D" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="True">
@ -5425,7 +5702,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FCC3AD6" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5444,7 +5724,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FCA5217" disabled="False" log="False" position="3" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5474,7 +5757,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FCC1E1A" disabled="False" log="False" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5500,7 +5786,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FCC1E4F" disabled="False" log="False" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5527,7 +5816,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FCC1EC3" disabled="False" log="False" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5554,7 +5846,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FCA5221" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5574,7 +5869,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -5681,7 +5979,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FF5DC56" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5699,7 +6000,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FF5DC61" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5717,7 +6021,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -6019,7 +6326,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id424A96DA" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6037,7 +6347,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id424A637E" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6055,7 +6368,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id424A6388" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6073,7 +6389,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id424A6392" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6091,7 +6410,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id424A639C" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6111,7 +6433,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -6301,7 +6626,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43869E9018346" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6319,7 +6647,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43869E9E18346" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6337,7 +6668,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43869EAA18346" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6355,7 +6689,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4386E38318346" disabled="False" log="False" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6375,7 +6712,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4386E37718346" disabled="False" log="False" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6395,7 +6735,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43867C3018346" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6413,7 +6756,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4386C10D18346" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6431,7 +6777,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id438728A918346" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6450,7 +6799,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id438728BA18346" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6469,7 +6821,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id438728CD18346" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6488,7 +6843,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43867C3C18346" disabled="False" log="True" position="11" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6508,7 +6866,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -6685,7 +7046,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4388CFEA674" disabled="True" log="True" position="1" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6705,7 +7069,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4390C25825682" disabled="True" log="True" position="2" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6725,7 +7092,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4389EDC118346" disabled="True" log="False" position="3" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6746,7 +7116,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4388CFF8674" disabled="True" log="True" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6766,7 +7139,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4388C36F674" disabled="True" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6787,7 +7163,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4388F5A9674" disabled="True" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="True">
@ -6806,7 +7185,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4389EEA118346" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6824,7 +7206,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4389EDCD18346" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6842,7 +7227,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4389EE3C18346" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6862,7 +7250,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -7241,7 +7632,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7D90631168" disabled="False" log="False" position="1" action="Custom" direction="Inbound" comment="">
<Src neg="True">
@ -7269,7 +7663,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7D91731168" disabled="False" log="False" position="2" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -7287,7 +7684,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7C98E31168" disabled="False" log="True" position="3" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -7307,7 +7707,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>

448
test/ipfw/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1257365069" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1257365069" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination" ro="False"/>
<Library id="id40E233F3" color="#FFFFFF" name="West Coast" comment="" ro="False">
@ -766,9 +766,13 @@
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-0" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="Automatically generated rule blocking short fragments">
<Src neg="False">
@ -788,7 +792,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-1" disabled="False" log="True" position="2" action="Deny" direction="Inbound" comment="Automatically generated anti-spoofing rule">
<Src neg="False">
@ -809,7 +816,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B92DFC5" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="комментарий по-русски">
<Src neg="False">
@ -824,7 +834,11 @@
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C4E4C38" disabled="False" log="True" position="4" action="Deny" direction="Inbound" comment="">
<Src neg="False">
@ -839,9 +853,13 @@
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B58E39D" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -866,7 +884,10 @@
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id8706X26107" disabled="False" group="" log="True" position="6" action="Reject" direction="Both" comment="">
<Src neg="False">
@ -889,7 +910,10 @@
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id8686X26107" disabled="False" group="" log="True" position="7" action="Reject" direction="Both" comment="">
<Src neg="False">
@ -912,7 +936,10 @@
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B6659FC" disabled="False" log="True" position="8" action="Reject" direction="Both" comment="">
<Src neg="False">
@ -938,7 +965,10 @@
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CE74D81" disabled="False" log="False" position="9" action="Reject" direction="Both" comment="">
<Src neg="False">
@ -958,7 +988,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3BF1B45E" disabled="True" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -981,7 +1014,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3BF1B44E" disabled="True" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1004,7 +1040,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-3" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1030,7 +1069,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-2" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1053,7 +1095,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D98E652" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1077,7 +1122,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD8770E" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1101,7 +1149,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD87B1E" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1125,7 +1176,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-4" disabled="False" log="False" position="17" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1149,7 +1203,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id41D514D2" disabled="False" log="False" position="18" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1176,7 +1233,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B58E180" disabled="False" log="True" position="19" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1194,7 +1254,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-5" disabled="False" log="False" position="20" action="Accept" direction="Both" comment="Automatically generated 'masquerading' rule">
<Src neg="False">
@ -1218,7 +1281,10 @@
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-7" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="Automatically generated 'catch all' rule">
<Src neg="False">
@ -1243,7 +1309,10 @@
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1650,9 +1719,13 @@
<Itf neg="False">
<ObjectRef ref="id3AF5AA96"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD34BEF" disabled="False" log="False" position="1" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1672,7 +1745,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAB4" disabled="False" log="True" position="2" action="Deny" direction="Inbound" comment="Anti-spoofing rule">
<Src neg="False">
@ -1688,9 +1764,13 @@
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAAB" disabled="False" log="True" position="3" action="Deny" direction="Outbound" comment="Anti-spoofing rule">
<Src neg="True">
@ -1705,9 +1785,13 @@
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CDDF2FA" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1725,7 +1809,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CCA26E4" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1745,7 +1832,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B9AB902" disabled="True" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1765,7 +1855,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFC0F90" disabled="False" log="True" position="7" action="Accept" direction="Both" comment="hostF has the same IP address as firewal.">
<Src neg="False">
@ -1783,7 +1876,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B021E10" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="testing negation in the policy rule">
<Src neg="True">
@ -1808,7 +1904,10 @@
<Option name="limit_value">10</Option>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0B4A13" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="True">
@ -1829,7 +1928,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B5535B7" disabled="False" log="True" position="10" action="Deny" direction="Both" comment="">
<Src neg="True">
@ -1850,7 +1952,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3FB82A69" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="True">
@ -1869,7 +1974,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B11F63D" disabled="False" log="True" position="12" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1891,7 +1999,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CDDF0AA" disabled="False" log="False" position="13" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1911,7 +2022,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B021E6F" disabled="True" log="True" position="14" action="Deny" direction="Both" comment="testing negation in service field">
<Src neg="False">
@ -1933,7 +2047,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CCA2CF4" disabled="True" log="True" position="15" action="Accept" direction="Both" comment="testing negation in service field">
<Src neg="False">
@ -1953,7 +2070,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B45739A" disabled="False" log="True" position="16" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1973,7 +2093,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAC8" disabled="False" log="False" position="17" action="Accept" direction="Both" comment="'masquerading' rule">
<Src neg="False">
@ -1991,7 +2114,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAE3" disabled="False" log="True" position="18" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
@ -2011,7 +2137,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2620,7 +2749,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id463FF6C410755" disabled="False" log="False" position="1" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -2640,7 +2772,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4640031510755" disabled="False" log="False" position="2" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -2660,7 +2795,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB6708" disabled="False" log="True" position="3" action="Deny" direction="Inbound" comment="Anti-spoofing rule">
<Src neg="False">
@ -2676,13 +2814,17 @@
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB6710" disabled="False" log="True" position="4" action="Deny" direction="Outbound" comment="Anti-spoofing rule">
<Src neg="True">
@ -2698,13 +2840,17 @@
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB66E5" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="block fragments">
<Src neg="False">
@ -2725,7 +2871,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C6FD2" disabled="False" log="True" position="6" action="Reject" direction="Both" comment="sends TCP RST and makes custom record in the log">
<Src neg="False">
@ -2751,7 +2900,10 @@
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D333A66" disabled="False" log="True" position="7" action="Reject" direction="Both" comment="sends TCP RST and makes custom record in the log">
<Src neg="False">
@ -2777,7 +2929,10 @@
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D8FF63F" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2796,7 +2951,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D8FF660" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2815,7 +2973,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB66EF" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="'masquerading' rule">
<Src neg="False">
@ -2835,7 +2996,10 @@
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C447B8D" disabled="False" log="True" position="11" action="Accept" direction="Both" comment="host-fw2 has the same address as &#10; one of the firewall's interfaces">
<Src neg="False">
@ -2853,7 +3017,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C447BCB" disabled="False" log="True" position="12" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2871,7 +3038,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB66F9" disabled="False" log="True" position="13" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
@ -2892,7 +3062,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3241,9 +3414,13 @@
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63EB" disabled="False" log="True" position="14" action="Deny" direction="Outbound" comment="Anti-spoofing rule">
<Src neg="True">
@ -3259,9 +3436,13 @@
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B54C977" disabled="False" log="True" position="15" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3276,9 +3457,13 @@
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B54F071" disabled="False" log="True" position="16" action="Deny" direction="Both" comment="">
<Src neg="True">
@ -3293,9 +3478,13 @@
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C639F" disabled="False" log="True" position="4" action="Accept" direction="Both" comment="hostF has the same IP address as firewal.">
<Src neg="False">
@ -3315,7 +3504,10 @@
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63A9" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="testing negation in the policy rule">
<Src neg="True">
@ -3337,7 +3529,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63B4" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="True">
@ -3359,7 +3554,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63BF" disabled="True" log="True" position="7" action="Deny" direction="Both" comment="testing negation in service field">
<Src neg="False">
@ -3382,7 +3580,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63CB" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="'masquerading' rule">
<Src neg="False">
@ -3402,7 +3603,10 @@
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D85069A" disabled="True" log="True" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3421,7 +3625,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63D5" disabled="False" log="True" position="10" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
@ -3442,7 +3649,10 @@
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3556,7 +3766,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CF5B373" disabled="False" log="True" position="18" action="Deny" direction="Inbound" comment="">
<Src neg="False">
@ -3576,7 +3789,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C69BF13" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3594,7 +3810,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3703,7 +3922,11 @@
<Itf neg="False">
<ObjectRef ref="id3AF5A2CB"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB70C7" disabled="False" log="False" position="20" action="Accept" direction="Inbound" comment="allow everything on loopback">
<Src neg="False">
@ -3718,7 +3941,11 @@
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB70CF" disabled="False" log="False" position="21" action="Accept" direction="Outbound" comment="allow everything on loopback">
<Src neg="False">
@ -3733,7 +3960,11 @@
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3BD8ECC6" disabled="False" log="True" position="22" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3748,7 +3979,11 @@
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5A74B" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="block fragments">
<Src neg="False">
@ -3768,7 +4003,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5A73A" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3791,7 +4029,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5A757" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="allow all outgoing connections">
<Src neg="False">
@ -3809,7 +4050,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5A762" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
@ -3829,7 +4073,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -4143,7 +4390,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D5822B5" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4161,7 +4411,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D582294" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4179,7 +4432,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D58228A" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4197,7 +4453,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D5822A0" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -4217,7 +4476,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -4506,7 +4768,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3E09E" disabled="False" log="False" position="1" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -4525,7 +4790,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3D16E" disabled="False" log="False" position="2" action="Accept" direction="Inbound" comment="">
<Src neg="True">
@ -4544,7 +4812,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3E5F2E4C" disabled="False" log="False" position="3" action="Accounting" direction="Both" comment="">
<Src neg="False">
@ -4564,7 +4835,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3E5F2E42" disabled="False" log="True" position="4" action="Accounting" direction="Both" comment="">
<Src neg="False">
@ -4584,7 +4858,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3D12E" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4602,7 +4879,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3D563" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4620,7 +4900,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F162CE1" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4641,7 +4924,10 @@
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF3D156" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -4661,7 +4947,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -4733,7 +5022,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id41D4F998" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4751,7 +5043,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3E51B0B0" disabled="False" log="True" position="2" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -4772,7 +5067,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3E51B025" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4793,7 +5091,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3E51BD2E" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4814,7 +5115,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3E51B010" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -4834,7 +5138,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -5010,7 +5317,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43869E9018346" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5028,7 +5338,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43869E9E18346" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5046,7 +5359,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43869EAA18346" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5064,7 +5380,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4386E38318346" disabled="False" log="False" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5084,7 +5403,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4386E37718346" disabled="False" log="False" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5104,7 +5426,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43867C3018346" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5122,7 +5447,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4386C10D18346" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5140,7 +5468,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id438728A918346" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5159,7 +5490,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id438728BA18346" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5178,7 +5512,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id438728CD18346" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5197,7 +5534,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43867C3C18346" disabled="False" log="True" position="11" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5217,7 +5557,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -5586,7 +5929,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45275D7A5394" disabled="False" log="False" position="1" action="Custom" direction="Both" comment="rule doing divert to natd (8668) should go before check-state&#10;">
<Src neg="False">
@ -5627,7 +5973,10 @@
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id452299478881" disabled="False" log="False" position="2" action="Pipe" direction="Both" comment="">
<Src neg="False">
@ -5655,7 +6004,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7AC9D23738" disabled="False" log="False" position="3" action="Classify" direction="Both" comment="">
<Src neg="False">
@ -5684,7 +6036,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7ACAE23738" disabled="False" log="False" position="4" action="Classify" direction="Both" comment="">
<Src neg="False">
@ -5714,7 +6069,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7C4D723738" disabled="False" log="True" position="5" action="Custom" direction="Both" comment="">
<Src neg="False">
@ -5741,7 +6099,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7AB1B23738" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -5761,7 +6122,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>

517
test/ipt/cluster-tests.fwb
View File

@ -678,7 +678,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7136X39764" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -698,7 +701,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7162X39764" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -718,7 +724,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7149X39764" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -738,7 +747,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5942X26920" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -758,7 +770,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1147,7 +1162,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1299,7 +1317,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1376,7 +1397,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2896X78273" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1394,7 +1418,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7697X27234" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1414,7 +1441,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id36344X28692" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="&quot;firewall is part of any&quot; OFF">
<Src neg="False">
@ -1458,7 +1488,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id65013X28692" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="&quot;firewall is part of any&quot; OFF">
<Src neg="False">
@ -1502,7 +1535,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id8117X67022" disabled="False" group="interface group test" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1524,7 +1560,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id39519X67022" disabled="False" group="interface group test" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1569,7 +1608,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id103230X67022" disabled="False" group="interface group test" log="False" position="7" action="Accept" direction="Both" comment="&quot;firewall is part of any&quot; OFF">
<Src neg="False">
@ -1615,7 +1657,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id103183X67022" disabled="False" group="interface group test" log="False" position="8" action="Accept" direction="Both" comment="&quot;firewall is part of any&quot; OFF">
<Src neg="False">
@ -1660,7 +1705,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2879X78273" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -1678,7 +1726,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2862X78273" disabled="False" log="True" position="10" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -1696,7 +1747,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2845X78273" disabled="False" log="True" position="11" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -1714,7 +1768,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2828X78273" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1732,7 +1789,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2811X78273" disabled="False" log="True" position="13" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1750,7 +1810,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1896,7 +1959,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2781X94039" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -1915,7 +1981,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2794X94039" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1933,7 +2002,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2806X94039" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -1951,7 +2023,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3725X2234" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -1969,7 +2044,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2818X94039" disabled="False" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -1987,7 +2065,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2830X94039" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -2029,7 +2110,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2842X94039" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2047,7 +2131,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2854X94039" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2065,7 +2152,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3087X2234" disabled="False" group="" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2085,7 +2175,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2269,7 +2362,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3478X13311" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -2288,7 +2384,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3491X13311" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2306,7 +2405,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3503X13311" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -2324,7 +2426,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3515X13311" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -2342,7 +2447,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3527X13311" disabled="False" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -2360,7 +2468,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4369X67939" disabled="False" group="" log="False" position="6" action="Branch" direction="Both" comment="branch rule set is different in members linux-1 and linux-2">
<Src neg="False">
@ -2425,7 +2536,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id44836X15667" disabled="False" group="" log="False" position="7" action="Branch" direction="Both" comment="branch rule set is different in members linux-1 and linux-2">
<Src neg="False">
@ -2490,7 +2604,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3539X13311" disabled="False" log="False" position="8" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2534,7 +2651,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1094903X96143" disabled="False" group="" log="False" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2578,7 +2698,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id997025X96143" disabled="False" group="" log="False" position="10" action="Accept" direction="Both" comment="fw is part of any">
<Src neg="False">
@ -2622,7 +2745,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id97551X96143" disabled="False" group="" log="False" position="11" action="Accept" direction="Both" comment="fw is NOT part of any">
<Src neg="False">
@ -2666,7 +2792,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id143289X96143" disabled="False" group="" log="False" position="12" action="Accept" direction="Both" comment="fw is NOT part of any">
<Src neg="False">
@ -2710,7 +2839,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1946680X96143" disabled="False" group="" log="False" position="13" action="Accept" direction="Outbound" comment="fw is NOT part of any">
<Src neg="False">
@ -2754,7 +2886,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id378955X96143" disabled="False" group="" log="False" position="14" action="Accept" direction="Both" comment="fw is NOT part of any">
<Src neg="False">
@ -2798,7 +2933,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1801407X96143" disabled="False" group="" log="False" position="15" action="Accept" direction="Outbound" comment="fw is NOT part of any">
<Src neg="False">
@ -2842,7 +2980,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id143343X96143" disabled="False" group="" log="False" position="16" action="Accept" direction="Both" comment="fw is NOT part of any">
<Src neg="False">
@ -2886,7 +3027,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2241935X96143" disabled="False" group="" log="False" position="17" action="Accept" direction="Both" comment="fw is NOT part of any">
<Src neg="False">
@ -2930,7 +3074,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2241981X96143" disabled="False" group="" log="False" position="18" action="Accept" direction="Outbound" comment="fw is NOT part of any">
<Src neg="False">
@ -2974,7 +3121,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id8228X45618" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="using interface of another cluster in the rule">
<Src neg="False">
@ -2994,7 +3144,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id147047X84105" disabled="False" group="" log="False" position="20" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3014,7 +3167,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3563X13311" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3032,7 +3188,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3575X13311" disabled="False" group="" log="True" position="22" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3052,7 +3211,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3165,7 +3327,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5239X25627" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -3184,7 +3349,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5222X25627" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3202,7 +3370,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5205X25627" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -3220,7 +3391,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5188X25627" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -3238,7 +3412,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5171X25627" disabled="False" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -3256,7 +3433,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5154X25627" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -3298,7 +3478,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5137X25627" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3316,7 +3499,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5120X25627" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3334,7 +3520,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5103X25627" disabled="False" group="" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3354,7 +3543,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3451,7 +3643,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4447X28690" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -3470,7 +3665,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4460X28690" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3488,7 +3686,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4472X28690" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -3506,7 +3707,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4484X28690" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -3524,7 +3728,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4496X28690" disabled="False" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -3542,7 +3749,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4508X28690" disabled="False" group="" log="False" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3584,7 +3794,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4520X28690" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3626,7 +3839,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4532X28690" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3644,7 +3860,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4544X28690" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3662,7 +3881,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4556X28690" disabled="False" group="" log="True" position="10" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3682,7 +3904,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3828,7 +4053,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5233X20350" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -3847,7 +4075,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5246X20350" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3865,7 +4096,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5258X20350" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -3883,7 +4117,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5270X20350" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -3901,7 +4138,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5282X20350" disabled="False" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -3919,7 +4159,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5294X20350" disabled="False" group="" log="False" position="6" action="Branch" direction="Both" comment="branch rule set is different in members linux-1 and linux-2">
<Src neg="False">
@ -3984,7 +4227,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5306X20350" disabled="False" group="" log="False" position="7" action="Branch" direction="Both" comment="branch rule set is different in members linux-1 and linux-2">
<Src neg="False">
@ -4049,7 +4295,10 @@
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5318X20350" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -4091,7 +4340,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5330X20350" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4109,7 +4361,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5342X20350" disabled="False" log="True" position="10" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -4127,7 +4382,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5354X20350" disabled="False" group="" log="True" position="11" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -4147,7 +4405,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -4366,7 +4627,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58771X27834" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4384,7 +4648,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58783X27834" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -4402,7 +4669,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58795X27834" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -4420,7 +4690,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id264906X52019" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4438,7 +4711,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id307834X52019" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="fw is part of any and networks">
<Src neg="False">
@ -4482,7 +4758,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id353220X52019" disabled="False" group="" log="False" position="6" action="Accept" direction="Both" comment="fw is NOT part of any and networks">
<Src neg="False">
@ -4526,7 +4805,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id307896X52019" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4544,7 +4826,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id307958X52019" disabled="False" group="" log="False" position="8" action="Accept" direction="Both" comment="fw is part of any">
<Src neg="False">
@ -4588,7 +4873,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id625000X52019" disabled="False" group="" log="False" position="9" action="Accept" direction="Both" comment="fw is not part of any">
<Src neg="False">
@ -4632,7 +4920,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id853234X52019" disabled="False" group="" log="False" position="10" action="Accept" direction="Both" comment="fw is not part of any">
<Src neg="False">
@ -4676,7 +4967,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id308020X52019" disabled="False" group="" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4694,7 +4988,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58807X27834" disabled="False" log="True" position="12" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -4738,7 +5035,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id148160X50472" disabled="False" group="Negation in interface RE" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4758,7 +5058,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id200555X50472" disabled="False" group="Negation in interface RE" log="False" position="14" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4779,7 +5082,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id729613X50472" disabled="False" group="Negation in interface RE" log="False" position="15" action="Accept" direction="Both" comment="fw is part of any is OFF">
<Src neg="False">
@ -4823,7 +5129,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id729566X50472" disabled="False" group="Negation in interface RE" log="False" position="16" action="Accept" direction="Both" comment="fw is part of any is OFF">
<Src neg="False">
@ -4868,7 +5177,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id944761X50472" disabled="False" group="Negation in interface RE" log="False" position="17" action="Accept" direction="Inbound" comment="fw is part of any is OFF">
<Src neg="False">
@ -4912,7 +5224,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id944714X50472" disabled="False" group="Negation in interface RE" log="False" position="18" action="Accept" direction="Inbound" comment="fw is part of any is OFF">
<Src neg="False">
@ -4957,7 +5272,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id944903X50472" disabled="False" group="Negation in interface RE" log="False" position="19" action="Accept" direction="Outbound" comment="fw is part of any is OFF">
<Src neg="False">
@ -5001,7 +5319,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id944856X50472" disabled="False" group="Negation in interface RE" log="False" position="20" action="Accept" direction="Outbound" comment="fw is part of any is OFF">
<Src neg="False">
@ -5046,7 +5367,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1440989X50472" disabled="False" group="Negation in interface RE" log="False" position="21" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5090,7 +5414,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1441036X50472" disabled="False" group="Negation in interface RE" log="False" position="22" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -5135,7 +5462,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1275381X50472" disabled="False" group="Negation in interface RE" log="False" position="23" action="Accept" direction="Both" comment="fw is part of any is OFF">
<Src neg="False">
@ -5179,7 +5509,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1275334X50472" disabled="False" group="Negation in interface RE" log="False" position="24" action="Accept" direction="Both" comment="fw is part of any is OFF">
<Src neg="False">
@ -5224,7 +5557,10 @@
<Option name="log_prefix"/>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -5326,7 +5662,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58450X29313" disabled="False" log="False" position="1" action="Deny" direction="Inbound" comment="">
<Src neg="False">
@ -5346,7 +5685,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -5467,7 +5809,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -5641,7 +5986,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -6168,7 +6516,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -6620,7 +6971,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58535X27834" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6638,7 +6992,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58547X27834" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -6656,7 +7013,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58559X27834" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -6674,7 +7034,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58571X27834" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -6692,7 +7055,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58583X27834" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6710,7 +7076,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58595X27834" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6728,7 +7097,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -6839,7 +7211,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58661X27834" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6857,7 +7232,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58673X27834" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -6875,7 +7253,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58685X27834" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -6893,7 +7274,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58697X27834" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -6911,7 +7295,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58709X27834" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -6929,7 +7316,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58721X27834" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -6947,7 +7337,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>

4139
test/ipt/objects-for-regression-tests.fwb
View File

File diff suppressed because it is too large Load Diff

72
test/pf/cluster-tests.fwb
View File

@ -763,6 +763,8 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2781X94039" disabled="False" group="" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
@ -895,6 +897,8 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2842X94039" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="">
@ -951,6 +955,8 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
@ -1931,7 +1937,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5954X26920" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1951,7 +1960,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7136X39764" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1971,7 +1983,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7162X39764" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1991,7 +2006,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7149X39764" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -2011,7 +2029,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id39043X28773" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -2031,7 +2052,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5942X26920" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -2051,7 +2075,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2130,7 +2157,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2206,7 +2236,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id56069X50958" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2226,7 +2259,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4808X69263" disabled="False" group="test for interface group" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2248,7 +2284,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id24679X69263" disabled="False" group="test for interface group" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2269,7 +2308,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id72694X50958" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2289,7 +2331,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id89654X50958" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2310,7 +2355,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id106892X50958" disabled="False" group="" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2332,7 +2380,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id124525X50958" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -2352,7 +2403,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id124478X50958" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -2373,7 +2427,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id124667X50958" disabled="False" group="" log="False" position="9" action="Accept" direction="Outbound" comment="">
<Src neg="False">
@ -2393,7 +2450,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id124620X50958" disabled="False" group="" log="False" position="10" action="Accept" direction="Outbound" comment="">
<Src neg="False">
@ -2414,7 +2474,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id181105X50958" disabled="False" group="" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2434,7 +2497,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id181058X50958" disabled="False" group="" log="False" position="12" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2455,7 +2521,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2535,7 +2604,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>

6058
test/pf/objects-for-regression-tests.fwb
View File

File diff suppressed because it is too large Load Diff

4
test/pf/pf_cluster_4_rc.conf.local
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3529
# Firewall Builder fwb_pf v4.2.1.3538
#
# Generated Tue Apr 19 13:31:13 2011 PDT by vadim
# Generated Thu May 5 18:34:18 2011 PDT by vadim
#
# files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
# files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf

126
test/pix/cluster-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1269894581" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1269894581" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -462,7 +462,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -507,7 +510,10 @@
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -740,7 +746,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2879X78273" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -758,7 +767,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id17725X59293" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -778,7 +790,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id55439X897" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -796,7 +811,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2862X78273" disabled="False" log="True" position="4" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -814,7 +832,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3401X82678" disabled="False" group="test for interface groups" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -836,7 +857,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id20340X82678" disabled="False" group="test for interface groups" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -857,7 +881,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id89499X82678" disabled="False" group="test for interface groups" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -879,7 +906,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id89452X82678" disabled="False" group="test for interface groups" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -900,7 +930,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2845X78273" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -918,7 +951,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2828X78273" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -936,7 +972,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2811X78273" disabled="False" log="True" position="11" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -954,7 +993,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1057,7 +1099,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2906X26048" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -1075,7 +1120,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2918X26048" disabled="False" log="True" position="2" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -1093,7 +1141,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2930X26048" disabled="False" log="True" position="3" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -1111,7 +1162,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2942X26048" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1129,7 +1183,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2954X26048" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1147,7 +1204,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1248,7 +1308,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id56603X61097" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -1266,7 +1329,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id56615X61097" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -1286,7 +1352,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id56627X61097" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -1304,7 +1373,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id56639X61097" disabled="False" log="True" position="4" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -1322,7 +1394,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id56651X61097" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -1340,7 +1415,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id56663X61097" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1358,7 +1436,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id56675X61097" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1376,7 +1457,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>

3616
test/pix/objects-for-regression-tests.fwb
View File

File diff suppressed because it is too large Load Diff

2
test/pix/quick-cmp.sh
View File

@ -9,5 +9,5 @@ do
V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "echo \"$V\" | cut -c1-72"
new_f=$(echo $f | sed 's/.orig//')
echo "$SDIFFCMD $f $new_f"
echo "$DIFFCMD $f $new_f"
done

383
test/procurve_acl/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1273676680" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1273676680" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -623,7 +623,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46412C3326611" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -644,7 +647,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46415A0129061" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -666,7 +672,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id25349X82668" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -687,7 +696,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4641356226611" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -708,7 +720,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4641359926611" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -729,7 +744,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46412F0326611" disabled="False" log="False" position="6" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -750,7 +768,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4641357426611" disabled="False" log="False" position="7" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -771,7 +792,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4641358626611" disabled="False" log="False" position="8" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -792,7 +816,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4641456D29061" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -813,7 +840,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4641457E29061" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -834,7 +864,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4641458F29061" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -855,7 +888,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id464147C929061" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="interface ethernet1 has address on network 10.10.10.0/24,&#10;therefore net-10.10.10 is behind the router and we do&#10;not need to put rules 12-18 in outbound acl of eth0">
<Src neg="False">
@ -876,7 +912,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46414A3E29061" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -897,7 +936,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46414A4F29061" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -918,7 +960,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46414A6029061" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -939,7 +984,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46414CEB29061" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -960,7 +1008,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4641521829061" disabled="False" log="False" position="17" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -981,7 +1032,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46415F6729061" disabled="False" log="False" position="18" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1002,7 +1056,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5377X64279" disabled="False" group="" log="False" position="19" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1023,7 +1080,10 @@
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id8889X64279" disabled="False" group="" log="False" position="20" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1044,7 +1104,10 @@
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5646X48212" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -1064,7 +1127,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5801X48212" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -1085,7 +1151,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46412C2726611" disabled="False" log="True" position="23" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -1105,7 +1174,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1292,7 +1364,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id28332X65694" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1313,7 +1388,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1336,7 +1414,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19137X65694" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1356,7 +1437,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19165X65694" disabled="False" log="True" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1376,7 +1460,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19194X65694" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1396,7 +1483,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19226X65694" disabled="False" group="" log="True" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1416,7 +1506,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19260X65694" disabled="False" group="" log="True" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1436,7 +1529,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19288X65694" disabled="False" group="" log="True" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1456,7 +1552,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19316X65694" disabled="False" log="True" position="7" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -1476,7 +1575,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19344X65694" disabled="False" log="True" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1496,7 +1598,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19372X65694" disabled="False" log="True" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1516,7 +1621,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id19400X65694" disabled="False" log="True" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1536,7 +1644,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id24941X65694" disabled="False" group="" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1557,7 +1668,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id7994X97727" disabled="False" group="" log="False" position="12" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1577,7 +1691,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id9240X97727" disabled="False" group="" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1601,7 +1718,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1807,7 +1927,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10526X97727" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1828,7 +1951,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -1851,7 +1977,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10552X97727" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1871,7 +2000,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10564X97727" disabled="False" log="True" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1891,7 +2023,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10576X97727" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1911,7 +2046,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10588X97727" disabled="False" group="" log="True" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1931,7 +2069,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10600X97727" disabled="False" group="" log="True" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1951,7 +2092,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10612X97727" disabled="False" group="" log="True" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -1971,7 +2115,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10624X97727" disabled="False" log="True" position="7" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -1991,7 +2138,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10636X97727" disabled="False" log="True" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2011,7 +2161,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10648X97727" disabled="False" log="True" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2031,7 +2184,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10660X97727" disabled="False" log="True" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2051,7 +2207,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10672X97727" disabled="False" group="" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2072,7 +2231,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10685X97727" disabled="False" group="" log="False" position="12" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2092,7 +2254,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id10697X97727" disabled="False" group="" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2116,7 +2281,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2322,7 +2490,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id12152X53662" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2343,7 +2514,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2366,7 +2540,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id12202X53662" disabled="False" group="" log="True" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2386,7 +2563,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2410,7 +2590,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -2616,7 +2799,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4346X40592" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2637,7 +2823,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4358X40592" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2659,7 +2848,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4371X40592" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2680,7 +2872,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4383X40592" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2701,7 +2896,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4395X40592" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2722,7 +2920,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4407X40592" disabled="False" log="False" position="6" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -2743,7 +2944,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4419X40592" disabled="False" log="False" position="7" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -2764,7 +2968,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4431X40592" disabled="False" log="False" position="8" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -2785,7 +2992,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4443X40592" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2806,7 +3016,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4455X40592" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2827,7 +3040,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4467X40592" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2848,7 +3064,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4479X40592" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="interface ethernet1 has address on network 10.10.10.0/24,&#10;therefore net-10.10.10 is behind the router and we do&#10;not need to put rules 12-18 in outbound acl of eth0">
<Src neg="False">
@ -2869,7 +3088,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4491X40592" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2890,7 +3112,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4503X40592" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2911,7 +3136,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4515X40592" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2932,7 +3160,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4527X40592" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2953,7 +3184,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4539X40592" disabled="False" log="False" position="17" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2974,7 +3208,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4551X40592" disabled="False" log="False" position="18" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -2995,7 +3232,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4563X40592" disabled="False" group="" log="False" position="19" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3016,7 +3256,10 @@
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4575X40592" disabled="False" group="" log="False" position="20" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3037,7 +3280,10 @@
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4587X40592" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3057,7 +3303,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3225,7 +3474,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4764X40592" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3246,7 +3498,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4776X40592" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3268,7 +3523,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4789X40592" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3289,7 +3547,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4801X40592" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3310,7 +3571,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4813X40592" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3331,7 +3595,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4825X40592" disabled="False" log="False" position="6" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -3352,7 +3619,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4837X40592" disabled="False" log="False" position="7" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -3373,7 +3643,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4849X40592" disabled="False" log="False" position="8" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -3394,7 +3667,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4861X40592" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3415,7 +3691,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4873X40592" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3436,7 +3715,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4885X40592" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3457,7 +3739,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4897X40592" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="interface ethernet1 has address on network 10.10.10.0/24,&#10;therefore net-10.10.10 is behind the router and we do&#10;not need to put rules 12-18 in outbound acl of eth0">
<Src neg="False">
@ -3478,7 +3763,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4909X40592" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3499,7 +3787,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4921X40592" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3520,7 +3811,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4933X40592" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3541,7 +3835,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4945X40592" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3562,7 +3859,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4957X40592" disabled="False" log="False" position="17" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3583,7 +3883,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4969X40592" disabled="False" log="False" position="18" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3604,7 +3907,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4981X40592" disabled="False" group="" log="False" position="19" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3625,7 +3931,10 @@
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4993X40592" disabled="False" group="" log="False" position="20" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3646,7 +3955,10 @@
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5005X40592" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -3666,7 +3978,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -3834,7 +4149,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5612X54035" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3855,7 +4173,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5624X54035" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3877,7 +4198,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5637X54035" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3898,7 +4222,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5649X54035" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3919,7 +4246,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5661X54035" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -3940,7 +4270,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5673X54035" disabled="False" log="False" position="6" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -3961,7 +4294,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5685X54035" disabled="False" log="False" position="7" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -3982,7 +4318,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5697X54035" disabled="False" log="False" position="8" action="Accept" direction="Inbound" comment="">
<Src neg="False">
@ -4003,7 +4342,10 @@
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5709X54035" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4024,7 +4366,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5721X54035" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4045,7 +4390,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5733X54035" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4066,7 +4414,10 @@
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5745X54035" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="interface ethernet1 has address on network 10.10.10.0/24,&#10;therefore net-10.10.10 is behind the router and we do&#10;not need to put rules 12-18 in outbound acl of eth0">
<Src neg="False">
@ -4087,7 +4438,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5757X54035" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4108,7 +4462,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5769X54035" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4129,7 +4486,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5781X54035" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4150,7 +4510,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5793X54035" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4171,7 +4534,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5805X54035" disabled="False" log="False" position="17" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4192,7 +4558,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5817X54035" disabled="False" log="False" position="18" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4213,7 +4582,10 @@
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5829X54035" disabled="False" group="" log="False" position="19" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4234,7 +4606,10 @@
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5841X54035" disabled="False" group="" log="False" position="20" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -4255,7 +4630,10 @@
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
<Option name="stateless">False</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5853X54035" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -4275,7 +4653,10 @@
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>