onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 01:37:17 +01:00
Code Issues Releases Wiki Activity

see #2167 making sure names are replaced with addresses only as standalone words and not substrings

Browse Source
This commit is contained in:
Vadim Kurland 2011-04-07 16:03:52 -07:00
parent bf753da2de
commit 95c6c63818
10 changed files with 240 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
# build number is like "nano" version number. I am incrementing build
# number during development cycle
#
BUILD_NUM="3520"
BUILD_NUM="3521"
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

2
VERSION.h
View File

@ -1,2 +1,2 @@
#define VERSION "4.2.0.3520"
#define VERSION "4.2.0.3521"
#define GENERATION "4.2"

2
packaging/fwbuilder-static-qt.spec
View File

@ -3,7 +3,7 @@
%define name fwbuilder
%define version 4.2.0.3520
%define version 4.2.0.3521
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
packaging/fwbuilder.control
View File

@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
Priority: extra
Section: checkinstall
Maintainer: vadim@fwbuilder.org
Version: 4.2.0.3520-1
Version: 4.2.0.3521-1
Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
Description: Firewall Builder GUI and policy compilers

2
packaging/fwbuilder.spec
View File

@ -1,6 +1,6 @@
%define name fwbuilder
%define version 4.2.0.3520
%define version 4.2.0.3521
%define release 1
%if "%_vendor" == "MandrakeSoft"

29
src/cisco_lib/CompilerDriver_pix_run.cpp
View File

@ -131,21 +131,33 @@ QString CompilerDriver_pix::assembleFwScript(Cluster *cluster,
string vers = fw->getStr("version");
string platform = fw->getStr("platform");
bool outbound_acl_supported = Resources::platform_res[platform]->getResourceBool(
string("/FWBuilderResources/Target/options/")+
"version_"+vers+
"/pix_outbound_acl_supported");
bool outbound_acl_supported =
Resources::platform_res[platform]->getResourceBool(
string("/FWBuilderResources/Target/options/")+
"version_"+vers+
"/pix_outbound_acl_supported");
bool afpa = options->getBool("pix_assume_fw_part_of_any");
bool emulate_outb_acls = options->getBool("pix_emulate_out_acl");
bool generate_outb_acls = options->getBool("pix_generate_out_acl");
top_comment.setVariable("outbound_acl_supported", QString((outbound_acl_supported)?"supported":"not supported"));
top_comment.setVariable("emulate_outb_acls", QString((emulate_outb_acls)?"yes":"no"));
top_comment.setVariable("generate_outb_acls", QString((generate_outb_acls)?"yes":"no"));
top_comment.setVariable(
"outbound_acl_supported",
QString((outbound_acl_supported) ? "supported" : "not supported"));
top_comment.setVariable("emulate_outb_acls",
QString((emulate_outb_acls)?"yes":"no"));
top_comment.setVariable("generate_outb_acls",
QString((generate_outb_acls)?"yes":"no"));
top_comment.setVariable("afpa", QString((afpa)?"yes":"no"));
script_skeleton.setVariable("short_script", options->getBool("short_script"));
script_skeleton.setVariable("not_short_script", ! options->getBool("short_script"));
script_skeleton.setVariable("not_short_script",
! options->getBool("short_script"));
script_skeleton.setVariable("system_configuration_script",
QString::fromUtf8(
@ -164,6 +176,7 @@ QString CompilerDriver_pix::assembleFwScript(Cluster *cluster,
assembleFwScriptInternal(cluster, fw, cluster_member, oscnf,
&script_skeleton, &top_comment, "!", true);
return script_skeleton.expand();
}

4
src/import/PIXImporterRun.cpp
View File

@ -29,6 +29,7 @@
#include <QString>
#include <QStringList>
#include <QRegExp>
#include <QtDebug>
#include <ios>
@ -95,7 +96,8 @@ void PIXImporter::run()
QMap<QString, QString>::iterator it;
for (it=named_addresses.begin(); it!=named_addresses.end(); ++it)
{
str.replace(it.key(), it.value());
QString re("\\b%1\\b");
str.replace(QRegExp(re.arg(it.key())), it.value());
}
}

272
src/unit_tests/PIXImporterTest/test_data/asa8.0-names.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302205048" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302217356" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -432,69 +432,85 @@
<Library id="id0" name="User" comment="" ro="False">
<ObjectGroup id="id1" name="Objects" comment="" ro="False">
<ObjectGroup id="id2" name="Addresses" comment="" ro="False">
<IPv4 id="id3" name="h-10.1.1.202" comment="Created during import of line 65" ro="False" address="10.1.1.202" netmask="255.255.255.255"/>
<IPv4 id="id3" name="h-192.168.2.240" comment="Created during import of line 49" ro="False" address="192.168.2.240" netmask="255.255.255.255"/>
<IPv4 id="id4" name="h-10.1.1.202" comment="Created during import of line 78" ro="False" address="10.1.1.202" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id4" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id5" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id6" name="Groups" comment="" ro="False">
<ObjectGroup id="id7" name="net-1" comment="single network object-group &#10;Created during import of line 42" ro="False">
<ObjectRef ref="id15"/>
<ObjectGroup id="id5" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id6" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id7" name="Groups" comment="" ro="False">
<ObjectGroup id="id8" name="net_1_group" comment="Created during import of line 42" ro="False">
<ObjectRef ref="id26"/>
<ObjectRef ref="id27"/>
</ObjectGroup>
<ObjectGroup id="id9" name="net-2" comment="multiple network-object object s &#10;Created during import of line 45" ro="False">
<ObjectRef ref="id16"/>
<ObjectRef ref="id15"/>
<ObjectRef ref="id17"/>
<ObjectGroup id="id11" name="another_group_net_1" comment="Created during import of line 45" ro="False">
<ObjectRef ref="id26"/>
<ObjectRef ref="id28"/>
</ObjectGroup>
<ObjectGroup id="id14" name="host_net_1" comment="Created during import of line 48" ro="False">
<ObjectRef ref="id3"/>
</ObjectGroup>
<ObjectGroup id="id16" name="host_net_2" comment="Created during import of line 51" ro="False">
<ObjectRef ref="id3"/>
</ObjectGroup>
<ObjectGroup id="id18" name="net-1" comment="single network object-group &#10;Created during import of line 55" ro="False">
<ObjectRef ref="id27"/>
</ObjectGroup>
<ObjectGroup id="id20" name="net-2" comment="multiple network-object object s &#10;Created during import of line 58" ro="False">
<ObjectRef ref="id29"/>
<ObjectRef ref="id27"/>
<ObjectRef ref="id28"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id13" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id14" name="Networks" comment="" ro="False">
<Network id="id15" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 43" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id16" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 46" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id17" name="net-192.168.3.0/255.255.255.0" comment="Created during import of line 48" ro="False" address="192.168.3.0" netmask="255.255.255.0"/>
<Network id="id18" name="net-10.1.1.0/255.255.255.0" comment="Created during import of line 73" ro="False" address="10.1.1.0" netmask="255.255.255.0"/>
<ObjectGroup id="id24" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id25" name="Networks" comment="" ro="False">
<Network id="id26" name="net-192.168.2.240/255.255.255.240" comment="Created during import of line 43" ro="False" address="192.168.2.240" netmask="255.255.255.240"/>
<Network id="id27" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 44" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id28" name="net-192.168.3.0/255.255.255.0" comment="Created during import of line 47" ro="False" address="192.168.3.0" netmask="255.255.255.0"/>
<Network id="id29" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 59" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id30" name="net-10.1.1.0/255.255.255.0" comment="Created during import of line 86" ro="False" address="10.1.1.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id19" name="Address Ranges" comment="" ro="False"/>
<ObjectGroup id="id31" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id20" name="Services" comment="" ro="False">
<ServiceGroup id="id21" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id22" name="ICMP" comment="" ro="False">
<ICMPService id="id23" code="-1" type="8" name="icmp 8/-1" comment="Created during import of line 59" ro="False"/>
<ICMPService id="id24" code="0" type="111" name="icmp 111/0" comment="Created during import of line 60" ro="False"/>
<ICMPService id="id25" code="0" type="11" name="icmp 11/0" comment="Created during import of line 61" ro="False"/>
<ICMPService id="id26" code="0" type="0" name="icmp 0/0" comment="Created during import of line 62" ro="False"/>
<ICMPService id="id27" code="-1" type="3" name="icmp 3/-1" comment="Created during import of line 63" ro="False"/>
<ICMPService id="id28" code="-1" type="-1" name="icmp -1/-1" comment="Created during import of line 64" ro="False"/>
<ServiceGroup id="id32" name="Services" comment="" ro="False">
<ServiceGroup id="id33" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id34" name="ICMP" comment="" ro="False">
<ICMPService id="id35" code="-1" type="8" name="icmp 8/-1" comment="Created during import of line 72" ro="False"/>
<ICMPService id="id36" code="0" type="111" name="icmp 111/0" comment="Created during import of line 73" ro="False"/>
<ICMPService id="id37" code="0" type="11" name="icmp 11/0" comment="Created during import of line 74" ro="False"/>
<ICMPService id="id38" code="0" type="0" name="icmp 0/0" comment="Created during import of line 75" ro="False"/>
<ICMPService id="id39" code="-1" type="3" name="icmp 3/-1" comment="Created during import of line 76" ro="False"/>
<ICMPService id="id40" code="-1" type="-1" name="icmp -1/-1" comment="Created during import of line 77" ro="False"/>
</ServiceGroup>
<ServiceGroup id="id29" name="IP" comment="" ro="False">
<IPService id="id30" any_opt="False" dscp="" fragm="False" lsrr="False" protocol_num="0" rr="False" rtralt="False" rtralt_value="False" short_fragm="False" ssrr="False" tos="" ts="False" name="ip" comment="Created during import of line 50" ro="False"/>
<ServiceGroup id="id41" name="IP" comment="" ro="False">
<IPService id="id42" any_opt="False" dscp="" fragm="False" lsrr="False" protocol_num="0" rr="False" rtralt="False" rtralt_value="False" short_fragm="False" ssrr="False" tos="" ts="False" name="ip" comment="Created during import of line 63" ro="False"/>
</ServiceGroup>
<ServiceGroup id="id31" name="TCP" comment="" ro="False">
<TCPService id="id32" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 23:23" comment="Created during import of line 86" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
<TCPService id="id33" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 88" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<ServiceGroup id="id43" name="TCP" comment="" ro="False">
<TCPService id="id44" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 23:23" comment="Created during import of line 99" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
<TCPService id="id45" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 101" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
</ServiceGroup>
<ServiceGroup id="id34" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id35" name="Users" comment="" ro="False"/>
<ServiceGroup id="id36" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id37" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id46" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id47" name="Users" comment="" ro="False"/>
<ServiceGroup id="id48" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id49" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id38" name="Firewalls" comment="" ro="False">
<Firewall id="id39" host_OS="pix_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pix" version="8.0" name="pixfirewall" comment="Created during import of line 5" ro="False">
<NAT id="id271" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<ObjectGroup id="id50" name="Firewalls" comment="" ro="False">
<Firewall id="id51" host_OS="pix_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pix" version="8.0" name="pixfirewall" comment="Created during import of line 5" ro="False">
<NAT id="id283" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id41" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id43" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Imported from telnet_commands_inside&#10;Created during import of line 86">
<Policy id="id53" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id55" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Imported from telnet_commands_inside&#10;Created during import of line 99">
<Src neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id27"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id32"/>
<ServiceRef ref="id44"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -503,18 +519,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id55" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of line 88">
<PolicyRule id="id67" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of line 101">
<Src neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id27"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id33"/>
<ServiceRef ref="id45"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -523,18 +539,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id67" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 59">
<PolicyRule id="id79" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 72">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id23"/>
<ServiceRef ref="id35"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id278"/>
<ObjectRef ref="id290"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -543,18 +559,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id79" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 60">
<PolicyRule id="id91" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 73">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id24"/>
<ServiceRef ref="id36"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id278"/>
<ObjectRef ref="id290"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -563,18 +579,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id91" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 61">
<PolicyRule id="id103" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 74">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id25"/>
<ServiceRef ref="id37"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id278"/>
<ObjectRef ref="id290"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -583,18 +599,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id103" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 62">
<PolicyRule id="id115" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 75">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id26"/>
<ServiceRef ref="id38"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id278"/>
<ObjectRef ref="id290"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -603,18 +619,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id115" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 63">
<PolicyRule id="id127" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 76">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id27"/>
<ServiceRef ref="id39"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id278"/>
<ObjectRef ref="id290"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -623,18 +639,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id127" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 64">
<PolicyRule id="id139" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of line 77">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id28"/>
<ServiceRef ref="id40"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id278"/>
<ObjectRef ref="id290"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -643,18 +659,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id139" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 65">
<PolicyRule id="id151" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 78">
<Src neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id4"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id25"/>
<ServiceRef ref="id37"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -663,18 +679,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id151" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 66">
<PolicyRule id="id163" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 79">
<Src neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id4"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id26"/>
<ServiceRef ref="id38"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -683,18 +699,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id163" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 67">
<PolicyRule id="id175" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 80">
<Src neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id4"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id27"/>
<ServiceRef ref="id39"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -703,18 +719,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id175" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 68">
<PolicyRule id="id187" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 81">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id23"/>
<ServiceRef ref="id35"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -723,18 +739,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id187" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 69">
<PolicyRule id="id199" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 82">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id25"/>
<ServiceRef ref="id37"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -743,18 +759,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id199" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 70">
<PolicyRule id="id211" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 83">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id26"/>
<ServiceRef ref="id38"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -763,18 +779,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id211" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 71">
<PolicyRule id="id223" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 84">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id27"/>
<ServiceRef ref="id39"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -783,18 +799,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id223" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 72">
<PolicyRule id="id235" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 85">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id28"/>
<ServiceRef ref="id40"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -803,18 +819,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id235" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 73">
<PolicyRule id="id247" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of line 86">
<Src neg="False">
<ObjectRef ref="id18"/>
<ObjectRef ref="id30"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id39"/>
<ObjectRef ref="id51"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id28"/>
<ServiceRef ref="id40"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -823,18 +839,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id247" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 50">
<PolicyRule id="id259" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 63">
<Src neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id27"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id30"/>
<ServiceRef ref="id42"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -843,7 +859,7 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id259" disabled="False" group="" log="True" position="18" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 51">
<PolicyRule id="id271" disabled="False" group="" log="True" position="18" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 64">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -851,10 +867,10 @@
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id30"/>
<ServiceRef ref="id42"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id275"/>
<ObjectRef ref="id287"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -866,15 +882,15 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id273" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<Routing id="id285" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id275" dedicated_failover="False" dyn="False" label="inside" security_level="100" unnum="False" unprotected="False" name="Ethernet0" comment="Created during import of line 11" ro="False">
<IPv4 id="id276" name="pixfirewall:Ethernet0:ip" comment="Created during import of line 13" ro="False" address="192.168.2.221" netmask="255.255.255.0"/>
<Interface id="id287" dedicated_failover="False" dyn="False" label="inside" security_level="100" unnum="False" unprotected="False" name="Ethernet0" comment="Created during import of line 12" ro="False">
<IPv4 id="id288" name="pixfirewall:Ethernet0:ip" comment="Created during import of line 14" ro="False" address="192.168.2.221" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id278" dedicated_failover="False" dyn="False" label="outside" security_level="0" unnum="False" unprotected="False" name="Ethernet1" comment="Created during import of line 16" ro="False">
<IPv4 id="id279" name="pixfirewall:Ethernet1:ip" comment="Created during import of line 18" ro="False" address="192.0.2.221" netmask="255.255.255.0"/>
<Interface id="id290" dedicated_failover="False" dyn="False" label="outside" security_level="0" unnum="False" unprotected="False" name="Ethernet1" comment="Created during import of line 17" ro="False">
<IPv4 id="id291" name="pixfirewall:Ethernet1:ip" comment="Created during import of line 19" ro="False" address="192.0.2.221" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<FirewallOptions>
@ -895,7 +911,7 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id281" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id282" name="Time" comment="" ro="False"/>
<ObjectGroup id="id293" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id294" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

104
src/unit_tests/PIXImporterTest/test_data/asa8.0-names.output
View File

@ -1,55 +1,59 @@
3: Version: 8.0
5: Host name: pixfirewall
11: New interface: Ethernet0
11: Interface parameters: inside
11: Interface label: inside
13: Interface address: 192.168.2.221/255.255.255.0
16: New interface: Ethernet1
16: Interface parameters: outside
16: Interface label: outside
18: Interface address: 192.0.2.221/255.255.255.0
21: New interface: Ethernet2
12: New interface: Ethernet0
12: Interface parameters: inside
12: Interface label: inside
14: Interface address: 192.168.2.221/255.255.255.0
17: New interface: Ethernet1
17: Interface parameters: outside
17: Interface label: outside
19: Interface address: 192.0.2.221/255.255.255.0
22: New interface: Ethernet2
Warning: interface Ethernet2 was not imported because it is in "shutdown" mode
27: New interface: Ethernet3
28: New interface: Ethernet3
Warning: interface Ethernet3 was not imported because it is in "shutdown" mode
33: New interface: Ethernet4
34: New interface: Ethernet4
Warning: interface Ethernet4 was not imported because it is in "shutdown" mode
41: Object Group (network) net-1
44: Object Group (network) net-2
50: filtering rule: access list inside_in, action permit
51: filtering rule: access list inside_in, action deny
53: Interface Ethernet0 ruleset inside_in direction 'in'
59: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
59: filtering rule: access list icmp_commands_outside, action permit
60: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
60: filtering rule: access list icmp_commands_outside, action permit
61: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
61: filtering rule: access list icmp_commands_outside, action permit
62: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
62: filtering rule: access list icmp_commands_outside, action permit
63: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
63: filtering rule: access list icmp_commands_outside, action permit
64: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
64: filtering rule: access list icmp_commands_outside, action permit
65: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
65: filtering rule: access list icmp_commands_inside, action permit
66: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
66: filtering rule: access list icmp_commands_inside, action permit
67: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
67: filtering rule: access list icmp_commands_inside, action permit
68: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
68: filtering rule: access list icmp_commands_inside, action permit
69: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
69: filtering rule: access list icmp_commands_inside, action permit
70: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
70: filtering rule: access list icmp_commands_inside, action permit
71: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
71: filtering rule: access list icmp_commands_inside, action permit
72: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
72: filtering rule: access list icmp_commands_inside, action permit
73: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
73: filtering rule: access list icmp_commands_inside, action permit
86: Interface Ethernet0 ruleset telnet_commands_inside direction 'in'
86: filtering rule: access list telnet_commands_inside, action permit
88: Interface Ethernet0 ruleset ssh_commands_inside direction 'in'
88: filtering rule: access list ssh_commands_inside, action permit
42: Object Group (network) net_1_group
45: Object Group (network) another_group_net_1
48: Object Group (network) host_net_1
51: Object Group (network) host_net_2
54: Object Group (network) net-1
57: Object Group (network) net-2
63: filtering rule: access list inside_in, action permit
64: filtering rule: access list inside_in, action deny
66: Interface Ethernet0 ruleset inside_in direction 'in'
72: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
72: filtering rule: access list icmp_commands_outside, action permit
73: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
73: filtering rule: access list icmp_commands_outside, action permit
74: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
74: filtering rule: access list icmp_commands_outside, action permit
75: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
75: filtering rule: access list icmp_commands_outside, action permit
76: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
76: filtering rule: access list icmp_commands_outside, action permit
77: Interface Ethernet1 ruleset icmp_commands_outside direction 'in'
77: filtering rule: access list icmp_commands_outside, action permit
78: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
78: filtering rule: access list icmp_commands_inside, action permit
79: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
79: filtering rule: access list icmp_commands_inside, action permit
80: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
80: filtering rule: access list icmp_commands_inside, action permit
81: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
81: filtering rule: access list icmp_commands_inside, action permit
82: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
82: filtering rule: access list icmp_commands_inside, action permit
83: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
83: filtering rule: access list icmp_commands_inside, action permit
84: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
84: filtering rule: access list icmp_commands_inside, action permit
85: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
85: filtering rule: access list icmp_commands_inside, action permit
86: Interface Ethernet0 ruleset icmp_commands_inside direction 'in'
86: filtering rule: access list icmp_commands_inside, action permit
99: Interface Ethernet0 ruleset telnet_commands_inside direction 'in'
99: filtering rule: access list telnet_commands_inside, action permit
101: Interface Ethernet0 ruleset ssh_commands_inside direction 'in'
101: filtering rule: access list ssh_commands_inside, action permit

13
src/unit_tests/PIXImporterTest/test_data/asa8.0-names.test
View File

@ -7,6 +7,7 @@ enable password XXXXXXXXXXXXXXXX encrypted
names
name 192.168.2.0 inside_network
name 192.168.2.221 inside_ip
name 192.168.2.240 net_1
!
interface Ethernet0
nameif inside
@ -38,6 +39,18 @@ interface Ethernet4
!
passwd YYYYYYYYYYYYYYYY encrypted
ftp mode passive
object-group network net_1_group
network-object net_1 255.255.255.240
network-object 192.168.2.0 255.255.255.0
object-group network another_group_net_1
network-object net_1 255.255.255.240
network-object 192.168.3.0 255.255.255.0
object-group network host_net_1
network-object host net_1
! whitespace after net_1
object-group network host_net_2
network-object host net_1
object-group network net-1
description single network object-group
network-object inside_network 255.255.255.0