From a268a91f7b0929c7c989ec8efc1289174d10a343 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Mon, 7 Mar 2011 18:21:04 -0800 Subject: [PATCH 01/14] * IPTImporter.cpp (pushNATRule): see #2196 "iptables nat rules with target REDIRECT not imported". Iptables NAT rules with target REDIRECT where not imported correctly. * IPTImporter.cpp (pushNATRule): see #2190 "support for import of branches in NAT rules for iptables". Implemented import of NAT rules in user-defined chains for iptables, these translate into branching NAT rules in fwbuilder. --- doc/ChangeLog | 11 + src/libgui/IOSImporter.h | 2 + src/libgui/IPTImporter.cpp | 209 ++++++++++---- src/libgui/IPTImporter.h | 14 +- src/libgui/Importer.cpp | 20 +- src/libgui/Importer.h | 6 +- src/parsers/IOSCfgLexer.cpp | 10 +- src/parsers/IOSCfgParser.cpp | 207 +++++++------- src/parsers/IPTCfgLexer.cpp | 18 +- src/parsers/IPTCfgParser.cpp | 509 ++++++++++++++++++----------------- src/parsers/PIXCfgLexer.cpp | 10 +- src/parsers/PIXCfgParser.cpp | 201 +++++++------- src/parsers/iosacl.g | 5 +- src/parsers/iptables.g | 5 +- src/parsers/pix.g | 5 +- 15 files changed, 689 insertions(+), 543 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index ac98b289f..e83539fe2 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,14 @@ +2011-03-07 vadim + + * IPTImporter.cpp (pushNATRule): see #2196 "iptables nat rules + with target REDIRECT not imported". Iptables NAT rules with target + REDIRECT where not imported correctly. + + * IPTImporter.cpp (pushNATRule): see #2190 "support for import of + branches in NAT rules for iptables". Implemented import of NAT + rules in user-defined chains for iptables, these translate into + branching NAT rules in fwbuilder. + 2011-03-06 vadim * Importer.cpp (ignoreCurrentInterface): see #2152 "ASA Import - diff --git a/src/libgui/IOSImporter.h b/src/libgui/IOSImporter.h index 33e3ccbed..f59364337 100644 --- a/src/libgui/IOSImporter.h +++ b/src/libgui/IOSImporter.h @@ -37,6 +37,8 @@ #include "fwbuilder/libfwbuilder-config.h" #include "fwbuilder/Logger.h" +#include "fwbuilder/Policy.h" + class IOSImporter : public Importer { diff --git a/src/libgui/IPTImporter.cpp b/src/libgui/IPTImporter.cpp index f22588f02..21d4243f8 100644 --- a/src/libgui/IPTImporter.cpp +++ b/src/libgui/IPTImporter.cpp @@ -551,8 +551,8 @@ void IPTImporter::processModuleMatches() string branch_chain = str.str(); branch_depth++; - PolicyRule *new_rule = createBranch(rule, branch_chain, - true, true); + PolicyRule *new_rule = createPolicyBranch(rule, branch_chain, + true, true); addAllModuleMatches(new_rule); } @@ -644,14 +644,13 @@ void IPTImporter::addRecentMatch(PolicyRule *rule) * and other attributes. The original rule's action changes however * and becomes "Branch". */ -PolicyRule* IPTImporter::createBranch(PolicyRule *rule, - const std::string &branch_ruleset_name, - bool clear_rule_elements, - bool make_stateless) +PolicyRule* IPTImporter::createPolicyBranch( + PolicyRule *rule, const std::string &branch_ruleset_name, + bool clear_rule_elements, bool make_stateless) { UnidirectionalRuleSet *rs = branch_rulesets[branch_ruleset_name]; if (rs==NULL) - rs = getUnidirRuleSet(branch_ruleset_name); + rs = getUnidirRuleSet(branch_ruleset_name, Policy::TYPENAME); branch_rulesets[branch_ruleset_name] = rs; rs->ruleset->setName(branch_ruleset_name); @@ -694,6 +693,54 @@ PolicyRule* IPTImporter::createBranch(PolicyRule *rule, return new_rule; } +NATRule* IPTImporter::createNATBranch( + NATRule *rule, const std::string &branch_ruleset_name, + bool clear_rule_elements) +{ + UnidirectionalRuleSet *rs = branch_rulesets[branch_ruleset_name]; + if (rs==NULL) + rs = getUnidirRuleSet(branch_ruleset_name, NAT::TYPENAME); + branch_rulesets[branch_ruleset_name] = rs; + rs->ruleset->setName(branch_ruleset_name); + + FWObjectDatabase *dbroot = getFirewallObject()->getRoot(); + NATRule *new_rule = NATRule::cast(dbroot->create(NATRule::TYPENAME)); + rs->ruleset->add(new_rule); + + new_rule->duplicate(rule); + + rule->setRuleType(NATRule::NATBranch); + rule->setBranch(rs->ruleset); + + if (rule->getParent() != NULL) + { + ostringstream str1; + str1 << "Called from ruleset " << rule->getParent()->getName() + << ", rule " << rule->getPosition(); + new_rule->setComment(str1.str()); + } + + if (clear_rule_elements) + { + RuleElement* re; + re = new_rule->getOSrc(); re->reset(); + re = new_rule->getODst(); re->reset(); + re = new_rule->getOSrv(); re->reset(); + + re = new_rule->getTSrc(); re->reset(); + re = new_rule->getTDst(); re->reset(); + re = new_rule->getTSrv(); re->reset(); + + re = new_rule->getItfInb(); re->reset(); + re = new_rule->getItfOutb(); re->reset(); + } + + QString l("Created branch %1\n"); + *Importer::logger << l.arg(branch_ruleset_name.c_str()).toUtf8().constData(); + + return new_rule; +} + void IPTImporter::pushRule() { @@ -893,7 +940,7 @@ void IPTImporter::pushPolicyRule() action = PolicyRule::Branch; UnidirectionalRuleSet *rs = branch_rulesets[branch_ruleset_name]; if (rs==NULL) - rs = getUnidirRuleSet(branch_ruleset_name); + rs = getUnidirRuleSet(branch_ruleset_name, Policy::TYPENAME); branch_rulesets[branch_ruleset_name] = rs; @@ -949,10 +996,10 @@ void IPTImporter::pushPolicyRule() aux_branch_number++; string branch_ruleset_name = str.str(); - // two boolean args of createBranch() clear all rule elements + // two boolean args of createPolicyBranch() clear all rule elements // of the rule in the branch rule set and make it stateless - PolicyRule *new_rule = createBranch(rule, branch_ruleset_name, - true, true); + PolicyRule *new_rule = createPolicyBranch(rule, branch_ruleset_name, + true, true); new_rule->setDirection(PolicyRule::Both); RuleElement* re = new_rule->getSrv(); @@ -1049,7 +1096,7 @@ void IPTImporter::pushPolicyRule() ruleset->add(current_rule); } else { - UnidirectionalRuleSet *rs = getUnidirRuleSet(current_chain); + UnidirectionalRuleSet *rs = getUnidirRuleSet(current_chain, Policy::TYPENAME); assert(rs!=NULL); rs->ruleset->add(current_rule); ruleset = rs->ruleset; @@ -1076,9 +1123,9 @@ void IPTImporter::pushPolicyRule() // note that this new rule only matches interface and // direction, everything else has been matched by the main // rule. There is no need for the rule in the branch to be stateful - // (that is what the last bool argument for createBranch() is for) - PolicyRule *new_rule = createBranch(rule, branch_ruleset_name, - true, true); + // (that is what the last bool argument for createPolicyBranch() is for) + PolicyRule *new_rule = createPolicyBranch(rule, branch_ruleset_name, + true, true); // Important: at this point we have assembled the // current_rule completely. This means all rule elements, @@ -1113,9 +1160,6 @@ void IPTImporter::pushPolicyRule() .arg(getCurrentLineNumber()) .arg(branch_ruleset_name.c_str()).arg(interfaces) .toUtf8().constData(); - - // markCurrentRuleBad( - // std::string("Can not set inbound and outbound interface simultaneously. Was: -i ") + i_intf + " -o " + o_intf); } else { if ( !i_intf.empty()) @@ -1143,13 +1187,6 @@ void IPTImporter::pushPolicyRule() } -// *Importer::logger << "Rule: " << rule->getActionAsString() << " " -// << "protocol=" << protocol << " " -// << "src=" << src_a << "/" << src_nm << " "; -// if (dst_a!="") -// *Importer::logger << "dst=" << dst_a << "/" << dst_nm << " "; -// *Importer::logger << "\n"; - current_rule = NULL; rule_comment = ""; @@ -1176,13 +1213,17 @@ void IPTImporter::pushNATRule() if (dst_nm.empty()) dst_nm = InetAddr::getAllOnes().toString(); if (nat_nm.empty()) nat_nm = InetAddr::getAllOnes().toString(); + NATRule::NATRuleTypes rule_type = NATRule::Unknown; + if (target=="ACCEPT") { - rule->setRuleType(NATRule::NONAT); + rule_type = NATRule::NONAT; } + if (target=="MASQUERADE") { - rule->setRuleType(NATRule::Masq); + rule_type = NATRule::Masq; + RuleElementTSrc *re = rule->getTSrc(); assert(re!=NULL); if ( !o_intf.empty() ) @@ -1195,9 +1236,11 @@ void IPTImporter::pushNATRule() re->addRef(getFirewallObject()); } } + if (target=="SNAT") { - rule->setRuleType(NATRule::SNAT); + rule_type = NATRule::SNAT; + FWObject *tsrc = NULL; if (nat_addr1!=nat_addr2) tsrc = createAddressRange(nat_addr1, nat_addr2); @@ -1232,7 +1275,8 @@ void IPTImporter::pushNATRule() if (target=="DNAT") { - rule->setRuleType(NATRule::DNAT); + rule_type = NATRule::DNAT; + FWObject *tdst = NULL; if (nat_addr1!=nat_addr2) tdst = createAddressRange(nat_addr1, nat_addr2); @@ -1263,12 +1307,43 @@ void IPTImporter::pushNATRule() itf_i_re->addRef(intf); } } + + if (target=="REDIRECT") + { + rule_type = NATRule::Redirect; + + RuleElementTDst *re = rule->getTDst(); + assert(re!=NULL); + re->addRef(getFirewallObject()); + + if (!nat_port_range_start.empty()) + { + str_tuple empty_range("0", "0"); + str_tuple nat_port_range(nat_port_range_start, nat_port_range_end); + FWObject *s = createTCPUDPService(empty_range, nat_port_range, + protocol); + RuleElementTSrv *re = rule->getTSrv(); + assert(re!=NULL); + re->addRef(s); + } + + if ( ! o_intf.empty()) + { + RuleElement *itf_o_re = rule->getItfOutb(); + assert(itf_o_re!=NULL); + newInterface(o_intf); + Interface *intf = all_interfaces[o_intf]; + itf_o_re->addRef(intf); + } + } + if (target=="NETMAP") { FWObject *o = NULL; if (!src_a.empty()) { - rule->setRuleType(NATRule::SNetnat); + rule_type = NATRule::SNetnat; + o = createAddress(src_a, src_nm); RuleElementOSrc *osrc = rule->getOSrc(); osrc->addRef(o); @@ -1277,9 +1352,11 @@ void IPTImporter::pushNATRule() o = createAddress(nat_addr1, nat_nm); tsrc->addRef(o); } + if (!dst_a.empty()) { - rule->setRuleType(NATRule::DNetnat); + rule_type = NATRule::DNetnat; + o = createAddress(dst_a, dst_nm); RuleElementOSrc *odst = rule->getOSrc(); odst->addRef(o); @@ -1290,12 +1367,58 @@ void IPTImporter::pushNATRule() } } + if (rule_type==NATRule::Unknown) + { + if (fwbdebug) + qDebug("Unknown target %s, creating branch", target.c_str()); + + // unknown target, consider it a branch + // + std::string branch_ruleset_name = target; + + rule_type = NATRule::NATBranch; + rule->setAction(NATRule::Branch); + + UnidirectionalRuleSet *rs = branch_rulesets[branch_ruleset_name]; + if (rs==NULL) + { + rs = getUnidirRuleSet(branch_ruleset_name, NAT::TYPENAME); + branch_rulesets[branch_ruleset_name] = rs; + } + + rs->ruleset->setName(target); + + rule->setBranch(rs->ruleset); + } + + rule->setRuleType(rule_type); + + // add rule to the right ruleset + RuleSet *ruleset = NULL; + std::string ruleset_name = ""; + if (isStandardChain(current_chain)) + { + ruleset = RuleSet::cast( + getFirewallObject()->getFirstByType(NAT::TYPENAME)); + assert(ruleset!=NULL); + ruleset->add(current_rule); + } else + { + UnidirectionalRuleSet *rs = getUnidirRuleSet(current_chain, NAT::TYPENAME); + assert(rs!=NULL); + rs->ruleset->add(current_rule); + ruleset = rs->ruleset; + } + + // renumber to clean-up rule positions + ruleset->renumberRules(); + current_rule->setComment(rule_comment); - RuleSet *nat = RuleSet::cast( - getFirewallObject()->getFirstByType(NAT::TYPENAME)); - assert( nat!=NULL ); - nat->add(current_rule); + // RuleSet *nat = RuleSet::cast( + // getFirewallObject()->getFirstByType(NAT::TYPENAME)); + // assert( nat!=NULL ); + // nat->add(current_rule); current_rule = NULL; rule_comment = ""; @@ -1449,7 +1572,7 @@ UnidirectionalRuleSet* IPTImporter::checkUnidirRuleSet( } UnidirectionalRuleSet* IPTImporter::getUnidirRuleSet( - const std::string &ruleset_name) + const std::string &ruleset_name, const string &ruleset_type_name) { string all_rulesets_index = current_table + "/" + ruleset_name; UnidirectionalRuleSet *rs = all_rulesets[all_rulesets_index]; @@ -1460,7 +1583,7 @@ UnidirectionalRuleSet* IPTImporter::getUnidirRuleSet( if (isStandardChain(ruleset_name)) { - if (current_table == "nat") + if (ruleset_type_name == NAT::TYPENAME) ruleset = RuleSet::cast( getFirewallObject()->getFirstByType(NAT::TYPENAME)); else @@ -1521,12 +1644,7 @@ UnidirectionalRuleSet* IPTImporter::getUnidirRuleSet( } else { - - if (current_table == "nat") - ruleset = RuleSet::cast(dbroot->create(NAT::TYPENAME)); - else - ruleset = RuleSet::cast(dbroot->create(Policy::TYPENAME)); - + ruleset = RuleSet::cast(dbroot->create(ruleset_type_name)); ruleset->setName(ruleset_name); getFirewallObject()->add(ruleset); } @@ -1540,9 +1658,10 @@ UnidirectionalRuleSet* IPTImporter::getUnidirRuleSet( return rs; } -void IPTImporter::newUnidirRuleSet(const std::string &chain_name) +void IPTImporter::newUnidirRuleSet(const string &chain_name, + const string &ruleset_type) { - current_ruleset = getUnidirRuleSet(chain_name); // creates if new + current_ruleset = getUnidirRuleSet(chain_name, ruleset_type); // creates if new QString l("Ruleset: %1 / %2\n"); *Importer::logger << l.arg(current_table.c_str()).arg(current_ruleset->name.c_str()) .toStdString(); diff --git a/src/libgui/IPTImporter.h b/src/libgui/IPTImporter.h index f569b26c4..1db0b0ae3 100644 --- a/src/libgui/IPTImporter.h +++ b/src/libgui/IPTImporter.h @@ -37,6 +37,8 @@ #include "fwbuilder/libfwbuilder-config.h" #include "fwbuilder/Logger.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/NAT.h" typedef std::pair str_tuple; @@ -75,10 +77,14 @@ class IPTImporter : public Importer void addRecentMatch(libfwbuilder::PolicyRule *rule); void addPktTypeMatch(libfwbuilder::PolicyRule *rule); - libfwbuilder::PolicyRule* createBranch( + libfwbuilder::PolicyRule* createPolicyBranch( libfwbuilder::PolicyRule *rule, const std::string &branch_name, bool clear_rule_elements, bool make_stateless); - + + libfwbuilder::NATRule* createNATBranch( + libfwbuilder::NATRule *rule, const std::string &branch_name, + bool clear_rule_elements); + public: int service_group_name_seed; @@ -161,12 +167,12 @@ class IPTImporter : public Importer virtual void pushRule(); virtual UnidirectionalRuleSet* getUnidirRuleSet( - const std::string &rsname); + const std::string &rsname, const std::string &ruleset_type_name); virtual UnidirectionalRuleSet* checkUnidirRuleSet( const std::string &rsname); - virtual void newUnidirRuleSet(const std::string &name); + virtual void newUnidirRuleSet(const std::string &name, const std::string &ruleset_type); // this method actually adds interfaces to the firewall object // and does final clean up. diff --git a/src/libgui/Importer.cpp b/src/libgui/Importer.cpp index 82c7d702b..b7abbd4d5 100644 --- a/src/libgui/Importer.cpp +++ b/src/libgui/Importer.cpp @@ -403,25 +403,19 @@ UnidirectionalRuleSet* Importer::checkUnidirRuleSet( return all_rulesets[ruleset_name]; } -UnidirectionalRuleSet* Importer::getUnidirRuleSet(const std::string &ruleset_name) +UnidirectionalRuleSet* Importer::getUnidirRuleSet( + const std::string &ruleset_name, const string &ruleset_type_name) { UnidirectionalRuleSet *rs = all_rulesets[ruleset_name]; if (rs==NULL) { // got 'ip access-group' command before the access list was defined - rs = new UnidirectionalRuleSet(); rs->name = ruleset_name; FWObjectDatabase *dbroot = getFirewallObject()->getRoot(); - if (ruleset_name == "nat") - rs->ruleset = RuleSet::cast(dbroot->create(NAT::TYPENAME)); - else - rs->ruleset = RuleSet::cast(dbroot->create(Policy::TYPENAME)); - + rs->ruleset = RuleSet::cast(dbroot->create(ruleset_type_name)); rs->ruleset->setName(ruleset_name); - all_rulesets[ruleset_name] = rs; - // add this ruleset to the firewall temporarily // because ruleset must belong to the tree somewhere in // order for other objects to be added properly. @@ -443,7 +437,8 @@ void Importer::setInterfaceAndDirectionForRuleSet(const std::string &ruleset_nam const std::string &_intf_name, const std::string &_dir) { - UnidirectionalRuleSet *rs = getUnidirRuleSet(ruleset_name); + UnidirectionalRuleSet *rs = getUnidirRuleSet(ruleset_name, Policy::TYPENAME); + std::string intf; if ( !_intf_name.empty()) intf = _intf_name; else intf = current_interface->getName(); @@ -466,9 +461,10 @@ void Importer::setInterfaceAndDirectionForRuleSet(const std::string &ruleset_nam *logger << str.str(); } -void Importer::newUnidirRuleSet(const std::string &ruleset_name) +void Importer::newUnidirRuleSet(const string &ruleset_name, + const string &ruleset_type) { - current_ruleset = getUnidirRuleSet(ruleset_name); // creates if new + current_ruleset = getUnidirRuleSet(ruleset_name, ruleset_type); // creates if new *logger << "Ruleset: " + ruleset_name + "\n"; } diff --git a/src/libgui/Importer.h b/src/libgui/Importer.h index e26223c70..1e1766d02 100644 --- a/src/libgui/Importer.h +++ b/src/libgui/Importer.h @@ -156,7 +156,8 @@ protected: // finds and rturns pointer to ruleset "rsname". If it does not // exists, it is created - virtual UnidirectionalRuleSet* getUnidirRuleSet(const std::string &rsname); + virtual UnidirectionalRuleSet* getUnidirRuleSet( + const std::string &ruleset_name, const std::string &ruleset_type_name); virtual libfwbuilder::FWObject* getCustomService(const std::string &platform, const std::string &code, @@ -300,7 +301,8 @@ public: * has interface association and direction that apply to all rules * in the set. */ - virtual void newUnidirRuleSet(const std::string &name); + virtual void newUnidirRuleSet(const std::string &name, + const std::string &ruleset_type); /** * Sets default action for the current rule set. diff --git a/src/parsers/IOSCfgLexer.cpp b/src/parsers/IOSCfgLexer.cpp index 9841ce68a..23c1661b2 100644 --- a/src/parsers/IOSCfgLexer.cpp +++ b/src/parsers/IOSCfgLexer.cpp @@ -432,7 +432,7 @@ void IOSCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 702 "iosacl.g" +#line 703 "iosacl.g" newline(); #line 438 "IOSCfgLexer.cpp" } @@ -513,7 +513,7 @@ void IOSCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 697 "iosacl.g" +#line 698 "iosacl.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; #line 519 "IOSCfgLexer.cpp" } @@ -749,7 +749,7 @@ void IOSCfgLexer::mNUMBER(bool _createToken) { } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 722 "iosacl.g" +#line 723 "iosacl.g" _ttype = IPV4; #line 755 "IOSCfgLexer.cpp" } @@ -852,7 +852,7 @@ void IOSCfgLexer::mNUMBER(bool _createToken) { } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 728 "iosacl.g" +#line 729 "iosacl.g" _ttype = HEX_CONST; #line 858 "IOSCfgLexer.cpp" } @@ -873,7 +873,7 @@ void IOSCfgLexer::mNUMBER(bool _createToken) { _loop124:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 726 "iosacl.g" +#line 727 "iosacl.g" _ttype = INT_CONST; #line 879 "IOSCfgLexer.cpp" } diff --git a/src/parsers/IOSCfgParser.cpp b/src/parsers/IOSCfgParser.cpp index ded8ba8f4..f3356d478 100644 --- a/src/parsers/IOSCfgParser.cpp +++ b/src/parsers/IOSCfgParser.cpp @@ -283,7 +283,7 @@ void IOSCfgParser::intrface() { in = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 484 "iosacl.g" +#line 485 "iosacl.g" importer->newInterface( in->getText() ); *dbg << in->getLine() << ":" @@ -308,7 +308,7 @@ void IOSCfgParser::controller() { try { // for error handling match(CONTROLLER); if ( inputState->guessing==0 ) { -#line 475 "iosacl.g" +#line 476 "iosacl.g" importer->clearCurrentInterface(); consumeUntil(NEWLINE); @@ -349,7 +349,7 @@ void IOSCfgParser::vlan() { } } if ( inputState->guessing==0 ) { -#line 466 "iosacl.g" +#line 467 "iosacl.g" importer->clearCurrentInterface(); consumeUntil(NEWLINE); @@ -377,11 +377,12 @@ void IOSCfgParser::access_list_commands() { if ( inputState->guessing==0 ) { #line 176 "iosacl.g" - importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText() ); + importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText(), + libfwbuilder::Policy::TYPENAME); *dbg << acl_num->getLine() << ":" << " ACL #" << acl_num->getText() << " "; -#line 385 "IOSCfgParser.cpp" +#line 386 "IOSCfgParser.cpp" } { if ((LA(1) == PERMIT) && (LA(2) == IPV4 || LA(2) == ANY)) { @@ -435,7 +436,7 @@ void IOSCfgParser::description() { try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 495 "iosacl.g" +#line 496 "iosacl.g" *dbg << LT(1)->getLine() << ":"; std::string descr; @@ -448,7 +449,7 @@ void IOSCfgParser::description() { *dbg << " DESCRIPTION " << descr << std::endl; //consumeUntil(NEWLINE); -#line 452 "IOSCfgParser.cpp" +#line 453 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -466,12 +467,12 @@ void IOSCfgParser::shutdown() { try { // for error handling match(SHUTDOWN); if ( inputState->guessing==0 ) { -#line 528 "iosacl.g" +#line 529 "iosacl.g" *dbg<< LT(1)->getLine() << ":" << " INTERFACE SHUTDOWN " << std::endl; -#line 475 "IOSCfgParser.cpp" +#line 476 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -495,7 +496,7 @@ void IOSCfgParser::certificate() { consumeUntil(NEWLINE); consumeUntil(QUIT); -#line 499 "IOSCfgParser.cpp" +#line 500 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -517,7 +518,7 @@ void IOSCfgParser::quit() { consumeUntil(NEWLINE); -#line 521 "IOSCfgParser.cpp" +#line 522 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -539,7 +540,7 @@ void IOSCfgParser::unknown_command() { consumeUntil(NEWLINE); -#line 543 "IOSCfgParser.cpp" +#line 544 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -561,13 +562,13 @@ void IOSCfgParser::ip_access_list_ext() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 197 "iosacl.g" +#line 198 "iosacl.g" - importer->newUnidirRuleSet( name->getText() ); + importer->newUnidirRuleSet( name->getText(), libfwbuilder::Policy::TYPENAME ); *dbg << name->getLine() << ":" << " ACL ext " << name->getText() << std::endl; -#line 571 "IOSCfgParser.cpp" +#line 572 "IOSCfgParser.cpp" } match(NEWLINE); { // ( ... )+ @@ -605,12 +606,12 @@ void IOSCfgParser::ip_access_list_ext() { _loop17:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 214 "iosacl.g" +#line 215 "iosacl.g" *dbg << LT(0)->getLine() << ":" << " ACL end" << std::endl << std::endl; -#line 614 "IOSCfgParser.cpp" +#line 615 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -662,7 +663,7 @@ void IOSCfgParser::community_list_command() { consumeUntil(NEWLINE); -#line 666 "IOSCfgParser.cpp" +#line 667 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -680,23 +681,23 @@ void IOSCfgParser::permit_std() { try { // for error handling match(PERMIT); if ( inputState->guessing==0 ) { -#line 249 "iosacl.g" +#line 250 "iosacl.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 691 "IOSCfgParser.cpp" +#line 692 "IOSCfgParser.cpp" } rule_std(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 256 "iosacl.g" +#line 257 "iosacl.g" importer->pushRule(); -#line 700 "IOSCfgParser.cpp" +#line 701 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -714,23 +715,23 @@ void IOSCfgParser::deny_std() { try { // for error handling match(DENY); if ( inputState->guessing==0 ) { -#line 262 "iosacl.g" +#line 263 "iosacl.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 725 "IOSCfgParser.cpp" +#line 726 "IOSCfgParser.cpp" } rule_std(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 269 "iosacl.g" +#line 270 "iosacl.g" importer->pushRule(); -#line 734 "IOSCfgParser.cpp" +#line 735 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -748,23 +749,23 @@ void IOSCfgParser::permit_ext() { try { // for error handling match(PERMIT); if ( inputState->guessing==0 ) { -#line 222 "iosacl.g" +#line 223 "iosacl.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 759 "IOSCfgParser.cpp" +#line 760 "IOSCfgParser.cpp" } rule_ext(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 229 "iosacl.g" +#line 230 "iosacl.g" importer->pushRule(); -#line 768 "IOSCfgParser.cpp" +#line 769 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -782,23 +783,23 @@ void IOSCfgParser::deny_ext() { try { // for error handling match(DENY); if ( inputState->guessing==0 ) { -#line 235 "iosacl.g" +#line 236 "iosacl.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 793 "IOSCfgParser.cpp" +#line 794 "IOSCfgParser.cpp" } rule_ext(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 242 "iosacl.g" +#line 243 "iosacl.g" importer->pushRule(); -#line 802 "IOSCfgParser.cpp" +#line 803 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -816,7 +817,7 @@ void IOSCfgParser::remark() { try { // for error handling match(REMARK); if ( inputState->guessing==0 ) { -#line 513 "iosacl.g" +#line 514 "iosacl.g" *dbg << LT(1)->getLine() << ":"; std::string rem; @@ -829,7 +830,7 @@ void IOSCfgParser::remark() { *dbg << " REMARK " << rem << std::endl; //consumeUntil(NEWLINE); -#line 833 "IOSCfgParser.cpp" +#line 834 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -853,15 +854,15 @@ void IOSCfgParser::rule_ext() { ip_protocols(); hostaddr_ext(); if ( inputState->guessing==0 ) { -#line 279 "iosacl.g" +#line 280 "iosacl.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 859 "IOSCfgParser.cpp" +#line 860 "IOSCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { -#line 280 "iosacl.g" +#line 281 "iosacl.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 865 "IOSCfgParser.cpp" +#line 866 "IOSCfgParser.cpp" } { switch ( LA(1)) { @@ -926,24 +927,24 @@ void IOSCfgParser::rule_ext() { { match(ICMP); if ( inputState->guessing==0 ) { -#line 286 "iosacl.g" +#line 287 "iosacl.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 935 "IOSCfgParser.cpp" - } - hostaddr_ext(); - if ( inputState->guessing==0 ) { -#line 290 "iosacl.g" - importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 941 "IOSCfgParser.cpp" +#line 936 "IOSCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { #line 291 "iosacl.g" + importer->SaveTmpAddrToSrc(); *dbg << "(src) "; +#line 942 "IOSCfgParser.cpp" + } + hostaddr_ext(); + if ( inputState->guessing==0 ) { +#line 292 "iosacl.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 947 "IOSCfgParser.cpp" +#line 948 "IOSCfgParser.cpp" } { switch ( LA(1)) { @@ -1048,18 +1049,18 @@ void IOSCfgParser::rule_ext() { } } if ( inputState->guessing==0 ) { -#line 298 "iosacl.g" +#line 299 "iosacl.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 1057 "IOSCfgParser.cpp" +#line 1058 "IOSCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { -#line 302 "iosacl.g" +#line 303 "iosacl.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 1063 "IOSCfgParser.cpp" +#line 1064 "IOSCfgParser.cpp" } { switch ( LA(1)) { @@ -1071,9 +1072,9 @@ void IOSCfgParser::rule_ext() { { xoperator(); if ( inputState->guessing==0 ) { -#line 303 "iosacl.g" +#line 304 "iosacl.g" importer->SaveTmpPortToSrc(); -#line 1077 "IOSCfgParser.cpp" +#line 1078 "IOSCfgParser.cpp" } break; } @@ -1091,9 +1092,9 @@ void IOSCfgParser::rule_ext() { } hostaddr_ext(); if ( inputState->guessing==0 ) { -#line 304 "iosacl.g" +#line 305 "iosacl.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 1097 "IOSCfgParser.cpp" +#line 1098 "IOSCfgParser.cpp" } { switch ( LA(1)) { @@ -1105,9 +1106,9 @@ void IOSCfgParser::rule_ext() { { xoperator(); if ( inputState->guessing==0 ) { -#line 305 "iosacl.g" +#line 306 "iosacl.g" importer->SaveTmpPortToDst(); -#line 1111 "IOSCfgParser.cpp" +#line 1112 "IOSCfgParser.cpp" } break; } @@ -1213,11 +1214,11 @@ void IOSCfgParser::rule_ext() { } } if ( inputState->guessing==0 ) { -#line 311 "iosacl.g" +#line 312 "iosacl.g" *dbg << std::endl; -#line 1221 "IOSCfgParser.cpp" +#line 1222 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1236,9 +1237,9 @@ void IOSCfgParser::rule_std() { { hostaddr_std(); if ( inputState->guessing==0 ) { -#line 319 "iosacl.g" +#line 320 "iosacl.g" importer->SaveTmpAddrToSrc(); *dbg << "(std) "; -#line 1242 "IOSCfgParser.cpp" +#line 1243 "IOSCfgParser.cpp" } { switch ( LA(1)) { @@ -1260,11 +1261,11 @@ void IOSCfgParser::rule_std() { } } if ( inputState->guessing==0 ) { -#line 322 "iosacl.g" +#line 323 "iosacl.g" *dbg << std::endl; -#line 1268 "IOSCfgParser.cpp" +#line 1269 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1299,12 +1300,12 @@ void IOSCfgParser::ip_protocols() { } } if ( inputState->guessing==0 ) { -#line 330 "iosacl.g" +#line 331 "iosacl.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 1308 "IOSCfgParser.cpp" +#line 1309 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1332,13 +1333,13 @@ void IOSCfgParser::hostaddr_ext() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 382 "iosacl.g" +#line 383 "iosacl.g" importer->tmp_a = h->getText(); importer->tmp_nm = "0.0.0.0"; *dbg << h->getText() << "/0.0.0.0"; -#line 1342 "IOSCfgParser.cpp" +#line 1343 "IOSCfgParser.cpp" } break; } @@ -1351,13 +1352,13 @@ void IOSCfgParser::hostaddr_ext() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 389 "iosacl.g" +#line 390 "iosacl.g" importer->tmp_a = a->getText(); importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); -#line 1361 "IOSCfgParser.cpp" +#line 1362 "IOSCfgParser.cpp" } break; } @@ -1365,13 +1366,13 @@ void IOSCfgParser::hostaddr_ext() { { match(ANY); if ( inputState->guessing==0 ) { -#line 396 "iosacl.g" +#line 397 "iosacl.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; *dbg << "0.0.0.0/0.0.0.0"; -#line 1375 "IOSCfgParser.cpp" +#line 1376 "IOSCfgParser.cpp" } break; } @@ -1399,12 +1400,12 @@ void IOSCfgParser::time_range() { tr_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 448 "iosacl.g" +#line 449 "iosacl.g" importer->time_range_name = tr_name->getText(); *dbg << "time_range " << tr_name->getText() << " "; -#line 1408 "IOSCfgParser.cpp" +#line 1409 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1422,12 +1423,12 @@ void IOSCfgParser::fragments() { try { // for error handling match(FRAGMENTS); if ( inputState->guessing==0 ) { -#line 441 "iosacl.g" +#line 442 "iosacl.g" importer->fragments = true; *dbg << "fragments "; -#line 1431 "IOSCfgParser.cpp" +#line 1432 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1462,12 +1463,12 @@ void IOSCfgParser::log() { } } if ( inputState->guessing==0 ) { -#line 427 "iosacl.g" +#line 428 "iosacl.g" importer->logging = true; *dbg << "logging "; -#line 1471 "IOSCfgParser.cpp" +#line 1472 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1497,7 +1498,7 @@ void IOSCfgParser::icmp_spec() { match(INT_CONST); } if ( inputState->guessing==0 ) { -#line 338 "iosacl.g" +#line 339 "iosacl.g" importer->icmp_type = icmp_type->getText(); importer->icmp_code = icmp_code->getText(); @@ -1505,7 +1506,7 @@ void IOSCfgParser::icmp_spec() { *dbg << icmp_type->getText() << " " << icmp_code->getText() << " "; -#line 1509 "IOSCfgParser.cpp" +#line 1510 "IOSCfgParser.cpp" } break; } @@ -1514,12 +1515,12 @@ void IOSCfgParser::icmp_spec() { icmp_word = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 347 "iosacl.g" +#line 348 "iosacl.g" importer->icmp_spec = icmp_word->getText(); *dbg << icmp_word->getText() << " "; -#line 1523 "IOSCfgParser.cpp" +#line 1524 "IOSCfgParser.cpp" } break; } @@ -1578,12 +1579,12 @@ void IOSCfgParser::established() { try { // for error handling match(ESTABLISHED); if ( inputState->guessing==0 ) { -#line 434 "iosacl.g" +#line 435 "iosacl.g" importer->established = true; *dbg << "established "; -#line 1587 "IOSCfgParser.cpp" +#line 1588 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1608,13 +1609,13 @@ void IOSCfgParser::hostaddr_std() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 405 "iosacl.g" +#line 406 "iosacl.g" importer->tmp_a = h->getText(); importer->tmp_nm = "0.0.0.0"; *dbg << h->getText() << "/0.0.0.0"; -#line 1618 "IOSCfgParser.cpp" +#line 1619 "IOSCfgParser.cpp" } } else if ((LA(1) == IPV4) && (LA(2) == IPV4)) { @@ -1625,25 +1626,25 @@ void IOSCfgParser::hostaddr_std() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 412 "iosacl.g" +#line 413 "iosacl.g" importer->tmp_a = a->getText(); importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); -#line 1635 "IOSCfgParser.cpp" +#line 1636 "IOSCfgParser.cpp" } } else if ((LA(1) == ANY)) { match(ANY); if ( inputState->guessing==0 ) { -#line 419 "iosacl.g" +#line 420 "iosacl.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; *dbg << "0.0.0.0/0.0.0.0"; -#line 1647 "IOSCfgParser.cpp" +#line 1648 "IOSCfgParser.cpp" } } else { @@ -1693,12 +1694,12 @@ void IOSCfgParser::single_port_op() { } } if ( inputState->guessing==0 ) { -#line 358 "iosacl.g" +#line 359 "iosacl.g" importer->tmp_port_op = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 1702 "IOSCfgParser.cpp" +#line 1703 "IOSCfgParser.cpp" } port_spec(); } @@ -1717,12 +1718,12 @@ void IOSCfgParser::port_range() { try { // for error handling match(P_RANGE); if ( inputState->guessing==0 ) { -#line 366 "iosacl.g" +#line 367 "iosacl.g" importer->tmp_port_op = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 1726 "IOSCfgParser.cpp" +#line 1727 "IOSCfgParser.cpp" } port_spec(); port_spec(); @@ -1759,12 +1760,12 @@ void IOSCfgParser::port_spec() { } } if ( inputState->guessing==0 ) { -#line 374 "iosacl.g" +#line 375 "iosacl.g" importer->tmp_port_spec += (std::string(" ") + LT(0)->getText()); *dbg << LT(0)->getText() << " "; -#line 1768 "IOSCfgParser.cpp" +#line 1769 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1788,7 +1789,7 @@ void IOSCfgParser::access_group_by_name() { dir = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 554 "iosacl.g" +#line 555 "iosacl.g" importer->setInterfaceAndDirectionForRuleSet( acln->getText(), @@ -1798,7 +1799,7 @@ void IOSCfgParser::access_group_by_name() { << " INTRFACE: ACL '" << acln->getText() << "'" << " " << dir->getText() << std::endl; -#line 1802 "IOSCfgParser.cpp" +#line 1803 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1822,7 +1823,7 @@ void IOSCfgParser::access_group_by_number() { dir = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 569 "iosacl.g" +#line 570 "iosacl.g" importer->setInterfaceAndDirectionForRuleSet( std::string("acl_") + acln->getText(), @@ -1832,7 +1833,7 @@ void IOSCfgParser::access_group_by_number() { << " INTRFACE: ACL '" << acln->getText() << "'" << " " << dir->getText() << std::endl; -#line 1836 "IOSCfgParser.cpp" +#line 1837 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1875,7 +1876,7 @@ void IOSCfgParser::intf_address() { } } if ( inputState->guessing==0 ) { -#line 581 "iosacl.g" +#line 582 "iosacl.g" importer->addInterfaceAddress(a->getText(), m->getText()); *dbg << LT(1)->getLine() << ":" @@ -1887,7 +1888,7 @@ void IOSCfgParser::intf_address() { } *dbg << std::endl; -#line 1891 "IOSCfgParser.cpp" +#line 1892 "IOSCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { diff --git a/src/parsers/IPTCfgLexer.cpp b/src/parsers/IPTCfgLexer.cpp index 7b0d76e77..992aa9796 100644 --- a/src/parsers/IPTCfgLexer.cpp +++ b/src/parsers/IPTCfgLexer.cpp @@ -681,7 +681,7 @@ void IPTCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 1183 "iptables.g" +#line 1186 "iptables.g" newline(); resetText(); #line 687 "IPTCfgLexer.cpp" } @@ -762,7 +762,7 @@ void IPTCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 1181 "iptables.g" +#line 1184 "iptables.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; #line 768 "IPTCfgLexer.cpp" } @@ -1029,7 +1029,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) { match('.' /* charlit */ ); mNUM_3DIGIT(false); if ( inputState->guessing==0 ) { -#line 1246 "iptables.g" +#line 1249 "iptables.g" _ttype = IPV4; #line 1035 "IPTCfgLexer.cpp" } @@ -1055,7 +1055,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) { } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 1249 "iptables.g" +#line 1252 "iptables.g" _ttype = HEX_CONST; #line 1061 "IPTCfgLexer.cpp" } @@ -1076,7 +1076,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) { _loop198:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 1251 "iptables.g" +#line 1254 "iptables.g" _ttype = INT_CONST; #line 1082 "IPTCfgLexer.cpp" } @@ -1392,7 +1392,7 @@ void IPTCfgLexer::mRSOURCE(bool _createToken) { match("--rsource"); if ( inputState->guessing==0 ) { -#line 1275 "iptables.g" +#line 1278 "iptables.g" _ttype = UNSUPPORTED_OPTION; #line 1398 "IPTCfgLexer.cpp" } @@ -2055,7 +2055,7 @@ void IPTCfgLexer::mULOG_QTHR(bool _createToken) { match("--ulog-qthreshold"); if ( inputState->guessing==0 ) { -#line 1342 "iptables.g" +#line 1345 "iptables.g" _ttype = UNSUPPORTED_OPTION; #line 2061 "IPTCfgLexer.cpp" } @@ -2074,7 +2074,7 @@ void IPTCfgLexer::mULOG_NLG(bool _createToken) { match("--ulog-nlgroup"); if ( inputState->guessing==0 ) { -#line 1343 "iptables.g" +#line 1346 "iptables.g" _ttype = UNSUPPORTED_OPTION; #line 2080 "IPTCfgLexer.cpp" } @@ -2093,7 +2093,7 @@ void IPTCfgLexer::mULOG_CPR(bool _createToken) { match("--ulog-cprange"); if ( inputState->guessing==0 ) { -#line 1344 "iptables.g" +#line 1347 "iptables.g" _ttype = UNSUPPORTED_OPTION; #line 2099 "IPTCfgLexer.cpp" } diff --git a/src/parsers/IPTCfgParser.cpp b/src/parsers/IPTCfgParser.cpp index acd6521ec..b8d1d1550 100644 --- a/src/parsers/IPTCfgParser.cpp +++ b/src/parsers/IPTCfgParser.cpp @@ -172,10 +172,13 @@ void IPTCfgParser::create_chain() { if ( inputState->guessing==0 ) { #line 160 "iptables.g" - importer->newUnidirRuleSet(LT(0)->getText()); + if (importer->current_table=="nat") + importer->newUnidirRuleSet(LT(0)->getText(), libfwbuilder::NAT::TYPENAME); + else + importer->newUnidirRuleSet(LT(0)->getText(), libfwbuilder::Policy::TYPENAME); *dbg << "NEW CHAIN " << LT(0)->getText() << std::endl; -#line 179 "IPTCfgParser.cpp" +#line 182 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -196,12 +199,12 @@ void IPTCfgParser::create_chain() { } } if ( inputState->guessing==0 ) { -#line 165 "iptables.g" +#line 168 "iptables.g" importer->setDefaultAction(LT(0)->getText()); *dbg << "DEFAULT ACTION " << LT(0)->getText() << std::endl; -#line 205 "IPTCfgParser.cpp" +#line 208 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -247,7 +250,7 @@ void IPTCfgParser::add_rule() { match(ADD_RULE); chain_def(); if ( inputState->guessing==0 ) { -#line 175 "iptables.g" +#line 178 "iptables.g" // push previous rule *dbg << std::endl; @@ -262,7 +265,7 @@ void IPTCfgParser::add_rule() { *dbg << "add_rule: line=" << LT(0)->getLine() << " chain=" << LT(0)->getText(); -#line 266 "IPTCfgParser.cpp" +#line 269 "IPTCfgParser.cpp" } { // ( ... )+ int _cnt14=0; @@ -303,7 +306,7 @@ void IPTCfgParser::commit() { // clear current table importer->current_table = ""; -#line 307 "IPTCfgParser.cpp" +#line 310 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -582,9 +585,9 @@ void IPTCfgParser::match_mark() { { match(EXCLAMATION); if ( inputState->guessing==0 ) { -#line 667 "iptables.g" +#line 670 "iptables.g" importer->neg_match_mark = true; -#line 588 "IPTCfgParser.cpp" +#line 591 "IPTCfgParser.cpp" } break; } @@ -618,12 +621,12 @@ void IPTCfgParser::match_mark() { } } if ( inputState->guessing==0 ) { -#line 669 "iptables.g" +#line 672 "iptables.g" importer->match_mark = LT(0)->getText(); *dbg << " MATCH MARK " << LT(0)->getText(); -#line 627 "IPTCfgParser.cpp" +#line 630 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -671,11 +674,11 @@ void IPTCfgParser::src() { try { // for error handling match(OPT_SRC); if ( inputState->guessing==0 ) { -#line 310 "iptables.g" +#line 313 "iptables.g" *dbg << " SRC="; -#line 679 "IPTCfgParser.cpp" +#line 682 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -683,11 +686,11 @@ void IPTCfgParser::src() { { match(EXCLAMATION); if ( inputState->guessing==0 ) { -#line 315 "iptables.g" +#line 318 "iptables.g" importer->src_neg = true; -#line 691 "IPTCfgParser.cpp" +#line 694 "IPTCfgParser.cpp" } break; } @@ -722,12 +725,12 @@ void IPTCfgParser::src() { } } if ( inputState->guessing==0 ) { -#line 320 "iptables.g" +#line 323 "iptables.g" importer->src_a = LT(0)->getText(); *dbg << LT(0)->getText(); -#line 731 "IPTCfgParser.cpp" +#line 734 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -753,12 +756,12 @@ void IPTCfgParser::src() { } } if ( inputState->guessing==0 ) { -#line 325 "iptables.g" +#line 328 "iptables.g" importer->src_nm = LT(0)->getText(); *dbg << "/" << LT(0)->getText(); -#line 762 "IPTCfgParser.cpp" +#line 765 "IPTCfgParser.cpp" } break; } @@ -816,11 +819,11 @@ void IPTCfgParser::dst() { try { // for error handling match(OPT_DST); if ( inputState->guessing==0 ) { -#line 334 "iptables.g" +#line 337 "iptables.g" *dbg << " DST="; -#line 824 "IPTCfgParser.cpp" +#line 827 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -828,11 +831,11 @@ void IPTCfgParser::dst() { { match(EXCLAMATION); if ( inputState->guessing==0 ) { -#line 339 "iptables.g" +#line 342 "iptables.g" importer->dst_neg = true; -#line 836 "IPTCfgParser.cpp" +#line 839 "IPTCfgParser.cpp" } break; } @@ -867,12 +870,12 @@ void IPTCfgParser::dst() { } } if ( inputState->guessing==0 ) { -#line 344 "iptables.g" +#line 347 "iptables.g" importer->dst_a = LT(0)->getText(); *dbg << LT(0)->getText(); -#line 876 "IPTCfgParser.cpp" +#line 879 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -898,12 +901,12 @@ void IPTCfgParser::dst() { } } if ( inputState->guessing==0 ) { -#line 349 "iptables.g" +#line 352 "iptables.g" importer->dst_nm = LT(0)->getText(); *dbg << "/" << LT(0)->getText(); -#line 907 "IPTCfgParser.cpp" +#line 910 "IPTCfgParser.cpp" } break; } @@ -967,11 +970,11 @@ void IPTCfgParser::i_intf() { { match(EXCLAMATION); if ( inputState->guessing==0 ) { -#line 360 "iptables.g" +#line 363 "iptables.g" importer->intf_neg = true; -#line 975 "IPTCfgParser.cpp" +#line 978 "IPTCfgParser.cpp" } break; } @@ -988,12 +991,12 @@ void IPTCfgParser::i_intf() { i = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 365 "iptables.g" +#line 368 "iptables.g" importer->i_intf = LT(0)->getText(); *dbg << " I_INTF=" << i->getText(); -#line 997 "IPTCfgParser.cpp" +#line 1000 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1017,11 +1020,11 @@ void IPTCfgParser::o_intf() { { match(EXCLAMATION); if ( inputState->guessing==0 ) { -#line 375 "iptables.g" +#line 378 "iptables.g" importer->intf_neg = true; -#line 1025 "IPTCfgParser.cpp" +#line 1028 "IPTCfgParser.cpp" } break; } @@ -1038,12 +1041,12 @@ void IPTCfgParser::o_intf() { i = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 380 "iptables.g" +#line 383 "iptables.g" importer->o_intf = LT(0)->getText(); *dbg << " O_INTF=" << i->getText(); -#line 1047 "IPTCfgParser.cpp" +#line 1050 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1066,11 +1069,11 @@ void IPTCfgParser::proto() { { match(EXCLAMATION); if ( inputState->guessing==0 ) { -#line 393 "iptables.g" +#line 396 "iptables.g" importer->srv_neg = true; -#line 1074 "IPTCfgParser.cpp" +#line 1077 "IPTCfgParser.cpp" } break; } @@ -1090,7 +1093,7 @@ void IPTCfgParser::proto() { } protocol_word(); if ( inputState->guessing==0 ) { -#line 398 "iptables.g" +#line 401 "iptables.g" std::string tmp_s = LT(0)->getText(); importer->protocol.resize(tmp_s.size()); @@ -1100,7 +1103,7 @@ void IPTCfgParser::proto() { ::tolower); *dbg << " PROTO=" << importer->protocol; -#line 1104 "IPTCfgParser.cpp" +#line 1107 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1121,12 +1124,12 @@ void IPTCfgParser::target() { t = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 411 "iptables.g" +#line 414 "iptables.g" importer->target = LT(0)->getText(); *dbg << " TARGET=" << t->getText(); -#line 1130 "IPTCfgParser.cpp" +#line 1133 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1156,12 +1159,12 @@ void IPTCfgParser::fragm() { try { // for error handling match(OPT_FRAGM); if ( inputState->guessing==0 ) { -#line 616 "iptables.g" +#line 619 "iptables.g" importer->fragments = true; *dbg << " FRAGM"; -#line 1165 "IPTCfgParser.cpp" +#line 1168 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1184,12 +1187,12 @@ void IPTCfgParser::icmp_type_spec() { { match(WORD); if ( inputState->guessing==0 ) { -#line 899 "iptables.g" +#line 902 "iptables.g" importer->icmp_spec = LT(0)->getText(); *dbg << " ICMP_SPEC=" << LT(0)->getText(); -#line 1193 "IPTCfgParser.cpp" +#line 1196 "IPTCfgParser.cpp" } break; } @@ -1198,13 +1201,13 @@ void IPTCfgParser::icmp_type_spec() { { match(INT_CONST); if ( inputState->guessing==0 ) { -#line 906 "iptables.g" +#line 909 "iptables.g" importer->icmp_type = LT(0)->getText(); importer->icmp_code = "-1"; *dbg << " ICMP_TYPE=" << LT(0)->getText(); -#line 1208 "IPTCfgParser.cpp" +#line 1211 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -1213,12 +1216,12 @@ void IPTCfgParser::icmp_type_spec() { match(SLASH); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 913 "iptables.g" +#line 916 "iptables.g" importer->icmp_code = LT(0)->getText(); *dbg << " ICMP_CODE=" << LT(0)->getText(); -#line 1222 "IPTCfgParser.cpp" +#line 1225 "IPTCfgParser.cpp" } break; } @@ -1310,11 +1313,11 @@ void IPTCfgParser::basic_tcp_udp_port_spec() { { match(EXCLAMATION); if ( inputState->guessing==0 ) { -#line 997 "iptables.g" +#line 1000 "iptables.g" importer->srv_neg = true; -#line 1318 "IPTCfgParser.cpp" +#line 1321 "IPTCfgParser.cpp" } break; } @@ -1350,11 +1353,11 @@ void IPTCfgParser::basic_tcp_udp_port_spec() { } } if ( inputState->guessing==0 ) { -#line 1002 "iptables.g" +#line 1005 "iptables.g" importer->pushTmpPortSpecToSrcPortList(); -#line 1358 "IPTCfgParser.cpp" +#line 1361 "IPTCfgParser.cpp" } break; } @@ -1385,11 +1388,11 @@ void IPTCfgParser::basic_tcp_udp_port_spec() { { match(EXCLAMATION); if ( inputState->guessing==0 ) { -#line 1009 "iptables.g" +#line 1012 "iptables.g" importer->srv_neg = true; -#line 1393 "IPTCfgParser.cpp" +#line 1396 "IPTCfgParser.cpp" } break; } @@ -1425,11 +1428,11 @@ void IPTCfgParser::basic_tcp_udp_port_spec() { } } if ( inputState->guessing==0 ) { -#line 1014 "iptables.g" +#line 1017 "iptables.g" importer->pushTmpPortSpecToDstPortList(); -#line 1433 "IPTCfgParser.cpp" +#line 1436 "IPTCfgParser.cpp" } break; } @@ -1459,20 +1462,20 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { { match(MATCH_SRC_MULTIPORT); if ( inputState->guessing==0 ) { -#line 836 "iptables.g" +#line 839 "iptables.g" importer->startSrcMultiPort(); *dbg << " SRC MULTIPORT="; -#line 1468 "IPTCfgParser.cpp" +#line 1471 "IPTCfgParser.cpp" } port_def_no_range(); if ( inputState->guessing==0 ) { -#line 841 "iptables.g" +#line 844 "iptables.g" importer->pushTmpPortSpecToSrcPortList(); -#line 1476 "IPTCfgParser.cpp" +#line 1479 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1480,11 +1483,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { match(COMMA); port_def_no_range(); if ( inputState->guessing==0 ) { -#line 845 "iptables.g" +#line 848 "iptables.g" importer->pushTmpPortSpecToSrcPortList(); -#line 1488 "IPTCfgParser.cpp" +#line 1491 "IPTCfgParser.cpp" } } else { @@ -1502,20 +1505,20 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { { match(MATCH_DST_MULTIPORT); if ( inputState->guessing==0 ) { -#line 852 "iptables.g" +#line 855 "iptables.g" importer->startDstMultiPort(); *dbg << " DST MULTIPORT="; -#line 1511 "IPTCfgParser.cpp" +#line 1514 "IPTCfgParser.cpp" } port_def_no_range(); if ( inputState->guessing==0 ) { -#line 857 "iptables.g" +#line 860 "iptables.g" importer->pushTmpPortSpecToDstPortList(); -#line 1519 "IPTCfgParser.cpp" +#line 1522 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1523,11 +1526,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { match(COMMA); port_def_no_range(); if ( inputState->guessing==0 ) { -#line 861 "iptables.g" +#line 864 "iptables.g" importer->pushTmpPortSpecToDstPortList(); -#line 1531 "IPTCfgParser.cpp" +#line 1534 "IPTCfgParser.cpp" } } else { @@ -1545,20 +1548,20 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { { match(MATCH_BOTH_MULTIPORT); if ( inputState->guessing==0 ) { -#line 868 "iptables.g" +#line 871 "iptables.g" importer->startBothMultiPort(); *dbg << " MULTIPORT PORTS="; -#line 1554 "IPTCfgParser.cpp" +#line 1557 "IPTCfgParser.cpp" } port_def_no_range(); if ( inputState->guessing==0 ) { -#line 873 "iptables.g" +#line 876 "iptables.g" importer->pushTmpPortSpecToBothPortList(); -#line 1562 "IPTCfgParser.cpp" +#line 1565 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1566,11 +1569,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { match(COMMA); port_def_no_range(); if ( inputState->guessing==0 ) { -#line 877 "iptables.g" +#line 880 "iptables.g" importer->pushTmpPortSpecToBothPortList(); -#line 1574 "IPTCfgParser.cpp" +#line 1577 "IPTCfgParser.cpp" } } else { @@ -1609,9 +1612,9 @@ void IPTCfgParser::tcp_options() { { match(EXCLAMATION); if ( inputState->guessing==0 ) { -#line 1043 "iptables.g" +#line 1046 "iptables.g" importer->srv_neg = true; -#line 1615 "IPTCfgParser.cpp" +#line 1618 "IPTCfgParser.cpp" } break; } @@ -1683,12 +1686,12 @@ void IPTCfgParser::match_limit_burst() { match(MATCH_LIMIT_BURST); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 700 "iptables.g" +#line 703 "iptables.g" importer->limit_burst = LT(0)->getText(); *dbg << " LIMIT BURST " << LT(0)->getText(); -#line 1692 "IPTCfgParser.cpp" +#line 1695 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1740,12 +1743,12 @@ void IPTCfgParser::match_iprange_src() { } } if ( inputState->guessing==0 ) { -#line 723 "iptables.g" +#line 726 "iptables.g" importer->iprange_src_from = LT(0)->getText(); importer->using_iprange_src = true; -#line 1749 "IPTCfgParser.cpp" +#line 1752 "IPTCfgParser.cpp" } match(MINUS); { @@ -1767,11 +1770,11 @@ void IPTCfgParser::match_iprange_src() { } } if ( inputState->guessing==0 ) { -#line 728 "iptables.g" +#line 731 "iptables.g" importer->iprange_src_to = LT(0)->getText(); -#line 1775 "IPTCfgParser.cpp" +#line 1778 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1807,12 +1810,12 @@ void IPTCfgParser::match_iprange_dst() { } } if ( inputState->guessing==0 ) { -#line 734 "iptables.g" +#line 737 "iptables.g" importer->iprange_dst_from = LT(0)->getText(); importer->using_iprange_dst = true; -#line 1816 "IPTCfgParser.cpp" +#line 1819 "IPTCfgParser.cpp" } match(MINUS); { @@ -1834,11 +1837,11 @@ void IPTCfgParser::match_iprange_dst() { } } if ( inputState->guessing==0 ) { -#line 739 "iptables.g" +#line 742 "iptables.g" importer->iprange_dst_to = LT(0)->getText(); -#line 1842 "IPTCfgParser.cpp" +#line 1845 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1859,13 +1862,13 @@ void IPTCfgParser::unknown_option() { match(MINUS); match(WORD); if ( inputState->guessing==0 ) { -#line 241 "iptables.g" +#line 244 "iptables.g" importer->markCurrentRuleBad( std::string("Unknown option: -")+LT(0)->getText()); *dbg << " UNKNOWN OPTION=-" << LT(0)->getText(); -#line 1869 "IPTCfgParser.cpp" +#line 1872 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -1923,13 +1926,13 @@ void IPTCfgParser::unknown_option() { match(WORD); } if ( inputState->guessing==0 ) { -#line 251 "iptables.g" +#line 254 "iptables.g" importer->markCurrentRuleBad( std::string("Unknown option: --")+LT(0)->getText()); *dbg << " UNKNOWN OPTION=--" << LT(0)->getText(); -#line 1933 "IPTCfgParser.cpp" +#line 1936 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -1983,13 +1986,13 @@ void IPTCfgParser::unknown_option() { { match(UNSUPPORTED_OPTION); if ( inputState->guessing==0 ) { -#line 261 "iptables.g" +#line 264 "iptables.g" importer->markCurrentRuleBad( std::string("Unknown option: ")+LT(0)->getText()); *dbg << " UNKNOWN OPTION=" << LT(0)->getText(); -#line 1993 "IPTCfgParser.cpp" +#line 1996 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -2055,9 +2058,9 @@ void IPTCfgParser::unknown_option() { } void IPTCfgParser::unknown_parameter() { -#line 270 "iptables.g" +#line 273 "iptables.g" std::string s; -#line 2061 "IPTCfgParser.cpp" +#line 2064 "IPTCfgParser.cpp" try { // for error handling if ((LA(1) == INT_CONST || LA(1) == DIGIT) && (LA(2) == SLASH)) { @@ -2069,9 +2072,9 @@ void IPTCfgParser::unknown_parameter() { { match(DIGIT); if ( inputState->guessing==0 ) { -#line 276 "iptables.g" +#line 279 "iptables.g" s+=LT(0)->getText(); -#line 2075 "IPTCfgParser.cpp" +#line 2078 "IPTCfgParser.cpp" } break; } @@ -2079,9 +2082,9 @@ void IPTCfgParser::unknown_parameter() { { match(INT_CONST); if ( inputState->guessing==0 ) { -#line 278 "iptables.g" +#line 281 "iptables.g" s+=LT(0)->getText(); -#line 2085 "IPTCfgParser.cpp" +#line 2088 "IPTCfgParser.cpp" } break; } @@ -2093,25 +2096,25 @@ void IPTCfgParser::unknown_parameter() { } match(SLASH); if ( inputState->guessing==0 ) { -#line 280 "iptables.g" +#line 283 "iptables.g" s+=LT(0)->getText(); -#line 2099 "IPTCfgParser.cpp" +#line 2102 "IPTCfgParser.cpp" } match(WORD); if ( inputState->guessing==0 ) { -#line 281 "iptables.g" +#line 284 "iptables.g" s+=LT(0)->getText(); -#line 2105 "IPTCfgParser.cpp" +#line 2108 "IPTCfgParser.cpp" } } if ( inputState->guessing==0 ) { -#line 283 "iptables.g" +#line 286 "iptables.g" importer->markCurrentRuleBad( std::string("Unknown parameter: ")+s); *dbg << " UNKNOWN PARMETER=" << s; -#line 2115 "IPTCfgParser.cpp" +#line 2118 "IPTCfgParser.cpp" } } } @@ -2141,13 +2144,13 @@ void IPTCfgParser::unknown_parameter() { } } if ( inputState->guessing==0 ) { -#line 292 "iptables.g" +#line 295 "iptables.g" importer->markCurrentRuleBad( std::string("Unknown parameter: ")+LT(0)->getText()); *dbg << " UNKNOWN PARMETER=" << LT(0)->getText(); -#line 2151 "IPTCfgParser.cpp" +#line 2154 "IPTCfgParser.cpp" } } } @@ -2172,19 +2175,19 @@ void IPTCfgParser::m_state() { match(M_STATE); match(MATCH_STATE); if ( inputState->guessing==0 ) { -#line 637 "iptables.g" +#line 640 "iptables.g" importer->current_state = ""; -#line 2180 "IPTCfgParser.cpp" +#line 2183 "IPTCfgParser.cpp" } state_word(); if ( inputState->guessing==0 ) { -#line 641 "iptables.g" +#line 644 "iptables.g" importer->current_state += LT(0)->getText(); -#line 2188 "IPTCfgParser.cpp" +#line 2191 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -2193,11 +2196,11 @@ void IPTCfgParser::m_state() { match(COMMA); state_word(); if ( inputState->guessing==0 ) { -#line 646 "iptables.g" +#line 649 "iptables.g" importer->current_state += std::string(",") + LT(0)->getText(); -#line 2201 "IPTCfgParser.cpp" +#line 2204 "IPTCfgParser.cpp" } break; } @@ -2239,11 +2242,11 @@ void IPTCfgParser::m_state() { } } if ( inputState->guessing==0 ) { -#line 650 "iptables.g" +#line 653 "iptables.g" *dbg << " STATE MATCH=" << importer->current_state; -#line 2247 "IPTCfgParser.cpp" +#line 2250 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2261,11 +2264,11 @@ void IPTCfgParser::m_mport() { try { // for error handling match(M_MPORT); if ( inputState->guessing==0 ) { -#line 808 "iptables.g" +#line 811 "iptables.g" *dbg << " MULTIPORT"; -#line 2269 "IPTCfgParser.cpp" +#line 2272 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2283,12 +2286,12 @@ void IPTCfgParser::m_icmp() { try { // for error handling match(ICMP); if ( inputState->guessing==0 ) { -#line 889 "iptables.g" +#line 892 "iptables.g" importer->protocol = "icmp"; *dbg << " ICMP"; -#line 2292 "IPTCfgParser.cpp" +#line 2295 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2306,12 +2309,12 @@ void IPTCfgParser::m_tcp() { try { // for error handling match(TCP); if ( inputState->guessing==0 ) { -#line 1032 "iptables.g" +#line 1035 "iptables.g" importer->protocol = "tcp"; *dbg << " TCP"; -#line 2315 "IPTCfgParser.cpp" +#line 2318 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2329,12 +2332,12 @@ void IPTCfgParser::m_udp() { try { // for error handling match(UDP); if ( inputState->guessing==0 ) { -#line 1023 "iptables.g" +#line 1026 "iptables.g" importer->protocol = "udp"; *dbg << " UDP"; -#line 2338 "IPTCfgParser.cpp" +#line 2341 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2352,11 +2355,11 @@ void IPTCfgParser::m_limit() { try { // for error handling match(M_LIMIT); if ( inputState->guessing==0 ) { -#line 678 "iptables.g" +#line 681 "iptables.g" *dbg << " LIMIT"; -#line 2360 "IPTCfgParser.cpp" +#line 2363 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2374,11 +2377,11 @@ void IPTCfgParser::m_length() { try { // for error handling match(M_LENGTH); if ( inputState->guessing==0 ) { -#line 773 "iptables.g" +#line 776 "iptables.g" *dbg << " LENGTH"; -#line 2382 "IPTCfgParser.cpp" +#line 2385 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2396,11 +2399,11 @@ void IPTCfgParser::m_iprange() { try { // for error handling match(M_IPRANGE); if ( inputState->guessing==0 ) { -#line 717 "iptables.g" +#line 720 "iptables.g" *dbg << " IPRANGE"; -#line 2404 "IPTCfgParser.cpp" +#line 2407 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2420,11 +2423,11 @@ void IPTCfgParser::m_comment() { match(MATCH_COMMENT); match(STRING); if ( inputState->guessing==0 ) { -#line 816 "iptables.g" +#line 819 "iptables.g" *dbg << " COMMENT=" << LT(0)->getText(); -#line 2428 "IPTCfgParser.cpp" +#line 2431 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2459,13 +2462,13 @@ void IPTCfgParser::m_unknown_module() { try { // for error handling match(WORD); if ( inputState->guessing==0 ) { -#line 624 "iptables.g" +#line 627 "iptables.g" *dbg << " UNKNOWN MODULE=" << LT(0)->getText(); importer->markCurrentRuleBad( std::string("Unknown module: ")+LT(0)->getText()); -#line 2469 "IPTCfgParser.cpp" +#line 2472 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2535,12 +2538,12 @@ void IPTCfgParser::target_options() { match(REJECT_WITH); match(WORD); if ( inputState->guessing==0 ) { -#line 422 "iptables.g" +#line 425 "iptables.g" importer->action_params["reject_with"] = LT(0)->getText(); *dbg << " REJECT WITH=" << LT(0)->getText(); -#line 2544 "IPTCfgParser.cpp" +#line 2547 "IPTCfgParser.cpp" } break; } @@ -2566,12 +2569,12 @@ void IPTCfgParser::target_options() { } } if ( inputState->guessing==0 ) { -#line 428 "iptables.g" +#line 431 "iptables.g" importer->action_params["log_prefix"] = LT(0)->getText(); *dbg << " LOG PREFIX=" << LT(0)->getText(); -#line 2575 "IPTCfgParser.cpp" +#line 2578 "IPTCfgParser.cpp" } break; } @@ -2579,12 +2582,12 @@ void IPTCfgParser::target_options() { { match(LOG_TCP_SEQ); if ( inputState->guessing==0 ) { -#line 434 "iptables.g" +#line 437 "iptables.g" importer->action_params["log_tcp_seq"] = LT(0)->getText(); *dbg << " LOG TCP SEQUENCE="; -#line 2588 "IPTCfgParser.cpp" +#line 2591 "IPTCfgParser.cpp" } break; } @@ -2592,12 +2595,12 @@ void IPTCfgParser::target_options() { { match(LOG_TCP_OPT); if ( inputState->guessing==0 ) { -#line 440 "iptables.g" +#line 443 "iptables.g" importer->action_params["log_tcp_options"] = LT(0)->getText(); *dbg << " LOG TCP OPTIONS="; -#line 2601 "IPTCfgParser.cpp" +#line 2604 "IPTCfgParser.cpp" } break; } @@ -2605,12 +2608,12 @@ void IPTCfgParser::target_options() { { match(LOG_IP_OPT); if ( inputState->guessing==0 ) { -#line 446 "iptables.g" +#line 449 "iptables.g" importer->action_params["log_ip_options"] = LT(0)->getText(); *dbg << " LOG IP OPTIONS="; -#line 2614 "IPTCfgParser.cpp" +#line 2617 "IPTCfgParser.cpp" } break; } @@ -2636,12 +2639,12 @@ void IPTCfgParser::target_options() { } } if ( inputState->guessing==0 ) { -#line 452 "iptables.g" +#line 455 "iptables.g" importer->action_params["log_prefix"] = LT(0)->getText(); *dbg << " ULOG PREFIX=" << LT(0)->getText(); -#line 2645 "IPTCfgParser.cpp" +#line 2648 "IPTCfgParser.cpp" } break; } @@ -2667,12 +2670,12 @@ void IPTCfgParser::target_options() { } } if ( inputState->guessing==0 ) { -#line 458 "iptables.g" +#line 461 "iptables.g" importer->action_params["log_level"] = LT(0)->getText(); *dbg << " LOG LEVEL=" << LT(0)->getText(); -#line 2676 "IPTCfgParser.cpp" +#line 2679 "IPTCfgParser.cpp" } break; } @@ -2698,12 +2701,12 @@ void IPTCfgParser::target_options() { } } if ( inputState->guessing==0 ) { -#line 464 "iptables.g" +#line 467 "iptables.g" importer->action_params["set_mark"] = LT(0)->getText(); *dbg << " SET MARK=" << LT(0)->getText(); -#line 2707 "IPTCfgParser.cpp" +#line 2710 "IPTCfgParser.cpp" } break; } @@ -2711,12 +2714,12 @@ void IPTCfgParser::target_options() { { match(SAVE_MARK); if ( inputState->guessing==0 ) { -#line 482 "iptables.g" +#line 485 "iptables.g" importer->action_params["connmark_save_mark"] = "--save-mark"; *dbg << " SAVE MARK"; -#line 2720 "IPTCfgParser.cpp" +#line 2723 "IPTCfgParser.cpp" } break; } @@ -2724,12 +2727,12 @@ void IPTCfgParser::target_options() { { match(RESTORE_MARK); if ( inputState->guessing==0 ) { -#line 488 "iptables.g" +#line 491 "iptables.g" importer->action_params["connmark_restore_mark"] = "--restore-mark"; *dbg << " RESTORE MARK"; -#line 2733 "IPTCfgParser.cpp" +#line 2736 "IPTCfgParser.cpp" } break; } @@ -2737,12 +2740,12 @@ void IPTCfgParser::target_options() { { match(CONTINUE); if ( inputState->guessing==0 ) { -#line 494 "iptables.g" +#line 497 "iptables.g" importer->action_params["route_continue"] = "--continue"; *dbg << " CONTINUE"; -#line 2746 "IPTCfgParser.cpp" +#line 2749 "IPTCfgParser.cpp" } break; } @@ -2751,12 +2754,12 @@ void IPTCfgParser::target_options() { match(ROUTE_IIF); match(WORD); if ( inputState->guessing==0 ) { -#line 500 "iptables.g" +#line 503 "iptables.g" importer->action_params["route_iif"] = LT(0)->getText(); *dbg << " ROUTE_IIF=" << LT(0)->getText(); -#line 2760 "IPTCfgParser.cpp" +#line 2763 "IPTCfgParser.cpp" } break; } @@ -2765,12 +2768,12 @@ void IPTCfgParser::target_options() { match(ROUTE_OIF); match(WORD); if ( inputState->guessing==0 ) { -#line 506 "iptables.g" +#line 509 "iptables.g" importer->action_params["route_oif"] = LT(0)->getText(); *dbg << " ROUTE_OIF=" << LT(0)->getText(); -#line 2774 "IPTCfgParser.cpp" +#line 2777 "IPTCfgParser.cpp" } break; } @@ -2779,12 +2782,12 @@ void IPTCfgParser::target_options() { match(ROUTE_GW); match(IPV4); if ( inputState->guessing==0 ) { -#line 512 "iptables.g" +#line 515 "iptables.g" importer->action_params["route_gw"] = LT(0)->getText(); *dbg << " ROUTE_GW=" << LT(0)->getText(); -#line 2788 "IPTCfgParser.cpp" +#line 2791 "IPTCfgParser.cpp" } break; } @@ -2792,12 +2795,12 @@ void IPTCfgParser::target_options() { { match(ROUTE_TEE); if ( inputState->guessing==0 ) { -#line 518 "iptables.g" +#line 521 "iptables.g" importer->action_params["route_tee"] = "--tee"; *dbg << " ROUTE_TEE"; -#line 2801 "IPTCfgParser.cpp" +#line 2804 "IPTCfgParser.cpp" } break; } @@ -2805,11 +2808,11 @@ void IPTCfgParser::target_options() { { match(TO_SOURCE); if ( inputState->guessing==0 ) { -#line 524 "iptables.g" +#line 527 "iptables.g" *dbg << " TO-SOURCE"; -#line 2813 "IPTCfgParser.cpp" +#line 2816 "IPTCfgParser.cpp" } nat_spec(); break; @@ -2818,11 +2821,11 @@ void IPTCfgParser::target_options() { { match(TO_DESTINATION); if ( inputState->guessing==0 ) { -#line 530 "iptables.g" +#line 533 "iptables.g" *dbg << " TO-DESTINATION"; -#line 2826 "IPTCfgParser.cpp" +#line 2829 "IPTCfgParser.cpp" } nat_spec(); break; @@ -2837,22 +2840,22 @@ void IPTCfgParser::target_options() { { match(TO_NETMAP); if ( inputState->guessing==0 ) { -#line 538 "iptables.g" +#line 541 "iptables.g" *dbg << " TO-NETMAP"; -#line 2845 "IPTCfgParser.cpp" +#line 2848 "IPTCfgParser.cpp" } { match(IPV4); if ( inputState->guessing==0 ) { -#line 543 "iptables.g" +#line 546 "iptables.g" importer->nat_addr1 = LT(0)->getText(); importer->nat_addr2 = LT(0)->getText(); *dbg << LT(0)->getText(); -#line 2856 "IPTCfgParser.cpp" +#line 2859 "IPTCfgParser.cpp" } match(SLASH); { @@ -2874,12 +2877,12 @@ void IPTCfgParser::target_options() { } } if ( inputState->guessing==0 ) { -#line 549 "iptables.g" +#line 552 "iptables.g" importer->nat_nm = LT(0)->getText(); *dbg << "/" << LT(0)->getText(); -#line 2883 "IPTCfgParser.cpp" +#line 2886 "IPTCfgParser.cpp" } } break; @@ -2888,12 +2891,12 @@ void IPTCfgParser::target_options() { { match(CLAMP_MSS); if ( inputState->guessing==0 ) { -#line 556 "iptables.g" +#line 559 "iptables.g" importer->action_params["clamp-mss-to-pmtu"] = "--clamp-mss-to-pmtu"; *dbg << " TO-NETMAP"; -#line 2897 "IPTCfgParser.cpp" +#line 2900 "IPTCfgParser.cpp" } break; } @@ -2902,24 +2905,24 @@ void IPTCfgParser::target_options() { match(SET_TOS); match(HEX_CONST); if ( inputState->guessing==0 ) { -#line 470 "iptables.g" +#line 473 "iptables.g" importer->action_params["set_tos"] = LT(0)->getText(); *dbg << " SET TOS=" << LT(0)->getText(); -#line 2911 "IPTCfgParser.cpp" +#line 2914 "IPTCfgParser.cpp" } } else if ((LA(1) == SET_TOS) && (LA(2) == WORD)) { match(SET_TOS); match(WORD); if ( inputState->guessing==0 ) { -#line 476 "iptables.g" +#line 479 "iptables.g" importer->action_params["set_tos"] = LT(0)->getText(); *dbg << " SET TOS=" << LT(0)->getText(); -#line 2923 "IPTCfgParser.cpp" +#line 2926 "IPTCfgParser.cpp" } } else { @@ -3009,7 +3012,7 @@ void IPTCfgParser::nat_spec() { } } if ( inputState->guessing==0 ) { -#line 567 "iptables.g" +#line 570 "iptables.g" *dbg << " " << importer->nat_addr1 @@ -3020,7 +3023,7 @@ void IPTCfgParser::nat_spec() { << "-" << importer->nat_port_range_end; -#line 3024 "IPTCfgParser.cpp" +#line 3027 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3038,7 +3041,7 @@ void IPTCfgParser::redirect_spec() { try { // for error handling nat_port_def_with_range(); if ( inputState->guessing==0 ) { -#line 602 "iptables.g" +#line 605 "iptables.g" *dbg << " TO-PORTS " << importer->nat_addr1 @@ -3049,7 +3052,7 @@ void IPTCfgParser::redirect_spec() { << "-" << importer->nat_port_range_end; -#line 3053 "IPTCfgParser.cpp" +#line 3056 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3090,28 +3093,28 @@ void IPTCfgParser::nat_addr_range() { s = LT(1); match(IPV4); if ( inputState->guessing==0 ) { -#line 583 "iptables.g" +#line 586 "iptables.g" importer->nat_port_range_start = ""; importer->nat_port_range_end = ""; importer->nat_addr1 = LT(0)->getText(); importer->nat_addr2 = s->getText(); -#line 3101 "IPTCfgParser.cpp" +#line 3104 "IPTCfgParser.cpp" } } } else if ((LA(1) == IPV4) && (_tokenSet_8.member(LA(2)))) { match(IPV4); if ( inputState->guessing==0 ) { -#line 592 "iptables.g" +#line 595 "iptables.g" importer->nat_port_range_start = ""; importer->nat_port_range_end = ""; importer->nat_addr1 = LT(0)->getText(); importer->nat_addr2 = LT(0)->getText(); -#line 3115 "IPTCfgParser.cpp" +#line 3118 "IPTCfgParser.cpp" } } else { @@ -3187,13 +3190,13 @@ void IPTCfgParser::nat_port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 972 "iptables.g" +#line 975 "iptables.g" importer->nat_port_range_start = LT(0)->getText(); importer->nat_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3197 "IPTCfgParser.cpp" +#line 3200 "IPTCfgParser.cpp" } match(MINUS); { @@ -3215,12 +3218,12 @@ void IPTCfgParser::nat_port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 978 "iptables.g" +#line 981 "iptables.g" importer->nat_port_range_end = LT(0)->getText(); *dbg << ":" << LT(0)->getText(); -#line 3224 "IPTCfgParser.cpp" +#line 3227 "IPTCfgParser.cpp" } } } @@ -3244,13 +3247,13 @@ void IPTCfgParser::nat_port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 985 "iptables.g" +#line 988 "iptables.g" importer->nat_port_range_start = LT(0)->getText(); importer->nat_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3254 "IPTCfgParser.cpp" +#line 3257 "IPTCfgParser.cpp" } } else { @@ -3315,11 +3318,11 @@ void IPTCfgParser::m_mark() { try { // for error handling match(M_MARK); if ( inputState->guessing==0 ) { -#line 659 "iptables.g" +#line 662 "iptables.g" *dbg << " MARK"; -#line 3323 "IPTCfgParser.cpp" +#line 3326 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3337,25 +3340,25 @@ void IPTCfgParser::limit_rate() { try { // for error handling match(INT_CONST); if ( inputState->guessing==0 ) { -#line 689 "iptables.g" +#line 692 "iptables.g" importer->limit_val = LT(0)->getText(); -#line 3343 "IPTCfgParser.cpp" +#line 3346 "IPTCfgParser.cpp" } match(SLASH); match(WORD); if ( inputState->guessing==0 ) { -#line 691 "iptables.g" +#line 694 "iptables.g" importer->limit_suffix = LT(0)->getText(); -#line 3350 "IPTCfgParser.cpp" +#line 3353 "IPTCfgParser.cpp" } if ( inputState->guessing==0 ) { -#line 692 "iptables.g" +#line 695 "iptables.g" *dbg << " MATCH LIMIT " << importer->limit_val << "/" << importer->limit_suffix; -#line 3359 "IPTCfgParser.cpp" +#line 3362 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3373,11 +3376,11 @@ void IPTCfgParser::m_recent() { try { // for error handling match(M_RECENT); if ( inputState->guessing==0 ) { -#line 709 "iptables.g" +#line 712 "iptables.g" *dbg << " RECENT"; -#line 3381 "IPTCfgParser.cpp" +#line 3384 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3475,9 +3478,9 @@ void IPTCfgParser::recent_args_no_param() { } } if ( inputState->guessing==0 ) { -#line 761 "iptables.g" +#line 764 "iptables.g" importer->recent_match += LT(0)->getText() + " "; -#line 3481 "IPTCfgParser.cpp" +#line 3484 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3517,9 +3520,9 @@ void IPTCfgParser::recent_args_param() { } } if ( inputState->guessing==0 ) { -#line 765 "iptables.g" +#line 768 "iptables.g" importer->recent_match += LT(0)->getText() + " "; -#line 3523 "IPTCfgParser.cpp" +#line 3526 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -3540,9 +3543,9 @@ void IPTCfgParser::recent_args_param() { } } if ( inputState->guessing==0 ) { -#line 767 "iptables.g" +#line 770 "iptables.g" importer->recent_match += LT(0)->getText() + " "; -#line 3546 "IPTCfgParser.cpp" +#line 3549 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3560,24 +3563,24 @@ void IPTCfgParser::length_spec() { try { // for error handling match(INT_CONST); if ( inputState->guessing==0 ) { -#line 784 "iptables.g" +#line 787 "iptables.g" importer->length_spec = LT(0)->getText(); -#line 3566 "IPTCfgParser.cpp" +#line 3569 "IPTCfgParser.cpp" } match(COLON); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 786 "iptables.g" +#line 789 "iptables.g" importer->length_spec += ":"; importer->length_spec += LT(0)->getText(); -#line 3574 "IPTCfgParser.cpp" +#line 3577 "IPTCfgParser.cpp" } if ( inputState->guessing==0 ) { -#line 788 "iptables.g" +#line 791 "iptables.g" *dbg << " MATCH LENGTH " << importer->length_spec; -#line 3581 "IPTCfgParser.cpp" +#line 3584 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3617,12 +3620,12 @@ void IPTCfgParser::pkt_type_spec() { } } if ( inputState->guessing==0 ) { -#line 799 "iptables.g" +#line 802 "iptables.g" importer->pkt_type_spec = LT(0)->getText(); *dbg << " PKT_TYPE " << importer->pkt_type_spec; -#line 3626 "IPTCfgParser.cpp" +#line 3629 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3657,13 +3660,13 @@ void IPTCfgParser::port_def_no_range() { } } if ( inputState->guessing==0 ) { -#line 925 "iptables.g" +#line 928 "iptables.g" importer->tmp_port_range_start = LT(0)->getText(); importer->tmp_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3667 "IPTCfgParser.cpp" +#line 3670 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3707,13 +3710,13 @@ void IPTCfgParser::port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 943 "iptables.g" +#line 946 "iptables.g" importer->tmp_port_range_start = LT(0)->getText(); importer->tmp_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3717 "IPTCfgParser.cpp" +#line 3720 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -3770,12 +3773,12 @@ void IPTCfgParser::port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 950 "iptables.g" +#line 953 "iptables.g" importer->tmp_port_range_end = LT(0)->getText(); *dbg << ":" << LT(0)->getText(); -#line 3779 "IPTCfgParser.cpp" +#line 3782 "IPTCfgParser.cpp" } break; } @@ -3850,13 +3853,13 @@ void IPTCfgParser::port_def_with_incomplete_range() { } } if ( inputState->guessing==0 ) { -#line 959 "iptables.g" +#line 962 "iptables.g" importer->tmp_port_range_start = "0"; importer->tmp_port_range_end = LT(0)->getText(); *dbg << "PORT 0:" << LT(0)->getText(); -#line 3860 "IPTCfgParser.cpp" +#line 3863 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3874,7 +3877,7 @@ void IPTCfgParser::syn() { try { // for error handling match(MATCH_SYN); if ( inputState->guessing==0 ) { -#line 1048 "iptables.g" +#line 1051 "iptables.g" importer->tcp_flags_mask.clear(); importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::SYN); @@ -3884,7 +3887,7 @@ void IPTCfgParser::syn() { importer->tcp_flags_comp.clear(); importer->tcp_flags_comp.push_back(libfwbuilder::TCPService::SYN); -#line 3888 "IPTCfgParser.cpp" +#line 3891 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3903,16 +3906,16 @@ void IPTCfgParser::tcp_flags() { match(MATCH_TCP_FLAGS); tcp_flags_list(); if ( inputState->guessing==0 ) { -#line 1099 "iptables.g" +#line 1102 "iptables.g" importer->tcp_flags_mask = importer->tmp_tcp_flags_list; importer->tmp_tcp_flags_list.clear(); -#line 3912 "IPTCfgParser.cpp" +#line 3915 "IPTCfgParser.cpp" } tcp_flags_list(); if ( inputState->guessing==0 ) { -#line 1104 "iptables.g" +#line 1107 "iptables.g" importer->tcp_flags_comp = importer->tmp_tcp_flags_list; importer->tmp_tcp_flags_list.clear(); @@ -3926,7 +3929,7 @@ void IPTCfgParser::tcp_flags() { i!=importer->tcp_flags_comp.end(); ++i) *dbg << *i << "|"; -#line 3930 "IPTCfgParser.cpp" +#line 3933 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3982,9 +3985,9 @@ void IPTCfgParser::tcp_flag_word() { { match(SYN); if ( inputState->guessing==0 ) { -#line 1061 "iptables.g" +#line 1064 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::SYN; -#line 3988 "IPTCfgParser.cpp" +#line 3991 "IPTCfgParser.cpp" } break; } @@ -3992,9 +3995,9 @@ void IPTCfgParser::tcp_flag_word() { { match(ACK); if ( inputState->guessing==0 ) { -#line 1063 "iptables.g" +#line 1066 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::ACK; -#line 3998 "IPTCfgParser.cpp" +#line 4001 "IPTCfgParser.cpp" } break; } @@ -4002,9 +4005,9 @@ void IPTCfgParser::tcp_flag_word() { { match(FIN); if ( inputState->guessing==0 ) { -#line 1065 "iptables.g" +#line 1068 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::FIN; -#line 4008 "IPTCfgParser.cpp" +#line 4011 "IPTCfgParser.cpp" } break; } @@ -4012,9 +4015,9 @@ void IPTCfgParser::tcp_flag_word() { { match(RST); if ( inputState->guessing==0 ) { -#line 1067 "iptables.g" +#line 1070 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::RST; -#line 4018 "IPTCfgParser.cpp" +#line 4021 "IPTCfgParser.cpp" } break; } @@ -4022,9 +4025,9 @@ void IPTCfgParser::tcp_flag_word() { { match(URG); if ( inputState->guessing==0 ) { -#line 1069 "iptables.g" +#line 1072 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::URG; -#line 4028 "IPTCfgParser.cpp" +#line 4031 "IPTCfgParser.cpp" } break; } @@ -4032,9 +4035,9 @@ void IPTCfgParser::tcp_flag_word() { { match(PSH); if ( inputState->guessing==0 ) { -#line 1071 "iptables.g" +#line 1074 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::PSH; -#line 4038 "IPTCfgParser.cpp" +#line 4041 "IPTCfgParser.cpp" } break; } @@ -4042,9 +4045,9 @@ void IPTCfgParser::tcp_flag_word() { { match(ALL); if ( inputState->guessing==0 ) { -#line 1073 "iptables.g" +#line 1076 "iptables.g" importer->tmp_tcp_flag_code = 99; -#line 4048 "IPTCfgParser.cpp" +#line 4051 "IPTCfgParser.cpp" } break; } @@ -4052,9 +4055,9 @@ void IPTCfgParser::tcp_flag_word() { { match(NONE); if ( inputState->guessing==0 ) { -#line 1075 "iptables.g" +#line 1078 "iptables.g" importer->tmp_tcp_flag_code = 98; -#line 4058 "IPTCfgParser.cpp" +#line 4061 "IPTCfgParser.cpp" } break; } @@ -4079,20 +4082,20 @@ void IPTCfgParser::tcp_flags_list() { try { // for error handling if ( inputState->guessing==0 ) { -#line 1080 "iptables.g" +#line 1083 "iptables.g" importer->tmp_tcp_flags_list.clear(); importer->tmp_tcp_flag_code = 0; -#line 4088 "IPTCfgParser.cpp" +#line 4091 "IPTCfgParser.cpp" } tcp_flag_word(); if ( inputState->guessing==0 ) { -#line 1085 "iptables.g" +#line 1088 "iptables.g" importer->tmp_tcp_flags_list.push_back(importer->tmp_tcp_flag_code); -#line 4096 "IPTCfgParser.cpp" +#line 4099 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -4100,12 +4103,12 @@ void IPTCfgParser::tcp_flags_list() { match(COMMA); tcp_flag_word(); if ( inputState->guessing==0 ) { -#line 1090 "iptables.g" +#line 1093 "iptables.g" importer->tmp_tcp_flags_list.push_back( importer->tmp_tcp_flag_code); -#line 4109 "IPTCfgParser.cpp" +#line 4112 "IPTCfgParser.cpp" } } else { diff --git a/src/parsers/PIXCfgLexer.cpp b/src/parsers/PIXCfgLexer.cpp index fb561d694..9f9d8e69c 100644 --- a/src/parsers/PIXCfgLexer.cpp +++ b/src/parsers/PIXCfgLexer.cpp @@ -444,7 +444,7 @@ void PIXCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 798 "pix.g" +#line 799 "pix.g" newline(); #line 450 "PIXCfgLexer.cpp" } @@ -568,7 +568,7 @@ void PIXCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 793 "pix.g" +#line 794 "pix.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; #line 574 "PIXCfgLexer.cpp" } @@ -804,7 +804,7 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 818 "pix.g" +#line 819 "pix.g" _ttype = IPV4; #line 810 "PIXCfgLexer.cpp" } @@ -907,7 +907,7 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 824 "pix.g" +#line 825 "pix.g" _ttype = HEX_CONST; #line 913 "PIXCfgLexer.cpp" } @@ -928,7 +928,7 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { _loop134:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 822 "pix.g" +#line 823 "pix.g" _ttype = INT_CONST; #line 934 "PIXCfgLexer.cpp" } diff --git a/src/parsers/PIXCfgParser.cpp b/src/parsers/PIXCfgParser.cpp index 0a08b0e63..bb6404803 100644 --- a/src/parsers/PIXCfgParser.cpp +++ b/src/parsers/PIXCfgParser.cpp @@ -336,7 +336,7 @@ void PIXCfgParser::intrface() { in = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 474 "pix.g" +#line 475 "pix.g" importer->newInterface( in->getText() ); *dbg << in->getLine() << ":" @@ -364,7 +364,7 @@ void PIXCfgParser::vlan_interface() { vlan_id = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 483 "pix.g" +#line 484 "pix.g" importer->setInterfaceVlanId(vlan_id->getText()); *dbg << " VLAN: " << vlan_id->getText() << std::endl; @@ -391,7 +391,7 @@ void PIXCfgParser::sec_level() { sec_level = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 491 "pix.g" +#line 492 "pix.g" importer->setInterfaceSecurityLevel(sec_level->getText()); *dbg << "SEC_LEVEL: " << sec_level->getText() << std::endl; @@ -442,7 +442,7 @@ void PIXCfgParser::nameif() { } } if ( inputState->guessing==0 ) { -#line 499 "pix.g" +#line 500 "pix.g" std::string label = (intf_label) ? intf_label->getText() : ""; std::string seclevel = (sec_level) ? sec_level->getText() : ""; @@ -468,7 +468,7 @@ void PIXCfgParser::controller() { try { // for error handling match(CONTROLLER); if ( inputState->guessing==0 ) { -#line 428 "pix.g" +#line 429 "pix.g" importer->clearCurrentInterface(); consumeUntil(NEWLINE); @@ -496,11 +496,12 @@ void PIXCfgParser::access_list_commands() { if ( inputState->guessing==0 ) { #line 189 "pix.g" - importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText() ); + importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText(), + libfwbuilder::Policy::TYPENAME ); *dbg << acl_num->getLine() << ":" << " ACL #" << acl_num->getText() << " "; -#line 504 "PIXCfgParser.cpp" +#line 505 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -556,7 +557,7 @@ void PIXCfgParser::description() { try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 511 "pix.g" +#line 512 "pix.g" *dbg << LT(1)->getLine() << ":"; std::string descr; @@ -569,7 +570,7 @@ void PIXCfgParser::description() { *dbg << " DESCRIPTION " << descr << std::endl; //consumeUntil(NEWLINE); -#line 573 "PIXCfgParser.cpp" +#line 574 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -587,13 +588,13 @@ void PIXCfgParser::shutdown() { try { // for error handling match(SHUTDOWN); if ( inputState->guessing==0 ) { -#line 546 "pix.g" +#line 547 "pix.g" importer->ignoreCurrentInterface(); *dbg<< LT(1)->getLine() << ":" << " INTERFACE SHUTDOWN " << std::endl; -#line 597 "PIXCfgParser.cpp" +#line 598 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -617,7 +618,7 @@ void PIXCfgParser::certificate() { consumeUntil(NEWLINE); consumeUntil(QUIT); -#line 621 "PIXCfgParser.cpp" +#line 622 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -639,7 +640,7 @@ void PIXCfgParser::quit() { consumeUntil(NEWLINE); -#line 643 "PIXCfgParser.cpp" +#line 644 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -661,7 +662,7 @@ void PIXCfgParser::crypto() { consumeUntil(NEWLINE); -#line 665 "PIXCfgParser.cpp" +#line 666 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -683,7 +684,7 @@ void PIXCfgParser::unknown_command() { consumeUntil(NEWLINE); -#line 687 "PIXCfgParser.cpp" +#line 688 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -704,13 +705,13 @@ void PIXCfgParser::ip_access_list_ext() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 206 "pix.g" +#line 207 "pix.g" - importer->newUnidirRuleSet( name->getText() ); + importer->newUnidirRuleSet( name->getText(), libfwbuilder::Policy::TYPENAME ); *dbg << name->getLine() << ":" << " ACL ext " << name->getText() << std::endl; -#line 714 "PIXCfgParser.cpp" +#line 715 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -747,12 +748,12 @@ void PIXCfgParser::ip_access_list_ext() { } } if ( inputState->guessing==0 ) { -#line 222 "pix.g" +#line 223 "pix.g" *dbg << LT(0)->getLine() << ":" << " ACL line end" << std::endl << std::endl; -#line 756 "PIXCfgParser.cpp" +#line 757 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -812,7 +813,7 @@ void PIXCfgParser::community_list_command() { consumeUntil(NEWLINE); -#line 816 "PIXCfgParser.cpp" +#line 817 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -830,23 +831,23 @@ void PIXCfgParser::permit_ext() { try { // for error handling match(PERMIT); if ( inputState->guessing==0 ) { -#line 230 "pix.g" +#line 231 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 841 "PIXCfgParser.cpp" +#line 842 "PIXCfgParser.cpp" } rule_ext(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 237 "pix.g" +#line 238 "pix.g" importer->pushRule(); -#line 850 "PIXCfgParser.cpp" +#line 851 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -864,23 +865,23 @@ void PIXCfgParser::deny_ext() { try { // for error handling match(DENY); if ( inputState->guessing==0 ) { -#line 243 "pix.g" +#line 244 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 875 "PIXCfgParser.cpp" +#line 876 "PIXCfgParser.cpp" } rule_ext(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 250 "pix.g" +#line 251 "pix.g" importer->pushRule(); -#line 884 "PIXCfgParser.cpp" +#line 885 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -898,7 +899,7 @@ void PIXCfgParser::remark() { try { // for error handling match(REMARK); if ( inputState->guessing==0 ) { -#line 531 "pix.g" +#line 532 "pix.g" *dbg << LT(1)->getLine() << ":"; std::string rem; @@ -911,7 +912,7 @@ void PIXCfgParser::remark() { *dbg << " REMARK " << rem << std::endl; //consumeUntil(NEWLINE); -#line 915 "PIXCfgParser.cpp" +#line 916 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -935,15 +936,15 @@ void PIXCfgParser::rule_ext() { ip_protocols(); hostaddr_ext(); if ( inputState->guessing==0 ) { -#line 260 "pix.g" +#line 261 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 941 "PIXCfgParser.cpp" +#line 942 "PIXCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { -#line 261 "pix.g" +#line 262 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 947 "PIXCfgParser.cpp" +#line 948 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -1008,24 +1009,24 @@ void PIXCfgParser::rule_ext() { { match(ICMP); if ( inputState->guessing==0 ) { -#line 267 "pix.g" +#line 268 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 1017 "PIXCfgParser.cpp" - } - hostaddr_ext(); - if ( inputState->guessing==0 ) { -#line 271 "pix.g" - importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 1023 "PIXCfgParser.cpp" +#line 1018 "PIXCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { #line 272 "pix.g" + importer->SaveTmpAddrToSrc(); *dbg << "(src) "; +#line 1024 "PIXCfgParser.cpp" + } + hostaddr_ext(); + if ( inputState->guessing==0 ) { +#line 273 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 1029 "PIXCfgParser.cpp" +#line 1030 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -1130,18 +1131,18 @@ void PIXCfgParser::rule_ext() { } } if ( inputState->guessing==0 ) { -#line 279 "pix.g" +#line 280 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 1139 "PIXCfgParser.cpp" +#line 1140 "PIXCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { -#line 283 "pix.g" +#line 284 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 1145 "PIXCfgParser.cpp" +#line 1146 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -1153,9 +1154,9 @@ void PIXCfgParser::rule_ext() { { xoperator(); if ( inputState->guessing==0 ) { -#line 284 "pix.g" +#line 285 "pix.g" importer->SaveTmpPortToSrc(); -#line 1159 "PIXCfgParser.cpp" +#line 1160 "PIXCfgParser.cpp" } break; } @@ -1173,9 +1174,9 @@ void PIXCfgParser::rule_ext() { } hostaddr_ext(); if ( inputState->guessing==0 ) { -#line 285 "pix.g" +#line 286 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 1179 "PIXCfgParser.cpp" +#line 1180 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -1187,9 +1188,9 @@ void PIXCfgParser::rule_ext() { { xoperator(); if ( inputState->guessing==0 ) { -#line 286 "pix.g" +#line 287 "pix.g" importer->SaveTmpPortToDst(); -#line 1193 "PIXCfgParser.cpp" +#line 1194 "PIXCfgParser.cpp" } break; } @@ -1295,11 +1296,11 @@ void PIXCfgParser::rule_ext() { } } if ( inputState->guessing==0 ) { -#line 292 "pix.g" +#line 293 "pix.g" *dbg << std::endl; -#line 1303 "PIXCfgParser.cpp" +#line 1304 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1334,12 +1335,12 @@ void PIXCfgParser::ip_protocols() { } } if ( inputState->guessing==0 ) { -#line 300 "pix.g" +#line 301 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 1343 "PIXCfgParser.cpp" +#line 1344 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1367,13 +1368,13 @@ void PIXCfgParser::hostaddr_ext() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 352 "pix.g" +#line 353 "pix.g" importer->tmp_a = h->getText(); importer->tmp_nm = "0.0.0.0"; *dbg << h->getText() << "/0.0.0.0"; -#line 1377 "PIXCfgParser.cpp" +#line 1378 "PIXCfgParser.cpp" } break; } @@ -1386,13 +1387,13 @@ void PIXCfgParser::hostaddr_ext() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 359 "pix.g" +#line 360 "pix.g" importer->tmp_a = a->getText(); importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); -#line 1396 "PIXCfgParser.cpp" +#line 1397 "PIXCfgParser.cpp" } break; } @@ -1400,13 +1401,13 @@ void PIXCfgParser::hostaddr_ext() { { match(ANY); if ( inputState->guessing==0 ) { -#line 366 "pix.g" +#line 367 "pix.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; *dbg << "0.0.0.0/0.0.0.0"; -#line 1410 "PIXCfgParser.cpp" +#line 1411 "PIXCfgParser.cpp" } break; } @@ -1434,12 +1435,12 @@ void PIXCfgParser::time_range() { tr_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 418 "pix.g" +#line 419 "pix.g" importer->time_range_name = tr_name->getText(); *dbg << "time_range " << tr_name->getText() << " "; -#line 1443 "PIXCfgParser.cpp" +#line 1444 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1457,12 +1458,12 @@ void PIXCfgParser::fragments() { try { // for error handling match(FRAGMENTS); if ( inputState->guessing==0 ) { -#line 411 "pix.g" +#line 412 "pix.g" importer->fragments = true; *dbg << "fragments "; -#line 1466 "PIXCfgParser.cpp" +#line 1467 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1497,12 +1498,12 @@ void PIXCfgParser::log() { } } if ( inputState->guessing==0 ) { -#line 397 "pix.g" +#line 398 "pix.g" importer->logging = true; *dbg << "logging "; -#line 1506 "PIXCfgParser.cpp" +#line 1507 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1532,7 +1533,7 @@ void PIXCfgParser::icmp_spec() { match(INT_CONST); } if ( inputState->guessing==0 ) { -#line 308 "pix.g" +#line 309 "pix.g" importer->icmp_type = icmp_type->getText(); importer->icmp_code = icmp_code->getText(); @@ -1540,7 +1541,7 @@ void PIXCfgParser::icmp_spec() { *dbg << icmp_type->getText() << " " << icmp_code->getText() << " "; -#line 1544 "PIXCfgParser.cpp" +#line 1545 "PIXCfgParser.cpp" } break; } @@ -1549,12 +1550,12 @@ void PIXCfgParser::icmp_spec() { icmp_word = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 317 "pix.g" +#line 318 "pix.g" importer->icmp_spec = icmp_word->getText(); *dbg << icmp_word->getText() << " "; -#line 1558 "PIXCfgParser.cpp" +#line 1559 "PIXCfgParser.cpp" } break; } @@ -1613,12 +1614,12 @@ void PIXCfgParser::established() { try { // for error handling match(ESTABLISHED); if ( inputState->guessing==0 ) { -#line 404 "pix.g" +#line 405 "pix.g" importer->established = true; *dbg << "established "; -#line 1622 "PIXCfgParser.cpp" +#line 1623 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1663,12 +1664,12 @@ void PIXCfgParser::single_port_op() { } } if ( inputState->guessing==0 ) { -#line 328 "pix.g" +#line 329 "pix.g" importer->tmp_port_op = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 1672 "PIXCfgParser.cpp" +#line 1673 "PIXCfgParser.cpp" } port_spec(); } @@ -1687,12 +1688,12 @@ void PIXCfgParser::port_range() { try { // for error handling match(P_RANGE); if ( inputState->guessing==0 ) { -#line 336 "pix.g" +#line 337 "pix.g" importer->tmp_port_op = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 1696 "PIXCfgParser.cpp" +#line 1697 "PIXCfgParser.cpp" } port_spec(); port_spec(); @@ -1729,12 +1730,12 @@ void PIXCfgParser::port_spec() { } } if ( inputState->guessing==0 ) { -#line 344 "pix.g" +#line 345 "pix.g" importer->tmp_port_spec += (std::string(" ") + LT(0)->getText()); *dbg << LT(0)->getText() << " "; -#line 1738 "PIXCfgParser.cpp" +#line 1739 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1759,13 +1760,13 @@ void PIXCfgParser::hostaddr_std() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 375 "pix.g" +#line 376 "pix.g" importer->tmp_a = h->getText(); importer->tmp_nm = "0.0.0.0"; *dbg << h->getText() << "/0.0.0.0"; -#line 1769 "PIXCfgParser.cpp" +#line 1770 "PIXCfgParser.cpp" } } else if ((LA(1) == IPV4) && (LA(2) == IPV4)) { @@ -1776,25 +1777,25 @@ void PIXCfgParser::hostaddr_std() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 382 "pix.g" +#line 383 "pix.g" importer->tmp_a = a->getText(); importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); -#line 1786 "PIXCfgParser.cpp" +#line 1787 "PIXCfgParser.cpp" } } else if ((LA(1) == ANY)) { match(ANY); if ( inputState->guessing==0 ) { -#line 389 "pix.g" +#line 390 "pix.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; *dbg << "0.0.0.0/0.0.0.0"; -#line 1798 "PIXCfgParser.cpp" +#line 1799 "PIXCfgParser.cpp" } } else { @@ -1856,10 +1857,10 @@ void PIXCfgParser::switchport() { vlan_num = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 652 "pix.g" +#line 653 "pix.g" -#line 1863 "PIXCfgParser.cpp" +#line 1864 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1936,7 +1937,7 @@ void PIXCfgParser::v6_dhcp_address() { dhcp = LT(1); match(DHCP); if ( inputState->guessing==0 ) { -#line 590 "pix.g" +#line 591 "pix.g" std::string label = lbl->getText(); std::string addr = dhcp->getText(); @@ -1947,7 +1948,7 @@ void PIXCfgParser::v6_dhcp_address() { // which we do not support consumeUntil(NEWLINE); -#line 1951 "PIXCfgParser.cpp" +#line 1952 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1973,7 +1974,7 @@ void PIXCfgParser::v6_static_address() { m = LT(1); match(IPV4); if ( inputState->guessing==0 ) { -#line 603 "pix.g" +#line 604 "pix.g" std::string label = lbl->getText(); std::string addr = a->getText(); @@ -1984,7 +1985,7 @@ void PIXCfgParser::v6_static_address() { // in case there are some other parameters after address and netmask consumeUntil(NEWLINE); -#line 1988 "PIXCfgParser.cpp" +#line 1989 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2004,7 +2005,7 @@ void PIXCfgParser::v7_dhcp_address() { dhcp = LT(1); match(DHCP); if ( inputState->guessing==0 ) { -#line 620 "pix.g" +#line 621 "pix.g" std::string addr = dhcp->getText(); importer->addInterfaceAddress(addr, ""); @@ -2012,7 +2013,7 @@ void PIXCfgParser::v7_dhcp_address() { << " INTRFACE ADDRESS: " << addr << std::endl; consumeUntil(NEWLINE); -#line 2016 "PIXCfgParser.cpp" +#line 2017 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2054,7 +2055,7 @@ void PIXCfgParser::v7_static_address() { } } if ( inputState->guessing==0 ) { -#line 631 "pix.g" +#line 632 "pix.g" std::string addr = a->getText(); std::string netm = m->getText(); @@ -2071,7 +2072,7 @@ void PIXCfgParser::v7_static_address() { } consumeUntil(NEWLINE); -#line 2075 "PIXCfgParser.cpp" +#line 2076 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2099,7 +2100,7 @@ void PIXCfgParser::access_group_by_name() { intf_label = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 659 "pix.g" +#line 660 "pix.g" importer->setInterfaceAndDirectionForRuleSet( acln->getText(), @@ -2110,7 +2111,7 @@ void PIXCfgParser::access_group_by_name() { << " " << intf_label->getText() << " " << dir->getText() << std::endl; -#line 2114 "PIXCfgParser.cpp" +#line 2115 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { diff --git a/src/parsers/iosacl.g b/src/parsers/iosacl.g index cb7e475bf..c057f5431 100644 --- a/src/parsers/iosacl.g +++ b/src/parsers/iosacl.g @@ -174,7 +174,8 @@ hostname : HOSTNAME ( STRING | WORD ) // access_list_commands : ACCESS_LIST acl_num:INT_CONST { - importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText() ); + importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText(), + libfwbuilder::Policy::TYPENAME); *dbg << acl_num->getLine() << ":" << " ACL #" << acl_num->getText() << " "; } @@ -195,7 +196,7 @@ access_list_commands : ACCESS_LIST acl_num:INT_CONST ip_access_list_ext : ACCESS_LIST EXTENDED name:WORD { - importer->newUnidirRuleSet( name->getText() ); + importer->newUnidirRuleSet( name->getText(), libfwbuilder::Policy::TYPENAME ); *dbg << name->getLine() << ":" << " ACL ext " << name->getText() << std::endl; } diff --git a/src/parsers/iptables.g b/src/parsers/iptables.g index fd416a59e..05bea4fc9 100644 --- a/src/parsers/iptables.g +++ b/src/parsers/iptables.g @@ -158,7 +158,10 @@ chain_def : (INPUT | FORWARD | OUTPUT | PREROUTING | POSTROUTING | WORD) create_chain : COLON chain_def { - importer->newUnidirRuleSet(LT(0)->getText()); + if (importer->current_table=="nat") + importer->newUnidirRuleSet(LT(0)->getText(), libfwbuilder::NAT::TYPENAME); + else + importer->newUnidirRuleSet(LT(0)->getText(), libfwbuilder::Policy::TYPENAME); *dbg << "NEW CHAIN " << LT(0)->getText() << std::endl; } (WORD | MINUS) diff --git a/src/parsers/pix.g b/src/parsers/pix.g index dad4896f1..3f0765b7c 100644 --- a/src/parsers/pix.g +++ b/src/parsers/pix.g @@ -187,7 +187,8 @@ hostname : HOSTNAME ( STRING | WORD ) // access_list_commands : ACCESS_LIST acl_num:INT_CONST { - importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText() ); + importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText(), + libfwbuilder::Policy::TYPENAME ); *dbg << acl_num->getLine() << ":" << " ACL #" << acl_num->getText() << " "; } @@ -204,7 +205,7 @@ access_list_commands : ACCESS_LIST acl_num:INT_CONST ip_access_list_ext : ACCESS_LIST name:WORD { - importer->newUnidirRuleSet( name->getText() ); + importer->newUnidirRuleSet( name->getText(), libfwbuilder::Policy::TYPENAME ); *dbg << name->getLine() << ":" << " ACL ext " << name->getText() << std::endl; } From 610448d4400af5ecea79b60a68841e62d7b6ea58 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Mon, 7 Mar 2011 18:26:58 -0800 Subject: [PATCH 02/14] * IPTImporter.cpp (pushNATRule): fixes #2195 "incorrect iptables import of nat rule with NETMAP target" --- doc/ChangeLog | 3 +++ src/libgui/IPTImporter.cpp | 7 +------ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index e83539fe2..0c508845d 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,8 @@ 2011-03-07 vadim + * IPTImporter.cpp (pushNATRule): fixes #2195 "incorrect iptables + import of nat rule with NETMAP target" + * IPTImporter.cpp (pushNATRule): see #2196 "iptables nat rules with target REDIRECT not imported". Iptables NAT rules with target REDIRECT where not imported correctly. diff --git a/src/libgui/IPTImporter.cpp b/src/libgui/IPTImporter.cpp index 21d4243f8..d2231b05d 100644 --- a/src/libgui/IPTImporter.cpp +++ b/src/libgui/IPTImporter.cpp @@ -1340,13 +1340,11 @@ void IPTImporter::pushNATRule() if (target=="NETMAP") { FWObject *o = NULL; + if (!src_a.empty()) { rule_type = NATRule::SNetnat; - o = createAddress(src_a, src_nm); - RuleElementOSrc *osrc = rule->getOSrc(); - osrc->addRef(o); RuleElementTSrc *tsrc = rule->getTSrc(); assert(tsrc!=NULL); o = createAddress(nat_addr1, nat_nm); @@ -1357,9 +1355,6 @@ void IPTImporter::pushNATRule() { rule_type = NATRule::DNetnat; - o = createAddress(dst_a, dst_nm); - RuleElementOSrc *odst = rule->getOSrc(); - odst->addRef(o); RuleElementTDst *tdst = rule->getTDst(); assert(tdst!=NULL); o = createAddress(nat_addr1, nat_nm); From 304fa20d244d0243f45f3c6afcd66e04a0494315 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Mon, 7 Mar 2011 18:44:57 -0800 Subject: [PATCH 03/14] * iptables.g (nat_addr_range): see #2194 "iptables import problem with SNAT rule translating to an address range". NAT rules translating into address range did not import correctly --- doc/ChangeLog | 4 ++ src/parsers/IPTCfgParser.cpp | 80 ++++++++++++++++++------------------ src/parsers/iptables.g | 6 +-- 3 files changed, 48 insertions(+), 42 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 0c508845d..2a0d32ae4 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,9 @@ 2011-03-07 vadim + * iptables.g (nat_addr_range): see #2194 "iptables import problem + with SNAT rule translating to an address range". NAT rules + translating into address range did not import correctly + * IPTImporter.cpp (pushNATRule): fixes #2195 "incorrect iptables import of nat rule with NETMAP target" diff --git a/src/parsers/IPTCfgParser.cpp b/src/parsers/IPTCfgParser.cpp index b8d1d1550..39a3dcb0c 100644 --- a/src/parsers/IPTCfgParser.cpp +++ b/src/parsers/IPTCfgParser.cpp @@ -3066,7 +3066,8 @@ void IPTCfgParser::redirect_spec() { } void IPTCfgParser::nat_addr_range() { - ANTLR_USE_NAMESPACE(antlr)RefToken s = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken a1 = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken a2 = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling bool synPredMatched68 = false; @@ -3088,19 +3089,20 @@ void IPTCfgParser::nat_addr_range() { } if ( synPredMatched68 ) { { + a1 = LT(1); match(IPV4); match(MINUS); - s = LT(1); + a2 = LT(1); match(IPV4); if ( inputState->guessing==0 ) { #line 586 "iptables.g" importer->nat_port_range_start = ""; importer->nat_port_range_end = ""; - importer->nat_addr1 = LT(0)->getText(); - importer->nat_addr2 = s->getText(); + importer->nat_addr1 = a1->getText(); + importer->nat_addr2 = a2->getText(); -#line 3104 "IPTCfgParser.cpp" +#line 3106 "IPTCfgParser.cpp" } } } @@ -3114,7 +3116,7 @@ void IPTCfgParser::nat_addr_range() { importer->nat_addr1 = LT(0)->getText(); importer->nat_addr2 = LT(0)->getText(); -#line 3118 "IPTCfgParser.cpp" +#line 3120 "IPTCfgParser.cpp" } } else { @@ -3196,7 +3198,7 @@ void IPTCfgParser::nat_port_def_with_range() { importer->nat_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3200 "IPTCfgParser.cpp" +#line 3202 "IPTCfgParser.cpp" } match(MINUS); { @@ -3223,7 +3225,7 @@ void IPTCfgParser::nat_port_def_with_range() { importer->nat_port_range_end = LT(0)->getText(); *dbg << ":" << LT(0)->getText(); -#line 3227 "IPTCfgParser.cpp" +#line 3229 "IPTCfgParser.cpp" } } } @@ -3253,7 +3255,7 @@ void IPTCfgParser::nat_port_def_with_range() { importer->nat_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3257 "IPTCfgParser.cpp" +#line 3259 "IPTCfgParser.cpp" } } else { @@ -3322,7 +3324,7 @@ void IPTCfgParser::m_mark() { *dbg << " MARK"; -#line 3326 "IPTCfgParser.cpp" +#line 3328 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3342,14 +3344,14 @@ void IPTCfgParser::limit_rate() { if ( inputState->guessing==0 ) { #line 692 "iptables.g" importer->limit_val = LT(0)->getText(); -#line 3346 "IPTCfgParser.cpp" +#line 3348 "IPTCfgParser.cpp" } match(SLASH); match(WORD); if ( inputState->guessing==0 ) { #line 694 "iptables.g" importer->limit_suffix = LT(0)->getText(); -#line 3353 "IPTCfgParser.cpp" +#line 3355 "IPTCfgParser.cpp" } if ( inputState->guessing==0 ) { #line 695 "iptables.g" @@ -3358,7 +3360,7 @@ void IPTCfgParser::limit_rate() { << importer->limit_val << "/" << importer->limit_suffix; -#line 3362 "IPTCfgParser.cpp" +#line 3364 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3380,7 +3382,7 @@ void IPTCfgParser::m_recent() { *dbg << " RECENT"; -#line 3384 "IPTCfgParser.cpp" +#line 3386 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3480,7 +3482,7 @@ void IPTCfgParser::recent_args_no_param() { if ( inputState->guessing==0 ) { #line 764 "iptables.g" importer->recent_match += LT(0)->getText() + " "; -#line 3484 "IPTCfgParser.cpp" +#line 3486 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3522,7 +3524,7 @@ void IPTCfgParser::recent_args_param() { if ( inputState->guessing==0 ) { #line 768 "iptables.g" importer->recent_match += LT(0)->getText() + " "; -#line 3526 "IPTCfgParser.cpp" +#line 3528 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -3545,7 +3547,7 @@ void IPTCfgParser::recent_args_param() { if ( inputState->guessing==0 ) { #line 770 "iptables.g" importer->recent_match += LT(0)->getText() + " "; -#line 3549 "IPTCfgParser.cpp" +#line 3551 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3565,7 +3567,7 @@ void IPTCfgParser::length_spec() { if ( inputState->guessing==0 ) { #line 787 "iptables.g" importer->length_spec = LT(0)->getText(); -#line 3569 "IPTCfgParser.cpp" +#line 3571 "IPTCfgParser.cpp" } match(COLON); match(INT_CONST); @@ -3573,14 +3575,14 @@ void IPTCfgParser::length_spec() { #line 789 "iptables.g" importer->length_spec += ":"; importer->length_spec += LT(0)->getText(); -#line 3577 "IPTCfgParser.cpp" +#line 3579 "IPTCfgParser.cpp" } if ( inputState->guessing==0 ) { #line 791 "iptables.g" *dbg << " MATCH LENGTH " << importer->length_spec; -#line 3584 "IPTCfgParser.cpp" +#line 3586 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3625,7 +3627,7 @@ void IPTCfgParser::pkt_type_spec() { importer->pkt_type_spec = LT(0)->getText(); *dbg << " PKT_TYPE " << importer->pkt_type_spec; -#line 3629 "IPTCfgParser.cpp" +#line 3631 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3666,7 +3668,7 @@ void IPTCfgParser::port_def_no_range() { importer->tmp_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3670 "IPTCfgParser.cpp" +#line 3672 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3716,7 +3718,7 @@ void IPTCfgParser::port_def_with_range() { importer->tmp_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3720 "IPTCfgParser.cpp" +#line 3722 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -3778,7 +3780,7 @@ void IPTCfgParser::port_def_with_range() { importer->tmp_port_range_end = LT(0)->getText(); *dbg << ":" << LT(0)->getText(); -#line 3782 "IPTCfgParser.cpp" +#line 3784 "IPTCfgParser.cpp" } break; } @@ -3859,7 +3861,7 @@ void IPTCfgParser::port_def_with_incomplete_range() { importer->tmp_port_range_end = LT(0)->getText(); *dbg << "PORT 0:" << LT(0)->getText(); -#line 3863 "IPTCfgParser.cpp" +#line 3865 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3887,7 +3889,7 @@ void IPTCfgParser::syn() { importer->tcp_flags_comp.clear(); importer->tcp_flags_comp.push_back(libfwbuilder::TCPService::SYN); -#line 3891 "IPTCfgParser.cpp" +#line 3893 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3911,7 +3913,7 @@ void IPTCfgParser::tcp_flags() { importer->tcp_flags_mask = importer->tmp_tcp_flags_list; importer->tmp_tcp_flags_list.clear(); -#line 3915 "IPTCfgParser.cpp" +#line 3917 "IPTCfgParser.cpp" } tcp_flags_list(); if ( inputState->guessing==0 ) { @@ -3929,7 +3931,7 @@ void IPTCfgParser::tcp_flags() { i!=importer->tcp_flags_comp.end(); ++i) *dbg << *i << "|"; -#line 3933 "IPTCfgParser.cpp" +#line 3935 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3987,7 +3989,7 @@ void IPTCfgParser::tcp_flag_word() { if ( inputState->guessing==0 ) { #line 1064 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::SYN; -#line 3991 "IPTCfgParser.cpp" +#line 3993 "IPTCfgParser.cpp" } break; } @@ -3997,7 +3999,7 @@ void IPTCfgParser::tcp_flag_word() { if ( inputState->guessing==0 ) { #line 1066 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::ACK; -#line 4001 "IPTCfgParser.cpp" +#line 4003 "IPTCfgParser.cpp" } break; } @@ -4007,7 +4009,7 @@ void IPTCfgParser::tcp_flag_word() { if ( inputState->guessing==0 ) { #line 1068 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::FIN; -#line 4011 "IPTCfgParser.cpp" +#line 4013 "IPTCfgParser.cpp" } break; } @@ -4017,7 +4019,7 @@ void IPTCfgParser::tcp_flag_word() { if ( inputState->guessing==0 ) { #line 1070 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::RST; -#line 4021 "IPTCfgParser.cpp" +#line 4023 "IPTCfgParser.cpp" } break; } @@ -4027,7 +4029,7 @@ void IPTCfgParser::tcp_flag_word() { if ( inputState->guessing==0 ) { #line 1072 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::URG; -#line 4031 "IPTCfgParser.cpp" +#line 4033 "IPTCfgParser.cpp" } break; } @@ -4037,7 +4039,7 @@ void IPTCfgParser::tcp_flag_word() { if ( inputState->guessing==0 ) { #line 1074 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::PSH; -#line 4041 "IPTCfgParser.cpp" +#line 4043 "IPTCfgParser.cpp" } break; } @@ -4047,7 +4049,7 @@ void IPTCfgParser::tcp_flag_word() { if ( inputState->guessing==0 ) { #line 1076 "iptables.g" importer->tmp_tcp_flag_code = 99; -#line 4051 "IPTCfgParser.cpp" +#line 4053 "IPTCfgParser.cpp" } break; } @@ -4057,7 +4059,7 @@ void IPTCfgParser::tcp_flag_word() { if ( inputState->guessing==0 ) { #line 1078 "iptables.g" importer->tmp_tcp_flag_code = 98; -#line 4061 "IPTCfgParser.cpp" +#line 4063 "IPTCfgParser.cpp" } break; } @@ -4087,7 +4089,7 @@ void IPTCfgParser::tcp_flags_list() { importer->tmp_tcp_flags_list.clear(); importer->tmp_tcp_flag_code = 0; -#line 4091 "IPTCfgParser.cpp" +#line 4093 "IPTCfgParser.cpp" } tcp_flag_word(); if ( inputState->guessing==0 ) { @@ -4095,7 +4097,7 @@ void IPTCfgParser::tcp_flags_list() { importer->tmp_tcp_flags_list.push_back(importer->tmp_tcp_flag_code); -#line 4099 "IPTCfgParser.cpp" +#line 4101 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -4108,7 +4110,7 @@ void IPTCfgParser::tcp_flags_list() { importer->tmp_tcp_flags_list.push_back( importer->tmp_tcp_flag_code); -#line 4112 "IPTCfgParser.cpp" +#line 4114 "IPTCfgParser.cpp" } } else { diff --git a/src/parsers/iptables.g b/src/parsers/iptables.g index 05bea4fc9..6afd69c86 100644 --- a/src/parsers/iptables.g +++ b/src/parsers/iptables.g @@ -582,12 +582,12 @@ nat_spec : //**************************************************************** nat_addr_range : (IPV4 MINUS) => ( - IPV4 MINUS s:IPV4 + a1:IPV4 MINUS a2:IPV4 { importer->nat_port_range_start = ""; importer->nat_port_range_end = ""; - importer->nat_addr1 = LT(0)->getText(); - importer->nat_addr2 = s->getText(); + importer->nat_addr1 = a1->getText(); + importer->nat_addr2 = a2->getText(); } ) | From 9632d9b141bbb618aa581bb1ff9f45f9f50538f4 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Mon, 7 Mar 2011 18:49:22 -0800 Subject: [PATCH 04/14] see #2197 "iptables nat rules in chain OUTPUT not imported correctly" --- doc/ChangeLog | 6 +++++- src/libgui/IPTImporter.cpp | 8 ++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 2a0d32ae4..4d0da55ad 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,8 +1,12 @@ 2011-03-07 vadim + * IPTImporter.cpp (pushNATRule): see #2197 "iptables nat rules in + chain OUTPUT not imported correctly" + * iptables.g (nat_addr_range): see #2194 "iptables import problem with SNAT rule translating to an address range". NAT rules - translating into address range did not import correctly + translating into address range with "-j SNAT --to-source + 192.168.1.1-192.168.1.10" did not import correctly * IPTImporter.cpp (pushNATRule): fixes #2195 "incorrect iptables import of nat rule with NETMAP target" diff --git a/src/libgui/IPTImporter.cpp b/src/libgui/IPTImporter.cpp index d2231b05d..f58549577 100644 --- a/src/libgui/IPTImporter.cpp +++ b/src/libgui/IPTImporter.cpp @@ -1277,6 +1277,14 @@ void IPTImporter::pushNATRule() { rule_type = NATRule::DNAT; + // if chain is "OUTPUT", put fw object in OSrc + if (current_chain == "OUTPUT") + { + RuleElementOSrc *re = rule->getOSrc(); + assert(re!=NULL); + re->addRef(getFirewallObject()); + } + FWObject *tdst = NULL; if (nat_addr1!=nat_addr2) tdst = createAddressRange(nat_addr1, nat_addr2); From ac257e0f43abec424ce655e149d175b40cc6c75e Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Mon, 7 Mar 2011 18:55:34 -0800 Subject: [PATCH 05/14] build 3497 --- VERSION | 2 +- VERSION.h | 2 +- packaging/fwbuilder-static-qt.spec | 2 +- packaging/fwbuilder.control | 2 +- packaging/fwbuilder.spec | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/VERSION b/VERSION index be90ec483..2ede4b633 100644 --- a/VERSION +++ b/VERSION @@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0 # build number is like "nano" version number. I am incrementing build # number during development cycle # -BUILD_NUM="3496" +BUILD_NUM="3497" VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM" diff --git a/VERSION.h b/VERSION.h index ccb124195..7a7266fcb 100644 --- a/VERSION.h +++ b/VERSION.h @@ -1,2 +1,2 @@ -#define VERSION "4.2.0.3496" +#define VERSION "4.2.0.3497" #define GENERATION "4.2" diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec index d49074f8d..2c977e811 100644 --- a/packaging/fwbuilder-static-qt.spec +++ b/packaging/fwbuilder-static-qt.spec @@ -3,7 +3,7 @@ %define name fwbuilder -%define version 4.2.0.3496 +%define version 4.2.0.3497 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control index 370853d93..f721b8f47 100644 --- a/packaging/fwbuilder.control +++ b/packaging/fwbuilder.control @@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu Priority: extra Section: checkinstall Maintainer: vadim@fwbuilder.org -Version: 4.2.0.3496-1 +Version: 4.2.0.3497-1 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15 Description: Firewall Builder GUI and policy compilers diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec index 30ba17851..d732605a4 100644 --- a/packaging/fwbuilder.spec +++ b/packaging/fwbuilder.spec @@ -1,6 +1,6 @@ %define name fwbuilder -%define version 4.2.0.3496 +%define version 4.2.0.3497 %define release 1 %if "%_vendor" == "MandrakeSoft" From 676220c63322c25e07f9f4f9e4115bfe568d96a0 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Mar 2011 16:15:04 -0800 Subject: [PATCH 06/14] see #2176 better combination of refex to guess PF config; build 3498 --- VERSION | 2 +- VERSION.h | 2 +- packaging/fwbuilder-static-qt.spec | 2 +- packaging/fwbuilder.control | 2 +- packaging/fwbuilder.spec | 2 +- .../IC_PlatformWarningPage.cpp | 7 ++++++- 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/VERSION b/VERSION index 2ede4b633..4685d3e69 100644 --- a/VERSION +++ b/VERSION @@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0 # build number is like "nano" version number. I am incrementing build # number during development cycle # -BUILD_NUM="3497" +BUILD_NUM="3498" VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM" diff --git a/VERSION.h b/VERSION.h index 7a7266fcb..eac3f214f 100644 --- a/VERSION.h +++ b/VERSION.h @@ -1,2 +1,2 @@ -#define VERSION "4.2.0.3497" +#define VERSION "4.2.0.3498" #define GENERATION "4.2" diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec index 2c977e811..2af81b547 100644 --- a/packaging/fwbuilder-static-qt.spec +++ b/packaging/fwbuilder-static-qt.spec @@ -3,7 +3,7 @@ %define name fwbuilder -%define version 4.2.0.3497 +%define version 4.2.0.3498 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control index f721b8f47..45c46faf1 100644 --- a/packaging/fwbuilder.control +++ b/packaging/fwbuilder.control @@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu Priority: extra Section: checkinstall Maintainer: vadim@fwbuilder.org -Version: 4.2.0.3497-1 +Version: 4.2.0.3498-1 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15 Description: Firewall Builder GUI and policy compilers diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec index d732605a4..2d9f1211b 100644 --- a/packaging/fwbuilder.spec +++ b/packaging/fwbuilder.spec @@ -1,6 +1,6 @@ %define name fwbuilder -%define version 4.2.0.3497 +%define version 4.2.0.3498 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp index 62da845c6..a333411e5 100644 --- a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp +++ b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp @@ -88,7 +88,12 @@ void IC_PlatformWarningPage::initializePage() QList pf_conf_re; pf_conf_re << QRegExp("^scrub\\s+\\S+") - << QRegExp("^set\\s+timeout\\s+\\S+"); + << QRegExp("^set\\s+timeout\\s+\\S+") + << QRegExp("^pass\\s+") + << QRegExp("^block\\s+") + << QRegExp("^nat\\s+(?!\\()") + << QRegExp("^rdr\\s+(?!\\()") + << QRegExp("^table\\s+<\\S+>\\s+"); m_dialog->configFileBrowser->clear(); m_dialog->platform->setText(tr("Unknown")); From 8fa729c028a0bd230140eae54c08f56ea25bf52f Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Mar 2011 16:35:06 -0800 Subject: [PATCH 07/14] see #2176, 2198 added button to register for updates about pf import --- .../IC_PlatformWarningPage.cpp | 15 +++++- .../IC_PlatformWarningPage.h | 1 + .../ic_platformwarningpage_q.ui | 52 ++++++++++++++++--- 3 files changed, 61 insertions(+), 7 deletions(-) diff --git a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp index a333411e5..d5c27eb57 100644 --- a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp +++ b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp @@ -31,6 +31,7 @@ #include #include #include +#include IC_PlatformWarningPage::IC_PlatformWarningPage(QWidget *parent) : QWizardPage(parent) @@ -40,6 +41,8 @@ IC_PlatformWarningPage::IC_PlatformWarningPage(QWidget *parent) : QWizardPage(pa setField("platform", ""); + m_dialog->voteForFeatureButton->hide(); + platformOk = false; } @@ -272,8 +275,12 @@ void IC_PlatformWarningPage::initializePage() { m_dialog->platform->setText(tr("pf")); m_dialog->platformSpecificWarning->setText( - tr("Import of PF rules is not supported")); + tr("Firewall Builder does not support import of PF " + "configurations at this time. Click the button below to " + "register for updates about when PF import support will " + "be available.")); platformOk = false; + m_dialog->voteForFeatureButton->show(); } dynamic_cast(wizard())-> @@ -284,3 +291,9 @@ void IC_PlatformWarningPage::initializePage() emit completeChanged(); } +void IC_PlatformWarningPage::voteForFeature() +{ + QString url("http://www.fwbuilder.org/4.0/surveys/pf_import_registration.html"); + QDesktopServices::openUrl(QUrl(url, QUrl::StrictMode)); +} + diff --git a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.h b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.h index b764a711a..61b3bab28 100644 --- a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.h +++ b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.h @@ -42,6 +42,7 @@ public: virtual bool isComplete() const; public slots: + void voteForFeature(); }; #endif // IC_PLATFORMWARNINGPAGE_H diff --git a/src/libgui/importFirewallConfigurationWizard/ic_platformwarningpage_q.ui b/src/libgui/importFirewallConfigurationWizard/ic_platformwarningpage_q.ui index 46577b712..f0922c151 100644 --- a/src/libgui/importFirewallConfigurationWizard/ic_platformwarningpage_q.ui +++ b/src/libgui/importFirewallConfigurationWizard/ic_platformwarningpage_q.ui @@ -16,7 +16,7 @@ - + TextLabel @@ -26,28 +26,48 @@ - + + + + Register (opens registration page in the web browser) + + + + + + + Qt::Horizontal + + + + 188 + 20 + + + + + Firewall Platform: - + TextLabel - + Qt::Horizontal - 238 + 318 20 @@ -61,5 +81,25 @@ - + + + voteForFeatureButton + clicked() + IC_PlatformWarningPage_q + voteForFeature() + + + 150 + 47 + + + 255 + 263 + + + + + + voteForFeature() + From 9ddcea553b2df2f23f5c787c3bcad52de3275c33 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Mar 2011 16:45:06 -0800 Subject: [PATCH 08/14] see #2205 Crash when importing ASA configuration --- src/libgui/IOSImporter.cpp | 2 +- src/libgui/Importer.cpp | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/libgui/IOSImporter.cpp b/src/libgui/IOSImporter.cpp index 60b13efe0..8a861097d 100644 --- a/src/libgui/IOSImporter.cpp +++ b/src/libgui/IOSImporter.cpp @@ -302,11 +302,11 @@ void IOSImporter::ignoreCurrentInterface() { if (current_interface) { - Importer::ignoreCurrentInterface(); QString err("Warning: interface %1 was not imported because it " "is in \"shutdown\" mode\n"); *Importer::logger << err.arg(current_interface->getName().c_str()).toStdString(); + Importer::ignoreCurrentInterface(); // this clears current_interface } } diff --git a/src/libgui/Importer.cpp b/src/libgui/Importer.cpp index b7abbd4d5..b28375f4e 100644 --- a/src/libgui/Importer.cpp +++ b/src/libgui/Importer.cpp @@ -277,6 +277,7 @@ void Importer::ignoreCurrentInterface() string name = current_interface->getName(); current_interface->getParent()->remove(current_interface); all_interfaces.erase(name); + current_interface = NULL; } } @@ -441,7 +442,17 @@ void Importer::setInterfaceAndDirectionForRuleSet(const std::string &ruleset_nam std::string intf; if ( !_intf_name.empty()) intf = _intf_name; - else intf = current_interface->getName(); + else + { + if (current_interface) intf = current_interface->getName(); + else + { + // current_interface is NULL and _intf_name is empty. Not enough + // information to associate ruleset with an interface. + QString err("Can not associate rule set %1 with any interface\n"); + *logger << err.arg(QString::fromUtf8(ruleset_name.c_str())).toStdString(); + } + } if (rs->intf_dir.count(intf)==0) rs->intf_dir[intf] = _dir; From f5e058fdd7d891081770fc05a6ab2d287aaa7d48 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Mar 2011 17:38:28 -0800 Subject: [PATCH 09/14] * IPTImporter.cpp (pushPolicyRule): see #2202 importer for iptables creates Custom Service object to match combination of states it does not recognize. This includes "NEW,ESTABLISHED". --- doc/ChangeLog | 6 ++ src/libgui/IPTImporter.cpp | 119 ++++++++++++++++++++++++++++++------- src/libgui/IPTImporter.h | 3 + 3 files changed, 106 insertions(+), 22 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 4d0da55ad..8867dd384 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,9 @@ +2011-03-08 vadim + + * IPTImporter.cpp (pushPolicyRule): see #2202 importer for + iptables creates Custom Service object to match combination of + states it does not recognize. This includes "NEW,ESTABLISHED". + 2011-03-07 vadim * IPTImporter.cpp (pushNATRule): see #2197 "iptables nat rules in diff --git a/src/libgui/IPTImporter.cpp b/src/libgui/IPTImporter.cpp index f58549577..231af18ae 100644 --- a/src/libgui/IPTImporter.cpp +++ b/src/libgui/IPTImporter.cpp @@ -190,6 +190,14 @@ void IPTImporter::clear() iprange_dst_to = ""; } +string IPTImporter::getBranchName(const std::string &suffix) +{ + ostringstream str; + str << current_chain << suffix << aux_branch_number; + aux_branch_number++; + return str.str(); +} + void IPTImporter::startSrcMultiPort() { src_port_list.clear(); @@ -634,6 +642,18 @@ void IPTImporter::addRecentMatch(PolicyRule *rule) } } +void IPTImporter::addStateMatch(libfwbuilder::PolicyRule *rule, const string &state) +{ + RuleElementSrv* srv = rule->getSrv(); + assert(srv!=NULL); + if (rule->getSrv()->isAny() && !state.empty()) + { + // create custom service with module "state" + srv->addRef(getCustomService( + "iptables", "-m state --state " + state, "")); + recent_match = ""; + } +} /** * Special method that takes a rule and converts it into a branching @@ -663,6 +683,10 @@ PolicyRule* IPTImporter::createPolicyBranch( rule->setAction(PolicyRule::Branch); rule->setBranch(rs->ruleset); + FWOptions *ropt = rule->getOptionsObject(); + assert(ropt!=NULL); + ropt->setBool("stateless", true); + if (rule->getParent() != NULL) { ostringstream str1; @@ -944,12 +968,9 @@ void IPTImporter::pushPolicyRule() branch_rulesets[branch_ruleset_name] = rs; - //current_rule->add(rs->ruleset); - //ropt->setStr("branch_name", branch_ruleset_name); - //getFirewallObject()->remove(rs->ruleset, false); - rs->ruleset->setName(target); rule->setBranch(rs->ruleset); + ropt->setBool("stateless", true); } rule->setAction(action); @@ -958,13 +979,6 @@ void IPTImporter::pushPolicyRule() addDst(); addSrv(); -/* Recognize some typical rule patterns and set firewall and rule - * options appropriately - */ - if (current_state=="NEW") - { - ropt->setBool("stateless", false); - } RuleElementSrc *nsrc; RuleElementDst *ndst; @@ -973,6 +987,15 @@ void IPTImporter::pushPolicyRule() rule->getSrv()->setNeg(srv_neg); rule->getItf()->setNeg(intf_neg); +/* Recognize some typical rule patterns and set firewall and rule + * options appropriately + */ + if (current_state == "NEW") + { + ropt->setBool("stateless", false); + current_state = ""; + } + if (current_state == "RELATED,ESTABLISHED" || current_state == "ESTABLISHED,RELATED") { @@ -991,10 +1014,7 @@ void IPTImporter::pushPolicyRule() if (!rule->getSrv()->isAny()) { - ostringstream str; - str << current_chain << "_established_" << aux_branch_number; - aux_branch_number++; - string branch_ruleset_name = str.str(); + string branch_ruleset_name = getBranchName("_established_"); // two boolean args of createPolicyBranch() clear all rule elements // of the rule in the branch rule set and make it stateless @@ -1010,14 +1030,17 @@ void IPTImporter::pushPolicyRule() srv->addRef(estab); } - QString err("Warning: Line %1: Rule matches states 'RELATED,ESTABLISHED'. " - "Consider using " - "automatic rule controlled by the checkbox in the firewall " - "settings dialog. Automatic rule matches in all standard chains " - "which may be different from the original imported configuration. " - "This requires manual checking." - "\n"); + QString err( + "Warning: Line %1: Rule matches states 'RELATED,ESTABLISHED'. " + "Consider using " + "automatic rule controlled by the checkbox in the firewall " + "settings dialog. Automatic rule matches in all standard chains " + "which may be different from the original imported configuration. " + "This requires manual checking." + "\n"); *Importer::logger << err.arg(getCurrentLineNumber()).toStdString(); + + current_state = ""; } if (rule->getSrc()->isAny() && @@ -1034,8 +1057,60 @@ void IPTImporter::pushPolicyRule() "state INVALID" "\n"); *Importer::logger << err.arg(getCurrentLineNumber()).toStdString(); + + current_state = ""; } + // finally, process unrecognized combination of states + if ( ! current_state.empty()) + { + RuleElementSrv *srv = rule->getSrv(); + + FWObject *state_match_srv = getCustomService( + "iptables", "-m state --state " + current_state, ""); + + if ( ! rule->getSrv()->isAny()) + { + string branch_ruleset_name = getBranchName("_state_match_"); + + // two boolean args of createPolicyBranch() clear all rule elements + // of the rule in the branch rule set and make it stateless + PolicyRule *new_rule = createPolicyBranch(rule, branch_ruleset_name, + true, true); + + new_rule->setDirection(PolicyRule::Both); + RuleElement* re = new_rule->getSrv(); + re->addRef(state_match_srv); + } else + { + srv->clearChildren(); + srv->addRef(state_match_srv); + } + + // no need to make rule stateless since compiler is smart enough to drop + // --state NEW when service object adds its own state match + // ropt->setBool("stateless", false); + + QString err( + "Warning: Line %1: Rule matches combination of states '%2'. " + "Iptables rules generated by fwbuilder can be stateless (match " + "no state) or stateful (match state NEW). Fwbuilder also adds " + "a rule at the top of the script to match states " + "ESTABLISHED,RELATED. Combination of states '%3' does not fit " + "these standard cases and to match it, the program created " + "new Custom Service object. This may require manual checking." + "\n"); + *Importer::logger << err + .arg(getCurrentLineNumber()) + .arg(current_state.c_str()) + .arg(current_state.c_str()) + .toStdString(); + + current_state = ""; + } + + + if (target=="CONNMARK" && last_mark_rule != NULL && !action_params["connmark_save_mark"].empty()) diff --git a/src/libgui/IPTImporter.h b/src/libgui/IPTImporter.h index 1db0b0ae3..ae552d043 100644 --- a/src/libgui/IPTImporter.h +++ b/src/libgui/IPTImporter.h @@ -76,7 +76,10 @@ class IPTImporter : public Importer void addLimitMatch(libfwbuilder::PolicyRule *rule); void addRecentMatch(libfwbuilder::PolicyRule *rule); void addPktTypeMatch(libfwbuilder::PolicyRule *rule); + void addStateMatch(libfwbuilder::PolicyRule *rule, const std::string &state); + std::string getBranchName(const std::string &suffix); + libfwbuilder::PolicyRule* createPolicyBranch( libfwbuilder::PolicyRule *rule, const std::string &branch_name, bool clear_rule_elements, bool make_stateless); From d60b82b47ba16f6254b82374cbf7a712e52d77c3 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Mar 2011 17:46:42 -0800 Subject: [PATCH 10/14] updated unit test for iptables importer --- src/unit_tests/ImporterTest/test_data/ipt.fwb | 3177 +++++++++-------- .../ImporterTest/test_data/ipt.result | 83 +- .../ImporterTest/test_data/ipt.test | 4 + 3 files changed, 1647 insertions(+), 1617 deletions(-) diff --git a/src/unit_tests/ImporterTest/test_data/ipt.fwb b/src/unit_tests/ImporterTest/test_data/ipt.fwb index 4d1238cdb..477c7534c 100644 --- a/src/unit_tests/ImporterTest/test_data/ipt.fwb +++ b/src/unit_tests/ImporterTest/test_data/ipt.fwb @@ -1,6 +1,6 @@ - + @@ -440,20 +440,20 @@ - - - - - - - - + + + + + + + - - - - - + + + + + + @@ -461,154 +461,158 @@ - - - - + + + + + - - - - + + + + - - + + - - + - - - - + + + + - + + - - - - - - + + + + + + - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + - - - + + + + -m state --state NEW,ESTABLISHED + + -m length --length 400:65535 - + -m recent --name badguy --rcheck --seconds 60 - + -m recent --name badguy --set - + -m length --length 400:1500 - + -m pkttype --pkt-type broadcast - - - - - - - - - + + + + + + + + + - - - - + + + + @@ -631,13 +635,11 @@ - + - - - + - + @@ -660,13 +662,11 @@ - + - - - + - + @@ -677,7 +677,7 @@ - + @@ -689,21 +689,19 @@ - + - - - + - + - + - + @@ -718,24 +716,22 @@ - + - - - + - + - + - + - + @@ -747,21 +743,19 @@ - + - - - + - + - + - + @@ -770,19 +764,17 @@ - + - + - - - + - + @@ -793,7 +785,7 @@ - + @@ -809,10 +801,9 @@ - + - @@ -837,7 +828,7 @@ - + @@ -845,16 +836,16 @@ - + - + - + @@ -864,7 +855,7 @@ - + @@ -872,94 +863,13 @@ - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -972,150 +882,13 @@ - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1123,7 +896,223 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1138,8 +1127,8 @@ - - + + @@ -1159,7 +1148,7 @@ - + @@ -1179,9 +1168,9 @@ - + - + @@ -1199,12 +1188,12 @@ - + - + @@ -1219,34 +1208,12 @@ - + - + - - - - - - - - - - - - - - - - - - - - - - - + @@ -1258,103 +1225,17 @@ - + - + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -1365,20 +1246,150 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + - + @@ -1391,15 +1402,15 @@ - + - + - + @@ -1412,15 +1423,15 @@ - + - + - + @@ -1433,15 +1444,15 @@ - + - + - + @@ -1454,15 +1465,15 @@ - + - + - + @@ -1475,15 +1486,15 @@ - + - + - + @@ -1496,15 +1507,15 @@ - + - + - + @@ -1517,15 +1528,15 @@ - + - + - + @@ -1538,15 +1549,15 @@ - + - + - + @@ -1559,15 +1570,15 @@ - + - + - + @@ -1580,15 +1591,15 @@ - + - + - + @@ -1601,15 +1612,15 @@ - + - + - + @@ -1622,15 +1633,15 @@ - + - + - + @@ -1643,15 +1654,15 @@ - + - + - + @@ -1664,15 +1675,15 @@ - + - + - + @@ -1686,15 +1697,15 @@ - + - + - + @@ -1708,9 +1719,9 @@ - + - + @@ -1725,17 +1736,17 @@ - + - + - + - + @@ -1750,12 +1761,12 @@ - + - + @@ -1770,9 +1781,9 @@ - + - + @@ -1790,7 +1801,7 @@ - + @@ -1810,7 +1821,7 @@ - + @@ -1835,95 +1846,7 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -1934,7 +1857,95 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1943,10 +1954,10 @@ - + - + @@ -1954,7 +1965,7 @@ - + @@ -1971,7 +1982,7 @@ - + @@ -1979,7 +1990,7 @@ - + @@ -1996,7 +2007,7 @@ - + @@ -2017,7 +2028,7 @@ - + @@ -2038,9 +2049,9 @@ - + - + @@ -2060,8 +2071,8 @@ - - + + @@ -2069,7 +2080,7 @@ - + @@ -2081,7 +2092,7 @@ - + @@ -2089,10 +2100,10 @@ - + - + @@ -2101,7 +2112,7 @@ - + @@ -2109,7 +2120,7 @@ - + @@ -2121,7 +2132,7 @@ - + @@ -2141,7 +2152,7 @@ - + @@ -2149,7 +2160,7 @@ - + @@ -2161,53 +2172,13 @@ - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2221,29 +2192,9 @@ - + - - - - - - - - - - - - - - - - - - - - - + @@ -2261,7 +2212,47 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2281,7 +2272,7 @@ - + @@ -2301,15 +2292,15 @@ - + - + - + @@ -2321,7 +2312,7 @@ - + @@ -2341,7 +2332,7 @@ - + @@ -2349,7 +2340,7 @@ - + @@ -2361,7 +2352,7 @@ - + @@ -2381,9 +2372,9 @@ - + - + @@ -2401,53 +2392,33 @@ - + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2461,9 +2432,29 @@ - + - + + + + + + + + + + + + + + + + + + + + + @@ -2481,7 +2472,7 @@ - + @@ -2501,7 +2492,27 @@ - + + + + + + + + + + + + + + + + + + + + + @@ -2509,7 +2520,7 @@ - + @@ -2522,7 +2533,7 @@ - + @@ -2549,47 +2560,7 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -2609,7 +2580,27 @@ - + + + + + + + + + + + + + + + + + + + + + @@ -2629,7 +2620,7 @@ - + @@ -2649,7 +2640,7 @@ - + @@ -2669,7 +2660,7 @@ - + @@ -2689,27 +2680,7 @@ - - - - - - - - - - - - - - - - - - - - - + @@ -2729,7 +2700,7 @@ - + @@ -2737,7 +2708,7 @@ - + @@ -2749,7 +2720,7 @@ - + @@ -2757,7 +2728,7 @@ - + @@ -2769,7 +2740,7 @@ - + @@ -2777,8 +2748,7 @@ - - + @@ -2790,7 +2760,7 @@ - + @@ -2798,8 +2768,7 @@ - - + @@ -2811,7 +2780,7 @@ - + @@ -2819,7 +2788,8 @@ - + + @@ -2831,7 +2801,28 @@ - + + + + + + + + + + + + + + + + + + + + + + @@ -2851,7 +2842,7 @@ - + @@ -2871,69 +2862,7 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -2941,163 +2870,7 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -3109,434 +2882,7 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -3556,10 +2902,205 @@ - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -3579,10 +3120,7 @@ - - - - + @@ -3590,7 +3128,7 @@ - + @@ -3604,8 +3142,8 @@ - - + + @@ -3613,7 +3151,7 @@ - + @@ -3627,8 +3165,504 @@ - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -3636,7 +3670,7 @@ - + @@ -3647,13 +3681,13 @@ - + - - + + @@ -3661,7 +3695,7 @@ - + @@ -3672,13 +3706,13 @@ - + - - + + @@ -3686,7 +3720,7 @@ - + @@ -3700,8 +3734,8 @@ - - + + @@ -3709,7 +3743,7 @@ - + @@ -3723,8 +3757,8 @@ - - + + @@ -3745,12 +3779,12 @@ - + - + @@ -3766,9 +3800,9 @@ - + - + @@ -3786,7 +3820,7 @@ - + @@ -3806,7 +3840,7 @@ - + @@ -3830,13 +3864,14 @@ - + - - - - + + + + + @@ -3863,7 +3898,7 @@ - - + + diff --git a/src/unit_tests/ImporterTest/test_data/ipt.result b/src/unit_tests/ImporterTest/test_data/ipt.result index bde2b3836..0735d29d0 100644 --- a/src/unit_tests/ImporterTest/test_data/ipt.result +++ b/src/unit_tests/ImporterTest/test_data/ipt.result @@ -10,25 +10,30 @@ Warning: Line 9: Rule matches states 'RELATED,ESTABLISHED'. Consider using autom Warning: Line 12: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. Warning: Line 13: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. Warning: Line 14: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Network object: net-192.168.2.0/24 +TCP Service object: tcp 22-22 +Custom Service object: cust-0: iptables: -m state --state NEW,ESTABLISHED +Created branch INPUT_state_match_0 +Warning: Line 18: Rule matches combination of states 'NEW,ESTABLISHED'. Iptables rules generated by fwbuilder can be stateless (match no state) or stateful (match state NEW). Fwbuilder also adds a rule at the top of the script to match states ESTABLISHED,RELATED. Combination of states 'NEW,ESTABLISHED' does not fit these standard cases and to match it, the program created new Custom Service object. This may require manual checking. Address object: h-21.21.21.21 TCP Service object: tcp 22-22: -Created branch OUTPUT_established_0 -Warning: Line 19: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. -TCP Service object: tcp 23-23 Created branch OUTPUT_established_1 -Warning: Line 24: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. -Warning: Line 27: Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID -Warning: Line 30: Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID +Warning: Line 23: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +TCP Service object: tcp 23-23 +Created branch OUTPUT_established_2 +Warning: Line 28: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Warning: Line 31: Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID +Warning: Line 34: Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID New interface: lo UDP Service object: udp 1604-1604 Created branch Policy_eth1 New interface: eth1 New interface: eth0 -Warning: Line 38: Creating branch ruleset 'Policy_eth1' to match inbound and outbound interfaces -i eth0 -o eth1 +Warning: Line 42: Creating branch ruleset 'Policy_eth1' to match inbound and outbound interfaces -i eth0 -o eth1 TCP Service object: tcp 0-8000 UDP Service object: udp 0-8000 -Warning: Line 65: Unknown parameter of target REJECT: icmp-foo-prohibited. -Warning: Line 66: Unknown parameter of target REJECT: foo-prohib. +Warning: Line 69: Unknown parameter of target REJECT: icmp-foo-prohibited. +Warning: Line 70: Unknown parameter of target REJECT: foo-prohib. AddressRange object: range-10.212.66.2-10.212.66.3 AddressRange object: range-192.11.1.11-192.11.1.63 Address object: h-10.212.66.2 @@ -39,12 +44,11 @@ ICMP Service object: icmp -1/-1 Address object: h-192.168.1.1 IP Service object: ip-47 Network object: net-1.1.0.0/16 -Warning: Line 99: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Warning: Line 103: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. Network object: net-192.168.19.0/24 TCP Service object: tcp 5432-5432 Address object: h-192.168.16.125 TCP Service object: tcp 873-873 -TCP Service object: tcp 22-22 Address object: h-192.0.34.166 TCP Service object: tcp 137-139 TCP Service object: tcp 0-1023 @@ -66,8 +70,8 @@ TCP Service object: tcp fsrpau/f TCP Service object: tcp sr/sr TCP Service object: tcp fs/fs TCP Service object: tcp fsrpau/N -Parser error: Line 146: Port spec 'foo' unknown -Parser error: Line 146: Port spec 'foo' unknown +Parser error: Line 150: Port spec 'foo' unknown +Parser error: Line 150: Port spec 'foo' unknown TCP Service object: tcp TCP Service object: tcp 427-427 UDP Service object: udp 427-427 @@ -85,15 +89,15 @@ TCP Service object: tcp 206-206: TCP Service object: tcp 2222-2222: ICMP Service object: icmp 3/-1 ICMP Service object: icmp 3/6 -Custom Service object: cust-0: iptables: -m length --length 400:65535 -Custom Service object: cust-1: iptables: -m recent --name badguy --rcheck --seconds 60 +Custom Service object: cust-1: iptables: -m length --length 400:65535 +Custom Service object: cust-2: iptables: -m recent --name badguy --rcheck --seconds 60 Created branch user_chain_42_mod_match -Custom Service object: cust-2: iptables: -m recent --name badguy --set +Custom Service object: cust-3: iptables: -m recent --name badguy --set TCP Service object: tcp 5190-5190 Created branch user_chain_43_mod_match Tag Service object: tag-0x11 Created branch user_chain_44_mod_match -Custom Service object: cust-3: iptables: -m length --length 400:1500 +Custom Service object: cust-4: iptables: -m length --length 400:1500 Created branch user_chain_45_mod_match Tag Service object: tag-0x1 TCP Service object: tcp fsrpau/s @@ -102,16 +106,16 @@ Tag Service object: tag-0x4 Created branch user_chain_47_mod_match TCP Service object: tcp 53-53: Created branch user_chain_48_mod_match -Parser error: Line 202: Original rule combines match of tcp/udp/icmp +Parser error: Line 206: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. Created branch user_chain_49_mod_match -Parser error: Line 203: Original rule combines match of tcp/udp/icmp +Parser error: Line 207: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. -Custom Service object: cust-4: iptables: -m pkttype --pkt-type broadcast +Custom Service object: cust-5: iptables: -m pkttype --pkt-type broadcast Ruleset: mangle / PREROUTING Default action: Accept Ruleset: mangle / INPUT @@ -126,9 +130,9 @@ Tag Service object: tag-16 TCP Service object: tcp 25-25 Tag Service object: tag-0xa Tag Service object: tag-0xB -Warning: Line 231: Skip command with '-j CONNMARK --restore-mark' This rule is generated automatically. +Warning: Line 235: Skip command with '-j CONNMARK --restore-mark' This rule is generated automatically. TCP Service object: tcp 25-25: -Warning: Line 235: Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark' +Warning: Line 239: Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark' Tag Service object: tag-1 New interface: eth2 Tag Service object: tag-2 @@ -140,23 +144,13 @@ Ruleset: nat / OUTPUT Default action: Accept Network object: net-192.168.1.0/24 Address object: h-222.222.222.222 -Parser error: Line 253: Original rule defines outbound interface 'eth1'. - Replace address in TSrc with matching interface of the firewall. -Parser error: Line 254: Original rule defines outbound interface 'eth0'. - Replace address in TSrc with matching interface of the firewall. Network object: net-192.168.1.32/27 -Address object: h-222.222.222.100 -Parser error: Line 255: Original rule defines outbound interface 'eth+'. - Replace address in TSrc with matching interface of the firewall. +AddressRange object: range-222.222.222.10-222.222.222.100 +New interface: eth+ Address object: h-192.168.1.20 -Parser error: Line 256: Original rule defines outbound interface 'eth+'. - Replace address in TSrc with matching interface of the firewall. +AddressRange object: range-192.168.1.1-192.168.1.10 Address object: h-192.168.1.10 -Parser error: Line 257: Original rule defines outbound interface 'eth+'. - Replace address in TSrc with matching interface of the firewall. TCP Service object: tcp 1000-1010: -Parser error: Line 258: Original rule defines outbound interface 'eth1'. - Replace address in TSrc with matching interface of the firewall. Network object: net-222.222.222.0/24 TCP Service object: tcp 25-50 ICMP Service object: icmp 8/0 @@ -173,18 +167,15 @@ TCP Service object: tcp 13-13 TCP Service object: tcp 2105-2105 Address object: h-192.168.3.145 Address object: h-1.1.1.1 -Parser error: Line 272: Original rule defines inbound interface 'eth0'. - Replace address in ODst with matching interface of the firewall. -Network object: net-192.168.2.0/24 Address object: h-192.168.1.22 Address object: h-192.168.2.10 Address object: h-22.22.22.23 ICMP Service object: icmp 11/0 -Warning: Line 282: Added rule to reproduce default policy ACCEPT in filter/OUTPUT -Warning: Line 282: Can not reproduce default action in table 'mangle' chain 'FORWARD'. -Warning: Line 282: Added rule to reproduce default policy ACCEPT in mangle/FORWARD -Warning: Line 282: Can not reproduce default action in table 'mangle' chain 'INPUT'. -Warning: Line 282: Added rule to reproduce default policy ACCEPT in mangle/INPUT -Warning: Line 282: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT -Warning: Line 282: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING -Warning: Line 282: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING +Warning: Line 286: Added rule to reproduce default policy ACCEPT in filter/OUTPUT +Warning: Line 286: Can not reproduce default action in table 'mangle' chain 'FORWARD'. +Warning: Line 286: Added rule to reproduce default policy ACCEPT in mangle/FORWARD +Warning: Line 286: Can not reproduce default action in table 'mangle' chain 'INPUT'. +Warning: Line 286: Added rule to reproduce default policy ACCEPT in mangle/INPUT +Warning: Line 286: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT +Warning: Line 286: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING +Warning: Line 286: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING diff --git a/src/unit_tests/ImporterTest/test_data/ipt.test b/src/unit_tests/ImporterTest/test_data/ipt.test index 385fd74e2..a7a2cc01b 100644 --- a/src/unit_tests/ImporterTest/test_data/ipt.test +++ b/src/unit_tests/ImporterTest/test_data/ipt.test @@ -13,6 +13,10 @@ -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# unusual combination of states, creates custom service object. Also, since the same rule +# matches tcp service and custom service, branch will be created +-A INPUT -s 192.168.2.0/24 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT + # this creates a branch, matching service in the main policy and # ESTABLISHED,RELATE states in the branch # From de8921b32e5241c82a118e485b7b759397649361 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Mar 2011 18:15:57 -0800 Subject: [PATCH 11/14] * Importer.cpp (addStandardRuleComment): see #2189 Program adds the file name and the line number to comments of policy and nat rules it creates during import. --- doc/ChangeLog | 4 + src/libgui/IPTImporter.cpp | 5 +- src/libgui/Importer.cpp | 14 +- src/libgui/Importer.h | 6 + .../IC_ProgressPage.cpp | 5 +- .../ImporterThread.cpp | 7 +- .../ImporterThread.h | 4 +- src/unit_tests/ImporterTest/test_data/ios.fwb | 34 +-- src/unit_tests/ImporterTest/test_data/ipt.fwb | 258 +++++++++--------- 9 files changed, 184 insertions(+), 153 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 8867dd384..9a95913ea 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,9 @@ 2011-03-08 vadim + * Importer.cpp (addStandardRuleComment): see #2189 Program adds + the file name and the line number to comments of policy and nat + rules it creates during import. + * IPTImporter.cpp (pushPolicyRule): see #2202 importer for iptables creates Custom Service object to match combination of states it does not recognize. This includes "NEW,ESTABLISHED". diff --git a/src/libgui/IPTImporter.cpp b/src/libgui/IPTImporter.cpp index 231af18ae..888385d38 100644 --- a/src/libgui/IPTImporter.cpp +++ b/src/libgui/IPTImporter.cpp @@ -1258,8 +1258,7 @@ void IPTImporter::pushPolicyRule() processModuleMatches(); - current_rule->setComment(rule_comment); - + current_rule->setComment(addStandardRuleComment(rule_comment)); } current_rule = NULL; @@ -1491,7 +1490,7 @@ void IPTImporter::pushNATRule() // renumber to clean-up rule positions ruleset->renumberRules(); - current_rule->setComment(rule_comment); + current_rule->setComment(addStandardRuleComment(rule_comment)); // RuleSet *nat = RuleSet::cast( // getFirewallObject()->getFirstByType(NAT::TYPENAME)); diff --git a/src/libgui/Importer.cpp b/src/libgui/Importer.cpp index b28375f4e..38da7cd9c 100644 --- a/src/libgui/Importer.cpp +++ b/src/libgui/Importer.cpp @@ -535,7 +535,7 @@ void Importer::pushRule() // then add it to the current ruleset current_ruleset->ruleset->add(current_rule); - current_rule->setComment(rule_comment); + current_rule->setComment(addStandardRuleComment(rule_comment)); // *logger << "Rule: " << action << " " // << protocol << " " @@ -1242,4 +1242,16 @@ void Importer::addMessageToLog(const std::string &msg) *logger << msg + "\n"; } +string Importer::addStandardRuleComment(const string &comment) +{ + string rule_comment = comment; + if (!rule_comment.empty()) rule_comment += "\n"; + QString file_and_line("Created during import of %1 line %2"); + rule_comment += string( + file_and_line + .arg(QString::fromUtf8(input_file_name.c_str())) + .arg(getCurrentLineNumber()).toUtf8().constData()); + return rule_comment; +} + diff --git a/src/libgui/Importer.h b/src/libgui/Importer.h index 1e1766d02..84255bdfb 100644 --- a/src/libgui/Importer.h +++ b/src/libgui/Importer.h @@ -97,6 +97,7 @@ protected: libfwbuilder::FWObject *library; + std::string input_file_name; std::istringstream &input; std::string platform; @@ -272,7 +273,12 @@ public: virtual void run(); + void setFileName(const std::string &fn) { input_file_name = fn; } void setPlatform(const std::string &pl) { platform = pl; } + + // add standard line to rule comment, this adds something like + // "created during import from , line " + std::string addStandardRuleComment(const std::string &comment); int errorCounter() { return error_counter; } diff --git a/src/libgui/importFirewallConfigurationWizard/IC_ProgressPage.cpp b/src/libgui/importFirewallConfigurationWizard/IC_ProgressPage.cpp index 6efb7e6b9..998b6cfec 100644 --- a/src/libgui/importFirewallConfigurationWizard/IC_ProgressPage.cpp +++ b/src/libgui/importFirewallConfigurationWizard/IC_ProgressPage.cpp @@ -138,10 +138,13 @@ void IC_ProgressPage::initializePage() QStringList *buffer = dynamic_cast(wizard())-> getBufferPtr(); + QString fileName = field("fileName").toString(); importer = new ImporterThread(this, mw->getCurrentLib(), - *buffer, platform, firewallName); + *buffer, platform, firewallName, fileName); + + connect(importer, SIGNAL(destroyed(QObject*)), this, SLOT(importerDestroyed(QObject*))); connect(importer, SIGNAL(finished()), diff --git a/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp b/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp index 478ed9a1c..180a28221 100644 --- a/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp +++ b/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp @@ -45,13 +45,15 @@ ImporterThread::ImporterThread(QWidget *ui, FWObject *lib, const QStringList &buffer, const QString &platform, - const QString &firewallName) + const QString &firewallName, + const QString &fileName) { this->lib = lib; this->ui = ui; this->buffer = buffer; this->platform = platform; this->firewallName = firewallName; + this->fileName = fileName; importer = NULL; stopFlag = false; } @@ -83,6 +85,9 @@ void ImporterThread::run() if (importer) { + + importer->setFileName(fileName.toUtf8().constData()); + try { importer->run(); diff --git a/src/libgui/importFirewallConfigurationWizard/ImporterThread.h b/src/libgui/importFirewallConfigurationWizard/ImporterThread.h index d805e62fa..510478fcb 100644 --- a/src/libgui/importFirewallConfigurationWizard/ImporterThread.h +++ b/src/libgui/importFirewallConfigurationWizard/ImporterThread.h @@ -46,6 +46,7 @@ class ImporterThread : public QThread libfwbuilder::FWObject *lib; Importer *importer; + QString fileName; QStringList buffer; QString firewallName; QString platform; @@ -58,7 +59,8 @@ public: libfwbuilder::FWObject *lib, const QStringList &buffer, const QString &platform, - const QString &firewallName); + const QString &firewallName, + const QString &fileName); virtual ~ImporterThread(); void run(); diff --git a/src/unit_tests/ImporterTest/test_data/ios.fwb b/src/unit_tests/ImporterTest/test_data/ios.fwb index dfb59c6e5..c769afb9a 100644 --- a/src/unit_tests/ImporterTest/test_data/ios.fwb +++ b/src/unit_tests/ImporterTest/test_data/ios.fwb @@ -1,6 +1,6 @@ - + @@ -500,7 +500,7 @@ - + @@ -520,7 +520,7 @@ - + @@ -540,7 +540,7 @@ - + @@ -560,7 +560,7 @@ - + @@ -580,7 +580,7 @@ - + @@ -600,7 +600,7 @@ - + @@ -620,7 +620,7 @@ - + @@ -640,7 +640,7 @@ - + @@ -660,7 +660,7 @@ - + @@ -680,7 +680,7 @@ - + @@ -700,7 +700,7 @@ - + @@ -720,7 +720,7 @@ - + @@ -740,7 +740,7 @@ - + @@ -760,7 +760,7 @@ - + @@ -780,7 +780,7 @@ - + @@ -800,7 +800,7 @@ - + diff --git a/src/unit_tests/ImporterTest/test_data/ipt.fwb b/src/unit_tests/ImporterTest/test_data/ipt.fwb index 477c7534c..430a55c22 100644 --- a/src/unit_tests/ImporterTest/test_data/ipt.fwb +++ b/src/unit_tests/ImporterTest/test_data/ipt.fwb @@ -1,6 +1,6 @@ - + @@ -612,7 +612,7 @@ - + @@ -639,7 +639,7 @@ - + @@ -666,7 +666,7 @@ - + @@ -693,7 +693,7 @@ - + @@ -720,7 +720,7 @@ - + @@ -747,7 +747,7 @@ - + @@ -774,7 +774,7 @@ - + @@ -801,7 +801,7 @@ - + @@ -828,7 +828,7 @@ - + @@ -855,7 +855,7 @@ - + @@ -882,7 +882,7 @@ - + @@ -909,7 +909,7 @@ - + @@ -936,7 +936,7 @@ - + @@ -963,7 +963,7 @@ - + @@ -990,7 +990,7 @@ - + @@ -1017,7 +1017,7 @@ - + @@ -1044,7 +1044,7 @@ - + @@ -1071,7 +1071,7 @@ - + @@ -1098,7 +1098,7 @@ - + @@ -1128,7 +1128,7 @@ - + @@ -1148,7 +1148,7 @@ - + @@ -1168,7 +1168,7 @@ - + @@ -1188,7 +1188,7 @@ - + @@ -1208,7 +1208,7 @@ - + @@ -1230,7 +1230,7 @@ - + @@ -1252,7 +1252,7 @@ - + @@ -1274,7 +1274,7 @@ - + @@ -1294,7 +1294,7 @@ - + @@ -1316,7 +1316,7 @@ - + @@ -1338,7 +1338,7 @@ - + @@ -1360,7 +1360,7 @@ - + @@ -1381,7 +1381,7 @@ - + @@ -1402,7 +1402,7 @@ - + @@ -1423,7 +1423,7 @@ - + @@ -1444,7 +1444,7 @@ - + @@ -1465,7 +1465,7 @@ - + @@ -1486,7 +1486,7 @@ - + @@ -1507,7 +1507,7 @@ - + @@ -1528,7 +1528,7 @@ - + @@ -1549,7 +1549,7 @@ - + @@ -1570,7 +1570,7 @@ - + @@ -1591,7 +1591,7 @@ - + @@ -1612,7 +1612,7 @@ - + @@ -1633,7 +1633,7 @@ - + @@ -1654,7 +1654,7 @@ - + @@ -1675,7 +1675,7 @@ - + @@ -1697,7 +1697,7 @@ - + @@ -1719,7 +1719,7 @@ - + @@ -1741,7 +1741,7 @@ - + @@ -1761,7 +1761,7 @@ - + @@ -1781,7 +1781,7 @@ - + @@ -1801,7 +1801,7 @@ - + @@ -1821,7 +1821,7 @@ - + @@ -1846,7 +1846,7 @@ - + @@ -1868,7 +1868,7 @@ - + @@ -1890,7 +1890,7 @@ - + @@ -1912,7 +1912,7 @@ - + @@ -1934,7 +1934,7 @@ - + @@ -1957,7 +1957,7 @@ - + @@ -1982,7 +1982,7 @@ - + @@ -2007,7 +2007,7 @@ - + @@ -2028,7 +2028,7 @@ - + @@ -2072,7 +2072,7 @@ - + @@ -2092,7 +2092,7 @@ - + @@ -2112,7 +2112,7 @@ - + @@ -2132,7 +2132,7 @@ - + @@ -2152,7 +2152,7 @@ - + @@ -2172,7 +2172,7 @@ - + @@ -2192,7 +2192,7 @@ - + @@ -2212,7 +2212,7 @@ - + @@ -2232,7 +2232,7 @@ - + @@ -2252,7 +2252,7 @@ - + @@ -2272,7 +2272,7 @@ - + @@ -2292,7 +2292,7 @@ - + @@ -2312,7 +2312,7 @@ - + @@ -2332,7 +2332,7 @@ - + @@ -2352,7 +2352,7 @@ - + @@ -2372,7 +2372,7 @@ - + @@ -2392,7 +2392,7 @@ - + @@ -2412,7 +2412,7 @@ - + @@ -2432,7 +2432,7 @@ - + @@ -2452,7 +2452,7 @@ - + @@ -2472,7 +2472,7 @@ - + @@ -2492,7 +2492,7 @@ - + @@ -2512,7 +2512,7 @@ - + @@ -2533,7 +2533,7 @@ - + @@ -2560,7 +2560,7 @@ - + @@ -2580,7 +2580,7 @@ - + @@ -2600,7 +2600,7 @@ - + @@ -2620,7 +2620,7 @@ - + @@ -2640,7 +2640,7 @@ - + @@ -2660,7 +2660,7 @@ - + @@ -2680,7 +2680,7 @@ - + @@ -2700,7 +2700,7 @@ - + @@ -2720,7 +2720,7 @@ - + @@ -2740,7 +2740,7 @@ - + @@ -2760,7 +2760,7 @@ - + @@ -2780,7 +2780,7 @@ - + @@ -2801,7 +2801,7 @@ - + @@ -2822,7 +2822,7 @@ - + @@ -2842,7 +2842,7 @@ - + @@ -2862,7 +2862,7 @@ - + @@ -2882,7 +2882,7 @@ - + @@ -2902,7 +2902,7 @@ - + @@ -2922,7 +2922,7 @@ - + @@ -2944,7 +2944,7 @@ - + @@ -2966,7 +2966,7 @@ - + @@ -2988,7 +2988,7 @@ - + @@ -3010,7 +3010,7 @@ - + @@ -3032,7 +3032,7 @@ - + @@ -3054,7 +3054,7 @@ - + @@ -3077,7 +3077,7 @@ - + @@ -3100,7 +3100,7 @@ - + @@ -3120,7 +3120,7 @@ - + @@ -3215,7 +3215,7 @@ - + @@ -3242,7 +3242,7 @@ - + @@ -3269,7 +3269,7 @@ - + @@ -3296,7 +3296,7 @@ - + @@ -3323,7 +3323,7 @@ - + @@ -3350,7 +3350,7 @@ - + @@ -3377,7 +3377,7 @@ - + @@ -3404,7 +3404,7 @@ - + @@ -3424,7 +3424,7 @@ - + @@ -3444,7 +3444,7 @@ - + @@ -3464,7 +3464,7 @@ - + @@ -3484,7 +3484,7 @@ - + @@ -3504,7 +3504,7 @@ - + @@ -3524,7 +3524,7 @@ - + From a1111b83bd3dfd2254453aca41265bcc12742710 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Mar 2011 19:02:19 -0800 Subject: [PATCH 12/14] * PolicyCompiler.cpp (checkForShadowing): see #2204 "Shadowing detected for rule with action Continue". Policy rules with action "Continue" should not shadow other rules and can not be shadowed. --- doc/ChangeLog | 4 ++++ .../src/fwcompiler/PolicyCompiler.cpp | 7 +++++++ test/ipt/cluster1_secuwall-1.fw.orig | 6 +++--- test/ipt/firewall-base-rulesets.fw.orig | 6 +++--- test/ipt/firewall-ipv6-1.fw.orig | 6 +++--- test/ipt/firewall-ipv6-2.fw.orig | 6 +++--- test/ipt/firewall-ipv6-3.fw.orig | 6 +++--- test/ipt/firewall-ipv6-4-1.fw.orig | 6 +++--- test/ipt/firewall-ipv6-4.fw.orig | 6 +++--- test/ipt/firewall-ipv6-5.fw.orig | 6 +++--- test/ipt/firewall-ipv6-6.fw.orig | 6 +++--- test/ipt/firewall-ipv6-7.fw.orig | 6 +++--- test/ipt/firewall-ipv6-8.fw.orig | 6 +++--- ...all-ipv6-ipt-reset-prolog-after-flush.fw.orig | 6 +++--- ...pv6-ipt-reset-prolog-after-interfaces.fw.orig | 6 +++--- .../firewall-ipv6-ipt-reset-prolog-top.fw.orig | 6 +++--- .../ipt/firewall-ipv6-prolog-after-flush.fw.orig | 6 +++--- ...firewall-ipv6-prolog-after-interfaces.fw.orig | 6 +++--- test/ipt/firewall-ipv6-prolog-top.fw.orig | 6 +++--- test/ipt/firewall-server-1-s.fw.orig | 6 +++--- test/ipt/firewall.fw.orig | 6 +++--- test/ipt/firewall1.fw.orig | 6 +++--- test/ipt/firewall10.fw.orig | 6 +++--- test/ipt/firewall11.fw.orig | 6 +++--- test/ipt/firewall12.fw.orig | 6 +++--- test/ipt/firewall13.fw.orig | 6 +++--- test/ipt/firewall14.fw.orig | 6 +++--- test/ipt/firewall15.fw.orig | 6 +++--- test/ipt/firewall16.fw.orig | 6 +++--- test/ipt/firewall17.fw.orig | 6 +++--- test/ipt/firewall18.fw.orig | 6 +++--- test/ipt/firewall19.fw.orig | 6 +++--- test/ipt/firewall2-1.fw.orig | 6 +++--- test/ipt/firewall2-2.fw.orig | 6 +++--- test/ipt/firewall2-3.fw.orig | 6 +++--- test/ipt/firewall2-4.fw.orig | 6 +++--- test/ipt/firewall2-5.fw.orig | 6 +++--- test/ipt/firewall2-6.fw.orig | 6 +++--- test/ipt/firewall2-7.fw.orig | 6 +++--- test/ipt/firewall2.fw.orig | 6 +++--- test/ipt/firewall20-ipv6.fw.orig | 6 +++--- test/ipt/firewall20.fw.orig | 6 +++--- test/ipt/firewall21-1.fw.orig | 6 +++--- test/ipt/firewall21.fw.orig | 6 +++--- test/ipt/firewall22.fw.orig | 6 +++--- test/ipt/firewall23-1.fw.orig | 6 +++--- test/ipt/firewall23.fw.orig | 6 +++--- test/ipt/firewall24.fw.orig | 6 +++--- test/ipt/firewall25.fw.orig | 6 +++--- test/ipt/firewall26.fw.orig | 6 +++--- test/ipt/firewall27.fw.orig | 6 +++--- test/ipt/firewall28.fw.orig | 6 +++--- test/ipt/firewall29.fw.orig | 6 +++--- test/ipt/firewall3.fw.orig | 6 +++--- test/ipt/firewall30.fw.orig | 6 +++--- test/ipt/firewall31.fw.orig | 6 +++--- test/ipt/firewall32.fw.orig | 6 +++--- test/ipt/firewall33-1.fw.orig | 16 ++++++++-------- test/ipt/firewall33.fw.orig | 16 ++++++++-------- test/ipt/firewall34.fw.orig | 6 +++--- test/ipt/firewall35.fw.orig | 6 +++--- test/ipt/firewall36-1.fw.orig | 6 +++--- test/ipt/firewall36-2.fw.orig | 6 +++--- test/ipt/firewall36.fw.orig | 6 +++--- test/ipt/firewall37-1.fw.orig | 6 +++--- test/ipt/firewall37.fw.orig | 6 +++--- test/ipt/firewall38.fw.orig | 6 +++--- test/ipt/firewall39.fw.orig | 6 +++--- test/ipt/firewall4.fw.orig | 6 +++--- test/ipt/firewall40-1.fw.orig | 6 +++--- test/ipt/firewall40-2.fw.orig | 6 +++--- test/ipt/firewall40.fw.orig | 6 +++--- test/ipt/firewall41-1.fw.orig | 6 +++--- test/ipt/firewall41.fw.orig | 16 ++++------------ test/ipt/firewall42.fw.orig | 6 +++--- test/ipt/firewall5.fw.orig | 6 +++--- test/ipt/firewall50.fw.orig | 6 +++--- test/ipt/firewall51.fw.orig | 6 +++--- test/ipt/firewall6.fw.orig | 6 +++--- test/ipt/firewall60.fw.orig | 6 +++--- test/ipt/firewall61-1.2.5.fw.orig | 6 +++--- test/ipt/firewall61-1.2.6.fw.orig | 6 +++--- test/ipt/firewall61-1.3.x.fw.orig | 6 +++--- test/ipt/firewall61-1.4.fw.orig | 6 +++--- test/ipt/firewall62.fw.orig | 6 +++--- test/ipt/firewall63.fw.orig | 6 +++--- test/ipt/firewall7.fw.orig | 6 +++--- test/ipt/firewall70.fw.orig | 6 +++--- test/ipt/firewall71.fw.orig | 6 +++--- test/ipt/firewall72-1.3.x.fw.orig | 6 +++--- test/ipt/firewall72-1.4.3.fw.orig | 6 +++--- test/ipt/firewall73.fw.orig | 6 +++--- test/ipt/firewall74.fw.orig | 6 +++--- test/ipt/firewall8.fw.orig | 6 +++--- test/ipt/firewall80.fw.orig | 6 +++--- test/ipt/firewall81.fw.orig | 6 +++--- test/ipt/firewall82.fw.orig | 6 +++--- test/ipt/firewall82_A.fw.orig | 6 +++--- test/ipt/firewall82_B.fw.orig | 6 +++--- test/ipt/firewall9.fw.orig | 6 +++--- test/ipt/firewall90.fw.orig | 6 +++--- test/ipt/firewall91.fw.orig | 6 +++--- test/ipt/firewall92.fw.orig | 6 +++--- test/ipt/firewall93.fw.orig | 6 +++--- test/ipt/fw-A.fw.orig | 6 +++--- test/ipt/fw1.fw.orig | 6 +++--- test/ipt/fwbuilder.fw.orig | 6 +++--- test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig | 6 +++--- test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig | 6 +++--- test/ipt/heartbeat_cluster_1_linux-1.fw.orig | 6 +++--- test/ipt/heartbeat_cluster_1_linux-2.fw.orig | 6 +++--- test/ipt/heartbeat_cluster_2_linux-1.fw.orig | 6 +++--- test/ipt/heartbeat_cluster_2_linux-2.fw.orig | 6 +++--- test/ipt/host.fw.orig | 6 +++--- test/ipt/openais_cluster_1_linux-1.fw.orig | 6 +++--- test/ipt/openais_cluster_1_linux-2.fw.orig | 6 +++--- test/ipt/rc.firewall.local | 4 ++-- test/ipt/rh90.fw.orig | 6 +++--- test/ipt/secuwall_cluster_1_secuwall-1.fw.orig | 6 +++--- test/ipt/server-cluster-1_server-1.fw.orig | 6 +++--- test/ipt/server-cluster-1_server-2.fw.orig | 6 +++--- test/ipt/test-shadowing-1.fw.orig | 6 +++--- test/ipt/test-shadowing-2.fw.orig | 6 +++--- test/ipt/test-shadowing-3.fw.orig | 6 +++--- test/ipt/test_fw.fw.orig | 6 +++--- test/ipt/vrrp_cluster_1_linux-1.fw.orig | 6 +++--- test/ipt/vrrp_cluster_1_linux-2.fw.orig | 6 +++--- test/ipt/vrrp_cluster_2_linux-1.fw.orig | 6 +++--- test/ipt/vrrp_cluster_2_linux-2.fw.orig | 6 +++--- test/ipt/vrrp_cluster_2_linux-3.fw.orig | 6 +++--- 130 files changed, 405 insertions(+), 402 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 9a95913ea..5dc871a39 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,9 @@ 2011-03-08 vadim + * PolicyCompiler.cpp (checkForShadowing): see #2204 "Shadowing + detected for rule with action Continue". Policy rules with action + "Continue" should not shadow other rules and can not be shadowed. + * Importer.cpp (addStandardRuleComment): see #2189 Program adds the file name and the line number to comments of policy and nat rules it creates during import. diff --git a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.cpp b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.cpp index 201b5effc..ddaea2ed5 100644 --- a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.cpp +++ b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.cpp @@ -208,6 +208,13 @@ bool PolicyCompiler::checkForShadowing(PolicyRule &r1, PolicyRule &r2) if (r1_action==PolicyRule::Branch || r2_action==PolicyRule::Branch ) return false; + /* + * rules with action continue do not make final decision and + * therefore can not shadow other rules or be shadowed + */ + if (r1_action==PolicyRule::Continue || + r2_action==PolicyRule::Continue ) return false; + Address *src1; Address *dst1; Service *srv1; diff --git a/test/ipt/cluster1_secuwall-1.fw.orig b/test/ipt/cluster1_secuwall-1.fw.orig index d94c43d74..3bc1b19fc 100755 --- a/test/ipt/cluster1_secuwall-1.fw.orig +++ b/test/ipt/cluster1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:51 2011 PST by vadim +# Generated Tue Mar 8 18:59:33 2011 PST by vadim # # files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw # @@ -588,7 +588,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:51 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:33 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-base-rulesets.fw.orig b/test/ipt/firewall-base-rulesets.fw.orig index d5a1d8eb6..8e1d7cf39 100755 --- a/test/ipt/firewall-base-rulesets.fw.orig +++ b/test/ipt/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:48 2011 PST by vadim +# Generated Tue Mar 8 18:58:32 2011 PST by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # @@ -445,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:48 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-1.fw.orig b/test/ipt/firewall-ipv6-1.fw.orig index 397b25294..05f9d69a0 100755 --- a/test/ipt/firewall-ipv6-1.fw.orig +++ b/test/ipt/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:56 2011 PST by vadim +# Generated Tue Mar 8 18:58:39 2011 PST by vadim # # files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw # @@ -702,7 +702,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:56 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:39 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-2.fw.orig b/test/ipt/firewall-ipv6-2.fw.orig index 9568aa966..dde23541b 100755 --- a/test/ipt/firewall-ipv6-2.fw.orig +++ b/test/ipt/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:58 2011 PST by vadim +# Generated Tue Mar 8 18:58:43 2011 PST by vadim # # files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw # @@ -966,7 +966,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:58 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:43 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-3.fw.orig b/test/ipt/firewall-ipv6-3.fw.orig index 065ee93fc..56bf68800 100755 --- a/test/ipt/firewall-ipv6-3.fw.orig +++ b/test/ipt/firewall-ipv6-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:07 2011 PST by vadim +# Generated Tue Mar 8 18:58:50 2011 PST by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # @@ -596,7 +596,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:07 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4-1.fw.orig b/test/ipt/firewall-ipv6-4-1.fw.orig index 0c562042c..b6d84960e 100755 --- a/test/ipt/firewall-ipv6-4-1.fw.orig +++ b/test/ipt/firewall-ipv6-4-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:18 2011 PST by vadim +# Generated Tue Mar 8 18:59:00 2011 PST by vadim # # files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw # @@ -545,7 +545,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:18 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:00 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4.fw.orig b/test/ipt/firewall-ipv6-4.fw.orig index 1e9846464..32ca8555a 100755 --- a/test/ipt/firewall-ipv6-4.fw.orig +++ b/test/ipt/firewall-ipv6-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:09 2011 PST by vadim +# Generated Tue Mar 8 18:58:52 2011 PST by vadim # # files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw # @@ -581,7 +581,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:09 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:52 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-5.fw.orig b/test/ipt/firewall-ipv6-5.fw.orig index 29e5c2922..61ba153b2 100755 --- a/test/ipt/firewall-ipv6-5.fw.orig +++ b/test/ipt/firewall-ipv6-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:13 2011 PST by vadim +# Generated Tue Mar 8 18:58:55 2011 PST by vadim # # files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw # @@ -412,7 +412,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:13 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:55 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-6.fw.orig b/test/ipt/firewall-ipv6-6.fw.orig index 453f45725..55e496f4d 100755 --- a/test/ipt/firewall-ipv6-6.fw.orig +++ b/test/ipt/firewall-ipv6-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:17 2011 PST by vadim +# Generated Tue Mar 8 18:58:59 2011 PST by vadim # # files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw # @@ -399,7 +399,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:17 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:59 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-7.fw.orig b/test/ipt/firewall-ipv6-7.fw.orig index ea8a33d6a..de79d31ac 100755 --- a/test/ipt/firewall-ipv6-7.fw.orig +++ b/test/ipt/firewall-ipv6-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:21 2011 PST by vadim +# Generated Tue Mar 8 18:59:03 2011 PST by vadim # # files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw # @@ -443,7 +443,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:21 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:03 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-8.fw.orig b/test/ipt/firewall-ipv6-8.fw.orig index b6310cf9f..3dab36154 100755 --- a/test/ipt/firewall-ipv6-8.fw.orig +++ b/test/ipt/firewall-ipv6-8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:22 2011 PST by vadim +# Generated Tue Mar 8 18:59:05 2011 PST by vadim # # files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw # @@ -484,7 +484,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:22 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig index f9c90b90a..2bdf17eee 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:25 2011 PST by vadim +# Generated Tue Mar 8 18:59:07 2011 PST by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:25 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig index 2e13b3221..f65875999 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:26 2011 PST by vadim +# Generated Tue Mar 8 18:59:09 2011 PST by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:26 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:09 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig index 744d7acbe..e255210c5 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:29 2011 PST by vadim +# Generated Tue Mar 8 18:59:11 2011 PST by vadim # # files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:29 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig index 9c56251c5..131544514 100755 --- a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:30 2011 PST by vadim +# Generated Tue Mar 8 18:59:13 2011 PST by vadim # # files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:30 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:13 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig index 353000824..b26909eda 100755 --- a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:33 2011 PST by vadim +# Generated Tue Mar 8 18:59:15 2011 PST by vadim # # files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:33 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:15 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-top.fw.orig b/test/ipt/firewall-ipv6-prolog-top.fw.orig index cb3faade6..8c88fff64 100755 --- a/test/ipt/firewall-ipv6-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:34 2011 PST by vadim +# Generated Tue Mar 8 18:59:17 2011 PST by vadim # # files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:34 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-server-1-s.fw.orig b/test/ipt/firewall-server-1-s.fw.orig index 95cb12fd4..b18d5e929 100755 --- a/test/ipt/firewall-server-1-s.fw.orig +++ b/test/ipt/firewall-server-1-s.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:36 2011 PST by vadim +# Generated Tue Mar 8 18:59:18 2011 PST by vadim # # files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw # @@ -393,7 +393,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:36 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:18 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall.fw.orig b/test/ipt/firewall.fw.orig index 21574f23f..a543d3d7c 100755 --- a/test/ipt/firewall.fw.orig +++ b/test/ipt/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:11 2011 PST by vadim +# Generated Tue Mar 8 18:55:56 2011 PST by vadim # # files: * firewall.fw /etc/fw/firewall.fw # @@ -1361,7 +1361,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:11 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:55:56 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall1.fw.orig b/test/ipt/firewall1.fw.orig index e41db8918..78e1fbee7 100755 --- a/test/ipt/firewall1.fw.orig +++ b/test/ipt/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:13 2011 PST by vadim +# Generated Tue Mar 8 18:55:58 2011 PST by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # @@ -1252,7 +1252,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:13 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:55:58 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall10.fw.orig b/test/ipt/firewall10.fw.orig index 5c76d634c..2a3d046eb 100755 --- a/test/ipt/firewall10.fw.orig +++ b/test/ipt/firewall10.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:14 2011 PST by vadim +# Generated Tue Mar 8 18:55:59 2011 PST by vadim # # files: * firewall10.fw /etc/fw/firewall10.fw # @@ -473,7 +473,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:14 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:55:59 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall11.fw.orig b/test/ipt/firewall11.fw.orig index efe87d023..cdf1b7455 100755 --- a/test/ipt/firewall11.fw.orig +++ b/test/ipt/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:16 2011 PST by vadim +# Generated Tue Mar 8 18:56:01 2011 PST by vadim # # files: * firewall11.fw /etc/fw/firewall11.fw # @@ -589,7 +589,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:16 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:01 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall12.fw.orig b/test/ipt/firewall12.fw.orig index 79a317095..260f169a1 100755 --- a/test/ipt/firewall12.fw.orig +++ b/test/ipt/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:17 2011 PST by vadim +# Generated Tue Mar 8 18:56:02 2011 PST by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # @@ -511,7 +511,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:17 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:02 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall13.fw.orig b/test/ipt/firewall13.fw.orig index 469cdcd52..f879a5530 100755 --- a/test/ipt/firewall13.fw.orig +++ b/test/ipt/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:19 2011 PST by vadim +# Generated Tue Mar 8 18:56:04 2011 PST by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # @@ -385,7 +385,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:19 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:04 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall14.fw.orig b/test/ipt/firewall14.fw.orig index 132321f98..20918d4b1 100755 --- a/test/ipt/firewall14.fw.orig +++ b/test/ipt/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:20 2011 PST by vadim +# Generated Tue Mar 8 18:56:05 2011 PST by vadim # # files: * firewall14.fw /etc/fw/firewall14.fw # @@ -404,7 +404,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:20 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall15.fw.orig b/test/ipt/firewall15.fw.orig index 9a001f31b..fe839fcd8 100755 --- a/test/ipt/firewall15.fw.orig +++ b/test/ipt/firewall15.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:22 2011 PST by vadim +# Generated Tue Mar 8 18:56:07 2011 PST by vadim # # files: * firewall15.fw /etc/fw/firewall15.fw # @@ -388,7 +388,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:22 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall16.fw.orig b/test/ipt/firewall16.fw.orig index 429983d5f..ab8d8516d 100755 --- a/test/ipt/firewall16.fw.orig +++ b/test/ipt/firewall16.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:23 2011 PST by vadim +# Generated Tue Mar 8 18:56:08 2011 PST by vadim # # files: * firewall16.fw /etc/fw/firewall16.fw # @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:23 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall17.fw.orig b/test/ipt/firewall17.fw.orig index f813e04e8..1bcac840a 100755 --- a/test/ipt/firewall17.fw.orig +++ b/test/ipt/firewall17.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:25 2011 PST by vadim +# Generated Tue Mar 8 18:56:10 2011 PST by vadim # # files: * firewall17.fw /etc/fw/firewall17.fw # @@ -471,7 +471,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:25 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:10 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall18.fw.orig b/test/ipt/firewall18.fw.orig index a12707e97..d8ee9f83f 100755 --- a/test/ipt/firewall18.fw.orig +++ b/test/ipt/firewall18.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:27 2011 PST by vadim +# Generated Tue Mar 8 18:56:11 2011 PST by vadim # # files: * firewall18.fw /etc/fw/firewall18.fw # @@ -504,7 +504,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:27 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall19.fw.orig b/test/ipt/firewall19.fw.orig index 3cc4cdede..206daa53e 100755 --- a/test/ipt/firewall19.fw.orig +++ b/test/ipt/firewall19.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:28 2011 PST by vadim +# Generated Tue Mar 8 18:56:13 2011 PST by vadim # # files: * firewall19.fw /etc/fw/firewall19.fw # @@ -508,7 +508,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:28 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:13 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall2-1.fw.orig b/test/ipt/firewall2-1.fw.orig index a70b0c3cf..e853b0f1c 100755 --- a/test/ipt/firewall2-1.fw.orig +++ b/test/ipt/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:38 2011 PST by vadim +# Generated Tue Mar 8 18:56:24 2011 PST by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # @@ -1430,7 +1430,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:38 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:24 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-2.fw.orig b/test/ipt/firewall2-2.fw.orig index ebd6929a7..e14bca2b8 100755 --- a/test/ipt/firewall2-2.fw.orig +++ b/test/ipt/firewall2-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:42 2011 PST by vadim +# Generated Tue Mar 8 18:56:28 2011 PST by vadim # # files: * firewall2-2.fw /etc/fw/firewall2-2.fw # @@ -1259,7 +1259,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:42 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:28 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-3.fw.orig b/test/ipt/firewall2-3.fw.orig index f51ca5e6b..9849a418d 100755 --- a/test/ipt/firewall2-3.fw.orig +++ b/test/ipt/firewall2-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:46 2011 PST by vadim +# Generated Tue Mar 8 18:56:31 2011 PST by vadim # # files: * firewall2-3.fw /etc/fw/firewall2-3.fw # @@ -1118,7 +1118,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:46 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:31 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-4.fw.orig b/test/ipt/firewall2-4.fw.orig index e63a989ac..b4f125dba 100755 --- a/test/ipt/firewall2-4.fw.orig +++ b/test/ipt/firewall2-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:50 2011 PST by vadim +# Generated Tue Mar 8 18:56:35 2011 PST by vadim # # files: * firewall2-4.fw /etc/fw/firewall2-4.fw # @@ -424,7 +424,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:50 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:35 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-5.fw.orig b/test/ipt/firewall2-5.fw.orig index 4c808cc29..ff69fdf0d 100755 --- a/test/ipt/firewall2-5.fw.orig +++ b/test/ipt/firewall2-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:53 2011 PST by vadim +# Generated Tue Mar 8 18:56:38 2011 PST by vadim # # files: * firewall2-5.fw /etc/fw/firewall2-5.fw # @@ -455,7 +455,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:53 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:38 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-6.fw.orig b/test/ipt/firewall2-6.fw.orig index 5d76961f4..4c3b2df1c 100755 --- a/test/ipt/firewall2-6.fw.orig +++ b/test/ipt/firewall2-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:57 2011 PST by vadim +# Generated Tue Mar 8 18:56:43 2011 PST by vadim # # files: * firewall2-6.fw /etc/fw/firewall2-6.fw # @@ -482,7 +482,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:57 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:43 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-7.fw.orig b/test/ipt/firewall2-7.fw.orig index 978d483f9..2e37aba33 100755 --- a/test/ipt/firewall2-7.fw.orig +++ b/test/ipt/firewall2-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:00 2011 PST by vadim +# Generated Tue Mar 8 18:56:46 2011 PST by vadim # # files: * firewall2-7.fw /etc/fw/firewall2-7.fw # @@ -424,7 +424,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:00 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:46 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2.fw.orig b/test/ipt/firewall2.fw.orig index 9ba004eae..e5c280c76 100755 --- a/test/ipt/firewall2.fw.orig +++ b/test/ipt/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:31 2011 PST by vadim +# Generated Tue Mar 8 18:56:16 2011 PST by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # @@ -1482,7 +1482,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:31 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:16 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall20-ipv6.fw.orig b/test/ipt/firewall20-ipv6.fw.orig index 2aa4c0ce8..1fe56f354 100755 --- a/test/ipt/firewall20-ipv6.fw.orig +++ b/test/ipt/firewall20-ipv6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:34 2011 PST by vadim +# Generated Tue Mar 8 18:56:19 2011 PST by vadim # # files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw # @@ -456,7 +456,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:34 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall20.fw.orig b/test/ipt/firewall20.fw.orig index ac6f31982..2cafa38e1 100755 --- a/test/ipt/firewall20.fw.orig +++ b/test/ipt/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:31 2011 PST by vadim +# Generated Tue Mar 8 18:56:16 2011 PST by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # @@ -674,7 +674,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:31 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21-1.fw.orig b/test/ipt/firewall21-1.fw.orig index 18ddc69f6..149936b0f 100755 --- a/test/ipt/firewall21-1.fw.orig +++ b/test/ipt/firewall21-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:38 2011 PST by vadim +# Generated Tue Mar 8 18:56:23 2011 PST by vadim # # files: * firewall21-1.fw /etc/fw/firewall21-1.fw # @@ -470,7 +470,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:38 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21.fw.orig b/test/ipt/firewall21.fw.orig index 2e3eb1e8d..51f0a7299 100755 --- a/test/ipt/firewall21.fw.orig +++ b/test/ipt/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:35 2011 PST by vadim +# Generated Tue Mar 8 18:56:20 2011 PST by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # @@ -469,7 +469,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:35 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall22.fw.orig b/test/ipt/firewall22.fw.orig index bf80a4c60..06ccfe4dd 100755 --- a/test/ipt/firewall22.fw.orig +++ b/test/ipt/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:41 2011 PST by vadim +# Generated Tue Mar 8 18:56:26 2011 PST by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # @@ -390,7 +390,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:41 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:26 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23-1.fw.orig b/test/ipt/firewall23-1.fw.orig index 026356fa5..e66e776f0 100755 --- a/test/ipt/firewall23-1.fw.orig +++ b/test/ipt/firewall23-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:47 2011 PST by vadim +# Generated Tue Mar 8 18:56:32 2011 PST by vadim # # files: * firewall23-1.fw /etc/fw/firewall23-1.fw # @@ -561,7 +561,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:47 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23.fw.orig b/test/ipt/firewall23.fw.orig index 9b343454b..d08eadd4e 100755 --- a/test/ipt/firewall23.fw.orig +++ b/test/ipt/firewall23.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:44 2011 PST by vadim +# Generated Tue Mar 8 18:56:29 2011 PST by vadim # # files: * firewall23.fw /etc/fw/firewall23.fw # @@ -476,7 +476,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:44 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall24.fw.orig b/test/ipt/firewall24.fw.orig index 64bf116fb..e8bb44e14 100755 --- a/test/ipt/firewall24.fw.orig +++ b/test/ipt/firewall24.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:49 2011 PST by vadim +# Generated Tue Mar 8 18:56:35 2011 PST by vadim # # files: * firewall24.fw /etc/fw/firewall24.fw # @@ -493,7 +493,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:49 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:35 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall25.fw.orig b/test/ipt/firewall25.fw.orig index a87198e67..089ce49d2 100755 --- a/test/ipt/firewall25.fw.orig +++ b/test/ipt/firewall25.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:54 2011 PST by vadim +# Generated Tue Mar 8 18:56:39 2011 PST by vadim # # files: * firewall25.fw /etc/fw/firewall25.fw # @@ -689,7 +689,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:54 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:39 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall26.fw.orig b/test/ipt/firewall26.fw.orig index ebb9208f8..70400bcac 100755 --- a/test/ipt/firewall26.fw.orig +++ b/test/ipt/firewall26.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:49:56 2011 PST by vadim +# Generated Tue Mar 8 18:56:42 2011 PST by vadim # # files: * firewall26.fw /etc/fw/firewall26.fw # @@ -562,7 +562,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:49:56 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall27.fw.orig b/test/ipt/firewall27.fw.orig index c1ee57af1..f88fdf97d 100755 --- a/test/ipt/firewall27.fw.orig +++ b/test/ipt/firewall27.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:00 2011 PST by vadim +# Generated Tue Mar 8 18:56:45 2011 PST by vadim # # files: * firewall27.fw /etc/fw/firewall27.fw # @@ -546,7 +546,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:00 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall28.fw.orig b/test/ipt/firewall28.fw.orig index 9909ff308..a73eb26d0 100755 --- a/test/ipt/firewall28.fw.orig +++ b/test/ipt/firewall28.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:03 2011 PST by vadim +# Generated Tue Mar 8 18:56:48 2011 PST by vadim # # files: * firewall28.fw /etc/fw/firewall28.fw # @@ -409,7 +409,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:03 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall29.fw.orig b/test/ipt/firewall29.fw.orig index 56405b101..35ca810cd 100755 --- a/test/ipt/firewall29.fw.orig +++ b/test/ipt/firewall29.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:04 2011 PST by vadim +# Generated Tue Mar 8 18:56:49 2011 PST by vadim # # files: * firewall29.fw /etc/fw/firewall29.fw # @@ -440,7 +440,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:04 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall3.fw.orig b/test/ipt/firewall3.fw.orig index 72e8af238..ef8224dc1 100755 --- a/test/ipt/firewall3.fw.orig +++ b/test/ipt/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:07 2011 PST by vadim +# Generated Tue Mar 8 18:56:51 2011 PST by vadim # # files: * firewall3.fw /etc/fw/firewall3.fw # @@ -578,7 +578,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:07 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:51 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall30.fw.orig b/test/ipt/firewall30.fw.orig index ec8d9cd4a..5036737fa 100755 --- a/test/ipt/firewall30.fw.orig +++ b/test/ipt/firewall30.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:07 2011 PST by vadim +# Generated Tue Mar 8 18:56:52 2011 PST by vadim # # files: * firewall30.fw /etc/fw/firewall30.fw # @@ -375,7 +375,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:07 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:52 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall31.fw.orig b/test/ipt/firewall31.fw.orig index c6952bc3a..1722399fc 100755 --- a/test/ipt/firewall31.fw.orig +++ b/test/ipt/firewall31.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:10 2011 PST by vadim +# Generated Tue Mar 8 18:56:54 2011 PST by vadim # # files: * firewall31.fw /etc/fw/firewall31.fw # @@ -445,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:10 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:54 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall32.fw.orig b/test/ipt/firewall32.fw.orig index c0835d60c..7660c652d 100755 --- a/test/ipt/firewall32.fw.orig +++ b/test/ipt/firewall32.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:11 2011 PST by vadim +# Generated Tue Mar 8 18:56:55 2011 PST by vadim # # files: * firewall32.fw /etc/fw/firewall32.fw # @@ -416,7 +416,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:11 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:56:55 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33-1.fw.orig b/test/ipt/firewall33-1.fw.orig index b8929ae1f..ff9d3caed 100755 --- a/test/ipt/firewall33-1.fw.orig +++ b/test/ipt/firewall33-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:18 2011 PST by vadim +# Generated Tue Mar 8 18:57:02 2011 PST by vadim # # files: * firewall33-1.fw /etc/fw/firewall33-1.fw # @@ -395,11 +395,11 @@ script_body() { # $IPTABLES -N Cid438728A918346.0 $IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.80 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.81 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.82 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.83 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.84 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -525,7 +525,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:18 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:02 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33.fw.orig b/test/ipt/firewall33.fw.orig index acaee87de..b659cb694 100755 --- a/test/ipt/firewall33.fw.orig +++ b/test/ipt/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:17 2011 PST by vadim +# Generated Tue Mar 8 18:57:02 2011 PST by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # @@ -443,11 +443,11 @@ script_body() { $IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.80 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.81 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.82 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.83 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.84 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -572,7 +572,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:17 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:02 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall34.fw.orig b/test/ipt/firewall34.fw.orig index d7e74c367..cf9a083a1 100755 --- a/test/ipt/firewall34.fw.orig +++ b/test/ipt/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:21 2011 PST by vadim +# Generated Tue Mar 8 18:57:06 2011 PST by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # @@ -648,7 +648,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:21 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:06 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall35.fw.orig b/test/ipt/firewall35.fw.orig index a3c1adc2d..ee7033e7d 100755 --- a/test/ipt/firewall35.fw.orig +++ b/test/ipt/firewall35.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:21 2011 PST by vadim +# Generated Tue Mar 8 18:57:06 2011 PST by vadim # # files: * firewall35.fw /etc/fw/firewall35.fw # @@ -540,7 +540,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:21 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:06 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-1.fw.orig b/test/ipt/firewall36-1.fw.orig index ba455ae70..705fcebc7 100755 --- a/test/ipt/firewall36-1.fw.orig +++ b/test/ipt/firewall36-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:25 2011 PST by vadim +# Generated Tue Mar 8 18:57:09 2011 PST by vadim # # files: * firewall36-1.fw /etc/firewall36-1.fw # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:25 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:09 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-2.fw.orig b/test/ipt/firewall36-2.fw.orig index 8b35d0631..1b582a26f 100755 --- a/test/ipt/firewall36-2.fw.orig +++ b/test/ipt/firewall36-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:28 2011 PST by vadim +# Generated Tue Mar 8 18:57:13 2011 PST by vadim # # files: * firewall36-2.fw /etc/firewall36-2.fw # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:28 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:13 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36.fw.orig b/test/ipt/firewall36.fw.orig index 4c04f374d..739401798 100755 --- a/test/ipt/firewall36.fw.orig +++ b/test/ipt/firewall36.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:25 2011 PST by vadim +# Generated Tue Mar 8 18:57:09 2011 PST by vadim # # files: * firewall36.fw /etc/firewall36.fw # @@ -535,7 +535,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:25 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:09 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37-1.fw.orig b/test/ipt/firewall37-1.fw.orig index 0271884e5..9967c2d62 100755 --- a/test/ipt/firewall37-1.fw.orig +++ b/test/ipt/firewall37-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:31 2011 PST by vadim +# Generated Tue Mar 8 18:57:16 2011 PST by vadim # # files: * firewall37-1.fw /etc/fw/firewall37-1.fw # @@ -769,7 +769,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:31 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37.fw.orig b/test/ipt/firewall37.fw.orig index 07b755908..708564f00 100755 --- a/test/ipt/firewall37.fw.orig +++ b/test/ipt/firewall37.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:33 2011 PST by vadim +# Generated Tue Mar 8 18:57:18 2011 PST by vadim # # files: * firewall37.fw /etc/fw/firewall37.fw # @@ -1050,7 +1050,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:33 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:18 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall38.fw.orig b/test/ipt/firewall38.fw.orig index 74b0a82f7..64ebe6f55 100755 --- a/test/ipt/firewall38.fw.orig +++ b/test/ipt/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:35 2011 PST by vadim +# Generated Tue Mar 8 18:57:19 2011 PST by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # @@ -498,7 +498,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:35 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall39.fw.orig b/test/ipt/firewall39.fw.orig index ac6cd963f..6af5a36de 100755 --- a/test/ipt/firewall39.fw.orig +++ b/test/ipt/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:40 2011 PST by vadim +# Generated Tue Mar 8 18:57:25 2011 PST by vadim # # files: * firewall39.fw /etc/fw/firewall39.fw # @@ -895,7 +895,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:40 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:25 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall4.fw.orig b/test/ipt/firewall4.fw.orig index 4a7842cd6..419e5e69a 100755 --- a/test/ipt/firewall4.fw.orig +++ b/test/ipt/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:38 2011 PST by vadim +# Generated Tue Mar 8 18:57:23 2011 PST by vadim # # files: * firewall4.fw /etc/fw/firewall4.fw # @@ -710,7 +710,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:38 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-1.fw.orig b/test/ipt/firewall40-1.fw.orig index e69bf9ffb..7db3582e8 100755 --- a/test/ipt/firewall40-1.fw.orig +++ b/test/ipt/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:44 2011 PST by vadim +# Generated Tue Mar 8 18:57:29 2011 PST by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:44 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-2.fw.orig b/test/ipt/firewall40-2.fw.orig index eed71bd27..a185eb653 100755 --- a/test/ipt/firewall40-2.fw.orig +++ b/test/ipt/firewall40-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:45 2011 PST by vadim +# Generated Tue Mar 8 18:57:29 2011 PST by vadim # # files: * firewall40-2.fw /etc/firewall40-2.fw # @@ -437,7 +437,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:45 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40.fw.orig b/test/ipt/firewall40.fw.orig index 529318c06..0a834d6ae 100755 --- a/test/ipt/firewall40.fw.orig +++ b/test/ipt/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:41 2011 PST by vadim +# Generated Tue Mar 8 18:57:26 2011 PST by vadim # # files: * firewall40.fw /etc/firewall40.fw # @@ -439,7 +439,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:41 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:26 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41-1.fw.orig b/test/ipt/firewall41-1.fw.orig index aa11d1fd4..4d4e51f59 100755 --- a/test/ipt/firewall41-1.fw.orig +++ b/test/ipt/firewall41-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:48 2011 PST by vadim +# Generated Tue Mar 8 18:57:33 2011 PST by vadim # # files: * firewall41-1.fw /etc/firewall41-1.fw # @@ -575,7 +575,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:48 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41.fw.orig b/test/ipt/firewall41.fw.orig index cc6961d42..6ae4f97aa 100755 --- a/test/ipt/firewall41.fw.orig +++ b/test/ipt/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:48 2011 PST by vadim +# Generated Tue Mar 8 18:57:32 2011 PST by vadim # # files: * firewall41.fw /etc/firewall41.fw # @@ -14,12 +14,7 @@ # firewall41:Policy:5: error: File not found for Address Table: missing table (this_table_does_not_exist.tbl) Using dummy address in test mode # firewall41:Policy:5: error: File not found for Address Table: missing table (this_table_does_not_exist.tbl) Using dummy address in test mode -# firewall41:Policy:6: error: DNSName object "does not resolve" (compile time) can not resolve dns name "does_not_resolve.local" (AF_INET): Host or network 'does_not_resolve.local' not found; last error: Unknown error Using dummy address in test mode -# firewall41:Policy:5: error: Rule '5 (global)' shadows rule '6 (global)' below it -# firewall41:Policy:6: error: DNSName object "does not resolve" (compile time) can not resolve dns name "does_not_resolve.local" (AF_INET): Host or network 'does_not_resolve.local' not found; last error: Unknown error Using dummy address in test mode -# firewall41:Policy:5: error: Rule '5 (global)' shadows rule '6 (global)' below it # firewall41:Policy:5: error: File not found for Address Table: missing table (this_table_does_not_exist.tbl) Using dummy address in test mode -# firewall41:Policy:6: error: DNSName object "does not resolve" (compile time) can not resolve dns name "does_not_resolve.local" (AF_INET): Host or network 'does_not_resolve.local' not found; last error: Unknown error Using dummy address in test mode FWBDEBUG="" @@ -387,7 +382,6 @@ script_body() { # # there should be warning saying the table could not be found # firewall41:Policy:5: error: File not found for Address Table: missing table (this_table_does_not_exist.tbl) Using dummy address in test mode - # firewall41:Policy:5: error: Rule '5 (global)' shadows rule '6 (global)' below it $IPTABLES -N RULE_5 $IPTABLES -A OUTPUT -d 192.0.2.0/24 -j RULE_5 @@ -398,10 +392,8 @@ script_body() { # echo "Rule 6 (global)" # - # firewall41:Policy:6: error: DNSName object "does not resolve" (compile time) can not resolve dns name "does_not_resolve.local" (AF_INET): Host or network 'does_not_resolve.local' not found; last error: Unknown error Using dummy address in test mode - $IPTABLES -N RULE_6 - $IPTABLES -A OUTPUT -d 192.0.2.1 -j RULE_6 + $IPTABLES -A OUTPUT -d 208.68.143.50 -j RULE_6 $IPTABLES -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- DENY " $IPTABLES -A RULE_6 -j DROP } @@ -459,7 +451,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:48 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall42.fw.orig b/test/ipt/firewall42.fw.orig index c853ef064..11ac7c523 100755 --- a/test/ipt/firewall42.fw.orig +++ b/test/ipt/firewall42.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:51 2011 PST by vadim +# Generated Tue Mar 8 18:57:36 2011 PST by vadim # # files: * firewall42.fw /etc/fw/firewall42.fw # @@ -382,7 +382,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:51 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall5.fw.orig b/test/ipt/firewall5.fw.orig index 9f5c0a004..be1810a4d 100755 --- a/test/ipt/firewall5.fw.orig +++ b/test/ipt/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:55 2011 PST by vadim +# Generated Tue Mar 8 18:57:39 2011 PST by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # @@ -622,7 +622,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:55 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:39 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall50.fw.orig b/test/ipt/firewall50.fw.orig index 0e4288edb..e35ede8e6 100755 --- a/test/ipt/firewall50.fw.orig +++ b/test/ipt/firewall50.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:55 2011 PST by vadim +# Generated Tue Mar 8 18:57:40 2011 PST by vadim # # files: * firewall50.fw /etc/fw/firewall50.fw # @@ -407,7 +407,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:55 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall51.fw.orig b/test/ipt/firewall51.fw.orig index 628c502e0..8c3328408 100755 --- a/test/ipt/firewall51.fw.orig +++ b/test/ipt/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:01 2011 PST by vadim +# Generated Tue Mar 8 18:57:46 2011 PST by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # @@ -491,7 +491,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:01 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall6.fw.orig b/test/ipt/firewall6.fw.orig index d14e35581..ce0acf09f 100755 --- a/test/ipt/firewall6.fw.orig +++ b/test/ipt/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:59 2011 PST by vadim +# Generated Tue Mar 8 18:57:43 2011 PST by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # @@ -513,7 +513,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:50:59 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:43 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall60.fw.orig b/test/ipt/firewall60.fw.orig index aa84415c7..c55bb8c0d 100755 --- a/test/ipt/firewall60.fw.orig +++ b/test/ipt/firewall60.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:02 2011 PST by vadim +# Generated Tue Mar 8 18:57:46 2011 PST by vadim # # files: * firewall60.fw /etc/firewall60.fw # @@ -419,7 +419,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:02 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.5.fw.orig b/test/ipt/firewall61-1.2.5.fw.orig index ff1615366..c49641a52 100755 --- a/test/ipt/firewall61-1.2.5.fw.orig +++ b/test/ipt/firewall61-1.2.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:05 2011 PST by vadim +# Generated Tue Mar 8 18:57:49 2011 PST by vadim # # files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw # @@ -499,7 +499,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:05 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.6.fw.orig b/test/ipt/firewall61-1.2.6.fw.orig index 7e035f6cc..157024c91 100755 --- a/test/ipt/firewall61-1.2.6.fw.orig +++ b/test/ipt/firewall61-1.2.6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:06 2011 PST by vadim +# Generated Tue Mar 8 18:57:51 2011 PST by vadim # # files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw # @@ -505,7 +505,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:06 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:51 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.3.x.fw.orig b/test/ipt/firewall61-1.3.x.fw.orig index 139e35e02..d9c8f702e 100755 --- a/test/ipt/firewall61-1.3.x.fw.orig +++ b/test/ipt/firewall61-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:09 2011 PST by vadim +# Generated Tue Mar 8 18:57:54 2011 PST by vadim # # files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw # @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:09 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:54 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.4.fw.orig b/test/ipt/firewall61-1.4.fw.orig index c6c44f2e3..291cfc26b 100755 --- a/test/ipt/firewall61-1.4.fw.orig +++ b/test/ipt/firewall61-1.4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:11 2011 PST by vadim +# Generated Tue Mar 8 18:57:55 2011 PST by vadim # # files: * firewall61-1.4.fw /etc/firewall61-1.4.fw # @@ -493,7 +493,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:11 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:55 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall62.fw.orig b/test/ipt/firewall62.fw.orig index 00de1cdd6..587b3462f 100755 --- a/test/ipt/firewall62.fw.orig +++ b/test/ipt/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:12 2011 PST by vadim +# Generated Tue Mar 8 18:57:57 2011 PST by vadim # # files: * firewall62.fw /etc/firewall62.fw # @@ -569,7 +569,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:12 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall63.fw.orig b/test/ipt/firewall63.fw.orig index 189341d82..1fcce2f23 100755 --- a/test/ipt/firewall63.fw.orig +++ b/test/ipt/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:14 2011 PST by vadim +# Generated Tue Mar 8 18:57:58 2011 PST by vadim # # files: * firewall63.fw /etc/firewall63.fw # @@ -389,7 +389,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:14 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall7.fw.orig b/test/ipt/firewall7.fw.orig index c78371fd9..b152cd17d 100755 --- a/test/ipt/firewall7.fw.orig +++ b/test/ipt/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:15 2011 PST by vadim +# Generated Tue Mar 8 18:58:00 2011 PST by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # @@ -473,7 +473,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:15 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:00 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall70.fw.orig b/test/ipt/firewall70.fw.orig index cc2600975..9debc993d 100755 --- a/test/ipt/firewall70.fw.orig +++ b/test/ipt/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:18 2011 PST by vadim +# Generated Tue Mar 8 18:58:02 2011 PST by vadim # # files: * firewall70.fw iptables.sh # @@ -412,7 +412,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:18 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:02 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall71.fw.orig b/test/ipt/firewall71.fw.orig index 239ed2604..6fb9fda73 100755 --- a/test/ipt/firewall71.fw.orig +++ b/test/ipt/firewall71.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:19 2011 PST by vadim +# Generated Tue Mar 8 18:58:04 2011 PST by vadim # # files: * firewall71.fw /etc/fw/firewall71.fw # @@ -428,7 +428,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:19 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:04 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.3.x.fw.orig b/test/ipt/firewall72-1.3.x.fw.orig index 787f0628c..33938f893 100755 --- a/test/ipt/firewall72-1.3.x.fw.orig +++ b/test/ipt/firewall72-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:21 2011 PST by vadim +# Generated Tue Mar 8 18:58:05 2011 PST by vadim # # files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw # @@ -560,7 +560,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:21 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.4.3.fw.orig b/test/ipt/firewall72-1.4.3.fw.orig index fe0ec5ff5..381b38c09 100755 --- a/test/ipt/firewall72-1.4.3.fw.orig +++ b/test/ipt/firewall72-1.4.3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:23 2011 PST by vadim +# Generated Tue Mar 8 18:58:07 2011 PST by vadim # # files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw # @@ -560,7 +560,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:23 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall73.fw.orig b/test/ipt/firewall73.fw.orig index f8eeb3fa2..5b350741c 100755 --- a/test/ipt/firewall73.fw.orig +++ b/test/ipt/firewall73.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:24 2011 PST by vadim +# Generated Tue Mar 8 18:58:08 2011 PST by vadim # # files: * firewall73.fw /etc/fw/firewall73.fw # @@ -523,7 +523,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:24 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall74.fw.orig b/test/ipt/firewall74.fw.orig index dff827580..254f43c74 100755 --- a/test/ipt/firewall74.fw.orig +++ b/test/ipt/firewall74.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:26 2011 PST by vadim +# Generated Tue Mar 8 18:58:10 2011 PST by vadim # # files: * firewall74.fw /etc/fw/firewall74.fw # @@ -375,7 +375,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:26 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:10 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall8.fw.orig b/test/ipt/firewall8.fw.orig index df66a5a15..9f03f6116 100755 --- a/test/ipt/firewall8.fw.orig +++ b/test/ipt/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:27 2011 PST by vadim +# Generated Tue Mar 8 18:58:11 2011 PST by vadim # # files: * firewall8.fw /etc/fw/firewall8.fw # @@ -358,7 +358,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:27 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall80.fw.orig b/test/ipt/firewall80.fw.orig index 80fddc9e2..8d2e09db1 100755 --- a/test/ipt/firewall80.fw.orig +++ b/test/ipt/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:29 2011 PST by vadim +# Generated Tue Mar 8 18:58:13 2011 PST by vadim # # files: * firewall80.fw /etc/fw/firewall80.fw # @@ -399,7 +399,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:29 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:13 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall81.fw.orig b/test/ipt/firewall81.fw.orig index c645d551d..c76fb8a68 100755 --- a/test/ipt/firewall81.fw.orig +++ b/test/ipt/firewall81.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:31 2011 PST by vadim +# Generated Tue Mar 8 18:58:15 2011 PST by vadim # # files: * firewall81.fw /etc/fw/firewall81.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:31 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:15 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82.fw.orig b/test/ipt/firewall82.fw.orig index fe26b255d..32b497989 100755 --- a/test/ipt/firewall82.fw.orig +++ b/test/ipt/firewall82.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:33 2011 PST by vadim +# Generated Tue Mar 8 18:58:17 2011 PST by vadim # # files: * firewall82.fw /etc/firewall82.fw # @@ -411,7 +411,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:33 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_A.fw.orig b/test/ipt/firewall82_A.fw.orig index fb8e72573..3b6ffe32b 100755 --- a/test/ipt/firewall82_A.fw.orig +++ b/test/ipt/firewall82_A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:35 2011 PST by vadim +# Generated Tue Mar 8 18:58:19 2011 PST by vadim # # files: * firewall82_A.fw /etc/fw/firewall82_A.fw # @@ -400,7 +400,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:35 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_B.fw.orig b/test/ipt/firewall82_B.fw.orig index a01a8b8e1..2fd7f181b 100755 --- a/test/ipt/firewall82_B.fw.orig +++ b/test/ipt/firewall82_B.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:36 2011 PST by vadim +# Generated Tue Mar 8 18:58:20 2011 PST by vadim # # files: * firewall82_B.fw /etc/fw/firewall82_B.fw # @@ -363,7 +363,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:36 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall9.fw.orig b/test/ipt/firewall9.fw.orig index b92e5084e..b6d878047 100755 --- a/test/ipt/firewall9.fw.orig +++ b/test/ipt/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:38 2011 PST by vadim +# Generated Tue Mar 8 18:58:23 2011 PST by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # @@ -621,7 +621,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:38 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall90.fw.orig b/test/ipt/firewall90.fw.orig index 1764bce6d..a31766baf 100755 --- a/test/ipt/firewall90.fw.orig +++ b/test/ipt/firewall90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:39 2011 PST by vadim +# Generated Tue Mar 8 18:58:24 2011 PST by vadim # # files: * firewall90.fw /etc/fw/firewall90.fw # @@ -383,7 +383,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:39 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall91.fw.orig b/test/ipt/firewall91.fw.orig index 36b75f004..feafda749 100755 --- a/test/ipt/firewall91.fw.orig +++ b/test/ipt/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:41 2011 PST by vadim +# Generated Tue Mar 8 18:58:26 2011 PST by vadim # # files: * firewall91.fw /etc/fw/firewall91.fw # @@ -383,7 +383,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:41 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:26 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall92.fw.orig b/test/ipt/firewall92.fw.orig index e45da8149..adb8888eb 100755 --- a/test/ipt/firewall92.fw.orig +++ b/test/ipt/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:43 2011 PST by vadim +# Generated Tue Mar 8 18:58:27 2011 PST by vadim # # files: * firewall92.fw /etc/fw/firewall92.fw # @@ -419,7 +419,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:43 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:27 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall93.fw.orig b/test/ipt/firewall93.fw.orig index 3e293042a..ef8e39de3 100755 --- a/test/ipt/firewall93.fw.orig +++ b/test/ipt/firewall93.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:51:45 2011 PST by vadim +# Generated Tue Mar 8 18:58:29 2011 PST by vadim # # files: * firewall93.fw /etc/fw/firewall93.fw # @@ -458,7 +458,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:51:45 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:58:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw-A.fw.orig b/test/ipt/fw-A.fw.orig index 790edebca..326ff8c3e 100755 --- a/test/ipt/fw-A.fw.orig +++ b/test/ipt/fw-A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:39 2011 PST by vadim +# Generated Tue Mar 8 18:59:21 2011 PST by vadim # # files: * fw-A.fw /sw/FWbuilder/fw-A.fw # @@ -724,7 +724,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:39 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:21 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw1.fw.orig b/test/ipt/fw1.fw.orig index 95f95dfdc..86c663080 100755 --- a/test/ipt/fw1.fw.orig +++ b/test/ipt/fw1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:37 2011 PST by vadim +# Generated Tue Mar 8 18:59:20 2011 PST by vadim # # files: * fw1.fw /etc/fw1.fw # @@ -525,7 +525,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:37 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fwbuilder.fw.orig b/test/ipt/fwbuilder.fw.orig index ae8fec918..d84168d6f 100755 --- a/test/ipt/fwbuilder.fw.orig +++ b/test/ipt/fwbuilder.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:50:51 2011 PST by vadim +# Generated Tue Mar 8 18:57:36 2011 PST by vadim # # files: * fwbuilder.fw /etc/init.d/fwbuilder.fw # @@ -483,7 +483,7 @@ status_action() { } start() { - log "Activating firewall script generated Sun Mar 6 19:50:51 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:57:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig index 71334f2e1..ee364f09c 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:52 2011 PST by vadim +# Generated Tue Mar 8 18:59:35 2011 PST by vadim # # files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh # @@ -722,7 +722,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:52 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:35 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig index c965b79d6..72f1d76ae 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:53 2011 PST by vadim +# Generated Tue Mar 8 18:59:35 2011 PST by vadim # # files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh # @@ -726,7 +726,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:53 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:35 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig index 6a7e0a3b6..bcdb77475 100755 --- a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:51 2011 PST by vadim +# Generated Tue Mar 8 18:59:34 2011 PST by vadim # # files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw # @@ -843,7 +843,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:51 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:34 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig index dde310bb5..754d51d7c 100755 --- a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:52 2011 PST by vadim +# Generated Tue Mar 8 18:59:34 2011 PST by vadim # # files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw # @@ -741,7 +741,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:52 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:34 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig index c56192bad..dc5f2e5c5 100755 --- a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:53 2011 PST by vadim +# Generated Tue Mar 8 18:59:36 2011 PST by vadim # # files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw # @@ -707,7 +707,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:53 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig index e58a26001..fb77c3c25 100755 --- a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:54 2011 PST by vadim +# Generated Tue Mar 8 18:59:36 2011 PST by vadim # # files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw # @@ -620,7 +620,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:54 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/host.fw.orig b/test/ipt/host.fw.orig index 189861b8c..2202735ff 100755 --- a/test/ipt/host.fw.orig +++ b/test/ipt/host.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:40 2011 PST by vadim +# Generated Tue Mar 8 18:59:23 2011 PST by vadim # # files: * host.fw /etc/fw/host.fw # @@ -422,7 +422,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:40 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/openais_cluster_1_linux-1.fw.orig b/test/ipt/openais_cluster_1_linux-1.fw.orig index 8891b8756..de166f90a 100755 --- a/test/ipt/openais_cluster_1_linux-1.fw.orig +++ b/test/ipt/openais_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:53 2011 PST by vadim +# Generated Tue Mar 8 18:59:36 2011 PST by vadim # # files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw # @@ -707,7 +707,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:53 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/openais_cluster_1_linux-2.fw.orig b/test/ipt/openais_cluster_1_linux-2.fw.orig index b5f2c77ee..a6fde4918 100755 --- a/test/ipt/openais_cluster_1_linux-2.fw.orig +++ b/test/ipt/openais_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:54 2011 PST by vadim +# Generated Tue Mar 8 18:59:36 2011 PST by vadim # # files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw # @@ -611,7 +611,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:54 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/rc.firewall.local b/test/ipt/rc.firewall.local index aff151404..aac6da480 100755 --- a/test/ipt/rc.firewall.local +++ b/test/ipt/rc.firewall.local @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:42 2011 PST by vadim +# Generated Tue Mar 8 18:59:25 2011 PST by vadim # # files: * rc.firewall.local /etc/rc.d//rc.firewall.local # diff --git a/test/ipt/rh90.fw.orig b/test/ipt/rh90.fw.orig index 4f9769bba..04420a0bf 100755 --- a/test/ipt/rh90.fw.orig +++ b/test/ipt/rh90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:44 2011 PST by vadim +# Generated Tue Mar 8 18:59:26 2011 PST by vadim # # files: * rh90.fw /etc/rh90.fw # @@ -421,7 +421,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:44 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:26 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig index 720d92e4e..887b02812 100755 --- a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig +++ b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:54 2011 PST by vadim +# Generated Tue Mar 8 18:59:36 2011 PST by vadim # # files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw # @@ -405,7 +405,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:54 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-1.fw.orig b/test/ipt/server-cluster-1_server-1.fw.orig index 27d8ab540..ad2ea1945 100755 --- a/test/ipt/server-cluster-1_server-1.fw.orig +++ b/test/ipt/server-cluster-1_server-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:54 2011 PST by vadim +# Generated Tue Mar 8 18:59:37 2011 PST by vadim # # files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw # @@ -400,7 +400,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:54 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-2.fw.orig b/test/ipt/server-cluster-1_server-2.fw.orig index a27559ce6..8ae9e65cd 100755 --- a/test/ipt/server-cluster-1_server-2.fw.orig +++ b/test/ipt/server-cluster-1_server-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:54 2011 PST by vadim +# Generated Tue Mar 8 18:59:37 2011 PST by vadim # # files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw # @@ -397,7 +397,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:54 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-1.fw.orig b/test/ipt/test-shadowing-1.fw.orig index 3b2e068cf..48250b440 100755 --- a/test/ipt/test-shadowing-1.fw.orig +++ b/test/ipt/test-shadowing-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:47 2011 PST by vadim +# Generated Tue Mar 8 18:59:29 2011 PST by vadim # # files: * test-shadowing-1.fw /etc/test-shadowing-1.fw # @@ -471,7 +471,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:47 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-2.fw.orig b/test/ipt/test-shadowing-2.fw.orig index 1833ab303..33c2af8b2 100755 --- a/test/ipt/test-shadowing-2.fw.orig +++ b/test/ipt/test-shadowing-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:50 2011 PST by vadim +# Generated Tue Mar 8 18:59:33 2011 PST by vadim # # files: * test-shadowing-2.fw /etc/test-shadowing-2.fw # @@ -429,7 +429,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:50 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-3.fw.orig b/test/ipt/test-shadowing-3.fw.orig index c697dc2e2..e4ae827c4 100755 --- a/test/ipt/test-shadowing-3.fw.orig +++ b/test/ipt/test-shadowing-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:53 2011 PST by vadim +# Generated Tue Mar 8 18:59:35 2011 PST by vadim # # files: * test-shadowing-3.fw /etc/test-shadowing-3.fw # @@ -478,7 +478,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:53 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:35 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test_fw.fw.orig b/test/ipt/test_fw.fw.orig index ec2949614..9a95837b1 100755 --- a/test/ipt/test_fw.fw.orig +++ b/test/ipt/test_fw.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:46 2011 PST by vadim +# Generated Tue Mar 8 18:59:29 2011 PST by vadim # # files: * test_fw.fw /etc/test_fw.fw # @@ -570,7 +570,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:46 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-1.fw.orig b/test/ipt/vrrp_cluster_1_linux-1.fw.orig index 111fee405..45e8e5434 100755 --- a/test/ipt/vrrp_cluster_1_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:55 2011 PST by vadim +# Generated Tue Mar 8 18:59:37 2011 PST by vadim # # files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw # @@ -710,7 +710,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:55 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-2.fw.orig b/test/ipt/vrrp_cluster_1_linux-2.fw.orig index 47a2469ce..20eb40a4c 100755 --- a/test/ipt/vrrp_cluster_1_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:55 2011 PST by vadim +# Generated Tue Mar 8 18:59:37 2011 PST by vadim # # files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw # @@ -615,7 +615,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:55 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-1.fw.orig b/test/ipt/vrrp_cluster_2_linux-1.fw.orig index 716b46bc1..c3ef422b6 100755 --- a/test/ipt/vrrp_cluster_2_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:55 2011 PST by vadim +# Generated Tue Mar 8 18:59:37 2011 PST by vadim # # files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw # @@ -642,7 +642,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:55 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-2.fw.orig b/test/ipt/vrrp_cluster_2_linux-2.fw.orig index 946011914..9f181e7b3 100755 --- a/test/ipt/vrrp_cluster_2_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:55 2011 PST by vadim +# Generated Tue Mar 8 18:59:38 2011 PST by vadim # # files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw # @@ -547,7 +547,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:55 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-3.fw.orig b/test/ipt/vrrp_cluster_2_linux-3.fw.orig index 7a148b670..c87394c1d 100755 --- a/test/ipt/vrrp_cluster_2_linux-3.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3496 +# Firewall Builder fwb_ipt v4.2.0.3498 # -# Generated Sun Mar 6 19:52:55 2011 PST by vadim +# Generated Tue Mar 8 18:59:38 2011 PST by vadim # # files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw # @@ -523,7 +523,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun Mar 6 19:52:55 2011 by vadim" + log "Activating firewall script generated Tue Mar 8 18:59:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files From 3f108917233a29158321293121ee44151025baf6 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Mar 2011 19:07:28 -0800 Subject: [PATCH 13/14] * GroupObjectDialog.cpp (loadFWObject): fixes #2203 "Crash when attempting to add an object to a locked group". --- doc/ChangeLog | 3 +++ src/libgui/GroupObjectDialog.cpp | 2 ++ 2 files changed, 5 insertions(+) diff --git a/doc/ChangeLog b/doc/ChangeLog index 5dc871a39..d2c3c8af3 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,8 @@ 2011-03-08 vadim + * GroupObjectDialog.cpp (loadFWObject): fixes #2203 "Crash when + attempting to add an object to a locked group". + * PolicyCompiler.cpp (checkForShadowing): see #2204 "Shadowing detected for rule with action Continue". Policy rules with action "Continue" should not shadow other rules and can not be shadowed. diff --git a/src/libgui/GroupObjectDialog.cpp b/src/libgui/GroupObjectDialog.cpp index 4fd7cf065..4465ded17 100644 --- a/src/libgui/GroupObjectDialog.cpp +++ b/src/libgui/GroupObjectDialog.cpp @@ -465,6 +465,8 @@ void GroupObjectDialog::loadFWObject(FWObject *o) m_dialog->comment->setEnabled(!o->isReadOnly() && !FWBTree().isSystem(o)); setDisabledPalette(m_dialog->comment); + m_dialog->newButton->setEnabled(!o->isReadOnly()); + // listView->setEnabled(!o->isReadOnly()); setDisabledPalette(listView); From 8d8cf4c9f2d5e0d4ca1ee22b265adf1494d133d6 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 8 Mar 2011 19:12:37 -0800 Subject: [PATCH 14/14] * CustomServiceDialog.cpp (loadFWObject): fixes #2201 "Some fields of locked object are editable". Some input fields of the Custom Service object dialog were editable even when object was locked read-only. --- doc/ChangeLog | 5 +++++ src/libgui/CustomServiceDialog.cpp | 11 +++++++++++ 2 files changed, 16 insertions(+) diff --git a/doc/ChangeLog b/doc/ChangeLog index d2c3c8af3..01ab0d86f 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,10 @@ 2011-03-08 vadim + * CustomServiceDialog.cpp (loadFWObject): fixes #2201 "Some fields + of locked object are editable". Some input fields of the Custom + Service object dialog were editable even when object was locked + read-only. + * GroupObjectDialog.cpp (loadFWObject): fixes #2203 "Crash when attempting to add an object to a locked group". diff --git a/src/libgui/CustomServiceDialog.cpp b/src/libgui/CustomServiceDialog.cpp index bf569014c..3ef5bd07d 100644 --- a/src/libgui/CustomServiceDialog.cpp +++ b/src/libgui/CustomServiceDialog.cpp @@ -160,6 +160,17 @@ void CustomServiceDialog::loadFWObject(FWObject *o) m_dialog->code->setEnabled(!o->isReadOnly()); setDisabledPalette(m_dialog->code); + m_dialog->platform->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->platform); + + m_dialog->protocol->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->protocol); + + m_dialog->ipv4->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ipv4); + + m_dialog->ipv6->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ipv6); init=false; }