From 9ae36f66323ded0a8f6aed02cd308cef108ece16 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Wed, 16 Feb 2011 13:27:38 -0800 Subject: [PATCH] see #2103 added checkbox to disable interface name validation checks and autoconfiguration of vlan interface IDs --- doc/ChangeLog | 23 ++ src/compiler_lib/CompilerDriver.cpp | 5 + src/compiler_lib/interfaceProperties.cpp | 15 +- src/compiler_lib/interfaceProperties.h | 7 +- src/libgui/FWBSettings.cpp | 4 + src/libgui/InterfaceDialog.cpp | 67 ++-- src/libgui/PrefsDialog.cpp | 19 +- src/libgui/prefsdialog_q.ui | 73 +++- src/pflib/OSConfigurator_bsd.h | 3 +- src/pflib/OSConfigurator_bsd_interfaces.cpp | 16 +- src/pflib/OSConfigurator_freebsd.cpp | 32 +- src/pflib/OSConfigurator_freebsd.h | 3 +- test/pf/firewall-base-rulesets.fw.orig | 6 +- test/pf/firewall-ipv6-1.fw.orig | 6 +- test/pf/firewall-ipv6-2.conf.orig | 2 +- test/pf/firewall-ipv6-2.fw.orig | 6 +- test/pf/firewall-ipv6-3.fw.orig | 4 +- test/pf/firewall.fw.orig | 6 +- test/pf/firewall1.fw.orig | 6 +- test/pf/firewall10-1.fw.orig | 6 +- test/pf/firewall10-2.fw.orig | 6 +- test/pf/firewall10-3.fw.orig | 6 +- test/pf/firewall10-4.fw.orig | 6 +- test/pf/firewall10-5.fw.orig | 6 +- test/pf/firewall10-6.fw.orig | 6 +- test/pf/firewall100.fw.orig | 6 +- test/pf/firewall101.fw.orig | 6 +- test/pf/firewall102.fw.orig | 4 +- test/pf/firewall103-1.fw.orig | 6 +- test/pf/firewall103-2.fw.orig | 6 +- test/pf/firewall103.fw.orig | 6 +- test/pf/firewall104-1.fw.orig | 6 +- test/pf/firewall104.fw.orig | 6 +- test/pf/firewall105.fw.orig | 4 +- test/pf/firewall106.fw.orig | 4 +- test/pf/firewall107.fw.orig | 6 +- test/pf/firewall108.fw.orig | 4 +- test/pf/firewall109-1.fw.orig | 4 +- test/pf/firewall109-2.conf.orig | 25 ++ test/pf/firewall109-2.fw.orig | 410 +++++++++++++++++++ test/pf/firewall109-3.conf.orig | 25 ++ test/pf/firewall109-3.fw.orig | 38 ++ test/pf/firewall109.fw.orig | 6 +- test/pf/firewall11.fw.orig | 6 +- test/pf/firewall110.fw.orig | 6 +- test/pf/firewall12.fw.orig | 6 +- test/pf/firewall13.fw.orig | 6 +- test/pf/firewall14-1.fw.orig | 6 +- test/pf/firewall14.fw.orig | 6 +- test/pf/firewall2-1.fw.orig | 6 +- test/pf/firewall2.fw.orig | 6 +- test/pf/firewall20.fw.orig | 6 +- test/pf/firewall21.fw.orig | 6 +- test/pf/firewall22.fw.orig | 6 +- test/pf/firewall3.fw.orig | 6 +- test/pf/firewall33.conf.orig | 2 +- test/pf/firewall33.fw.orig | 6 +- test/pf/firewall34.fw.orig | 6 +- test/pf/firewall38.fw.orig | 6 +- test/pf/firewall39.fw.orig | 6 +- test/pf/firewall4.fw.orig | 6 +- test/pf/firewall40-1.fw.orig | 6 +- test/pf/firewall40.fw.orig | 6 +- test/pf/firewall41.fw.orig | 6 +- test/pf/firewall5.fw.orig | 6 +- test/pf/firewall51.fw.orig | 6 +- test/pf/firewall6.fw.orig | 6 +- test/pf/firewall62.fw.orig | 6 +- test/pf/firewall63.fw.orig | 6 +- test/pf/firewall7.fw.orig | 6 +- test/pf/firewall70.fw.orig | 6 +- test/pf/firewall8.fw.orig | 6 +- test/pf/firewall80-4.5.fw.orig | 6 +- test/pf/firewall80.fw.orig | 6 +- test/pf/firewall9.fw.orig | 6 +- test/pf/firewall91.fw.orig | 6 +- test/pf/firewall92.fw.orig | 6 +- test/pf/objects-for-regression-tests.fwb | 424 +++++++++++++++++++- test/pf/pf_cluster_1_openbsd-1.fw.orig | 6 +- test/pf/pf_cluster_1_openbsd-2.fw.orig | 6 +- test/pf/pf_cluster_2_freebsd-1.fw.orig | 6 +- test/pf/pf_cluster_2_freebsd-2.fw.orig | 6 +- test/pf/pf_cluster_3_openbsd-3.fw.orig | 6 +- test/pf/pf_cluster_3_openbsd-4.fw.orig | 6 +- test/pf/pf_cluster_4_rc.conf.local | 4 +- 85 files changed, 1310 insertions(+), 265 deletions(-) create mode 100644 test/pf/firewall109-2.conf.orig create mode 100755 test/pf/firewall109-2.fw.orig create mode 100644 test/pf/firewall109-3.conf.orig create mode 100755 test/pf/firewall109-3.fw.orig diff --git a/doc/ChangeLog b/doc/ChangeLog index d998a7d4f..862188bf5 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,26 @@ +2011-02-16 vadim + + * compiler_lib/CompilerDriver.cpp (commonChecks2): see #2103 + removed interface name validation check in compilers, this + check will only be done in the GUI. Comiler still verifies + bridge inetrface configuration and makes sure vlan interfaces + that should also be bridge ports are created as copies. + + * InterfaceDialog.cpp (applyChanges): see #2103 "complex + vlan/bridge configurations are not supported by the interface + validation code". Added checkbox to let the user turn off + interface name validation functions in the GUI. Checkbox is + located in the global Preferences dialog, tab Objects, subtab + Interface. For backwards compatibility, the checkbox is turned on + by default. When it is off, the GUI does not validate the name of + inetrfaces and subinterfaces and turns off checks that enforced + interface name patterns for VLAN, bridge and bodning interfaces. + It also turns off check for the validity of vlan ID derived from + vlan interface name and turns off automatic configuration of + interface type and vlan ID. These checks sometimes were in the way + of building complex configurations that involved multiple vlan + interfaces with names not matching their IDs. + 2011-02-15 vadim * ActionsDialog.cpp (setRule): see #1871 "PF Actions Tag and diff --git a/src/compiler_lib/CompilerDriver.cpp b/src/compiler_lib/CompilerDriver.cpp index 539cf7c18..efa073307 100644 --- a/src/compiler_lib/CompilerDriver.cpp +++ b/src/compiler_lib/CompilerDriver.cpp @@ -543,12 +543,17 @@ void CompilerDriver::commonChecks2(Cluster *cluster, Firewall *fw) interfacePropertiesObjectFactory::getInterfacePropertiesObject( os_family)); +#if 0 + // See #2103. All interface name validation checks should + // be done in the GUI. QString err; if (!int_prop->validateInterface(parent, iface, true, err)) { abort(fw, NULL, NULL, err.toStdString()); throw FatalErrorInSingleRuleCompileMode(); } +#endif + string interface_type = iface->getOptionsObject()->getStr("type"); if (interface_type.empty()) interface_type = "ethernet"; diff --git a/src/compiler_lib/interfaceProperties.cpp b/src/compiler_lib/interfaceProperties.cpp index a5cc4c544..41501150f 100644 --- a/src/compiler_lib/interfaceProperties.cpp +++ b/src/compiler_lib/interfaceProperties.cpp @@ -91,7 +91,8 @@ bool interfaceProperties::isValidVlanInterfaceName(const QString &subint_name, { if (!looksLikeVlanInterface(subint_name)) { - err = QObject::tr("'%1' is not a valid vlan interface name").arg(subint_name); + err = QObject::tr("'%1' is not a valid vlan interface name") + .arg(subint_name); return false; } @@ -112,8 +113,8 @@ bool interfaceProperties::isValidVlanInterfaceName(const QString &subint_name, if (vlan_id > 4095) { err = QObject::tr("'%1' looks like a name of a vlan interface " - "but vlan ID it defines is outside of the valid range." - "").arg(subint_name); + "but vlan ID it defines is outside of the valid " + "range.").arg(subint_name); return false; } } @@ -334,7 +335,7 @@ bool interfaceProperties::validateInterface(FWObject *target, { if (Firewall::cast(target) || Host::cast(target)) { - if (looksLikeVlanInterface(interface_name)) + if (vlan_checks && looksLikeVlanInterface(interface_name)) { QString target_name = target->getName().c_str(); if (Cluster::isA(target)) @@ -346,8 +347,10 @@ bool interfaceProperties::validateInterface(FWObject *target, // empty string as target_interface target_name = ""; } + return isValidVlanInterfaceName(interface_name, target_name, err); } + return true; } @@ -356,7 +359,7 @@ bool interfaceProperties::validateInterface(FWObject *target, string target_interface_type = Interface::cast(target)->getOptionsObject()->getStr("type"); // check vlan conditions as well - if (looksLikeVlanInterface(interface_name)) + if (vlan_checks && looksLikeVlanInterface(interface_name)) { // vlan interface can be a child of a bridge, in which // case its base name does not match the @@ -451,7 +454,7 @@ void interfaceProperties::guessSubInterfaceTypeAndAttributes(Interface *intf) Interface *parent_intf = Interface::cast(intf->getParent()); if (parent_intf == NULL) - return; + return; FWObject *f = intf->getParentHost(); diff --git a/src/compiler_lib/interfaceProperties.h b/src/compiler_lib/interfaceProperties.h index 94b986c1f..b71dbd10c 100644 --- a/src/compiler_lib/interfaceProperties.h +++ b/src/compiler_lib/interfaceProperties.h @@ -42,7 +42,8 @@ protected: VLAN_INTERFACE, BRIDGE_INTERFACE, UNKNOWN} interface_type; - + bool vlan_checks; + /* * collects all ip addresses of the interface (only direct * addresses, not addresses of subinterfaces) and fills the list @@ -52,9 +53,11 @@ protected: QStringList &addr_list); public: - interfaceProperties() {} + interfaceProperties() { vlan_checks = true; } virtual ~interfaceProperties() {} + void setPerformVlanChecks(bool f) { vlan_checks = f; } + // simple name validation: does not allow space and "-" // However some platform permit space (procurve). virtual bool basicValidateInterfaceName(libfwbuilder::Interface *intf, diff --git a/src/libgui/FWBSettings.cpp b/src/libgui/FWBSettings.cpp index e9f7b98e8..325146803 100644 --- a/src/libgui/FWBSettings.cpp +++ b/src/libgui/FWBSettings.cpp @@ -385,6 +385,10 @@ void FWBSettings::init(bool force_first_time_run) if (!hasKey("Objects/PolicyRule/defaultLoggingState")) setBool("Objects/PolicyRule/defaultLoggingState", true); + + if (!hasKey("Objects/Interface/autoconfigureInterfaces")) + setBool("Objects/Interface/autoconfigureInterfaces", true); + } bool FWBSettings::isReminderAboutStandardLibSuppressed() diff --git a/src/libgui/InterfaceDialog.cpp b/src/libgui/InterfaceDialog.cpp index 78f005692..710a2fa90 100644 --- a/src/libgui/InterfaceDialog.cpp +++ b/src/libgui/InterfaceDialog.cpp @@ -104,27 +104,30 @@ void InterfaceDialog::loadFWObject(FWObject *o) init = true; - /* - * guessSubInterfaceTypeAndAttributes() changes some attributes of - * the object (mostly compensating for missing functions in - * auto-upgrade scripts but also makes some guesses based on the - * interface name, such as sets its vlan ID if its name looks like - * it might be a vlan interface). Since we make changes in the - * object here, do it before loading it into the dialog so that it - * does not look like it has changed in applyChanges() even if the - * user hasn't touched it, which causes new undo command to be - * created out of nowhere. - * - * TODO: better way of course is to call - * guessSubInterfaceTypeAndAttributes in places where user changes - * something relevant in the interface to complement their changes - * and right after the interface has been created. - */ - interfaceProperties *int_prop = - interfacePropertiesObjectFactory::getInterfacePropertiesObject( - s->getParentHost()); - int_prop->guessSubInterfaceTypeAndAttributes(s); - delete int_prop; + if (st->getBool("Objects/Interface/autoconfigureInterfaces")) + { + /* + * guessSubInterfaceTypeAndAttributes() changes some attributes of + * the object (mostly compensating for missing functions in + * auto-upgrade scripts but also makes some guesses based on the + * interface name, such as sets its vlan ID if its name looks like + * it might be a vlan interface). Since we make changes in the + * object here, do it before loading it into the dialog so that it + * does not look like it has changed in applyChanges() even if the + * user hasn't touched it, which causes new undo command to be + * created out of nowhere. + * + * TODO: better way of course is to call + * guessSubInterfaceTypeAndAttributes in places where user changes + * something relevant in the interface to complement their changes + * and right after the interface has been created. + */ + interfaceProperties *int_prop = + interfacePropertiesObjectFactory::getInterfacePropertiesObject( + s->getParentHost()); + int_prop->guessSubInterfaceTypeAndAttributes(s); + delete int_prop; + } m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); m_dialog->label->setText( QString::fromUtf8(s->getLabel().c_str()) ); @@ -353,7 +356,9 @@ void InterfaceDialog::validate(bool *res) return; } - if ( ! int_prop->validateInterface(obj->getParent(), obj_name, err)) + // validateInterface() checks validity of vlan inetrface name + if (st->getBool("Objects/Interface/autoconfigureInterfaces") && + ! int_prop->validateInterface(obj->getParent(), obj_name, err)) { /* * Here is the annoying part: if user entered interface name @@ -494,13 +499,17 @@ void InterfaceDialog::applyChanges() // Complement changes made by the user with our guesses, but // do this only if user changed something. - // ticket #328: automatically assign vlan id to interface based on - // interface name - interfaceProperties *int_prop = - interfacePropertiesObjectFactory::getInterfacePropertiesObject( - Interface::cast(obj)->getParentHost()); - int_prop->guessSubInterfaceTypeAndAttributes(intf); - delete int_prop; + if (st->getBool("Objects/Interface/autoconfigureInterfaces")) + { + // ticket #328: automatically assign vlan id to interface based on + // interface name + interfaceProperties *int_prop = + interfacePropertiesObjectFactory::getInterfacePropertiesObject( + Interface::cast(obj)->getParentHost()); + int_prop->setPerformVlanChecks(true); + int_prop->guessSubInterfaceTypeAndAttributes(intf); + delete int_prop; + } if (obj->isReadOnly()) return; m_project->undoStack->push(cmd.release()); diff --git a/src/libgui/PrefsDialog.cpp b/src/libgui/PrefsDialog.cpp index fccc2315a..4a94f5763 100644 --- a/src/libgui/PrefsDialog.cpp +++ b/src/libgui/PrefsDialog.cpp @@ -122,7 +122,8 @@ PrefsDialog::PrefsDialog(QWidget *parent) : QDialog(parent) m_dialog->enableCustomTemplates->setChecked( st->customTemplatesEnabled() ); m_dialog->deletedObj->setChecked( st->getBool("UI/ShowDeletedObjects") ); - m_dialog->attributesInTree->setChecked( st->getBool("UI/ShowObjectsAttributesInTree") ); + m_dialog->attributesInTree->setChecked( + st->getBool("UI/ShowObjectsAttributesInTree") ); m_dialog->new_dns_name_compile_tm->setChecked( st->getBool("Objects/DNSName/useCompileTimeForNewObjects")); @@ -141,7 +142,8 @@ PrefsDialog::PrefsDialog(QWidget *parent) : QDialog(parent) m_dialog->emptyRCSLog->setChecked( st->getRCSLogState() ); m_dialog->autosaveFile->setChecked(st->getBool("Environment/autoSaveFile")); - m_dialog->autosaveInterval->setValue(st->getInt("Environment/autoSaveFilePeriod")); + m_dialog->autosaveInterval->setValue( + st->getInt("Environment/autoSaveFilePeriod")); m_dialog->dataFileCompression->setChecked( st->getCompression() ); @@ -151,11 +153,16 @@ PrefsDialog::PrefsDialog(QWidget *parent) : QDialog(parent) m_dialog->scpPath->setText( st->getSCPPath() ); m_dialog->sshTimeout->setValue( st->getSSHTimeout() ); - m_dialog->rememberSshPass->setChecked( st->getBool("Environment/RememberSshPassEnabled") ); + m_dialog->rememberSshPass->setChecked( + st->getBool("Environment/RememberSshPassEnabled") ); m_dialog->showTips->setChecked( st->getBool("UI/NoStartTip") ); - m_dialog->rulesLoggingOn->setChecked( st->getBool("Objects/PolicyRule/defaultLoggingState") ); + m_dialog->rulesLoggingOn->setChecked( + st->getBool("Objects/PolicyRule/defaultLoggingState") ); + + m_dialog->autoconfigure_interfaces->setChecked( + st->getBool("Objects/Interface/autoconfigureInterfaces") ); // set label icons colors and text strings using user's settings @@ -447,6 +454,10 @@ void PrefsDialog::accept() st->setBool("Objects/PolicyRule/defaultLoggingState", m_dialog->rulesLoggingOn->isChecked()); + st->setBool("Objects/Interface/autoconfigureInterfaces", + m_dialog->autoconfigure_interfaces->isChecked()); + + st->setRCSLogState( m_dialog->emptyRCSLog->isChecked() ); st->setBool("Environment/autoSaveFile", m_dialog->autosaveFile->isChecked()); diff --git a/src/libgui/prefsdialog_q.ui b/src/libgui/prefsdialog_q.ui index 32d9dab27..99a506177 100644 --- a/src/libgui/prefsdialog_q.ui +++ b/src/libgui/prefsdialog_q.ui @@ -338,7 +338,7 @@ own library of templates and use it in addition to the one we provide - 0 + 3 @@ -550,6 +550,65 @@ own library of templates and use it in addition to the one we provide + + + Interface + + + + + + + 0 + 0 + + + + + + + :/Icons/Interface/icon-big + + + + + + + When an interface object is created as a child object of another interface, fwbuilder can verify that the name and type of the child and the parent objects match and form valid configuration. FWbuilder can also automatically guess some inetrface types and their parameters using their names. For example, it can automatically set interface type to "vlan" and assign vlan ID if object name looks like a valid vlan interface for the given OS. However in some situations desired configuration might be more complex than our checks allow so this may need to be turned off. + + + true + + + + + + + + 0 + 0 + + + + Verify interface names and autoconfigure their parmeters using known name patterns + + + + + + + Qt::Vertical + + + + 20 + 134 + + + + + + @@ -559,10 +618,10 @@ own library of templates and use it in addition to the one we provide Data File - + 20 - + 20 @@ -820,8 +879,8 @@ own library of templates and use it in addition to the one we provide <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd"> <html><head><meta name="qrichtext" content="1" /><style type="text/css"> p, li { white-space: pre-wrap; } -</style></head><body style=" font-family:'Lucida Grande'; font-size:13pt; font-weight:400; font-style:normal;"> -<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;"><a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/"><span style=" font-size:8pt; text-decoration: underline; color:#0000ff;">http://www.chiark.greenend.org.uk/~sgtatham/putty/</span></a></p></body></html> +</style></head><body style=" font-family:'Sans Serif'; font-size:9pt; font-weight:400; font-style:normal;"> +<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;"><a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/"><span style=" font-family:'Lucida Grande'; font-size:8pt; text-decoration: underline; color:#0000ff;">http://www.chiark.greenend.org.uk/~sgtatham/putty/</span></a></p></body></html> true @@ -907,10 +966,10 @@ are never stored permanently) Labels - + 20 - + 20 diff --git a/src/pflib/OSConfigurator_bsd.h b/src/pflib/OSConfigurator_bsd.h index 678cacedc..8e3f1e7bb 100644 --- a/src/pflib/OSConfigurator_bsd.h +++ b/src/pflib/OSConfigurator_bsd.h @@ -74,7 +74,8 @@ protected: virtual void summaryConfigLineVlan(QStringList vlan_names); virtual void interfaceConfigLineVlan( - libfwbuilder::Interface *iface, QStringList vlan_names); + libfwbuilder::Interface *iface, + const std::list &vlan_subinterfaces); // functions that generate bridge configuration virtual void summaryConfigLineBridge(QStringList vlan_names); diff --git a/src/pflib/OSConfigurator_bsd_interfaces.cpp b/src/pflib/OSConfigurator_bsd_interfaces.cpp index 8c2c1b3bb..367cfd64b 100644 --- a/src/pflib/OSConfigurator_bsd_interfaces.cpp +++ b/src/pflib/OSConfigurator_bsd_interfaces.cpp @@ -79,7 +79,7 @@ string OSConfigurator_bsd::configureInterfaces() QStringList all_physical_interfaces; QMap parent_interfaces; - QMap vlans; + QMap > vlans; QStringList all_vlan_interfaces; // all vlan interfaces FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); @@ -98,7 +98,7 @@ string OSConfigurator_bsd::configureInterfaces() assert(subinterface); if (subinterface->getOptionsObject()->getStr("type") == "8021q") { - vlans[iface_name] << subinterface->getName().c_str(); + vlans[iface_name].push_back(subinterface); all_vlan_interfaces << subinterface->getName().c_str(); } } @@ -115,7 +115,7 @@ string OSConfigurator_bsd::configureInterfaces() foreach (QString iface_name, all_physical_interfaces) { Interface *iface = parent_interfaces[iface_name]; - QStringList vlan_subinterfaces = vlans[iface_name]; + list vlan_subinterfaces = vlans[iface_name]; if (vlan_subinterfaces.size() > 0) interfaceConfigLineVlan(iface, vlan_subinterfaces); } @@ -471,9 +471,15 @@ void OSConfigurator_bsd::summaryConfigLineVlan(QStringList vlan_names) } -void OSConfigurator_bsd::interfaceConfigLineVlan(Interface *iface, - QStringList vlan_names) +void OSConfigurator_bsd::interfaceConfigLineVlan( + Interface *iface, + const list &vlan_subinterfaces) { + QStringList vlan_names; + list::const_iterator it; + for (it=vlan_subinterfaces.begin(); it!=vlan_subinterfaces.end(); ++it) + vlan_names << (*it)->getName().c_str(); + interface_configuration_lines[iface->getName().c_str()] << QString("update_vlans_of_interface \"%1 %2\"") .arg(iface->getName().c_str()) diff --git a/src/pflib/OSConfigurator_freebsd.cpp b/src/pflib/OSConfigurator_freebsd.cpp index 7add1d253..06f5a4001 100644 --- a/src/pflib/OSConfigurator_freebsd.cpp +++ b/src/pflib/OSConfigurator_freebsd.cpp @@ -251,8 +251,9 @@ void OSConfigurator_freebsd::summaryConfigLineVlan(QStringList vlan_names) create_args_myvlan="vlan 102" */ -void OSConfigurator_freebsd::interfaceConfigLineVlan(Interface *iface, - QStringList vlan_names) +void OSConfigurator_freebsd::interfaceConfigLineVlan( + Interface *iface, + const list &vlan_subinterfaces) { FWOptions* options = fw->getOptionsObject(); if (options->getBool("generate_rc_conf_file")) @@ -260,28 +261,27 @@ void OSConfigurator_freebsd::interfaceConfigLineVlan(Interface *iface, QString iface_name = iface->getName().c_str(); // the "vlans_em2="vlan101 vlan102" will appear next to other lines // intended for interface em2 + QStringList vlan_names; + list::const_iterator it; + for (it=vlan_subinterfaces.begin(); it!=vlan_subinterfaces.end(); ++it) + vlan_names << (*it)->getName().c_str(); + interface_configuration_lines[iface_name] << QString("vlans_%1=\"%2\"").arg(iface->getName().c_str()) .arg(vlan_names.join(" ")); - foreach(QString vlan_intf_name, vlan_names) + for (it=vlan_subinterfaces.begin(); it!=vlan_subinterfaces.end(); ++it) { - std::auto_ptr int_prop( - interfacePropertiesObjectFactory::getInterfacePropertiesObject( - fw->getStr("host_OS"))); - QString parent_name_from_regex; - int vlan_id; - if (int_prop->parseVlan(vlan_intf_name, - &parent_name_from_regex, &vlan_id)) - { - interface_configuration_lines[iface_name] << - QString("create_args_%1=\"vlan %2 vlandev %3\"") - .arg(vlan_intf_name).arg(vlan_id).arg(iface->getName().c_str()); - } + QString vlan_intf_name = (*it)->getName().c_str(); + int vlan_id = (*it)->getOptionsObject()->getInt("vlan_id"); + + interface_configuration_lines[iface_name] << + QString("create_args_%1=\"vlan %2 vlandev %3\"") + .arg(vlan_intf_name).arg(vlan_id).arg(iface->getName().c_str()); } } else - OSConfigurator_bsd::interfaceConfigLineVlan(iface, vlan_names); + OSConfigurator_bsd::interfaceConfigLineVlan(iface, vlan_subinterfaces); } void OSConfigurator_freebsd::summaryConfigLineBridge(QStringList bridge_names) diff --git a/src/pflib/OSConfigurator_freebsd.h b/src/pflib/OSConfigurator_freebsd.h index f503a4d37..579bbd4ba 100644 --- a/src/pflib/OSConfigurator_freebsd.h +++ b/src/pflib/OSConfigurator_freebsd.h @@ -67,7 +67,8 @@ namespace fwcompiler virtual void summaryConfigLineVlan(QStringList vlan_names); virtual void interfaceConfigLineVlan( - libfwbuilder::Interface *iface, QStringList vlan_names); + libfwbuilder::Interface *iface, + const std::list &vlan_subinterfaces); // functions that generate bridge configuration virtual void summaryConfigLineBridge(QStringList vlan_names); diff --git a/test/pf/firewall-base-rulesets.fw.orig b/test/pf/firewall-base-rulesets.fw.orig index 9ed7b2181..dde882f92 100755 --- a/test/pf/firewall-base-rulesets.fw.orig +++ b/test/pf/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:54 2011 PST by vadim +# Generated Wed Feb 16 13:25:07 2011 PST by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf @@ -163,7 +163,7 @@ configure_interfaces() { update_addresses_of_interface "en2 192.168.100.1/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:54 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:07 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-1.fw.orig b/test/pf/firewall-ipv6-1.fw.orig index 8b7a6ef41..5d3cc42f4 100755 --- a/test/pf/firewall-ipv6-1.fw.orig +++ b/test/pf/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:55 2011 PST by vadim +# Generated Wed Feb 16 13:25:07 2011 PST by vadim # # files: * firewall-ipv6-1.fw pf-ipv6.fw # files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf @@ -175,7 +175,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:55 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:07 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-2.conf.orig b/test/pf/firewall-ipv6-2.conf.orig index 66680467e..6ae5d445a 100644 --- a/test/pf/firewall-ipv6-2.conf.orig +++ b/test/pf/firewall-ipv6-2.conf.orig @@ -5,7 +5,7 @@ # Tables: (5) table { 222.222.222.22 , 222.222.222.23 } table { 2001:5c0:0:2::24 , 3ffe:1200:2000::/36 , 3ffe:1200:2001:1:8000::1 } -table { 61.150.47.112 , 74.125.224.48 , 74.125.224.49 , 74.125.224.50 , 74.125.224.51 , 74.125.224.52 , 192.168.1.0 } +table { 61.150.47.112 , 74.125.224.80 , 74.125.224.81 , 74.125.224.82 , 74.125.224.83 , 74.125.224.84 , 192.168.1.0 } table { 2001:5c0:0:2::24 , 3ffe:1200:2001:1:8000::1 } table { 61.150.47.112 , 192.168.1.0 } diff --git a/test/pf/firewall-ipv6-2.fw.orig b/test/pf/firewall-ipv6-2.fw.orig index 6543bf893..a6fa49bb3 100755 --- a/test/pf/firewall-ipv6-2.fw.orig +++ b/test/pf/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:56 2011 PST by vadim +# Generated Wed Feb 16 13:25:09 2011 PST by vadim # # files: * firewall-ipv6-2.fw pf.fw # files: firewall-ipv6-2.conf pf.conf @@ -179,7 +179,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:09 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-3.fw.orig b/test/pf/firewall-ipv6-3.fw.orig index d2c68d2ca..01d110d4b 100755 --- a/test/pf/firewall-ipv6-3.fw.orig +++ b/test/pf/firewall-ipv6-3.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:56 2011 PST by vadim +# Generated Wed Feb 16 13:25:09 2011 PST by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf diff --git a/test/pf/firewall.fw.orig b/test/pf/firewall.fw.orig index e7d4794fd..6c362c8bc 100755 --- a/test/pf/firewall.fw.orig +++ b/test/pf/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:22 2011 PST by vadim +# Generated Wed Feb 16 13:24:33 2011 PST by vadim # # files: * firewall.fw /etc/pf.fw # files: firewall.conf /etc/pf.conf @@ -167,7 +167,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:22 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:33 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall1.fw.orig b/test/pf/firewall1.fw.orig index eaeacc38c..28870429c 100755 --- a/test/pf/firewall1.fw.orig +++ b/test/pf/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:23 2011 PST by vadim +# Generated Wed Feb 16 13:24:33 2011 PST by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # files: firewall1.conf /etc/fw/firewall1.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:23 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:33 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-1.fw.orig b/test/pf/firewall10-1.fw.orig index 7d5326594..244276366 100755 --- a/test/pf/firewall10-1.fw.orig +++ b/test/pf/firewall10-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:25 2011 PST by vadim +# Generated Wed Feb 16 13:24:35 2011 PST by vadim # # files: * firewall10-1.fw /etc/fw/firewall10-1.fw # files: firewall10-1.conf /etc/fw/firewall10-1.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:25 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:35 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-2.fw.orig b/test/pf/firewall10-2.fw.orig index f2b347389..22b8a6077 100755 --- a/test/pf/firewall10-2.fw.orig +++ b/test/pf/firewall10-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:26 2011 PST by vadim +# Generated Wed Feb 16 13:24:36 2011 PST by vadim # # files: * firewall10-2.fw /etc/fw/firewall10-2.fw # files: firewall10-2.conf /etc/fw/firewall10-2.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:26 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:36 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-3.fw.orig b/test/pf/firewall10-3.fw.orig index a831237a1..bc75868c1 100755 --- a/test/pf/firewall10-3.fw.orig +++ b/test/pf/firewall10-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:27 2011 PST by vadim +# Generated Wed Feb 16 13:24:37 2011 PST by vadim # # files: * firewall10-3.fw /etc/fw/firewall10-3.fw # files: firewall10-3.conf /etc/fw/firewall10-3.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:27 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:37 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-4.fw.orig b/test/pf/firewall10-4.fw.orig index 20219f64f..d1621e47c 100755 --- a/test/pf/firewall10-4.fw.orig +++ b/test/pf/firewall10-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:29 2011 PST by vadim +# Generated Wed Feb 16 13:24:40 2011 PST by vadim # # files: * firewall10-4.fw /etc/fw/firewall10-4.fw # files: firewall10-4.conf /etc/fw/firewall10-4.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:29 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-5.fw.orig b/test/pf/firewall10-5.fw.orig index 7655dcfac..37bb07c2b 100755 --- a/test/pf/firewall10-5.fw.orig +++ b/test/pf/firewall10-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:31 2011 PST by vadim +# Generated Wed Feb 16 13:24:41 2011 PST by vadim # # files: * firewall10-5.fw /etc/fw/firewall10-5.fw # files: firewall10-5.conf /etc/fw/firewall10-5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:31 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:41 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-6.fw.orig b/test/pf/firewall10-6.fw.orig index c30f7cbe9..efebc5749 100755 --- a/test/pf/firewall10-6.fw.orig +++ b/test/pf/firewall10-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:32 2011 PST by vadim +# Generated Wed Feb 16 13:24:42 2011 PST by vadim # # files: * firewall10-6.fw /etc/fw/firewall10-6.fw # files: firewall10-6.conf /etc/fw/firewall10-6.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:32 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:42 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall100.fw.orig b/test/pf/firewall100.fw.orig index 7bc95b674..e5ded840b 100755 --- a/test/pf/firewall100.fw.orig +++ b/test/pf/firewall100.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:23 2011 PST by vadim +# Generated Wed Feb 16 13:24:34 2011 PST by vadim # # files: * firewall100.fw /etc/fw/pf.fw # files: firewall100.conf /etc/fw/path\ with\ space/pf.conf @@ -161,7 +161,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:23 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:34 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall101.fw.orig b/test/pf/firewall101.fw.orig index 05bbc0e28..12eed30f1 100755 --- a/test/pf/firewall101.fw.orig +++ b/test/pf/firewall101.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:24 2011 PST by vadim +# Generated Wed Feb 16 13:24:35 2011 PST by vadim # # files: * firewall101.fw /etc/fw/pf.fw # files: firewall101.conf /etc/fw/path\ with\ space/pf.conf @@ -164,7 +164,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:24 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:35 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall102.fw.orig b/test/pf/firewall102.fw.orig index ca2506624..624e8c349 100755 --- a/test/pf/firewall102.fw.orig +++ b/test/pf/firewall102.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:25 2011 PST by vadim +# Generated Wed Feb 16 13:24:36 2011 PST by vadim # # files: * firewall102.fw /etc/fw/pf.fw # files: firewall102.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall103-1.fw.orig b/test/pf/firewall103-1.fw.orig index f005c67df..3a26caf8d 100755 --- a/test/pf/firewall103-1.fw.orig +++ b/test/pf/firewall103-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:28 2011 PST by vadim +# Generated Wed Feb 16 13:24:38 2011 PST by vadim # # files: * firewall103-1.fw /etc/fw/pf.fw # files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf @@ -387,7 +387,7 @@ configure_interfaces() { update_addresses_of_interface "em3" "" } -log "Activating firewall script generated Mon Feb 14 16:07:28 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:38 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall103-2.fw.orig b/test/pf/firewall103-2.fw.orig index fbfd4aac2..559066274 100755 --- a/test/pf/firewall103-2.fw.orig +++ b/test/pf/firewall103-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:28 2011 PST by vadim +# Generated Wed Feb 16 13:24:38 2011 PST by vadim # # files: * firewall103-2.fw /etc/fw/pf.fw # files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf @@ -387,7 +387,7 @@ configure_interfaces() { update_addresses_of_interface "em3" "" } -log "Activating firewall script generated Mon Feb 14 16:07:28 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:38 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall103.fw.orig b/test/pf/firewall103.fw.orig index 242549b27..43bbf0e26 100755 --- a/test/pf/firewall103.fw.orig +++ b/test/pf/firewall103.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:26 2011 PST by vadim +# Generated Wed Feb 16 13:24:37 2011 PST by vadim # # files: * firewall103.fw /etc/fw/pf.fw # files: firewall103.conf /etc/fw/path\ with\ space/pf.conf @@ -390,7 +390,7 @@ configure_interfaces() { update_addresses_of_interface "em3" "" } -log "Activating firewall script generated Mon Feb 14 16:07:26 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:37 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall104-1.fw.orig b/test/pf/firewall104-1.fw.orig index 1dfce9c4d..1c52c27ff 100755 --- a/test/pf/firewall104-1.fw.orig +++ b/test/pf/firewall104-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:30 2011 PST by vadim +# Generated Wed Feb 16 13:24:40 2011 PST by vadim # # files: * firewall104-1.fw /etc/fw/pf.fw # files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf @@ -386,7 +386,7 @@ configure_interfaces() { update_addresses_of_interface "em3" "" } -log "Activating firewall script generated Mon Feb 14 16:07:30 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall104.fw.orig b/test/pf/firewall104.fw.orig index 2a412eb06..79f5ec99b 100755 --- a/test/pf/firewall104.fw.orig +++ b/test/pf/firewall104.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:29 2011 PST by vadim +# Generated Wed Feb 16 13:24:39 2011 PST by vadim # # files: * firewall104.fw /etc/fw/pf.fw # files: firewall104.conf /etc/fw/path\ with\ space/pf.conf @@ -389,7 +389,7 @@ configure_interfaces() { update_addresses_of_interface "em3" "" } -log "Activating firewall script generated Mon Feb 14 16:07:29 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:39 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall105.fw.orig b/test/pf/firewall105.fw.orig index fb9e8b5e3..4072b37e9 100755 --- a/test/pf/firewall105.fw.orig +++ b/test/pf/firewall105.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:30 2011 PST by vadim +# Generated Wed Feb 16 13:24:41 2011 PST by vadim # # files: * firewall105.fw /etc/fw/pf.fw # files: firewall105.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall106.fw.orig b/test/pf/firewall106.fw.orig index 92984ca1c..6ef157000 100755 --- a/test/pf/firewall106.fw.orig +++ b/test/pf/firewall106.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:31 2011 PST by vadim +# Generated Wed Feb 16 13:24:42 2011 PST by vadim # # files: * firewall106.fw /etc/fw/pf.fw # files: firewall106.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall107.fw.orig b/test/pf/firewall107.fw.orig index a04d29ac0..1d9f2c1bb 100755 --- a/test/pf/firewall107.fw.orig +++ b/test/pf/firewall107.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:32 2011 PST by vadim +# Generated Wed Feb 16 13:24:43 2011 PST by vadim # # files: * firewall107.fw /etc/fw/pf.fw # files: firewall107.conf /etc/fw/path\ with\ space/pf.conf @@ -388,7 +388,7 @@ configure_interfaces() { update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:32 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall108.fw.orig b/test/pf/firewall108.fw.orig index 2ed61d941..b9e7e58aa 100755 --- a/test/pf/firewall108.fw.orig +++ b/test/pf/firewall108.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:33 2011 PST by vadim +# Generated Wed Feb 16 13:24:44 2011 PST by vadim # # files: * firewall108.fw /etc/fw/pf.fw # files: firewall108.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109-1.fw.orig b/test/pf/firewall109-1.fw.orig index 06e102718..9b1f7183d 100755 --- a/test/pf/firewall109-1.fw.orig +++ b/test/pf/firewall109-1.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:34 2011 PST by vadim +# Generated Wed Feb 16 13:24:45 2011 PST by vadim # # files: * firewall109-1.fw /etc/fw/pf.fw # files: firewall109-1.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109-2.conf.orig b/test/pf/firewall109-2.conf.orig new file mode 100644 index 000000000..cd6cd238b --- /dev/null +++ b/test/pf/firewall109-2.conf.orig @@ -0,0 +1,25 @@ + +set timeout udp.single 5 + +# +# Scrub rules +# +match all scrub (reassemble tcp no-df ) +match out all scrub (random-id min-ttl 1 max-mss 1460) + + +# Tables: (1) +table { 10.3.14.81 , 192.168.1.1 } + +# +# Rule backup ssh access rule +# backup ssh access rule +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +# +# Rule 0 (global) +block log quick inet from any to any no state label "RULE 0 -- DROP " +# +# Rule fallback rule +# fallback rule +block quick inet from any to any no state label "RULE 10000 -- DROP " + diff --git a/test/pf/firewall109-2.fw.orig b/test/pf/firewall109-2.fw.orig new file mode 100755 index 000000000..669b45d06 --- /dev/null +++ b/test/pf/firewall109-2.fw.orig @@ -0,0 +1,410 @@ +#!/bin/sh +# +# This is automatically generated file. DO NOT MODIFY ! +# +# Firewall Builder fwb_pf v4.2.0.3477 +# +# Generated Wed Feb 16 13:24:45 2011 PST by vadim +# +# files: * firewall109-2.fw /etc/fw/pf.fw +# files: firewall109-2.conf /etc/fw/path\ with\ space/pf.conf +# +# Compiled for pf 4.7 +# +# complex configuration with bridge and vlan, uses vlan interfaces with names not matching vlan IDs + + + + + +FWDIR=`dirname $0` + +IFCONFIG="/sbin/ifconfig" +PFCTL="/sbin/pfctl" +IPFW="/sbin/ipfw" +IPF="/sbin/ipf" +IPNAT="/sbin/ipnat" +SYSCTL="/sbin/sysctl" +LOGGER="/usr/bin/logger" + +log() { + echo "$1" + command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1" +} + +diff_intf() { + func=$1 + list1=$2 + list2=$3 + cmd=$4 + for intf in $list1 + do + echo $list2 | grep -q $intf || { + # $vlan is absent in list 2 + $func $intf $cmd + } + done +} + + +missing_address() { + address=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $address + addr=$1 + interface=$2 + IFS=$oldIFS + + if echo "$addr" | grep -q ':' + then + inet="inet6" + addr=$(echo "$addr" | sed 's!/! prefixlen !') + else + inet="inet" + addr=$(echo "$addr" | sed 's!/! netmask !') + fi + + parameter="" + test "$cmd" = "add" && { + echo "# Adding ip address: $interface $addr" + parameter="alias" + } + test "$cmd" = "del" && { + echo "# Removing ip address: $interface $addr" + parameter="delete" + } + + $FWBDEBUG $IFCONFIG $interface $inet $addr $parameter + $FWBDEBUG $IFCONFIG $interface up +} + +list_addresses_by_scope() { + interface=$1 + scope=$2 + ignore_list=$3 + + scope_regex="1" + if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi + + $IFCONFIG $interface | sed "s/%$interface//" | \ + awk -v IGNORED="$ignore_list" \ + "BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + (/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \ + while read addr; do + echo "${addr}@$interface" + done | sort + +} + +update_addresses_of_interface() { + ignore_list=$2 + set $1 + interface=$1 + shift + + FWB_ADDRS=$( + for addr in $*; do + echo "${addr}@$interface" + done | sort + ) + + CURRENT_ADDRS_ALL_SCOPES="" + CURRENT_ADDRS_GLOBAL_SCOPE="" + + $IFCONFIG $interface >/dev/null 2>&1 && { + CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list") + CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list") + } || { + echo "# Interface $interface does not exist" + # Stop the script if we are not in test mode + test -z "$FWBDEBUG" && exit 1 + } + + diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add + diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del +} + +missing_vlan() { + vlan=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $vlan + subint=$1 + parent=$2 + IFS=$oldIFS + + vlan_id=$(echo $subint | sed 's/vlan//') + test "$cmd" = "add" && { + echo "# Adding VLAN interface $subint (parent: $parent)" + $FWBDEBUG $IFCONFIG $subint vlan $vlan_id vlandev $parent || exit 1 + $FWBDEBUG $IFCONFIG $subint up || exit 1 + } + test "$cmd" = "rem" && { + echo "# Removing VLAN interface $subint (parent: $parent)" + $FWBDEBUG $IFCONFIG $subint vlan $vlan_id -vlandev || exit 1 + $FWBDEBUG $IFCONFIG $subint destroy || exit 1 + } +} + +parse_fwb_vlans() { + set $1 + vlan_parent_interface=$1 + shift + + FWB_VLANS=$( + for subint in $*; do + echo "${subint}@$vlan_parent_interface" + done | sort + ) + echo $FWB_VLANS +} + +parse_current_vlans() { + vlan_parent_interface=$1 + $IFCONFIG | grep 'vlan: ' | sed 's/parent interface://' | \ + while read x vlan_id parent + do + test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent" + done | sort +} + +update_vlans_of_interface() { + args="$1" + set $1 + vlan_parent_interface=$1 + + FWB_VLANS=$(parse_fwb_vlans "$args") + CURRENT_VLANS=$(parse_current_vlans $vlan_parent_interface) + + $IFCONFIG $vlan_parent_interface up || exit 1 + diff_intf missing_vlan "$FWB_VLANS" "$CURRENT_VLANS" add + diff_intf missing_vlan "$CURRENT_VLANS" "$FWB_VLANS" rem +} + +sync_vlan_interfaces() { + $IFCONFIG | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^vlan[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting vlan interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy || exit 1 + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating vlan interface $intf" + $FWBDEBUG $IFCONFIG $intf create || exit 1 + } + done +} + + + + + +BRCONFIG="$IFCONFIG" + + +missing_port() { + intf=$1 + cmd=$2 + + oldIFS=$IFS + IFS="@" + set $intf + port=$1 + bridge_interface=$2 + IFS=$oldIFS + + echo "# Updating bridge configuration: $bridge_interface $cmd $port" + $FWBDEBUG $BRCONFIG $bridge_interface $cmd $port + test "$cmd" = "addm" && $FWBDEBUG $IFCONFIG $port up +} + +update_bridge_interface() { + bridge_interface=$1 + shift + + FWB_PORTS="" + CURRENT_PORTS="" + + FWB_PORTS=$( + for subint in $*; do + echo "${subint}@$bridge_interface" + done | sort + ) + + # this is really redundant because we create missing bridge + # interfaces in sync_bridge_interfaces. However will leave this + # here so that function update_bridge can be used without prior + # call to sync_bridge_interfaces The difference is that + # sync_bridge_interfaces also deletes bridge interfaces that exist + # on the machine but are missing in fwbuilder confgiuration. The + # update_bridge function can only add bridge interfaces. + $BRCONFIG $bridge_interface >/dev/null 2>&1 || { + echo "# Creating bridge interface $bridge_interface" + $FWBDEBUG $IFCONFIG $bridge_interface create + $FWBDEBUG $IFCONFIG $bridge_interface up + } + + PORTS=$( + $BRCONFIG $bridge_interface | awk '($1~/member:/) { print $2; }' + ) + + test -n "$PORTS" && { + CURRENT_PORTS=$( + for subint in $PORTS; do + echo "${subint}@$bridge_interface" + done | sort + ) + } + + # first delete bridge ports, then add. This way, if an interface + # moves from one bridge to another, we remove it first and then + # add. It would not work if we tried to add it first, brctl issues + # an error: + # device eth2 is already a member of a bridge; can't enslave it to bridge br1. + # + diff_intf missing_port "$CURRENT_PORTS" "$FWB_PORTS" deletem + diff_intf missing_port "$FWB_PORTS" "$CURRENT_PORTS" addm +} + + +sync_bridge_interfaces() { + $BRCONFIG -a | awk -F: -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;} + } + ($1 ~ /^bridge[0-9]/ && !($1 in ignored_dict)) {print $1;}' | \ + while read brintf; do + echo "# Deleting bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brintf down + $FWBDEBUG $IFCONFIG $brintf destroy + done + + for brint in $*; do + $BRCONFIG $brint >/dev/null 2>&1 || { + echo "# Creating bridge interface $brintf" + $FWBDEBUG $IFCONFIG $brint create + $FWBDEBUG $IFCONFIG $brint up + } + done +} + + +sync_carp_interfaces() { + $IFCONFIG | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^carp[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting carp interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating carp interface $intf" + $SYSCTL -w net.inet.carp.allow=1 + $FWBDEBUG $IFCONFIG $intf create || { + echo "Error: CARP interface $intf could not be created. Does the kernel have CARP enabled?" + exit 1 + } + } + done +} + + +sync_pfsync_interfaces() { + $IFCONFIG | awk -v IGNORED="$*" \ + 'BEGIN { + split(IGNORED,ignored_arr); + for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;} + } + ($1 ~ /^pfsync[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\ + while read intf; do + echo "# Deleting pfsync interface $intf" + $FWBDEBUG $IFCONFIG $intf destroy + done + + for intf in $*; do + $IFCONFIG $intf >/dev/null 2>&1 || { + echo "# Creating pfsync interface $intf" + $FWBDEBUG $IFCONFIG $intf create + } + done +} + +verify_interfaces() { + : + +} + +set_kernel_vars() { + : + $SYSCTL -w net.inet.ip.forwarding=1 +} + +prolog_commands() { + : + +} + +epilog_commands() { + : + +} + +run_epilog_and_exit() { + epilog_commands + exit $1 +} + +configure_interfaces() { + : + sync_vlan_interfaces vlan8210 vlan9210 + sync_bridge_interfaces bridge0 + sync_carp_interfaces + sync_pfsync_interfaces + update_bridge_interface bridge0 "vlan8210 vlan9210" + $IFCONFIG bridge0 -stp vlan8210 + $IFCONFIG bridge0 -stp vlan9210 + update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" + update_addresses_of_interface "em0 10.3.14.81/0xffffff00" "" + update_vlans_of_interface "em1 vlan9210" + update_addresses_of_interface "em1" "" + update_vlans_of_interface "em2 vlan8210" + update_addresses_of_interface "em2" "" + update_addresses_of_interface "vlan8210" "" + update_addresses_of_interface "vlan9210" "" +} + +log "Activating firewall script generated Wed Feb 16 13:24:45 2011 by vadim" + +set_kernel_vars +configure_interfaces +prolog_commands + +$PFCTL -f /etc/fw/path\ with\ space/pf.conf || exit 1 + + + + + + + +epilog_commands \ No newline at end of file diff --git a/test/pf/firewall109-3.conf.orig b/test/pf/firewall109-3.conf.orig new file mode 100644 index 000000000..cd6cd238b --- /dev/null +++ b/test/pf/firewall109-3.conf.orig @@ -0,0 +1,25 @@ + +set timeout udp.single 5 + +# +# Scrub rules +# +match all scrub (reassemble tcp no-df ) +match out all scrub (random-id min-ttl 1 max-mss 1460) + + +# Tables: (1) +table { 10.3.14.81 , 192.168.1.1 } + +# +# Rule backup ssh access rule +# backup ssh access rule +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +# +# Rule 0 (global) +block log quick inet from any to any no state label "RULE 0 -- DROP " +# +# Rule fallback rule +# fallback rule +block quick inet from any to any no state label "RULE 10000 -- DROP " + diff --git a/test/pf/firewall109-3.fw.orig b/test/pf/firewall109-3.fw.orig new file mode 100755 index 000000000..ac7b4c0e9 --- /dev/null +++ b/test/pf/firewall109-3.fw.orig @@ -0,0 +1,38 @@ +# +# This is automatically generated file. DO NOT MODIFY ! +# +# Firewall Builder fwb_pf v4.2.0.3477 +# +# Generated Wed Feb 16 13:24:46 2011 PST by vadim +# +# files: * firewall109-3.fw /etc/fw/pf.fw +# files: firewall109-3.conf /etc/fw/path\ with\ space/pf.conf +# +# Compiled for pf 4.7 +# +# complex configuration with bridge and vlan, uses vlan interfaces with names not matching vlan IDs. rc.conf format + + + +gateway_enable="YES" + + + +cloned_interfaces="vlan8210 vlan9210 bridge0" +network_interfaces="bridge0 em0" + +ifconfig_bridge0="addm vlan8210 -stp vlan8210 addm vlan9210 -stp vlan9210 up 192.168.1.1 netmask 0xffffff00" +ifconfig_em0="10.3.14.81 netmask 0xffffff00" +vlans_em1="vlan9210" +create_args_vlan9210="vlan 210 vlandev em1" +vlans_em2="vlan8210" +create_args_vlan8210="vlan 210 vlandev em2" +pfsync_enable="YES" +ifconfig_vlan8210="up" +ifconfig_vlan9210="up" + +pf_enable="YES" +pf_rules="/etc/fw/path\ with\ space/pf.conf" + + + diff --git a/test/pf/firewall109.fw.orig b/test/pf/firewall109.fw.orig index 355b3666a..50a0a04ab 100755 --- a/test/pf/firewall109.fw.orig +++ b/test/pf/firewall109.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:34 2011 PST by vadim +# Generated Wed Feb 16 13:24:44 2011 PST by vadim # # files: * firewall109.fw /etc/fw/pf.fw # files: firewall109.conf /etc/fw/path\ with\ space/pf.conf @@ -394,7 +394,7 @@ configure_interfaces() { update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:34 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:44 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall11.fw.orig b/test/pf/firewall11.fw.orig index 787d1c4be..bd1e285c3 100755 --- a/test/pf/firewall11.fw.orig +++ b/test/pf/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:35 2011 PST by vadim +# Generated Wed Feb 16 13:24:46 2011 PST by vadim # # files: * firewall11.fw /etc/firewall11.fw # files: firewall11.conf /etc/firewall11.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:35 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:46 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall110.fw.orig b/test/pf/firewall110.fw.orig index a992e3549..069f8d525 100755 --- a/test/pf/firewall110.fw.orig +++ b/test/pf/firewall110.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:35 2011 PST by vadim +# Generated Wed Feb 16 13:24:47 2011 PST by vadim # # files: * firewall110.fw /etc/fw/firewall110.fw # files: firewall110.conf /etc/fw/firewall110.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:35 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:47 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall12.fw.orig b/test/pf/firewall12.fw.orig index 3b1d60a96..e3c0e60ca 100755 --- a/test/pf/firewall12.fw.orig +++ b/test/pf/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:36 2011 PST by vadim +# Generated Wed Feb 16 13:24:47 2011 PST by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # files: firewall12.conf /etc/fw/firewall12.conf @@ -159,7 +159,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:36 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:47 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall13.fw.orig b/test/pf/firewall13.fw.orig index 873587e3e..428534106 100755 --- a/test/pf/firewall13.fw.orig +++ b/test/pf/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:36 2011 PST by vadim +# Generated Wed Feb 16 13:24:48 2011 PST by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # files: firewall13.conf /etc/fw/firewall13.conf @@ -88,7 +88,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:36 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:48 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14-1.fw.orig b/test/pf/firewall14-1.fw.orig index 46f115322..1bf675195 100755 --- a/test/pf/firewall14-1.fw.orig +++ b/test/pf/firewall14-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:38 2011 PST by vadim +# Generated Wed Feb 16 13:24:49 2011 PST by vadim # # files: * firewall14-1.fw /etc/firewall14-1.fw # files: firewall14-1.conf /etc/firewall14-1.conf @@ -241,7 +241,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:38 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:49 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14.fw.orig b/test/pf/firewall14.fw.orig index 7d5682303..18e8573e4 100755 --- a/test/pf/firewall14.fw.orig +++ b/test/pf/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:37 2011 PST by vadim +# Generated Wed Feb 16 13:24:49 2011 PST by vadim # # files: * firewall14.fw /etc/firewall14.fw # files: firewall14.conf /etc/firewall14.conf @@ -241,7 +241,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:37 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:49 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2-1.fw.orig b/test/pf/firewall2-1.fw.orig index 578102b7d..ad348c3dd 100755 --- a/test/pf/firewall2-1.fw.orig +++ b/test/pf/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:40 2011 PST by vadim +# Generated Wed Feb 16 13:24:51 2011 PST by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # files: firewall2-1.conf /etc/fw/firewall2-1.conf @@ -88,7 +88,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:40 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:51 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2.fw.orig b/test/pf/firewall2.fw.orig index 293c5467f..4ebfd7dbe 100755 --- a/test/pf/firewall2.fw.orig +++ b/test/pf/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:38 2011 PST by vadim +# Generated Wed Feb 16 13:24:50 2011 PST by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # files: firewall2.conf /etc/fw/firewall2.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:38 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:50 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall20.fw.orig b/test/pf/firewall20.fw.orig index b65ff326e..5ada0b4f8 100755 --- a/test/pf/firewall20.fw.orig +++ b/test/pf/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:39 2011 PST by vadim +# Generated Wed Feb 16 13:24:50 2011 PST by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # files: firewall20.conf /etc/fw/firewall20.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:39 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:50 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall21.fw.orig b/test/pf/firewall21.fw.orig index a71fdbd94..8095b47e9 100755 --- a/test/pf/firewall21.fw.orig +++ b/test/pf/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:39 2011 PST by vadim +# Generated Wed Feb 16 13:24:51 2011 PST by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # files: firewall21.conf /etc/fw/firewall21.conf @@ -81,7 +81,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:39 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:51 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall22.fw.orig b/test/pf/firewall22.fw.orig index cb0ab045d..a90d8047b 100755 --- a/test/pf/firewall22.fw.orig +++ b/test/pf/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:40 2011 PST by vadim +# Generated Wed Feb 16 13:24:52 2011 PST by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # files: firewall22.conf /etc/fw/firewall22.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:40 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:52 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall3.fw.orig b/test/pf/firewall3.fw.orig index c24b67249..377d0ef7b 100755 --- a/test/pf/firewall3.fw.orig +++ b/test/pf/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:41 2011 PST by vadim +# Generated Wed Feb 16 13:24:53 2011 PST by vadim # # files: * firewall3.fw /etc/firewall3.fw # files: firewall3.conf /etc/firewall3.conf @@ -159,7 +159,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:41 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:53 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall33.conf.orig b/test/pf/firewall33.conf.orig index 6ada3a049..2e6d8dfb9 100644 --- a/test/pf/firewall33.conf.orig +++ b/test/pf/firewall33.conf.orig @@ -6,7 +6,7 @@ table { 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } table { www.google.com , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } table { www.google.com , www.cnn.com } -table { 74.125.224.48 , 74.125.224.49 , 74.125.224.50 , 74.125.224.51 , 74.125.224.52 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } +table { 74.125.224.80 , 74.125.224.81 , 74.125.224.82 , 74.125.224.83 , 74.125.224.84 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } # # Rule 0 (NAT) diff --git a/test/pf/firewall33.fw.orig b/test/pf/firewall33.fw.orig index 11066aede..2a94c9b5f 100755 --- a/test/pf/firewall33.fw.orig +++ b/test/pf/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:42 2011 PST by vadim +# Generated Wed Feb 16 13:24:55 2011 PST by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # files: firewall33.conf /etc/fw/firewall33.conf @@ -162,7 +162,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:42 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:55 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall34.fw.orig b/test/pf/firewall34.fw.orig index 3f4db25fd..81490f3d2 100755 --- a/test/pf/firewall34.fw.orig +++ b/test/pf/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:42 2011 PST by vadim +# Generated Wed Feb 16 13:24:54 2011 PST by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # files: firewall34.conf /etc/fw/firewall34.conf @@ -158,7 +158,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:42 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:54 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall38.fw.orig b/test/pf/firewall38.fw.orig index 9895c95e6..3eb1c2863 100755 --- a/test/pf/firewall38.fw.orig +++ b/test/pf/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:43 2011 PST by vadim +# Generated Wed Feb 16 13:24:55 2011 PST by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # files: firewall38.conf /etc/fw/firewall38.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:43 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:55 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall39.fw.orig b/test/pf/firewall39.fw.orig index 8a3e85972..3e9065bcb 100755 --- a/test/pf/firewall39.fw.orig +++ b/test/pf/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:43 2011 PST by vadim +# Generated Wed Feb 16 13:24:56 2011 PST by vadim # # files: * firewall39.fw pf.fw # files: firewall39.conf pf.conf @@ -79,7 +79,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:43 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:56 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall4.fw.orig b/test/pf/firewall4.fw.orig index 961e74a6e..c13bd43c8 100755 --- a/test/pf/firewall4.fw.orig +++ b/test/pf/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:44 2011 PST by vadim +# Generated Wed Feb 16 13:24:56 2011 PST by vadim # # files: * firewall4.fw pf.fw # files: firewall4.conf /etc/fw/pf.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:44 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:56 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40-1.fw.orig b/test/pf/firewall40-1.fw.orig index 8c4882486..4f5568f76 100755 --- a/test/pf/firewall40-1.fw.orig +++ b/test/pf/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:45 2011 PST by vadim +# Generated Wed Feb 16 13:24:58 2011 PST by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # files: firewall40-1.conf /etc/firewall40-1.conf @@ -176,7 +176,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:45 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:58 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40.fw.orig b/test/pf/firewall40.fw.orig index 098ec79f4..4fcabed1c 100755 --- a/test/pf/firewall40.fw.orig +++ b/test/pf/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:44 2011 PST by vadim +# Generated Wed Feb 16 13:24:57 2011 PST by vadim # # files: * firewall40.fw /etc/firewall40.fw # files: firewall40.conf /etc/firewall40.conf @@ -160,7 +160,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:44 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:57 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall41.fw.orig b/test/pf/firewall41.fw.orig index 904d10eb3..4b9ffd4f9 100755 --- a/test/pf/firewall41.fw.orig +++ b/test/pf/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:46 2011 PST by vadim +# Generated Wed Feb 16 13:24:58 2011 PST by vadim # # files: * firewall41.fw /etc/firewall41.fw # files: firewall41.conf /etc/firewall41.conf @@ -163,7 +163,7 @@ configure_interfaces() { update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:46 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:58 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall5.fw.orig b/test/pf/firewall5.fw.orig index 3f8f6ea8b..cf8ae64d2 100755 --- a/test/pf/firewall5.fw.orig +++ b/test/pf/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:46 2011 PST by vadim +# Generated Wed Feb 16 13:24:59 2011 PST by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # files: firewall5.conf /etc/fw/firewall5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:46 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:24:59 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall51.fw.orig b/test/pf/firewall51.fw.orig index 86040308b..205cfb418 100755 --- a/test/pf/firewall51.fw.orig +++ b/test/pf/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:47 2011 PST by vadim +# Generated Wed Feb 16 13:25:00 2011 PST by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # files: firewall51.conf /etc/fw/firewall51.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:47 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:00 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall6.fw.orig b/test/pf/firewall6.fw.orig index 80b9cd7db..c53a96c52 100755 --- a/test/pf/firewall6.fw.orig +++ b/test/pf/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:47 2011 PST by vadim +# Generated Wed Feb 16 13:25:00 2011 PST by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # files: firewall6.conf /etc/fw/firewall6.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:47 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:00 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall62.fw.orig b/test/pf/firewall62.fw.orig index 92867330a..8d289362d 100755 --- a/test/pf/firewall62.fw.orig +++ b/test/pf/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:48 2011 PST by vadim +# Generated Wed Feb 16 13:25:01 2011 PST by vadim # # files: * firewall62.fw /etc/firewall62.fw # files: firewall62.conf /etc/firewall62.conf @@ -185,7 +185,7 @@ configure_interfaces() { update_addresses_of_interface "en1 222.222.222.222/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:48 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:01 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall63.fw.orig b/test/pf/firewall63.fw.orig index 36ce9d1b9..588add92d 100755 --- a/test/pf/firewall63.fw.orig +++ b/test/pf/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:48 2011 PST by vadim +# Generated Wed Feb 16 13:25:01 2011 PST by vadim # # files: * firewall63.fw /etc/fw/firewall63.fw # files: firewall63.conf /etc/fw/firewall63.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:48 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:01 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall7.fw.orig b/test/pf/firewall7.fw.orig index a3e43491d..1451fbae7 100755 --- a/test/pf/firewall7.fw.orig +++ b/test/pf/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:49 2011 PST by vadim +# Generated Wed Feb 16 13:25:02 2011 PST by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # files: firewall7.conf /etc/fw/firewall7.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:49 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:02 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall70.fw.orig b/test/pf/firewall70.fw.orig index e1bc23a58..3f058b355 100755 --- a/test/pf/firewall70.fw.orig +++ b/test/pf/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:50 2011 PST by vadim +# Generated Wed Feb 16 13:25:02 2011 PST by vadim # # files: * firewall70.fw /etc/fw/firewall70.fw # files: firewall70.conf /etc/fw/firewall70.conf @@ -82,7 +82,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:50 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:02 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall8.fw.orig b/test/pf/firewall8.fw.orig index e145b969c..1243a4e57 100755 --- a/test/pf/firewall8.fw.orig +++ b/test/pf/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:51 2011 PST by vadim +# Generated Wed Feb 16 13:25:03 2011 PST by vadim # # files: * firewall8.fw /etc/firewall8.fw # files: firewall8.conf /etc/firewall8.conf @@ -72,7 +72,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:51 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80-4.5.fw.orig b/test/pf/firewall80-4.5.fw.orig index 730759557..2aec1ad76 100755 --- a/test/pf/firewall80-4.5.fw.orig +++ b/test/pf/firewall80-4.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:52 2011 PST by vadim +# Generated Wed Feb 16 13:25:05 2011 PST by vadim # # files: * firewall80-4.5.fw /etc/firewall80-4.5.fw # files: firewall80-4.5.conf /etc/firewall80-4.5.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:52 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:05 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80.fw.orig b/test/pf/firewall80.fw.orig index 5e237564d..9268ec31b 100755 --- a/test/pf/firewall80.fw.orig +++ b/test/pf/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:51 2011 PST by vadim +# Generated Wed Feb 16 13:25:03 2011 PST by vadim # # files: * firewall80.fw /etc/firewall80.fw # files: firewall80.conf /etc/firewall80.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:51 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall9.fw.orig b/test/pf/firewall9.fw.orig index b93d76211..4072203ef 100755 --- a/test/pf/firewall9.fw.orig +++ b/test/pf/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:52 2011 PST by vadim +# Generated Wed Feb 16 13:25:05 2011 PST by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # files: firewall9.conf /etc/fw/firewall9.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon Feb 14 16:07:52 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:05 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall91.fw.orig b/test/pf/firewall91.fw.orig index 3f1548179..475df2046 100755 --- a/test/pf/firewall91.fw.orig +++ b/test/pf/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:53 2011 PST by vadim +# Generated Wed Feb 16 13:25:06 2011 PST by vadim # # files: * firewall91.fw /etc/fw/pf.fw # files: firewall91.conf /etc/fw/pf.conf @@ -240,7 +240,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:53 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:06 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall92.fw.orig b/test/pf/firewall92.fw.orig index 00d1b667d..8520d94c4 100755 --- a/test/pf/firewall92.fw.orig +++ b/test/pf/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:53 2011 PST by vadim +# Generated Wed Feb 16 13:25:06 2011 PST by vadim # # files: * firewall92.fw /etc/fw/pf.fw # files: firewall92.conf /etc/fw/path\ with\ space/pf.conf @@ -160,7 +160,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:53 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:06 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/objects-for-regression-tests.fwb b/test/pf/objects-for-regression-tests.fwb index 8f4955704..9bf47a5bc 100644 --- a/test/pf/objects-for-regression-tests.fwb +++ b/test/pf/objects-for-regression-tests.fwb @@ -1,6 +1,6 @@ - + @@ -1537,6 +1537,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -22959,6 +22991,396 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test/pf/pf_cluster_1_openbsd-1.fw.orig b/test/pf/pf_cluster_1_openbsd-1.fw.orig index 95eaf0f6d..5c3e56bcb 100755 --- a/test/pf/pf_cluster_1_openbsd-1.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:56 2011 PST by vadim +# Generated Wed Feb 16 13:25:09 2011 PST by vadim # # files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw # files: pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf @@ -292,7 +292,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:09 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_1_openbsd-2.fw.orig b/test/pf/pf_cluster_1_openbsd-2.fw.orig index f02078ded..15761dee2 100755 --- a/test/pf/pf_cluster_1_openbsd-2.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:56 2011 PST by vadim +# Generated Wed Feb 16 13:25:09 2011 PST by vadim # # files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw # files: pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf @@ -189,7 +189,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:09 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-1.fw.orig b/test/pf/pf_cluster_2_freebsd-1.fw.orig index ed4a1a843..f50d4ca40 100755 --- a/test/pf/pf_cluster_2_freebsd-1.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:56 2011 PST by vadim +# Generated Wed Feb 16 13:25:09 2011 PST by vadim # # files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw # files: pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf @@ -294,7 +294,7 @@ configure_interfaces() { update_addresses_of_interface "en1 192.168.1.2/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:09 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-2.fw.orig b/test/pf/pf_cluster_2_freebsd-2.fw.orig index 7bb9aad1a..b86ddf27d 100755 --- a/test/pf/pf_cluster_2_freebsd-2.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:56 2011 PST by vadim +# Generated Wed Feb 16 13:25:09 2011 PST by vadim # # files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw # files: pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf @@ -191,7 +191,7 @@ configure_interfaces() { update_addresses_of_interface "en1 192.168.1.3/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:09 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-3.fw.orig b/test/pf/pf_cluster_3_openbsd-3.fw.orig index 9ecc83018..6bcf99772 100755 --- a/test/pf/pf_cluster_3_openbsd-3.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:57 2011 PST by vadim +# Generated Wed Feb 16 13:25:10 2011 PST by vadim # # files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw # files: pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf @@ -295,7 +295,7 @@ configure_interfaces() { update_addresses_of_interface "vlan100 172.20.0.2/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:57 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:10 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-4.fw.orig b/test/pf/pf_cluster_3_openbsd-4.fw.orig index ebed564a1..ee4c01c2e 100755 --- a/test/pf/pf_cluster_3_openbsd-4.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Mon Feb 14 16:07:57 2011 PST by vadim +# Generated Wed Feb 16 13:25:10 2011 PST by vadim # # files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw # files: pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf @@ -193,7 +193,7 @@ configure_interfaces() { update_addresses_of_interface "vlan100 172.20.0.3/0xffffff00" "" } -log "Activating firewall script generated Mon Feb 14 16:07:57 2011 by vadim" +log "Activating firewall script generated Wed Feb 16 13:25:10 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_4_rc.conf.local b/test/pf/pf_cluster_4_rc.conf.local index ddfddbcee..f5a23d075 100755 --- a/test/pf/pf_cluster_4_rc.conf.local +++ b/test/pf/pf_cluster_4_rc.conf.local @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3476 +# Firewall Builder fwb_pf v4.2.0.3477 # -# Generated Tue Feb 15 14:17:50 2011 PST by vadim +# Generated Wed Feb 16 13:25:10 2011 PST by vadim # # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local # files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf