onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-24 12:17:26 +01:00
Code Issues Releases Wiki Activity

Added test for ASCII symbols to instDialogInspectTest and moved actual testing to separate function

Browse Source
This commit is contained in:
Roman Bovsunivskiy 2010-07-14 16:15:25 +00:00
parent ea9c14d21e
commit a2cd7603da
3 changed files with 759 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
src/gui/unit_tests/instDialogInspectTest/instDialogInspectTest.cpp
View File

@ -82,12 +82,13 @@ void instDialogInspectTest::cleanupTestCase()
void instDialogInspectTest::closeInstallOptions()
{
QVERIFY(dynamic_cast<instOptionsDialog*>(app->activeModalWidget()) != NULL);
app->activeModalWidget()->close();
dynamic_cast<instOptionsDialog*>(app->activeModalWidget())->cancelAll();
dialogClosed = true;
}
QPoint findItemPos(ObjectTreeViewItem *item, ObjectTreeView *tree)
{
tree->scrollToItem(item);
for (int h=10; h<tree->height(); h+=1)
{
for (int w=75; w<tree->width(); w+=1)
@ -151,9 +152,9 @@ void instDialogInspectTest::openContextMenu(ObjectManipulator *om,
QString("Item %1 not found in the context menu").arg(actionText).toAscii().constData());
}
void instDialogInspectTest::testInspect_firewall()
void instDialogInspectTest::testInspect(QString firewall)
{
ObjectTreeViewItem *treeitem = dynamic_cast<ObjectTreeViewItem*>(tree->findItems("test1", Qt::MatchExactly | Qt::MatchRecursive).first());
ObjectTreeViewItem *treeitem = dynamic_cast<ObjectTreeViewItem*>(tree->findItems(firewall, Qt::MatchExactly | Qt::MatchRecursive).first());
this->openContextMenu(om, treeitem, tree, "Install");
instDialog *dlg = mw->findChild<instDialog*>();
@ -176,57 +177,7 @@ void instDialogInspectTest::testInspect_firewall()
QTest::qWait(50);
}
QTest::qWait(50);
QVERIFY(inspect->isEnabled());
QString oldtext = processLogDisplay->toPlainText();
QStackedWidget *stack = dlg->findChild<QStackedWidget*>();
QVERIFY(stack->currentIndex() == 1);
QTest::mouseClick(inspect, Qt::LeftButton);
QVERIFY(stack->currentIndex() == 3);
QVERIFY(back->isEnabled());
QVERIFY(next->isEnabled());
QTest::mouseClick(back, Qt::LeftButton);
QVERIFY(stack->currentIndex() == 1);
QVERIFY(oldtext == processLogDisplay->toPlainText());
QTest::mouseClick(inspect, Qt::LeftButton);
QTimer::singleShot(100, this, SLOT(closeInstallOptions()));
QTest::mouseClick(next, Qt::LeftButton);
QVERIFY(dialogClosed);
QVERIFY(stack->currentIndex() == 1);
dlg->reject();
QTest::qWait(500);
}
void instDialogInspectTest::testInspect_cluster()
{
ObjectTreeViewItem *treeitem = dynamic_cast<ObjectTreeViewItem*>(tree->findItems("cluster1", Qt::MatchExactly | Qt::MatchRecursive).first());
this->openContextMenu(om, treeitem, tree, "Install");
instDialog *dlg = mw->findChild<instDialog*>();
QTest::mouseClick(dlg->findChild<QPushButton*>("pushButton16"), Qt::LeftButton);
QPushButton *back = dlg->findChild<QPushButton*>("backButton");
QPushButton *next = dlg->findChild<QPushButton*>("nextButton");
QPushButton *inspect = dlg->findChild<QPushButton*>("inspectGeneratedFiles");
QTest::mouseClick(next, Qt::LeftButton);
QTreeWidget *list= dlg->findChild<QTreeWidget*>("fwWorkList");
QTextBrowser *processLogDisplay = dlg->findChild<QTextBrowser*>("procLogDisplay");
while (!checkProgress(list))
{
QVERIFY(!inspect->isEnabled());
QTest::qWait(50);
}
QTest::qWait(50);
QVERIFY(inspect->isEnabled());
Q_ASSERT(inspect->isEnabled());
QString oldtext = processLogDisplay->toPlainText();
QStackedWidget *stack = dlg->findChild<QStackedWidget*>();
@ -241,50 +192,6 @@ void instDialogInspectTest::testInspect_cluster()
QVERIFY(stack->currentIndex() == 1);
QVERIFY(oldtext == processLogDisplay->toPlainText());
dlg->reject();
QTest::qWait(500);
}
void instDialogInspectTest::testInspect_space()
{
ObjectTreeViewItem *treeitem = dynamic_cast<ObjectTreeViewItem*>(tree->findItems("firewall name", Qt::MatchExactly | Qt::MatchRecursive).first());
this->openContextMenu(om, treeitem, tree, "Install");
instDialog *dlg = mw->findChild<instDialog*>();
QTest::mouseClick(dlg->findChild<QPushButton*>("pushButton16"), Qt::LeftButton);
QPushButton *back = dlg->findChild<QPushButton*>("backButton");
QPushButton *next = dlg->findChild<QPushButton*>("nextButton");
QPushButton *inspect = dlg->findChild<QPushButton*>("inspectGeneratedFiles");
QTest::mouseClick(next, Qt::LeftButton);
QTreeWidget *list= dlg->findChild<QTreeWidget*>("fwWorkList");
QTextBrowser *processLogDisplay = dlg->findChild<QTextBrowser*>("procLogDisplay");
while (!checkProgress(list))
{
QVERIFY(!inspect->isEnabled());
QTest::qWait(50);
}
QTest::qWait(50);
QVERIFY(inspect->isEnabled());
QString oldtext = processLogDisplay->toPlainText();
QStackedWidget *stack = dlg->findChild<QStackedWidget*>();
QVERIFY(stack->currentIndex() == 1);
QTest::mouseClick(inspect, Qt::LeftButton);
QVERIFY(stack->currentIndex() == 3);
QVERIFY(back->isEnabled());
QVERIFY(next->isEnabled());
QTest::mouseClick(back, Qt::LeftButton);
QVERIFY(stack->currentIndex() == 1);
QVERIFY(oldtext == processLogDisplay->toPlainText());
QTest::mouseClick(inspect, Qt::LeftButton);
QTimer::singleShot(100, this, SLOT(closeInstallOptions()));
QTest::mouseClick(next, Qt::LeftButton);
@ -292,4 +199,26 @@ void instDialogInspectTest::testInspect_space()
QVERIFY(stack->currentIndex() == 1);
dlg->reject();
QTest::qWait(500);
}
void instDialogInspectTest::testInspect_firewall()
{
testInspect("test1");
}
void instDialogInspectTest::testInspect_cluster()
{
testInspect("cluster1");
}
void instDialogInspectTest::testInspect_space()
{
testInspect("firewall name");
}
void instDialogInspectTest::testInspect_ascii()
{
testInspect("firewall !@#$%^&()-+{},;");
}

2
src/gui/unit_tests/instDialogInspectTest/instDialogInspectTest.h
View File

@ -54,11 +54,13 @@ private slots:
void testInspect_cluster();
void testInspect_firewall();
void testInspect_space();
void testInspect_ascii();
public slots:
void closeInstallOptions();
void closeContextMenu();
void openContextMenu(ObjectManipulator *om, ObjectTreeViewItem *item,
ObjectTreeView *tree, const QString &actionText);
void testInspect(QString fwname);
};
#endif // INSTDIALOGTEST_H

730
src/gui/unit_tests/instDialogInspectTest/test.fwb
View File

@ -1635,6 +1635,736 @@
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id5639X22322" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1268942667" platform="iptables" version="" name="firewall !@#$%^&amp;()-+{},;" comment="This firewall has three interfaces. Eth0 faces outside and has a static routable address; eth1 faces inside; eth2 is connected to DMZ subnet.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0, DMZ is 192.168.2.0/255.255.255.0. Since DMZ used private IP address, it needs NAT. There is a mail relay host located on DMZ (object 'server on dmz'). Policy rules permit SMTP connections to it from the Internet and allow this server to connect to a host on internal network 'internal server'. All other access from DMZ to internal net is denied. To provide access to the mail relay its private address is mapped to firewall's outside interface address by NAT rule #1." ro="False">
<NAT id="id5664X22322" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id5666X22322" disabled="False" position="0" action="Translate" comment="no need to translate&#10;between DMZ and &#10;internal net">
<OSrc neg="False">
<ObjectRef ref="id3DC75CE7-2"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id5699X22322" disabled="False" position="1" action="Translate" comment="Translate source address&#10;for outgoing connections">
<OSrc neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
<ObjectRef ref="id3DC75CE7-2"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id5647X22322"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id5733X22322" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id5647X22322"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D84EECF"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id5767X22322" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id5769X22322" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
<ObjectRef ref="id5639X22322"/>
<ObjectRef ref="id3DC75CE7-1"/>
<ObjectRef ref="id3DC75CE7-2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id5647X22322"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id5799X22322" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id5653X22322"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id5827X22322" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id5639X22322"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id5855X22322" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
<ObjectRef ref="id5639X22322"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D84EECE"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3F530CC8"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id5883X22322" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id5639X22322"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id5911X22322" disabled="False" log="False" position="5" action="Reject" direction="Both" comment="Quickly reject attempts to connect&#10;to ident server to avoid SMTP delays">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-Auth"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="connlimit_above_not">False</Option>
<Option name="connlimit_masklen">0</Option>
<Option name="connlimit_value">0</Option>
<Option name="firewall_is_part_of_any_and_networks"></Option>
<Option name="hashlimit_burst">0</Option>
<Option name="hashlimit_dstlimit">False</Option>
<Option name="hashlimit_expire">0</Option>
<Option name="hashlimit_gcinterval">0</Option>
<Option name="hashlimit_max">0</Option>
<Option name="hashlimit_mode_dstip">False</Option>
<Option name="hashlimit_mode_dstport">False</Option>
<Option name="hashlimit_mode_srcip">False</Option>
<Option name="hashlimit_mode_srcport">False</Option>
<Option name="hashlimit_name"></Option>
<Option name="hashlimit_size">0</Option>
<Option name="hashlimit_suffix"></Option>
<Option name="hashlimit_value">0</Option>
<Option name="limit_burst">0</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="limit_value_not">False</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5939X22322" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="Mail relay on DMZ can accept&#10;connections from hosts on the&#10;Internet">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D84EECF"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id5967X22322" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="this rule permits a mail relay&#10;located on DMZ to connect&#10;to internal mail server">
<Src neg="False">
<ObjectRef ref="id3D84EECF"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D84EECE"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id5995X22322" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="Mail relay needs DNS and can&#10;connect to mail servers on the&#10;Internet">
<Src neg="False">
<ObjectRef ref="id3D84EECF"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3DC75CE7-1"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3F530CC8"/>
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id6024X22322" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="All other access from DMZ to&#10;internal net is denied">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="connlimit_above_not">False</Option>
<Option name="connlimit_masklen">0</Option>
<Option name="connlimit_value">0</Option>
<Option name="firewall_is_part_of_any_and_networks"></Option>
<Option name="hashlimit_burst">0</Option>
<Option name="hashlimit_dstlimit">False</Option>
<Option name="hashlimit_expire">0</Option>
<Option name="hashlimit_gcinterval">0</Option>
<Option name="hashlimit_max">0</Option>
<Option name="hashlimit_mode_dstip">False</Option>
<Option name="hashlimit_mode_dstport">False</Option>
<Option name="hashlimit_mode_srcip">False</Option>
<Option name="hashlimit_mode_srcport">False</Option>
<Option name="hashlimit_name"></Option>
<Option name="hashlimit_size">0</Option>
<Option name="hashlimit_suffix"></Option>
<Option name="hashlimit_value">0</Option>
<Option name="limit_burst">0</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="limit_value_not">False</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id6052X22322" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="This permits access from internal net&#10;to the Internet and DMZ">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id6080X22322" disabled="False" log="True" position="11" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="connlimit_above_not">False</Option>
<Option name="connlimit_masklen">0</Option>
<Option name="connlimit_value">0</Option>
<Option name="firewall_is_part_of_any_and_networks"></Option>
<Option name="hashlimit_burst">0</Option>
<Option name="hashlimit_dstlimit">False</Option>
<Option name="hashlimit_expire">0</Option>
<Option name="hashlimit_gcinterval">0</Option>
<Option name="hashlimit_max">0</Option>
<Option name="hashlimit_mode_dstip">False</Option>
<Option name="hashlimit_mode_dstport">False</Option>
<Option name="hashlimit_mode_srcip">False</Option>
<Option name="hashlimit_mode_srcport">False</Option>
<Option name="hashlimit_name"></Option>
<Option name="hashlimit_size">0</Option>
<Option name="hashlimit_suffix"></Option>
<Option name="hashlimit_value">0</Option>
<Option name="limit_burst">0</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="limit_value_not">False</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id6109X22322" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id5647X22322" dedicated_failover="False" dyn="False" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id5648X22322" name="firewall !@#$%^&amp;()-+{},;:eth0:ipv4" comment="This is a test address, change it to your real one" ro="False" address="192.0.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id5650X22322" dedicated_failover="False" dyn="False" label="inside" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id5651X22322" name="firewall !@#$%^&amp;()-+{},;:eth1:ipv4" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id5653X22322" dedicated_failover="False" dyn="False" label="loopback" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id5654X22322" name="firewall !@#$%^&amp;()-+{},;:lo:ipv4" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id5656X22322" dedicated_failover="False" dyn="False" label="dmz" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id5657X22322" name="firewall !@#$%^&amp;()-+{},;:eth2:ipv4" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="check_shading">true</Option>
<Option name="compiler"></Option>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">true</Option>
<Option name="flush_and_set_default_policy">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id6102X22330" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1268942625" platform="iptables" version="" name="!@#$%^&amp;()-+{},;" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
<NAT id="id6123X22330" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id6125X22330" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id6110X22330"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id6159X22330" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id6161X22330" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
<ObjectRef ref="id6102X22330"/>
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id6110X22330"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="connlimit_above_not">False</Option>
<Option name="connlimit_masklen">0</Option>
<Option name="connlimit_value">0</Option>
<Option name="firewall_is_part_of_any_and_networks"></Option>
<Option name="hashlimit_burst">0</Option>
<Option name="hashlimit_dstlimit">False</Option>
<Option name="hashlimit_expire">0</Option>
<Option name="hashlimit_gcinterval">0</Option>
<Option name="hashlimit_max">0</Option>
<Option name="hashlimit_mode_dstip">False</Option>
<Option name="hashlimit_mode_dstport">False</Option>
<Option name="hashlimit_mode_srcip">False</Option>
<Option name="hashlimit_mode_srcport">False</Option>
<Option name="hashlimit_name"></Option>
<Option name="hashlimit_size">0</Option>
<Option name="hashlimit_suffix"></Option>
<Option name="hashlimit_value">0</Option>
<Option name="limit_burst">0</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="limit_value_not">False</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id6190X22330" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id6115X22330"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id6218X22330" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id6102X22330"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id6246X22330" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
<ObjectRef ref="id6102X22330"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3F530CC8"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id6274X22330" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id6102X22330"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="connlimit_above_not">False</Option>
<Option name="connlimit_masklen">0</Option>
<Option name="connlimit_value">0</Option>
<Option name="firewall_is_part_of_any_and_networks"></Option>
<Option name="hashlimit_burst">0</Option>
<Option name="hashlimit_dstlimit">False</Option>
<Option name="hashlimit_expire">0</Option>
<Option name="hashlimit_gcinterval">0</Option>
<Option name="hashlimit_max">0</Option>
<Option name="hashlimit_mode_dstip">False</Option>
<Option name="hashlimit_mode_dstport">False</Option>
<Option name="hashlimit_mode_srcip">False</Option>
<Option name="hashlimit_mode_srcport">False</Option>
<Option name="hashlimit_name"></Option>
<Option name="hashlimit_size">0</Option>
<Option name="hashlimit_suffix"></Option>
<Option name="hashlimit_value">0</Option>
<Option name="limit_burst">0</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="limit_value_not">False</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id6302X22330" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id6330X22330" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="connlimit_above_not">False</Option>
<Option name="connlimit_masklen">0</Option>
<Option name="connlimit_value">0</Option>
<Option name="firewall_is_part_of_any_and_networks"></Option>
<Option name="hashlimit_burst">0</Option>
<Option name="hashlimit_dstlimit">False</Option>
<Option name="hashlimit_expire">0</Option>
<Option name="hashlimit_gcinterval">0</Option>
<Option name="hashlimit_max">0</Option>
<Option name="hashlimit_mode_dstip">False</Option>
<Option name="hashlimit_mode_dstport">False</Option>
<Option name="hashlimit_mode_srcip">False</Option>
<Option name="hashlimit_mode_srcport">False</Option>
<Option name="hashlimit_name"></Option>
<Option name="hashlimit_size">0</Option>
<Option name="hashlimit_suffix"></Option>
<Option name="hashlimit_value">0</Option>
<Option name="limit_burst">0</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="limit_value_not">False</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id6359X22330" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id6110X22330" dedicated_failover="False" dyn="True" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id6112X22330" dedicated_failover="False" dyn="False" label="inside" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id6113X22330" name="!@#$%^&amp;()-+{},;:eth1:ipv4" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id6115X22330" dedicated_failover="False" dyn="False" label="loopback" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id6116X22330" name="!@#$%^&amp;()-+{},;:lo:ipv4" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="check_shading">true</Option>
<Option name="compiler"></Option>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">true</Option>
<Option name="flush_and_set_default_policy">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id14952X3268" name="Clusters" comment="" ro="False">
<Cluster id="id3338X41369" host_OS="linux24" lastCompiled="1279115081" lastInstalled="0" lastModified="0" platform="iptables" name="cluster1" comment="" ro="False">