mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-10-15 23:18:51 +02:00
see #2434 "PF compiler should use 'self' keyword where
appropriate". Compiler for PF now uses keyword 'self' in rules where firewall object is used in Source or Destination.
This commit is contained in:
Vadim Kurland
parent
29bf29f892
commit
a544492ced
@ -1,3 +1,15 @@
|
||||
2011-05-26 Vadim Kurland <vadim@netcitadel.com>
|
||||
|
||||
* PolicyCompiler_pf.cpp (compile): see #2434 "PF compiler should
|
||||
use 'self' keyword where appropriate". Compiler for PF now uses
|
||||
keyword 'self' in rules where firewall object is used in Source
|
||||
or Destination.
|
||||
|
||||
* fwcompiler/Compiler.cpp (processNext): added rule processor to
|
||||
replace firewall object with special run-time object "self" in
|
||||
Source and Destination rule elements. This rule processor can
|
||||
be used in policy compilers for any platform.
|
||||
|
||||
2011-05-17 vadim <vadim@netcitadel.com>
|
||||
|
||||
* FWObjectDatabase_tree_ops.cpp (merge): see #2420 "Crash when
|
||||
|
||||
@ -92,7 +92,7 @@ bool ObjectMatcher::complexMatch(Address *obj1, Address *obj2)
|
||||
int cluster_id = obj2->getInt("parent_cluster_id");
|
||||
if (obj1->getId() == cluster_id) return true;
|
||||
}
|
||||
|
||||
|
||||
void* res = obj1->dispatch(this, obj2);
|
||||
return (res != NULL);
|
||||
}
|
||||
@ -411,8 +411,18 @@ void* ObjectMatcher::dispatch(AddressRange *obj1, void *_obj2)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void* ObjectMatcher::dispatch(MultiAddressRunTime*, void*)
|
||||
/*
|
||||
* Special case: run-time DNSName object with source name "self"
|
||||
* matches firewall.
|
||||
*/
|
||||
void* ObjectMatcher::dispatch(MultiAddressRunTime *obj1, void *_obj2)
|
||||
{
|
||||
FWObject *obj2 = (FWObject*)(_obj2);
|
||||
|
||||
if (obj1->getSubstitutionTypeName() == DNSName::TYPENAME &&
|
||||
obj1->getSourceName() == "self" && Firewall::isA(obj2))
|
||||
return obj1;
|
||||
|
||||
return NULL; // never matches in this implementation
|
||||
}
|
||||
|
||||
@ -433,13 +443,26 @@ void* ObjectMatcher::dispatch(Firewall *obj1, void *_obj2)
|
||||
{
|
||||
FWObject *obj2 = (FWObject*)(_obj2);
|
||||
if (obj1->getId() == obj2->getId()) return obj1;
|
||||
|
||||
/*
|
||||
* Special case: run-time DNSName object with source name "self"
|
||||
* matches firewall.
|
||||
*/
|
||||
MultiAddressRunTime *mart = MultiAddressRunTime::cast(obj2);
|
||||
if (mart)
|
||||
{
|
||||
if (mart->getSubstitutionTypeName() == DNSName::TYPENAME &&
|
||||
mart->getSourceName() == "self")
|
||||
return obj1;
|
||||
}
|
||||
|
||||
/*
|
||||
* match only if all interfaces of obj1 match obj2
|
||||
*/
|
||||
bool res = true;
|
||||
list<FWObject*> l = obj1->getByTypeDeep(Interface::TYPENAME);
|
||||
for (list<FWObject*>::iterator it = l.begin(); it!=l.end(); ++it)
|
||||
res &= checkComplexMatchForSingleAddress(Interface::cast(*it), obj2);
|
||||
res &= checkComplexMatchForSingleAddress(Interface::cast(*it), obj2);
|
||||
return res ? obj1 : NULL;
|
||||
}
|
||||
|
||||
|
||||
@ -519,8 +519,16 @@ void Compiler::_expand_interface(Rule *rule,
|
||||
}
|
||||
}
|
||||
|
||||
bool compare_addresses(Address *a1, Address *a2)
|
||||
bool compare_addresses(FWObject *o1, FWObject *o2)
|
||||
{
|
||||
Address *a1 = Address::cast(o1);
|
||||
Address *a2 = Address::cast(o2);
|
||||
if (a1 == NULL || a2 == NULL)
|
||||
{
|
||||
// one or both could be MultiAddress objects (e.g. DNSName)
|
||||
return o1->getName() < o2->getName();
|
||||
}
|
||||
|
||||
const InetAddr *addr1 = a1->getAddressPtr();
|
||||
const InetAddr *addr2 = a2->getAddressPtr();
|
||||
if (addr1 == NULL) return true;
|
||||
@ -541,18 +549,18 @@ void Compiler::_expand_addr(Rule *rule, FWObject *s,
|
||||
list<FWObject*> cl;
|
||||
_expand_addr_recursive(rule, s, cl, expand_cluster_interfaces_fully);
|
||||
|
||||
list<Address*> expanded_addresses;
|
||||
list<FWObject*> expanded_addresses;
|
||||
for (FWObject::iterator i=cl.begin(); i!=cl.end(); ++i)
|
||||
{
|
||||
expanded_addresses.push_back(Address::cast(*i));
|
||||
expanded_addresses.push_back(*i);
|
||||
}
|
||||
|
||||
expanded_addresses.sort(compare_addresses);
|
||||
|
||||
s->clearChildren();
|
||||
|
||||
for (list<Address*>::iterator i1=expanded_addresses.begin();
|
||||
i1!=expanded_addresses.end(); ++i1)
|
||||
for (list<FWObject*>::iterator i1=expanded_addresses.begin();
|
||||
i1!=expanded_addresses.end(); ++i1)
|
||||
{
|
||||
s->addRef( *i1 );
|
||||
}
|
||||
@ -860,6 +868,48 @@ bool Compiler::splitIfRuleElementMatchesFW::processNext()
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
* This rule processor replaces firewall object in given rule element
|
||||
* with run-time DNSName object with name "self" and source name (A
|
||||
* record) set to "self". This is a trick in that when compliers see
|
||||
* objects like that in a rule, they just put source name in the
|
||||
* generated code verbatim. This is useful for firewall platforms that
|
||||
* support keyword "self" (e.g. PF).
|
||||
*
|
||||
* Always call this RE after splitIfFirewallInSrc or splitIfFirewallInDst
|
||||
*/
|
||||
bool Compiler::ReplaceFirewallObjectWithSelfInRE::processNext()
|
||||
{
|
||||
Rule *rule = prev_processor->getNextRule();
|
||||
if (rule==NULL) return false;
|
||||
RuleElement *re = RuleElement::cast(rule->getFirstByType(re_type));
|
||||
|
||||
for (list<FWObject*>::iterator i1=re->begin(); i1!=re->end(); ++i1)
|
||||
{
|
||||
FWObject *obj = FWReference::getObject(*i1);
|
||||
if (obj == compiler->fw)
|
||||
{
|
||||
DNSName *self = DNSName::cast(
|
||||
compiler->persistent_objects->findObjectByName(
|
||||
DNSName::TYPENAME, "self"));
|
||||
if (self == NULL)
|
||||
{
|
||||
self = compiler->dbcopy->createDNSName();
|
||||
self->setName("self");
|
||||
self->setRunTime(true);
|
||||
self->setSourceName("self");
|
||||
compiler->persistent_objects->add(self, false);
|
||||
}
|
||||
|
||||
re->addRef(self);
|
||||
re->removeRef(compiler->fw);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
tmp_queue.push_back(rule);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool Compiler::equalObj::operator()(FWObject *o)
|
||||
{
|
||||
|
||||
@ -828,9 +828,20 @@ public:
|
||||
virtual bool processNext();
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* This rule processor replaces firewall object with
|
||||
* DNSName object "self" configured as run-time with source
|
||||
* name "self".
|
||||
*/
|
||||
class ReplaceFirewallObjectWithSelfInRE : public BasicRuleProcessor
|
||||
{
|
||||
std::string re_type;
|
||||
public:
|
||||
ReplaceFirewallObjectWithSelfInRE(const std::string &n,
|
||||
std::string _type) :
|
||||
BasicRuleProcessor(n) { re_type=_type; }
|
||||
virtual bool processNext();
|
||||
};
|
||||
|
||||
/**
|
||||
* prints rule in some universal format (close to that visible
|
||||
|
||||
@ -187,6 +187,27 @@ namespace fwcompiler {
|
||||
expandMultipleAddressesInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {}
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
class ReplaceFirewallObjectWithSelfInSrc : public Compiler::ReplaceFirewallObjectWithSelfInRE
|
||||
{
|
||||
public:
|
||||
ReplaceFirewallObjectWithSelfInSrc(const std::string &n) :
|
||||
ReplaceFirewallObjectWithSelfInRE(
|
||||
n, libfwbuilder::RuleElementSrc::TYPENAME) {}
|
||||
};
|
||||
|
||||
class ReplaceFirewallObjectWithSelfInDst : public Compiler::ReplaceFirewallObjectWithSelfInRE
|
||||
{
|
||||
public:
|
||||
ReplaceFirewallObjectWithSelfInDst(const std::string &n) :
|
||||
ReplaceFirewallObjectWithSelfInRE(
|
||||
n, libfwbuilder::RuleElementDst::TYPENAME) {}
|
||||
};
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* processes rules with negation in Itf
|
||||
*/
|
||||
|
||||
@ -29,6 +29,7 @@
|
||||
#include "NATCompiler_pf.h"
|
||||
|
||||
#include "fwbuilder/AddressTable.h"
|
||||
#include "fwbuilder/DNSName.h"
|
||||
#include "fwbuilder/FWObjectDatabase.h"
|
||||
#include "fwbuilder/FailoverClusterGroup.h"
|
||||
#include "fwbuilder/Firewall.h"
|
||||
@ -655,6 +656,8 @@ bool PolicyCompiler_pf::addLoopbackForRedirect::processNext()
|
||||
for (FWObject::iterator j=dst->begin(); j!=dst->end(); j++)
|
||||
{
|
||||
FWObject *o2 = FWReference::getObject(*j);
|
||||
if (o2->getName() == "self" && DNSName::isA(o2)) continue;
|
||||
|
||||
Address *a = Address::cast( o2 );
|
||||
assert(a);
|
||||
|
||||
@ -937,7 +940,20 @@ void PolicyCompiler_pf::compile()
|
||||
// "process interface policy rules and store interface ids"));
|
||||
|
||||
add(new splitIfFirewallInSrc("split rule if firewall is in Src"));
|
||||
add(new ReplaceFirewallObjectWithSelfInSrc(
|
||||
"Replace firewall object with 'self' in Src"));
|
||||
|
||||
add(new splitIfFirewallInDst("split rule if firewall is in Dst"));
|
||||
add(new ReplaceFirewallObjectWithSelfInDst(
|
||||
"Replace firewall object with 'self' in Dst"));
|
||||
|
||||
// call these again since "self" is a MultiAddress object
|
||||
add( new swapMultiAddressObjectsInSrc(
|
||||
" swap MultiAddress -> MultiAddressRunTime in Src"));
|
||||
add( new swapMultiAddressObjectsInDst(
|
||||
" swap MultiAddress -> MultiAddressRunTime in Dst"));
|
||||
|
||||
|
||||
add(new fillDirection("determine directions"));
|
||||
|
||||
// commented out for bug #2828602
|
||||
@ -949,6 +965,7 @@ void PolicyCompiler_pf::compile()
|
||||
"add loopback to rules that permit redirected services"));
|
||||
add(new ExpandMultipleAddresses(
|
||||
"expand objects with multiple addresses"));
|
||||
|
||||
add(new dropRuleWithEmptyRE("drop rules with empty rule elements"));
|
||||
add(new checkForDynamicInterfacesOfOtherObjects(
|
||||
"check for dynamic interfaces of other hosts and firewalls"));
|
||||
|
||||
@ -758,7 +758,7 @@ string PolicyCompiler_pf::PrintRule::_printTCPFlags(libfwbuilder::TCPService *sr
|
||||
return str;
|
||||
}
|
||||
|
||||
void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool )
|
||||
void PolicyCompiler_pf::PrintRule::_printAddr(Address *o, bool )
|
||||
{
|
||||
MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o);
|
||||
if (atrt!=NULL)
|
||||
@ -880,7 +880,7 @@ void PolicyCompiler_pf::PrintRule::_printDstAddr(RuleElement *rel)
|
||||
FWReference *oref = FWReference::cast(o);
|
||||
if (o && oref!=NULL) o=oref->getPointer();
|
||||
|
||||
Address *dst= Address::cast(o);
|
||||
Address *dst = Address::cast(o);
|
||||
|
||||
_printNegation(rel);
|
||||
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:33 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:41 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
|
||||
# files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
|
||||
@ -169,7 +169,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:33 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:41 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -46,7 +46,7 @@ pass quick inet6 proto tcp from 2001:5c0:0:2::24 to fe80::21d:9ff:fe8b:8e94 p
|
||||
# firewall-ipv6-1:Policy:3: error: Rule '3 (global)' shadows rule '7 (global)' below it
|
||||
# firewall-ipv6-1:Policy:3: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 3 -- ACCEPT "
|
||||
pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to self port 22 keep state label "RULE 3 -- ACCEPT "
|
||||
#
|
||||
# Rule 4 (global)
|
||||
# firewall-ipv6-1:Policy:4: error: Rule '4 (global)' shadows rule '6 (global)' below it
|
||||
@ -59,15 +59,15 @@ pass log quick inet6 proto tcp from <tbl.r5.s> to fe80::21d:9ff:fe8b:8e94 po
|
||||
# Rule 6 (global)
|
||||
# firewall-ipv6-1:Policy:6: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in log quick inet6 proto tcp from <tbl.r4.s> to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 6 -- ACCEPT "
|
||||
pass in log quick inet6 proto tcp from <tbl.r4.s> to self port 22 keep state label "RULE 6 -- ACCEPT "
|
||||
#
|
||||
# Rule 7 (global)
|
||||
# firewall-ipv6-1:Policy:7: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in log quick inet6 proto tcp from <tbl.r5.s> to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 7 -- ACCEPT "
|
||||
pass in log quick inet6 proto tcp from <tbl.r5.s> to self port 22 keep state label "RULE 7 -- ACCEPT "
|
||||
#
|
||||
# Rule 8 (global)
|
||||
pass in log quick inet6 from any to fe80::21d:9ff:fe8b:8e94 keep state label "RULE 8 -- ACCEPT "
|
||||
pass in log quick inet6 from any to self keep state label "RULE 8 -- ACCEPT "
|
||||
#
|
||||
# Rule 9 (global)
|
||||
pass log quick inet6 from fe80::/64 to any keep state label "RULE 9 -- ACCEPT "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:33 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:41 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall-ipv6-1.fw pf-ipv6.fw
|
||||
# files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
|
||||
@ -181,7 +181,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:33 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:41 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
# Tables: (5)
|
||||
table <tbl.r4.s> { 222.222.222.22 , 222.222.222.23 }
|
||||
table <tbl.r4.sx> { 2001:5c0:0:2::24 , 3ffe:1200:2000::/36 , 3ffe:1200:2001:1:8000::1 }
|
||||
table <tbl.r5.s> { 61.150.47.112 , 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 192.168.1.0 }
|
||||
table <tbl.r5.s> { 61.150.47.112 , 74.125.224.112 , 74.125.224.113 , 74.125.224.114 , 74.125.224.115 , 74.125.224.116 , 192.168.1.0 }
|
||||
table <tbl.r5.sx> { 2001:5c0:0:2::24 , 3ffe:1200:2001:1:8000::1 }
|
||||
table <tbl.r7.s> { 61.150.47.112 , 192.168.1.0 }
|
||||
|
||||
@ -28,10 +28,10 @@ pass log quick inet proto tcp from <tbl.r5.s> to 1.1.1.1 port 22 keep state
|
||||
# Rule 7 (global)
|
||||
# firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in log quick inet proto tcp from <tbl.r7.s> to 1.1.1.1 port 22 keep state label "RULE 7 -- ACCEPT "
|
||||
pass in log quick inet proto tcp from <tbl.r7.s> to self port 22 keep state label "RULE 7 -- ACCEPT "
|
||||
#
|
||||
# Rule 8 (global)
|
||||
pass in log quick inet from any to 1.1.1.1 keep state label "RULE 8 -- ACCEPT "
|
||||
pass in log quick inet from any to self keep state label "RULE 8 -- ACCEPT "
|
||||
#
|
||||
# Rule 11 (global)
|
||||
pass log quick inet from <tbl.r7.s> to any keep state label "RULE 11 -- ACCEPT "
|
||||
@ -83,7 +83,7 @@ pass quick inet6 proto tcp from 2001:5c0:0:2::24 to fe80::21d:9ff:fe8b:8e94 p
|
||||
# firewall-ipv6-2:Policy:3: error: Rule '3 (global)' shadows rule '7 (global)' below it
|
||||
# firewall-ipv6-2:Policy:3: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 3 -- ACCEPT "
|
||||
pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to self port 22 keep state label "RULE 3 -- ACCEPT "
|
||||
#
|
||||
# Rule 4 (global)
|
||||
# firewall-ipv6-2:Policy:4: error: Rule '4 (global)' shadows rule '6 (global)' below it
|
||||
@ -96,15 +96,15 @@ pass log quick inet6 proto tcp from <tbl.r5.sx> to fe80::21d:9ff:fe8b:8e94 p
|
||||
# Rule 6 (global)
|
||||
# firewall-ipv6-2:Policy:6: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in log quick inet6 proto tcp from <tbl.r4.sx> to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 6 -- ACCEPT "
|
||||
pass in log quick inet6 proto tcp from <tbl.r4.sx> to self port 22 keep state label "RULE 6 -- ACCEPT "
|
||||
#
|
||||
# Rule 7 (global)
|
||||
# firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in log quick inet6 proto tcp from <tbl.r5.sx> to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 7 -- ACCEPT "
|
||||
pass in log quick inet6 proto tcp from <tbl.r5.sx> to self port 22 keep state label "RULE 7 -- ACCEPT "
|
||||
#
|
||||
# Rule 8 (global)
|
||||
pass in log quick inet6 from any to fe80::21d:9ff:fe8b:8e94 keep state label "RULE 8 -- ACCEPT "
|
||||
pass in log quick inet6 from any to self keep state label "RULE 8 -- ACCEPT "
|
||||
#
|
||||
# Rule 9 (global)
|
||||
pass log quick inet6 from fe80::/64 to any keep state label "RULE 9 -- ACCEPT "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall-ipv6-2.fw pf.fw
|
||||
# files: firewall-ipv6-2.conf pf.conf
|
||||
@ -185,7 +185,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
|
||||
# files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf
|
||||
|
||||
@ -50,10 +50,10 @@ rdr proto tcp from any to any port 80 -> 127.0.0.1 port 3128
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 192.168.1.100 to <tbl.r2> port 22 flags S/SA modulate state label "RULE -1 - ACCEPT"
|
||||
pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags S/SA modulate state label "RULE -1 - ACCEPT"
|
||||
#
|
||||
# Rule 0 (eth1)
|
||||
block in log quick on eth1 inet from any to <tbl.r2> fragment label "RULE 0 - DROP"
|
||||
block in log quick on eth1 inet from any to self fragment label "RULE 0 - DROP"
|
||||
#
|
||||
# Rule 1 (eth1)
|
||||
# Automatically generated rule blocking short fragments
|
||||
@ -61,14 +61,14 @@ block in log quick on eth1 inet from any to any fragment label "RULE 1 -
|
||||
#
|
||||
# Rule 2 (eth1)
|
||||
# Automatically generated anti-spoofing rule
|
||||
block in log quick on eth1 inet from <tbl.r2> to any label "RULE 2 - DROP"
|
||||
block in log quick on eth1 inet from self to any label "RULE 2 - DROP"
|
||||
block in log quick on eth1 inet from 192.168.1.0/24 to any label "RULE 2 - DROP"
|
||||
#
|
||||
# Rule 3 (eth0)
|
||||
# комментарий по-русски, Проверяем конвертацию в Utf-8
|
||||
# firewall:Policy:3: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick on eth0 inet proto udp from 192.168.1.0/24 to <tbl.r2> port 53 keep state label "RULE 3 - ACCEPT"
|
||||
pass in quick on eth0 inet proto udp from 192.168.1.0/24 to self port 53 keep state label "RULE 3 - ACCEPT"
|
||||
#
|
||||
# Rule 4 (eth0)
|
||||
# code should go into INPUT chain with
|
||||
@ -109,7 +109,7 @@ pass quick inet from any to 192.168.1.10 keep state label "RULE 16 - ACCEPT"
|
||||
# firewall:Policy:18: error: Rule '18 (global)' shadows rule '21 (global)' below it
|
||||
# firewall:Policy:18: warning: Changing rule direction due to self reference
|
||||
|
||||
pass out quick inet from <tbl.r2> to any keep state label "RULE 18 - ACCEPT"
|
||||
pass out quick inet from self to any keep state label "RULE 18 - ACCEPT"
|
||||
pass quick inet from 192.168.1.0/24 to any keep state label "RULE 18 - ACCEPT"
|
||||
#
|
||||
# Rule 19 (global)
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:08 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:08:53 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall.fw /etc/pf.fw
|
||||
# files: firewall.conf /etc/pf.conf
|
||||
@ -173,7 +173,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:08:53 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -18,12 +18,11 @@
|
||||
scrub in all fragment reassemble
|
||||
|
||||
|
||||
# Tables: (7)
|
||||
# Tables: (6)
|
||||
table <tbl.r0.s> { 22.22.22.22 , 192.168.1.1 }
|
||||
table <tbl.r11> { 192.168.1.10 , 192.168.1.20 }
|
||||
table <tbl.r11.s> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.0/24 , 192.168.2.1 }
|
||||
table <tbl.r11.s> { self , 192.168.2.0/24 }
|
||||
table <tbl.r16> { 33.33.33.0/24 , 33.33.44.0/24 }
|
||||
table <tbl.r18.d> { 22.22.22.22 , 22.22.23.23 , 127.0.0.1 , 192.168.1.1 , 192.168.2.1 }
|
||||
table <tbl.r7> { 192.168.1.0/24 , 192.168.2.0/24 }
|
||||
table <tbl.r9> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 }
|
||||
|
||||
@ -113,7 +112,7 @@ block quick on eth0 inet proto 50 from <tbl.r11> to ! <tbl.r11>
|
||||
#
|
||||
# Rule 2 (eth1)
|
||||
# Anti-spoofing rule
|
||||
block in log quick on eth1 inet from <tbl.r9> to any
|
||||
block in log quick on eth1 inet from self to any
|
||||
block in log quick on eth1 inet from 192.168.1.0/24 to any
|
||||
#
|
||||
# Rule 3 (eth1)
|
||||
@ -144,7 +143,7 @@ block log quick inet proto icmp from ! <tbl.r11> to any icmp-type 3
|
||||
# this rule is shaded by rule above.
|
||||
# firewall1:Policy:10: warning: Changing rule direction due to self reference
|
||||
|
||||
block in log quick inet proto icmp from ! <tbl.r11> to <tbl.r9> icmp-type 3
|
||||
block in log quick inet proto icmp from ! <tbl.r11> to self icmp-type 3
|
||||
#
|
||||
# Rule 11 (global)
|
||||
# this rule shades rule below
|
||||
@ -168,7 +167,7 @@ pass quick inet from 192.168.1.0/24 to any keep state
|
||||
# Rule 18 (global)
|
||||
# firewall1:Policy:18: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick inet proto tcp from any to <tbl.r18.d> port 3128 keep state
|
||||
pass in quick inet proto tcp from any to self port 3128 keep state
|
||||
#
|
||||
# Rule 19 (eth0)
|
||||
# rule from http://www.benzedrine.cx/transquid.html
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:08 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:08:55 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall1.fw /etc/fw/firewall1.fw
|
||||
# files: firewall1.conf /etc/fw/firewall1.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:08:55 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags S/SA keep state
|
||||
pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags S/SA keep state
|
||||
#
|
||||
# Rule 0 (eth0)
|
||||
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags S/SA keep state
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:09 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:08:56 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-1.fw /etc/fw/firewall10-1.fw
|
||||
# files: firewall10-1.conf /etc/fw/firewall10-1.conf
|
||||
@ -74,7 +74,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:09 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:08:56 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 modulate state
|
||||
pass in quick inet proto tcp from 192.168.1.100 to self port 22 modulate state
|
||||
#
|
||||
# Rule 0 (eth0)
|
||||
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } modulate state
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:10 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:08:58 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-2.fw /etc/fw/firewall10-2.fw
|
||||
# files: firewall10-2.conf /etc/fw/firewall10-2.conf
|
||||
@ -74,7 +74,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:10 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:08:58 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 keep state
|
||||
pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state
|
||||
#
|
||||
# Rule 0 (eth0)
|
||||
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } keep state
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:11 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:00 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-3.fw /etc/fw/firewall10-3.fw
|
||||
# files: firewall10-3.conf /etc/fw/firewall10-3.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:11 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:00 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags any
|
||||
pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags any
|
||||
#
|
||||
# Rule 0 (eth0)
|
||||
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags any
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:13 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:04 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-4.fw /etc/fw/firewall10-4.fw
|
||||
# files: firewall10-4.conf /etc/fw/firewall10-4.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:13 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:04 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 keep state
|
||||
pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state
|
||||
#
|
||||
# Rule 0 (enc0)
|
||||
# This adds "pass out ... keep state"
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:14 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:07 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-5.fw /etc/fw/firewall10-5.fw
|
||||
# files: firewall10-5.conf /etc/fw/firewall10-5.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:14 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:07 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags any
|
||||
pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags any
|
||||
#
|
||||
# Rule 0 (eth0)
|
||||
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags any
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:15 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:09 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall10-6.fw /etc/fw/firewall10-6.fw
|
||||
# files: firewall10-6.conf /etc/fw/firewall10-6.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:15 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:09 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:08 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:08:55 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall100.fw /etc/fw/pf.fw
|
||||
# files: firewall100.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -167,7 +167,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:08:55 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:09 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:08:56 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall101.fw /etc/fw/pf.fw
|
||||
# files: firewall101.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -170,7 +170,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:09 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:08:56 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:10 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:08:58 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall102.fw /etc/fw/pf.fw
|
||||
# files: firewall102.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:12 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:02 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall103-1.fw /etc/fw/pf.fw
|
||||
# files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -394,7 +394,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:12 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:02 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
scrub all reassemble tcp no-df
|
||||
scrub out all random-id min-ttl 1 max-mss 1460
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:12 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:02 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall103-2.fw /etc/fw/pf.fw
|
||||
# files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -394,7 +394,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:12 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:02 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:11 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:00 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall103.fw /etc/fw/pf.fw
|
||||
# files: firewall103.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -397,7 +397,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:11 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:00 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { bridge0 , 10.1.1.81 , 10.3.14.81 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:14 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:05 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall104-1.fw /etc/fw/pf.fw
|
||||
# files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -393,7 +393,7 @@ configure_interfaces() {
|
||||
$IFCONFIG bridge0 -stp em3
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:14 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:05 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { bridge0 , 10.1.1.81 , 10.3.14.81 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:13 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:04 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall104.fw /etc/fw/pf.fw
|
||||
# files: firewall104.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -396,7 +396,7 @@ configure_interfaces() {
|
||||
$IFCONFIG bridge0 stp em3
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:13 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:04 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:14 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:06 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall105.fw /etc/fw/pf.fw
|
||||
# files: firewall105.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { bridge0 , 10.1.1.81 , 10.3.14.81 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:15 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:07 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall106.fw /etc/fw/pf.fw
|
||||
# files: firewall106.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:15 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:09 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall107.fw /etc/fw/pf.fw
|
||||
# files: firewall107.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -395,7 +395,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:15 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:09 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:16 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:11 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall108.fw /etc/fw/pf.fw
|
||||
# files: firewall108.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:17 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:12 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall109-1.fw /etc/fw/pf.fw
|
||||
# files: firewall109-1.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.3.14.81 , 192.168.1.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:17 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:13 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall109-2.fw /etc/fw/pf.fw
|
||||
# files: firewall109-2.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -400,7 +400,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:17 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:13 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.3.14.81 , 192.168.1.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:18 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:14 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall109-3.fw /etc/fw/pf.fw
|
||||
# files: firewall109-3.conf /etc/fw/path\ with\ space/pf.conf
|
||||
|
||||
@ -7,14 +7,10 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:16 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:11 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall109.fw /etc/fw/pf.fw
|
||||
# files: firewall109.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -401,7 +401,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:16 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:11 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,8 +2,7 @@
|
||||
|
||||
|
||||
|
||||
# Tables: (3)
|
||||
table <tbl.r0.d> { ppp0 , 33.33.33.33 , 192.168.1.1 }
|
||||
# Tables: (2)
|
||||
table <tbl.r0.s> { 192.168.1.10 , 192.168.1.20 }
|
||||
table <tbl.r2.s> { 192.168.1.0/24 , 192.168.2.0/24 }
|
||||
|
||||
@ -14,12 +13,12 @@ table <tbl.r2.s> { 192.168.1.0/24 , 192.168.2.0/24 }
|
||||
# Rule 0 (global)
|
||||
# firewall11:Policy:0: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick inet proto tcp from <tbl.r0.s> to <tbl.r0.d> port 22 flags S/SA keep state
|
||||
pass in quick inet proto tcp from <tbl.r0.s> to self port 22 flags S/SA keep state
|
||||
#
|
||||
# Rule 1 (global)
|
||||
# firewall11:Policy:1: warning: Changing rule direction due to self reference
|
||||
|
||||
block in quick inet from any to <tbl.r0.d>
|
||||
block in quick inet from any to self
|
||||
#
|
||||
# Rule 2 (global)
|
||||
pass quick inet from <tbl.r2.s> to any keep state
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:18 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:14 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall11.fw /etc/firewall11.fw
|
||||
# files: firewall11.conf /etc/firewall11.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:18 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:14 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:19 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:15 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall110.fw /etc/fw/firewall110.fw
|
||||
# files: firewall110.conf /etc/fw/firewall110.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:19 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:15 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:19 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:16 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall111.fw /etc/fw/firewall111.fw
|
||||
# files: firewall111.conf /etc/fw/firewall111.conf
|
||||
@ -86,7 +86,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:19 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:16 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:19 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:17 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall12.fw /etc/fw/firewall12.fw
|
||||
# files: firewall12.conf /etc/fw/firewall12.conf
|
||||
@ -165,7 +165,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:19 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:17 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:20 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:17 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall13.fw /etc/fw/firewall13.fw
|
||||
# files: firewall13.conf /etc/fw/firewall13.conf
|
||||
@ -88,7 +88,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:20 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:17 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -6,14 +6,10 @@
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 64 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:20 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:19 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall14-1.fw /etc/firewall14-1.fw
|
||||
# files: firewall14-1.conf /etc/firewall14-1.conf
|
||||
@ -248,7 +248,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:20 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:19 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -6,14 +6,10 @@
|
||||
scrub in all fragment reassemble no-df
|
||||
scrub out all random-id min-ttl 64 max-mss 1460
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:20 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:19 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall14.fw /etc/firewall14.fw
|
||||
# files: firewall14.conf /etc/firewall14.conf
|
||||
@ -248,7 +248,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:20 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:19 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -22,9 +22,8 @@ scrub in all fragment reassemble no-df
|
||||
scrub out all random-id min-ttl 32 max-mss 1460
|
||||
|
||||
|
||||
# Tables: (2)
|
||||
# Tables: (1)
|
||||
table <tbl.r0> { 22.22.22.22 , 192.168.1.1 }
|
||||
table <tbl.r0.d> { 22.22.22.22 , 192.168.1.1 , 192.168.2.1 }
|
||||
|
||||
# NAT compiler errors and warnings:
|
||||
# firewall2-1:NAT:1: error: Negation in original service is not supported.
|
||||
@ -68,7 +67,7 @@ rdr-anchor "NAT" proto tcp from 192.168.1.0/24 to any port 1080
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 192.168.1.100 to <tbl.r0.d> port 22 keep state label "RULE -1 - ACCEPT **"
|
||||
pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state label "RULE -1 - ACCEPT **"
|
||||
#
|
||||
# Rule 0 (global)
|
||||
# 'catch all' rule
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:22 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:22 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
|
||||
# files: firewall2-1.conf /etc/fw/firewall2-1.conf
|
||||
@ -88,7 +88,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:22 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:22 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:23 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:24 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall2-6.fw /etc/firewall2-6.fw
|
||||
# files: firewall2-6.conf /etc/firewall2-6.conf
|
||||
@ -170,7 +170,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:23 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:24 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -22,12 +22,11 @@ scrub in all fragment reassemble no-df
|
||||
scrub out all random-id min-ttl 32 max-mss 1460
|
||||
|
||||
|
||||
# Tables: (5)
|
||||
# Tables: (4)
|
||||
table <tbl.r1> { 192.168.1.10 , 192.168.1.20 }
|
||||
table <tbl.r12.d> { 22.22.22.22 , 22.22.23.23 , 127.0.0.1 , 192.168.1.1 , 192.168.2.1 }
|
||||
table <tbl.r16> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 }
|
||||
table <tbl.r29> { 192.168.1.0/24 , 192.168.2.0/24 }
|
||||
table <tbl.r5.s> { 22.22.22.22 , 22.22.23.23 , 192.168.1.0/24 , 192.168.1.1 , 192.168.2.1 }
|
||||
table <tbl.r5.s> { self , 192.168.1.0/24 }
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
@ -152,14 +151,14 @@ nat on eth1 proto icmp from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 192.168.1.100 to <tbl.r16> port 22 keep state label "RULE -1 - ACCEPT **"
|
||||
pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state label "RULE -1 - ACCEPT **"
|
||||
#
|
||||
# Rule 0 (eth0)
|
||||
block in log quick on eth0 inet from ! 192.168.1.0/24 to any label "RULE 0 - DROP **"
|
||||
#
|
||||
# Rule 1 (eth1)
|
||||
# Anti-spoofing rule
|
||||
block in log quick on eth1 inet from <tbl.r16> to any label "Iface: eth1 RULE 1 -- DROP **"
|
||||
block in log quick on eth1 inet from self to any label "Iface: eth1 RULE 1 -- DROP **"
|
||||
block in log quick on eth1 inet from 192.168.1.0/24 to any label "Iface: eth1 RULE 1 -- DROP **"
|
||||
#
|
||||
# Rule 2 (f2i1,3)
|
||||
@ -167,17 +166,17 @@ block in log quick on eth1 inet from 192.168.1.0/24 to any label "Iface:
|
||||
# usage in interface
|
||||
# all three rules should yield
|
||||
# the same config
|
||||
block in log quick on { eth1 eth3 } inet from <tbl.r16> to any label "Iface: eth1 eth3 RULE 2 -- DROP **"
|
||||
block in log quick on { eth1 eth3 } inet from self to any label "Iface: eth1 eth3 RULE 2 -- DROP **"
|
||||
block in log quick on { eth1 eth3 } inet from 192.168.1.0/24 to any label "Iface: eth1 eth3 RULE 2 -- DROP **"
|
||||
#
|
||||
# Rule 3 (f2i1,eth3)
|
||||
# Anti-spoofing rule
|
||||
block in log quick on { eth1 eth3 } inet from <tbl.r16> to any label "Iface: eth1 eth3 RULE 3 -- DROP **"
|
||||
block in log quick on { eth1 eth3 } inet from self to any label "Iface: eth1 eth3 RULE 3 -- DROP **"
|
||||
block in log quick on { eth1 eth3 } inet from 192.168.1.0/24 to any label "Iface: eth1 eth3 RULE 3 -- DROP **"
|
||||
#
|
||||
# Rule 4 (eth1,eth3)
|
||||
# Anti-spoofing rule
|
||||
block in log quick on { eth1 eth3 } inet from <tbl.r16> to any label "Iface: eth1 eth3 RULE 4 -- DROP **"
|
||||
block in log quick on { eth1 eth3 } inet from self to any label "Iface: eth1 eth3 RULE 4 -- DROP **"
|
||||
block in log quick on { eth1 eth3 } inet from 192.168.1.0/24 to any label "Iface: eth1 eth3 RULE 4 -- DROP **"
|
||||
#
|
||||
# Rule 5 (eth1)
|
||||
@ -205,7 +204,7 @@ pass quick inet from 192.168.1.0/24 to any keep state label "RULE 10 - ACCEP
|
||||
# Rule 12 (global)
|
||||
# firewall2:Policy:12: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick inet proto tcp from any to <tbl.r12.d> port { 21, 80, 25 } keep state label "RULE 12 - ACCEPT **"
|
||||
pass in quick inet proto tcp from any to self port { 21, 80, 25 } keep state label "RULE 12 - ACCEPT **"
|
||||
pass quick inet proto tcp from any to 192.168.1.10 port { 21, 80, 25 } keep state label "RULE 12 - ACCEPT **"
|
||||
#
|
||||
# Rule 13 (global)
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:21 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:20 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall2.fw /etc/fw/firewall2.fw
|
||||
# files: firewall2.conf /etc/fw/firewall2.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:21 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:20 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:21 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:21 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall20.fw /etc/fw/firewall20.fw
|
||||
# files: firewall20.conf /etc/fw/firewall20.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:21 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:21 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:22 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:22 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall21.fw /etc/fw/firewall21.fw
|
||||
# files: firewall21.conf /etc/fw/firewall21.conf
|
||||
@ -81,7 +81,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:22 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:22 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:23 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:24 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall22.fw /etc/fw/firewall22.fw
|
||||
# files: firewall22.conf /etc/fw/firewall22.conf
|
||||
@ -80,7 +80,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:23 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:24 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -17,10 +17,6 @@ scrub out all random-id
|
||||
#
|
||||
# End of prolog script
|
||||
#
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 22.22.22.21 , 22.22.22.22 , 192.168.1.1 }
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.21
|
||||
@ -45,7 +41,7 @@ rdr proto {tcp udp icmp} from any to 22.22.22.21 -> { 192.168.1.10 , 192.168.1.2
|
||||
# the firewall are denied and logged
|
||||
# firewall3:Policy:0: warning: Changing rule direction due to self reference
|
||||
|
||||
block in log quick inet from any to <tbl.r0.d> label "RULE 0 -- DROP "
|
||||
block in log quick inet from any to self label "RULE 0 -- DROP "
|
||||
#
|
||||
# Rule 1 (global)
|
||||
pass quick inet from 192.168.1.0/24 to any keep state ( max 1000 ) label "RULE 1 -- ACCEPT "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:24 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:25 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall3.fw /etc/firewall3.fw
|
||||
# files: firewall3.conf /etc/firewall3.conf
|
||||
@ -165,7 +165,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:24 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:25 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
table <tbl.r0> { 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 }
|
||||
table <tbl.r10.d> { www.google.com , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 }
|
||||
table <tbl.r2> { www.google.com , www.cnn.com }
|
||||
table <tbl.r8.d> { 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 }
|
||||
table <tbl.r8.d> { 74.125.224.112 , 74.125.224.113 , 74.125.224.114 , 74.125.224.115 , 74.125.224.116 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 }
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:24 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:26 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall33.fw /etc/fw/firewall33.fw
|
||||
# files: firewall33.conf /etc/fw/firewall33.conf
|
||||
@ -168,7 +168,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:24 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:26 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:24 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:27 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall34.fw /etc/fw/firewall34.fw
|
||||
# files: firewall34.conf /etc/fw/firewall34.conf
|
||||
@ -164,7 +164,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:24 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:27 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:25 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:27 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall38.fw /etc/fw/firewall38.fw
|
||||
# files: firewall38.conf /etc/fw/firewall38.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:25 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:27 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,14 +1,10 @@
|
||||
|
||||
# Tables: (1)
|
||||
table <rule2_branch:tbl.r0.d> { 192.168.1.1 , 192.168.2.1 }
|
||||
|
||||
# Policy compiler errors and warnings:
|
||||
# firewall39:rule2_branch:0: warning: Changing rule direction due to self reference
|
||||
#
|
||||
# Rule rule2_branch 0 (global)
|
||||
# firewall39:rule2_branch:0: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick inet from any to <rule2_branch:tbl.r0.d> keep state
|
||||
pass in quick inet from any to self keep state
|
||||
#
|
||||
# Rule rule2_branch 1 (global)
|
||||
block log quick inet from any to any
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:25 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:28 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall39.fw pf.fw
|
||||
# files: firewall39.conf pf.conf
|
||||
@ -79,7 +79,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:25 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:28 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -5,7 +5,7 @@ set optimization high-latency
|
||||
|
||||
# Tables: (3)
|
||||
table <tbl.r2> { eth1 , 192.168.1.1 , 192.168.2.1 , 222.222.222.222 }
|
||||
table <tbl.r4.s> { eth1 , 192.168.1.0/24 , 192.168.1.1 , 192.168.2.1 , 222.222.222.222 }
|
||||
table <tbl.r4.s> { self , 192.168.1.0/24 }
|
||||
table <tbl.r6.s> { 192.168.1.10 , 192.168.1.20 }
|
||||
|
||||
|
||||
@ -59,7 +59,7 @@ block log quick on eth1 inet proto icmp from ! 192.168.2.0/24 to any icmp-ty
|
||||
#
|
||||
# Rule 3 (eth1)
|
||||
# Anti-spoofing rule
|
||||
block in log quick on eth1 inet from <tbl.r2> to any
|
||||
block in log quick on eth1 inet from self to any
|
||||
block in log quick on eth1 inet from 192.168.1.0/24 to any
|
||||
#
|
||||
# Rule 4 (eth1)
|
||||
@ -73,7 +73,7 @@ pass log quick inet proto icmp from any to 192.168.1.1 icmp-type 8 code 0 k
|
||||
# Rule 6 (global)
|
||||
# firewall4:Policy:6: warning: Changing rule direction due to self reference
|
||||
|
||||
block in log quick inet proto icmp from ! <tbl.r6.s> to <tbl.r2> icmp-type 3
|
||||
block in log quick inet proto icmp from ! <tbl.r6.s> to self icmp-type 3
|
||||
#
|
||||
# Rule 7 (global)
|
||||
# testing negation in the policy rule
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:25 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:29 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall4.fw pf.fw
|
||||
# files: firewall4.conf /etc/fw/pf.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:25 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:29 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:26 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:30 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall40-1.fw /etc/firewall40-1.fw
|
||||
# files: firewall40-1.conf /etc/firewall40-1.conf
|
||||
@ -182,7 +182,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:26 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:30 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,10 +1,6 @@
|
||||
|
||||
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r4.s> { 192.0.2.1 , 192.0.3.1 , 192.168.1.1 }
|
||||
|
||||
#
|
||||
# Rule 0 (NAT)
|
||||
# Translate source address
|
||||
@ -30,7 +26,7 @@ pass in quick on fxp0 route-to { ( le1 192.0.2.10 ) } inet proto tcp from 192
|
||||
pass in quick on fxp0 route-to { ( le2 192.0.3.10 ) } inet proto tcp from 192.168.1.0/24 to any port 22 label "RULE 3 -- ACCEPT "
|
||||
#
|
||||
# Rule 4 (global)
|
||||
pass out quick inet from <tbl.r4.s> to any keep state label "RULE 4 -- ACCEPT "
|
||||
pass out quick inet from self to any keep state label "RULE 4 -- ACCEPT "
|
||||
#
|
||||
# Rule 5 (global)
|
||||
block log quick inet from any to any label "RULE 5 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:26 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:29 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall40.fw /etc/firewall40.fw
|
||||
# files: firewall40.conf /etc/firewall40.conf
|
||||
@ -166,7 +166,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:26 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:29 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,10 +2,9 @@
|
||||
|
||||
|
||||
|
||||
# Tables: (4)
|
||||
# Tables: (3)
|
||||
table <block these> persist file "block-hosts.tbl"
|
||||
table <spammers> persist
|
||||
table <tbl.r0.s> { 1.1.1.1 , 2.2.2.2 }
|
||||
table <tbl.r1.d> { 192.168.1.1 , 192.168.1.2 , 192.168.1.3/30 , 192.168.1.200 , 192.168.1.201 , 192.168.2.128/25 }
|
||||
|
||||
# Policy compiler errors and warnings:
|
||||
@ -14,22 +13,22 @@ table <tbl.r1.d> { 192.168.1.1 , 192.168.1.2 , 192.168.1.3/30 , 192.168.1.200 ,
|
||||
# firewall41:Policy:3: error: File not found for Address Table: missing table (file_does_not_exist.tbl) Using dummy address in test mode
|
||||
#
|
||||
# Rule 0 (global)
|
||||
pass out log quick inet from <tbl.r0.s> to www.heise.de keep state label "RULE 0 -- ACCEPT "
|
||||
pass out log quick inet from self to www.heise.de keep state label "RULE 0 -- ACCEPT "
|
||||
#
|
||||
# Rule 1 (global)
|
||||
pass out log quick inet from <tbl.r0.s> to <tbl.r1.d> keep state label "RULE 1 -- ACCEPT "
|
||||
pass out log quick inet from self to <tbl.r1.d> keep state label "RULE 1 -- ACCEPT "
|
||||
#
|
||||
# Rule 2 (global)
|
||||
pass out log quick inet from <tbl.r0.s> to <block these> keep state label "RULE 2 -- ACCEPT "
|
||||
pass out log quick inet from <tbl.r0.s> to <spammers> keep state label "RULE 2 -- ACCEPT "
|
||||
pass out log quick inet from self to <block these> keep state label "RULE 2 -- ACCEPT "
|
||||
pass out log quick inet from self to <spammers> keep state label "RULE 2 -- ACCEPT "
|
||||
#
|
||||
# Rule 3 (global)
|
||||
# firewall41:Policy:3: error: File not found for Address Table: missing table (file_does_not_exist.tbl) Using dummy address in test mode
|
||||
|
||||
pass out log quick inet from <tbl.r0.s> to 192.0.2.0/24 keep state label "RULE 3 -- ACCEPT "
|
||||
pass out log quick inet from self to 192.0.2.0/24 keep state label "RULE 3 -- ACCEPT "
|
||||
#
|
||||
# Rule 4 (global)
|
||||
pass out log quick inet from <tbl.r0.s> to 1.1.1.1 keep state label "RULE 4 -- ACCEPT "
|
||||
pass out log quick inet from self to 1.1.1.1 keep state label "RULE 4 -- ACCEPT "
|
||||
#
|
||||
# Rule fallback rule
|
||||
# fallback rule
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:27 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:31 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall41.fw /etc/firewall41.fw
|
||||
# files: firewall41.conf /etc/firewall41.conf
|
||||
@ -169,7 +169,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:27 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:31 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:27 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:32 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall5.fw /etc/fw/firewall5.fw
|
||||
# files: firewall5.conf /etc/fw/firewall5.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:27 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:32 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:28 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:32 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall51.fw /etc/fw/firewall51.fw
|
||||
# files: firewall51.conf /etc/fw/firewall51.conf
|
||||
@ -80,7 +80,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:28 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:32 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,20 +1,16 @@
|
||||
|
||||
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 }
|
||||
|
||||
# Policy compiler errors and warnings:
|
||||
# firewall6:Policy:1: warning: Changing rule direction due to self reference
|
||||
#
|
||||
# Rule 0 (eth1)
|
||||
block in log quick on eth1 inet from any to ! <tbl.r0.d>
|
||||
block in log quick on eth1 inet from any to ! self
|
||||
#
|
||||
# Rule 1 (global)
|
||||
# firewall6:Policy:1: warning: Changing rule direction due to self reference
|
||||
|
||||
block in quick inet from any to ! <tbl.r0.d>
|
||||
block in quick inet from any to ! self
|
||||
#
|
||||
# Rule fallback rule
|
||||
# fallback rule
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:28 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:33 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall6.fw /etc/fw/firewall6.fw
|
||||
# files: firewall6.conf /etc/fw/firewall6.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:28 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:33 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,10 +1,6 @@
|
||||
|
||||
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r1.s> { 192.168.1.1 , 222.222.222.222 }
|
||||
|
||||
# Policy compiler errors and warnings:
|
||||
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it
|
||||
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it
|
||||
@ -44,29 +40,29 @@ pass in quick on en0 inet from any to any user proxy label "RULE 0 -- ACCE
|
||||
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '6 (global)' below it
|
||||
# firewall62:Policy:1: warning: Changing rule direction due to self reference
|
||||
|
||||
pass out quick inet from <tbl.r1.s> to any user { 2000, 500 } label "RULE 1 -- ACCEPT "
|
||||
pass out quick inet from self to any user { 2000, 500 } label "RULE 1 -- ACCEPT "
|
||||
#
|
||||
# Rule 2 (global)
|
||||
# firewall62:Policy:2: warning: Changing rule direction due to self reference
|
||||
|
||||
pass out quick inet from <tbl.r1.s> to any user 2000 label "RULE 2 -- ACCEPT "
|
||||
pass out quick inet from self to any user 2000 label "RULE 2 -- ACCEPT "
|
||||
#
|
||||
# Rule 3 (global)
|
||||
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '4 (global)' below it
|
||||
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '5 (global)' below it
|
||||
|
||||
pass out quick inet proto tcp from <tbl.r1.s> to any port 80 flags any label "RULE 3 -- ACCEPT "
|
||||
pass out quick inet from <tbl.r1.s> to any user 2000 label "RULE 3 -- ACCEPT "
|
||||
pass out quick inet proto tcp from self to any port 80 flags any label "RULE 3 -- ACCEPT "
|
||||
pass out quick inet from self to any user 2000 label "RULE 3 -- ACCEPT "
|
||||
#
|
||||
# Rule 4 (global)
|
||||
# firewall62:Policy:4: warning: Changing rule direction due to self reference
|
||||
|
||||
pass out quick inet proto tcp from <tbl.r1.s> to any port 80 flags any label "RULE 4 -- ACCEPT "
|
||||
pass out quick inet from <tbl.r1.s> to any user 2000 label "RULE 4 -- ACCEPT "
|
||||
pass out quick inet proto tcp from self to any port 80 flags any label "RULE 4 -- ACCEPT "
|
||||
pass out quick inet from self to any user 2000 label "RULE 4 -- ACCEPT "
|
||||
#
|
||||
# Rule 5 (global)
|
||||
pass out quick inet proto tcp from <tbl.r1.s> to any port 80 flags any label "RULE 5 -- ACCEPT "
|
||||
pass out quick inet from <tbl.r1.s> to any user 2000 label "RULE 5 -- ACCEPT "
|
||||
pass out quick inet proto tcp from self to any port 80 flags any label "RULE 5 -- ACCEPT "
|
||||
pass out quick inet from self to any user 2000 label "RULE 5 -- ACCEPT "
|
||||
#
|
||||
# Rule 6 (global)
|
||||
pass quick inet from 192.168.1.1 to any user 2000 label "RULE 6 -- ACCEPT "
|
||||
@ -79,15 +75,15 @@ pass quick inet from 192.168.1.0/24 to any user 2000 label "RULE 7 -- ACCEP
|
||||
# firewall62:Policy:8: error: Rule '8 (global)' shadows rule '9 (global)' below it
|
||||
# firewall62:Policy:8: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick inet from any to <tbl.r1.s> user 2000 label "RULE 8 -- ACCEPT "
|
||||
pass in quick inet from any to self user 2000 label "RULE 8 -- ACCEPT "
|
||||
#
|
||||
# Rule 9 (global)
|
||||
# firewall62:Policy:9: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick inet from any to <tbl.r1.s> user { 2000, 500 } label "RULE 9 -- ACCEPT "
|
||||
pass in quick inet from any to self user { 2000, 500 } label "RULE 9 -- ACCEPT "
|
||||
#
|
||||
# Rule 10 (global)
|
||||
pass in quick inet from any to <tbl.r1.s> user 2000 label "RULE 10 -- ACCEPT "
|
||||
pass in quick inet from any to self user 2000 label "RULE 10 -- ACCEPT "
|
||||
#
|
||||
# Rule 11 (global)
|
||||
pass quick inet from ! 192.168.1.0/24 to any user 2000 label "RULE 11 -- ACCEPT "
|
||||
@ -95,7 +91,7 @@ pass quick inet from ! 192.168.1.0/24 to any user 2000 label "RULE 11 -- AC
|
||||
# Rule 12 (global)
|
||||
# firewall62:Policy:12: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick inet from any to ! <tbl.r1.s> user 2000 label "RULE 12 -- ACCEPT "
|
||||
pass in quick inet from any to ! self user 2000 label "RULE 12 -- ACCEPT "
|
||||
#
|
||||
# Rule 13 (global)
|
||||
block quick inet from any to any no state label "RULE 13 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:29 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:34 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall62.fw /etc/firewall62.fw
|
||||
# files: firewall62.conf /etc/firewall62.conf
|
||||
@ -191,7 +191,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "en1 222.222.222.222/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:29 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:34 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:29 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:34 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall63.fw /etc/fw/firewall63.fw
|
||||
# files: firewall63.conf /etc/fw/firewall63.conf
|
||||
@ -77,7 +77,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:29 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:34 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:29 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:35 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall7.fw /etc/fw/firewall7.fw
|
||||
# files: firewall7.conf /etc/fw/firewall7.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:29 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:35 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,10 +1,6 @@
|
||||
|
||||
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 22.22.22.22 , 192.0.2.1 , 192.168.1.1 }
|
||||
|
||||
# Policy compiler errors and warnings:
|
||||
# firewall70:Policy:0: warning: Changing rule direction due to self reference
|
||||
# firewall70:Policy:1: warning: Changing rule direction due to self reference
|
||||
@ -16,32 +12,32 @@ table <tbl.r0.d> { 22.22.22.22 , 192.0.2.1 , 192.168.1.1 }
|
||||
# Rule 0 (global)
|
||||
# firewall70:Policy:0: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick inet proto tcp from any to <tbl.r0.d> port 22 flags S/SA keep state
|
||||
pass in quick inet proto tcp from any to self port 22 flags S/SA keep state
|
||||
#
|
||||
# Rule 1 (en0)
|
||||
# firewall70:Policy:1: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick on en0 inet proto tcp from any to <tbl.r0.d> port 22 flags S/SA keep state
|
||||
pass in quick on en0 inet proto tcp from any to self port 22 flags S/SA keep state
|
||||
#
|
||||
# Rule 2 (en0,en1)
|
||||
# firewall70:Policy:2: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick on { en0 en1 } inet proto tcp from any to <tbl.r0.d> port 22 flags S/SA keep state
|
||||
pass in quick on { en0 en1 } inet proto tcp from any to self port 22 flags S/SA keep state
|
||||
#
|
||||
# Rule 3 (en2,en0,en1,en3)
|
||||
# firewall70:Policy:3: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick on { en0 en1 en2 en3 } inet proto tcp from any to <tbl.r0.d> port 22 flags S/SA keep state
|
||||
pass in quick on { en0 en1 en2 en3 } inet proto tcp from any to self port 22 flags S/SA keep state
|
||||
#
|
||||
# Rule 4 (en0)
|
||||
# firewall70:Policy:4: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick on { en1 en2 } inet proto tcp from any to <tbl.r0.d> port 22 flags S/SA keep state
|
||||
pass in quick on { en1 en2 } inet proto tcp from any to self port 22 flags S/SA keep state
|
||||
#
|
||||
# Rule 5 (en0,en1)
|
||||
# firewall70:Policy:5: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick on en2 inet proto tcp from any to <tbl.r0.d> port 22 flags S/SA keep state
|
||||
pass in quick on en2 inet proto tcp from any to self port 22 flags S/SA keep state
|
||||
#
|
||||
# Rule fallback rule
|
||||
# fallback rule
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:30 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:36 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall70.fw /etc/fw/firewall70.fw
|
||||
# files: firewall70.conf /etc/fw/firewall70.conf
|
||||
@ -82,7 +82,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:30 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:36 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:30 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:37 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall8.fw /etc/firewall8.fw
|
||||
# files: firewall8.conf /etc/firewall8.conf
|
||||
@ -72,7 +72,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:30 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:37 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:31 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:38 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall80-4.5.fw /etc/firewall80-4.5.fw
|
||||
# files: firewall80-4.5.conf /etc/firewall80-4.5.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:31 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:38 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:30 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:37 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall80.fw /etc/firewall80.fw
|
||||
# files: firewall80.conf /etc/firewall80.conf
|
||||
@ -73,7 +73,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:30 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:37 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:31 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:39 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall9.fw /etc/fw/firewall9.fw
|
||||
# files: firewall9.conf /etc/fw/firewall9.conf
|
||||
@ -76,7 +76,7 @@ configure_interfaces() {
|
||||
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:31 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:39 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -1,14 +1,10 @@
|
||||
|
||||
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 }
|
||||
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 flags S/SA keep state label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 flags S/SA keep state label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
block log quick inet from any to any label "RULE 0 -- DROP "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:32 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:39 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall91.fw /etc/fw/pf.fw
|
||||
# files: firewall91.conf /etc/fw/pf.conf
|
||||
@ -247,7 +247,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:32 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:39 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -7,10 +7,6 @@ set timeout udp.single 5
|
||||
match all scrub (reassemble tcp no-df )
|
||||
match out all scrub (random-id min-ttl 1 max-mss 1460)
|
||||
|
||||
|
||||
# Tables: (1)
|
||||
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 }
|
||||
|
||||
# NAT compiler errors and warnings:
|
||||
# firewall92:NAT:2: error: No translation rules are not supported for PF 4.7, use negation to implement exclusions
|
||||
#
|
||||
@ -28,12 +24,12 @@ match in on em0 proto udp from any to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 1
|
||||
#
|
||||
# Rule backup ssh access rule
|
||||
# backup ssh access rule
|
||||
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
|
||||
#
|
||||
# Rule 0 (global)
|
||||
# firewall92:Policy:0: warning: Changing rule direction due to self reference
|
||||
|
||||
pass in quick inet proto tcp from 10.3.14.0/24 to <tbl.r0.d> port 22 label "RULE 0 -- ACCEPT "
|
||||
pass in quick inet proto tcp from 10.3.14.0/24 to self port 22 label "RULE 0 -- ACCEPT "
|
||||
#
|
||||
# Rule 1 (global)
|
||||
pass quick inet from 10.1.1.0/24 to any label "RULE 1 -- ACCEPT "
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:32 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:40 2011 PDT by vadim
|
||||
#
|
||||
# files: * firewall92.fw /etc/fw/pf.fw
|
||||
# files: firewall92.conf /etc/fw/path\ with\ space/pf.conf
|
||||
@ -166,7 +166,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:32 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:40 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2281,7 +2281,7 @@
|
||||
</ServiceGroup>
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="fw-firewall2" host_OS="openbsd" inactive="False" lastCompiled="1249943117" lastInstalled="0" lastModified="1263586319" platform="pf" version="" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
|
||||
<Firewall id="fw-firewall2" host_OS="openbsd" inactive="False" lastCompiled="1249943117" lastInstalled="0" lastModified="1306442913" platform="pf" version="" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
|
||||
<NAT id="nat-firewall2" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="nat-firewall2-0" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
@ -3002,7 +3002,9 @@
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="cmdline">-xt</Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="conf1_file"></Option>
|
||||
<Option name="conf_file_name_on_firewall">/etc/pf.conf</Option>
|
||||
<Option name="configure_bridge_interfaces">False</Option>
|
||||
<Option name="configure_carp_interfaces">False</Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_pfsync_interfaces">False</Option>
|
||||
@ -3014,6 +3016,8 @@
|
||||
<Option name="firewall_dir">/etc/firewall</Option>
|
||||
<Option name="firewall_is_part_of_any">True</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="generate_rc_conf_file">False</Option>
|
||||
<Option name="generate_shell_script">True</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="in_out_code">True</Option>
|
||||
<Option name="inst_cmdline"></Option>
|
||||
@ -3050,6 +3054,7 @@
|
||||
<Option name="pass_all_out">False</Option>
|
||||
<Option name="pf_adaptive_end">12000</Option>
|
||||
<Option name="pf_adaptive_start">6000</Option>
|
||||
<Option name="pf_block_policy"></Option>
|
||||
<Option name="pf_do_limit_frags">True</Option>
|
||||
<Option name="pf_do_limit_src_nodes">True</Option>
|
||||
<Option name="pf_do_limit_states">True</Option>
|
||||
@ -3078,9 +3083,11 @@
|
||||
<Option name="pf_scrub_no_df">False</Option>
|
||||
<Option name="pf_scrub_random_id">False</Option>
|
||||
<Option name="pf_scrub_reassemble">True</Option>
|
||||
<Option name="pf_scrub_reassemble_tcp">False</Option>
|
||||
<Option name="pf_scrub_use_maxmss">False</Option>
|
||||
<Option name="pf_scrub_use_minttl">False</Option>
|
||||
<Option name="pf_set_adaptive">True</Option>
|
||||
<Option name="pf_set_debug"></Option>
|
||||
<Option name="pf_set_icmp_error">True</Option>
|
||||
<Option name="pf_set_icmp_first">True</Option>
|
||||
<Option name="pf_set_other_first">True</Option>
|
||||
@ -3095,6 +3102,7 @@
|
||||
<Option name="pf_set_udp_first">True</Option>
|
||||
<Option name="pf_set_udp_multiple">True</Option>
|
||||
<Option name="pf_set_udp_single">True</Option>
|
||||
<Option name="pf_state_policy"></Option>
|
||||
<Option name="pf_tcp_closed">30</Option>
|
||||
<Option name="pf_tcp_closing">60</Option>
|
||||
<Option name="pf_tcp_established">86400</Option>
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw
|
||||
# files: pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf
|
||||
@ -299,7 +299,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw
|
||||
# files: pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf
|
||||
@ -195,7 +195,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw
|
||||
# files: pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf
|
||||
@ -301,7 +301,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw
|
||||
# files: pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf
|
||||
@ -197,7 +197,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw
|
||||
# files: pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf
|
||||
@ -302,7 +302,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw
|
||||
# files: pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf
|
||||
@ -199,7 +199,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Thu May 26 12:05:36 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:43 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
|
||||
# files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_5_openbsd-3.fw /etc/pf_cluster_5_openbsd-3.fw
|
||||
# files: pf_cluster_5_openbsd-3.conf /etc/pf_cluster_5_openbsd-3.conf
|
||||
@ -302,7 +302,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:44 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
#
|
||||
# This is automatically generated file. DO NOT MODIFY !
|
||||
#
|
||||
# Firewall Builder fwb_pf v4.3.0.1
|
||||
# Firewall Builder fwb_pf v4.3.0.3546
|
||||
#
|
||||
# Generated Tue May 10 14:53:34 2011 PDT by vadim
|
||||
# Generated Thu May 26 14:09:44 2011 PDT by vadim
|
||||
#
|
||||
# files: * pf_cluster_5_openbsd-4.fw /etc/pf_cluster_5_openbsd-4.fw
|
||||
# files: pf_cluster_5_openbsd-4.conf /etc/pf_cluster_5_openbsd-4.conf
|
||||
@ -199,7 +199,7 @@ configure_interfaces() {
|
||||
update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
|
||||
}
|
||||
|
||||
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
|
||||
log "Activating firewall script generated Thu May 26 14:09:44 2011 by vadim"
|
||||
|
||||
set_kernel_vars
|
||||
configure_interfaces
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user