onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 17:57:22 +01:00
Code Issues Releases Wiki Activity

Merge branch 'pf_import' into development

Browse Source
This commit is contained in:
Vadim Kurland 2011-05-26 14:29:45 -07:00
commit a814b38c0f
277 changed files with 9285 additions and 931 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
# build number is like "nano" version number. I am incrementing build
# number during development cycle
#
BUILD_NUM="3544"
BUILD_NUM="3546"
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

2
VERSION.h
View File

@ -1,2 +1,2 @@
#define VERSION "4.3.0.3544"
#define VERSION "4.3.0.3546"
#define GENERATION "4.3"

12
doc/ChangeLog
View File

@ -1,3 +1,15 @@
2011-05-26 Vadim Kurland <vadim@netcitadel.com>
* PolicyCompiler_pf.cpp (compile): see #2434 "PF compiler should
use 'self' keyword where appropriate". Compiler for PF now uses
keyword 'self' in rules where firewall object is used in Source
or Destination.
* fwcompiler/Compiler.cpp (processNext): added rule processor to
replace firewall object with special run-time object "self" in
Source and Destination rule elements. This rule processor can
be used in policy compilers for any platform.
2011-05-17 vadim <vadim@netcitadel.com>
* FWObjectDatabase_tree_ops.cpp (merge): see #2420 "Crash when

2
packaging/fwbuilder-static-qt.spec
View File

@ -3,7 +3,7 @@
%define name fwbuilder
%define version 4.3.0.3544
%define version 4.3.0.3546
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
packaging/fwbuilder.control
View File

@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
Priority: extra
Section: checkinstall
Maintainer: vadim@fwbuilder.org
Version: 4.3.0.3544-1
Version: 4.3.0.3546-1
Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
Description: Firewall Builder GUI and policy compilers

2
packaging/fwbuilder.spec
View File

@ -1,6 +1,6 @@
%define name fwbuilder
%define version 4.3.0.3544
%define version 4.3.0.3546
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
src/import/IPTImporter.h
View File

@ -43,8 +43,6 @@
#include <QMap>
typedef std::pair<std::string,std::string> str_tuple;
class IPTImporter : public Importer
{

106
src/import/Importer.cpp
View File

@ -34,6 +34,10 @@
#include <ios>
#include <iostream>
#include <algorithm>
#include <memory>
#include "interfaceProperties.h"
#include "interfacePropertiesObjectFactory.h"
#include "fwbuilder/Address.h"
#include "fwbuilder/AddressRange.h"
@ -582,48 +586,38 @@ void Importer::setDstSelf()
dst_a = "self";
}
FWObject* Importer::makeSrcObj()
FWObject* Importer::makeAddressObj(const std::string addr, const std::string netm)
{
if (src_a == "self")
if (addr == "self")
{
return getFirewallObject();
}
if ( (src_a=="" && src_nm=="") ||
(src_a==InetAddr::getAny().toString() &&
src_nm==InetAddr::getAny().toString()))
if ( (addr=="" && netm=="") ||
(addr==InetAddr::getAny().toString() &&
netm==InetAddr::getAny().toString()))
return NULL; // this is 'any'
if (src_nm=="") src_nm = InetAddr::getAllOnes().toString();
ObjectSignature sig(error_tracker);
sig.type_name = Address::TYPENAME;
sig.setAddress(src_a.c_str());
sig.setNetmask(src_nm.c_str(), address_maker->getInvertedNetmasks());
sig.setAddress(addr.c_str());
if (netm=="")
sig.setNetmask(InetAddr::getAllOnes().toString().c_str(),
address_maker->getInvertedNetmasks());
else
sig.setNetmask(netm.c_str(), address_maker->getInvertedNetmasks());
return commitObject(address_maker->createObject(sig));
}
FWObject* Importer::makeSrcObj()
{
return makeAddressObj(src_a, src_nm);
}
FWObject* Importer::makeDstObj()
{
if (dst_a == "self")
{
return getFirewallObject();
}
if ( (dst_a=="" && dst_nm=="") ||
(dst_a==InetAddr::getAny().toString() &&
dst_nm==InetAddr::getAny().toString()))
return NULL; // this is 'any'
if (dst_nm=="") dst_nm=InetAddr::getAllOnes().toString();
ObjectSignature sig(error_tracker);
sig.type_name = Address::TYPENAME;
sig.setAddress(dst_a.c_str());
sig.setNetmask(dst_nm.c_str(), address_maker->getInvertedNetmasks());
return commitObject(address_maker->createObject(sig));
return makeAddressObj(dst_a, dst_nm);
}
FWObject* Importer::makeSrvObj()
@ -933,3 +927,61 @@ FWObject* Importer::commitObject(FWObject *obj)
return obj;
}
/*
* Rearrange vlan interfaces. Importer creates all interfaces as
* children of the firewall. Vlan interfaces should become
* subinterfaces of the corresponding physical interfaces.
*/
void Importer::rearrangeVlanInterfaces()
{
std::auto_ptr<interfaceProperties> int_prop(
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
getFirewallObject()));
list<FWObject*> all_interface_objects =
getFirewallObject()->getByTypeDeep(Interface::TYPENAME);
list<FWObject*> vlans;
list<FWObject*>::iterator it;
for (it=all_interface_objects.begin(); it!=all_interface_objects.end(); ++it)
{
Interface *intf = Interface::cast(*it);
FWOptions *ifopt = intf->getOptionsObject();
if (int_prop->looksLikeVlanInterface(intf->getName().c_str()) &&
ifopt->getStr("type")=="8021q")
{
qDebug() << "Found vlan interface" << intf->getName().c_str();
vlans.push_back(intf);
}
}
for (it=vlans.begin(); it!=vlans.end(); ++it)
{
Interface *vlan_intf = Interface::cast(*it);
qDebug() << "VLAN " << vlan_intf->getName().c_str();
QString base_name;
int vlan_id;
int_prop->parseVlan(vlan_intf->getName().c_str(), &base_name, &vlan_id);
qDebug() << "base name" << base_name;
if ( ! base_name.isEmpty())
{
getFirewallObject()->remove(vlan_intf, false); // do not delete
list<FWObject*>::iterator it2;
for (it2=all_interface_objects.begin(); it2!=all_interface_objects.end(); ++it2)
{
if (base_name == (*it2)->getName().c_str())
{
(*it2)->add(vlan_intf, false);
break;
}
}
}
}
}

10
src/import/Importer.h
View File

@ -43,6 +43,9 @@
#include <QString>
typedef std::pair<std::string,std::string> str_tuple;
typedef std::vector<std::string> str_vector;
class Importer;
@ -179,6 +182,9 @@ protected:
virtual libfwbuilder::FWObject* createGroupOfInterfaces(
const std::string &ruleset_name, std::list<std::string> &interfaces);
virtual libfwbuilder::FWObject* makeAddressObj(const std::string addr,
const std::string netm);
virtual libfwbuilder::FWObject* makeSrcObj();
virtual libfwbuilder::FWObject* makeDstObj();
virtual libfwbuilder::FWObject* makeSrvObj();
@ -363,6 +369,10 @@ public:
void addMessageToLog(const std::string &msg);
void addMessageToLog(const QString &msg);
void rearrangeVlanInterfaces();
};
#endif

495
src/import/PFImporter.cpp Normal file
View File

@ -0,0 +1,495 @@
/*
Firewall Builder
Copyright (C) 2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "../../config.h"
#include "PFImporter.h"
#include <ios>
#include <iostream>
#include <algorithm>
#include <memory>
#include "interfaceProperties.h"
#include "interfacePropertiesObjectFactory.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/AddressRange.h"
#include "fwbuilder/AddressTable.h"
#include "fwbuilder/Resources.h"
#include "fwbuilder/Network.h"
#include "fwbuilder/Address.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/IPService.h"
#include "fwbuilder/ICMPService.h"
#include "fwbuilder/TCPService.h"
#include "fwbuilder/UDPService.h"
#include "fwbuilder/Policy.h"
#include "fwbuilder/RuleElement.h"
#include "fwbuilder/Library.h"
#include "fwbuilder/TCPUDPService.h"
#include "../libgui/platforms.h"
#include <QString>
#include <QtDebug>
extern int fwbdebug;
// TODO: this should move to some common library, together with
// getVersionsForPlatform() it uses. Currently these functions are
// defined in libgui/platforms.cpp
extern QString findBestVersionMatch(const QString &platform,
const QString &discovered_version);
using namespace std;
using namespace libfwbuilder;
PFImporter::PFImporter(FWObject *lib,
std::istringstream &input,
Logger *log,
const std::string &fwname) :
Importer(lib, "pf", input, log, fwname)
{
setPlatform("pf");
address_maker->setInvertedNetmasks(false);
}
PFImporter::~PFImporter()
{
}
void PFImporter::clear()
{
rule_type = NATRule::Unknown;
quick = false;
direction = "";
address_family = "";
iface_group.clear();
proto_list.clear();
tmp_group.clear();
src_group.clear();
dst_group.clear();
src_neg = false;
dst_neg = false;
tmp_neg = false;
tmp_port_def = "";
tmp_port_op = "";
src_port_group.clear();
dst_port_group.clear();
tmp_port_group.clear();
icmp_type_code_group.clear();
queue = "";
state_op = "";
logopts = "";
flags_check = "";
flags_mask = "";
tag = "";
tagged = "";
route_type = UNKNOWN;
route_group.clear();
Importer::clear();
}
void PFImporter::clearTempVars()
{
Importer::clear();
}
void PFImporter::addSrc()
{
PolicyRule *rule = PolicyRule::cast(current_rule);
RuleElement *re = rule->getSrc();
list<AddressSpec>::iterator it;
for (it=src_group.begin(); it!=src_group.end(); ++it)
{
FWObject *obj = makeAddressObj(*it);
if (obj) re->addRef(obj);
}
}
void PFImporter::addDst()
{
PolicyRule *rule = PolicyRule::cast(current_rule);
RuleElement *re = rule->getDst();
list<AddressSpec>::iterator it;
for (it=dst_group.begin(); it!=dst_group.end(); ++it)
{
FWObject *obj = makeAddressObj(*it);
if (obj) re->addRef(obj);
}
}
void PFImporter::addSrv()
{
PolicyRule *rule = PolicyRule::cast(current_rule);
RuleElement *re = rule->getSrv();
// list<AddressSpec>::iterator it;
// for (it=dst_group.begin(); it!=dst_group.end(); ++it)
// {
// FWObject *obj = makeAddressObj(*it);
// if (obj) re->addRef(obj);
// }
}
FWObject* PFImporter::makeAddressObj(AddressSpec &as)
{
if (as.at == AddressSpec::ANY) return NULL;
if (as.at == AddressSpec::INTERFACE_NAME)
{
Interface *intf = getInterfaceByName(as.address);
assert(intf!=NULL);
return intf;
}
if (as.at == AddressSpec::HOST_ADDRESS)
{
return Importer::makeAddressObj(as.address, "");
}
if (as.at == AddressSpec::NETWORK_ADDRESS)
{
return Importer::makeAddressObj(as.address, as.netmask);
}
if (as.at == AddressSpec::SPECIAL_ADDRESS)
{
if (as.address == "self") return getFirewallObject();
{
addMessageToLog(
QObject::tr("Warning: matching '%1' is not supported")
.arg(as.address.c_str()));
return NULL;
}
}
if (as.at == AddressSpec::TABLE)
{
return address_table_registry[as.address.c_str()];
}
}
void PFImporter::addLogging()
{
PolicyRule *rule = PolicyRule::cast(current_rule);
FWOptions *ropt = rule->getOptionsObject();
/*
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
disable Disable log option on this ACL element, (no log at all)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
inactive Keyword for disabling an ACL element
informational Informational messages (severity=6)
interval Configure log interval, default value is 300 sec
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
*/
QMap<QString, QString> logging_levels;
logging_levels["alerts"] = "alert";
logging_levels["critical"] = "crit";
logging_levels["debugging"] = "debug";
logging_levels["emergencies"] = "";
logging_levels["errors"] = "error";
logging_levels["informational"] = "info";
logging_levels["notifications"] = "notice";
logging_levels["warnings"] = "warning";
logging_levels["0"] = "";
logging_levels["1"] = "alert";
logging_levels["2"] = "crit";
logging_levels["3"] = "error";
logging_levels["4"] = "warning";
logging_levels["5"] = "notice";
logging_levels["6"] = "info";
logging_levels["7"] = "debug";
// QStringList log_levels = getLogLevels("pix");
rule->setLogging(logging);
QString log_level_qs = log_level.c_str();
if ( ! log_level_qs.isEmpty())
{
if (logging_levels.count(log_level_qs) != 0)
ropt->setStr("log_level", logging_levels[log_level_qs].toStdString());
else
ropt->setStr("log_level", log_level);
if (log_level_qs == "disable" || log_level_qs == "inactive")
ropt->setBool("disable_logging_for_this_rule", true);
}
if ( ! log_interval.empty())
{
bool ok = false;
int log_interval_int = QString(log_interval.c_str()).toInt(&ok);
if (ok)
ropt->setInt("log_interval", log_interval_int);
}
}
void PFImporter::pushRule()
{
if (rule_type == NATRule::Unknown)
pushPolicyRule();
else
pushNATRule();
assert(current_rule!=NULL);
if (error_tracker->hasErrors())
{
QStringList err = error_tracker->getErrors();
addMessageToLog("Error: " + err.join("\n"));
markCurrentRuleBad();
}
current_rule = NULL;
rule_comment = "";
clear();
}
void PFImporter::pushPolicyRule()
{
RuleSet *ruleset = RuleSet::cast(
getFirewallObject()->getFirstByType(Policy::TYPENAME));
assert(current_rule!=NULL);
// populate all elements of the rule
// Note that standard function
// setInterfaceAndDirectionForRuleSet() assumes there is only one
// interface, but here we can have a group. Information about
// interfaces (even if there is only one) is stored in the list
// iface_group
//
// importer->setInterfaceAndDirectionForRuleSet(
// "", importer->iface, importer->direction);
QString message_str =
QString("filtering rule: action %1; interfaces: %2");
PolicyRule *rule = PolicyRule::cast(current_rule);
FWOptions *ropt = current_rule->getOptionsObject();
assert(ropt!=NULL);
if (action=="pass")
{
if (quick)
rule->setAction(PolicyRule::Accept);
else
rule->setAction(PolicyRule::Continue);
ropt->setBool("stateless", false);
}
if (action=="drop")
{
rule->setAction(PolicyRule::Deny);
ropt->setBool("stateless", true);
}
if (direction == "in") rule->setDirection(PolicyRule::Inbound);
if (direction == "out") rule->setDirection(PolicyRule::Outbound);
if (direction == "") rule->setDirection(PolicyRule::Both);
QStringList interfaces;
list<InterfaceSpec>::iterator it;
for (it=iface_group.begin(); it!=iface_group.end(); ++it)
{
Interface *intf = getInterfaceByName(it->name);
assert(intf!=NULL);
RuleElement *re =rule->getItf();
re->addRef(intf);
interfaces << it->name.c_str();
}
/*
* Set state-related rule options using variable state_op
*/
/*
* Set tagging rule option using variable tag
*/
/*
* Set queueing rule option using variable queue
*/
/*
* Protocols are in proto_list
* Source addresses are in src_group
* Destination addresses are in dst_group
*/
addSrc();
addDst();
addSrv();
/*
* Set logging options using variables logging and logopts
*/
addLogging();
// then add it to the current ruleset
ruleset->add(current_rule);
addStandardImportComment(
current_rule, QString::fromUtf8(rule_comment.c_str()));
addMessageToLog(message_str.arg(action.c_str()).arg(interfaces.join(",")));
}
void PFImporter::pushNATRule()
{
RuleSet *ruleset = RuleSet::cast(
getFirewallObject()->getFirstByType(NAT::TYPENAME));
assert(current_rule!=NULL);
}
Firewall* PFImporter::finalize()
{
// scan all UnidirectionalRuleSet objects, set interface and
// direction in all rules of corresponding RuleSet and merge all
// UnidirectionalRuleSet into one RuleSet object. Attach this
// object to the firewall.
if (fwbdebug) qDebug("PFImporter::finalize()");
if (haveFirewallObject())
{
Firewall *fw = Firewall::cast(getFirewallObject());
// We can not "discover" host OS just by reading pf.conf file.
// Assume FreeBSD
fw->setStr("platform", "pf");
string host_os = "freebsd";
fw->setStr("host_OS", host_os);
Resources::setDefaultTargetOptions(host_os , fw);
// We may be able to infer at least something about the version
// from the pf.conf file in the future.
string version = findBestVersionMatch(
"pf", discovered_version.c_str()).toStdString();
if ( ! version.empty()) fw->setStr("version", version);
rearrangeVlanInterfaces();
list<FWObject*> l1 = fw->getByType(Policy::TYPENAME);
for (list<FWObject*>::iterator i=l1.begin(); i!=l1.end(); ++i)
{
RuleSet *rs = RuleSet::cast(*i);
rs->renumberRules();
}
// Deal with NAT ruleset
list<FWObject*> l2 = fw->getByType(NAT::TYPENAME);
for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i)
{
RuleSet *rs = RuleSet::cast(*i);
rs->renumberRules();
}
return fw;
}
else
{
return NULL;
}
}
Interface* PFImporter::getInterfaceByName(const string &name)
{
map<const string,Interface*>::iterator it;
for (it=all_interfaces.begin(); it!=all_interfaces.end(); ++it)
{
Interface *intf = it->second;
if (intf->getName() == name)
{
return intf;
}
}
return NULL;
}
void PFImporter::newAddressTableObject(const string &name, const string &file)
{
ObjectMaker maker(Library::cast(library), error_tracker);
AddressTable *at = AddressTable::cast(
commitObject(maker.createObject(AddressTable::TYPENAME, name.c_str())));
assert(at!=NULL);
at->setRunTime(true);
at->setSourceName(file);
address_table_registry[name.c_str()] = at;
addMessageToLog(QString("Address Table: <%1> file %2")
.arg(name.c_str()).arg(file.c_str()));
}
void PFImporter::newAddressTableObject(const string &name,
list<AddressSpec> &addresses)
{
ObjectMaker maker(Library::cast(library), error_tracker);
FWObject *og =
commitObject(maker.createObject(ObjectGroup::TYPENAME, name.c_str()));
assert(og!=NULL);
address_table_registry[name.c_str()] = og;
list<AddressSpec>::iterator it;
for (it=addresses.begin(); it!=addresses.end(); ++it)
{
FWObject *obj = makeAddressObj(*it);
if (obj) og->addRef(obj);
}
}

234
src/import/PFImporter.h Normal file
View File

@ -0,0 +1,234 @@
/*
Firewall Builder
Copyright (C) 2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _FWB_POLICY_IMPORTER_PF_H_
#define _FWB_POLICY_IMPORTER_PF_H_
#include <map>
#include <list>
#include <string>
#include <functional>
#include <sstream>
#include "IOSImporter.h"
#include "fwbuilder/libfwbuilder-config.h"
#include "fwbuilder/Logger.h"
#include "fwbuilder/Rule.h"
#include "fwbuilder/NAT.h"
#include <QString>
class InterfaceSpec
{
public:
bool neg;
std::string name;
InterfaceSpec()
{ neg = false; name = ""; }
InterfaceSpec(const InterfaceSpec &other)
{
neg = other.neg;
name = other.name;
}
InterfaceSpec(bool _neg, const std::string _name)
{ neg = _neg; name = _name; }
};
class AddressSpec
{
public:
typedef enum {
UNKNOWN,
ANY,
HOST_NAME,
HOST_ADDRESS,
NETWORK_ADDRESS,
SPECIAL_ADDRESS,
INTERFACE_NAME,
TABLE } address_type;
address_type at;
bool neg;
std::string address;
std::string netmask;
AddressSpec()
{ at = UNKNOWN; neg = false; address = ""; netmask = ""; }
AddressSpec(const AddressSpec &other)
{
at = other.at;
neg = other.neg;
address = other.address;
netmask = other.netmask;
}
AddressSpec(address_type _at, bool _neg, const std::string _addr, const std::string _nm)
{ at = _at; neg= _neg; address = _addr; netmask = _nm; }
};
class PortSpec
{
public:
std::string port1;
std::string port2;
std::string port_op;
PortSpec()
{ port1 = ""; port2 = ""; port_op = ""; }
PortSpec(const PortSpec &other)
{
port1 = other.port1;
port2 = other.port2;
port_op = other.port_op;
}
PortSpec(const std::string s1, const std::string s2, const std::string s3)
{ port1 = s1; port2 = s2; port_op = s3; }
};
class RouteSpec
{
public:
std::string iface;
std::string address;
std::string netmask;
RouteSpec()
{ iface = ""; address = ""; netmask = ""; }
RouteSpec(const RouteSpec &other)
{
iface = other.iface;
address = other.address;
netmask = other.netmask;
}
RouteSpec(const std::string _iface,
const std::string _addr, const std::string _nm)
{ iface = _iface; address = _addr; netmask = _nm; }
};
class PFImporter : public Importer
{
public:
typedef enum {
UNKNOWN,
ROUTE_TO,
REPLY_TO,
DUP_TO} route_op_type;
QMap<QString,libfwbuilder::FWObject*> address_table_registry;
std::string direction;
std::string address_family;
bool quick;
bool src_neg;
bool dst_neg;
bool tmp_neg;
std::list<InterfaceSpec> iface_group;
std::list<std::string> proto_list;
std::list< AddressSpec > src_group;
std::list< AddressSpec > dst_group;
std::list< AddressSpec > tmp_group;
std::string tmp_port_op;
std::string tmp_port_def;
std::list< PortSpec > src_port_group;
std::list< PortSpec > dst_port_group;
std::list< PortSpec > tmp_port_group;
std::list<str_tuple> icmp_type_code_group;
route_op_type route_type;
std::list<RouteSpec> route_group;
std::string queue;
std::string state_op;
std::string logopts;
std::string flags_check;
std::string flags_mask;
std::string tag;
std::string tagged;
libfwbuilder::NATRule::NATRuleTypes rule_type;
PFImporter(libfwbuilder::FWObject *lib,
std::istringstream &input,
libfwbuilder::Logger *log,
const std::string &fwname);
~PFImporter();
virtual void clear();
void clearTempVars();
virtual void run();
void pushPolicyRule();
void pushNATRule();
void buildDNATRule();
void buildSNATRule();
virtual void pushRule();
// this method actually adds interfaces to the firewall object
// and does final clean up.
virtual libfwbuilder::Firewall* finalize();
virtual libfwbuilder::FWObject* makeAddressObj(AddressSpec &as);
virtual void addSrc();
virtual void addDst();
virtual void addSrv();
virtual void addLogging();
libfwbuilder::Interface* getInterfaceByName(const std::string &name);
void newAddressTableObject(const std::string &name, const std::string &file);
void newAddressTableObject(const std::string &name,
std::list<AddressSpec> &addresses);
};
#endif

171
src/import/PFImporterRun.cpp Normal file
View File

@ -0,0 +1,171 @@
/*
Firewall Builder
Copyright (C) 2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "../../config.h"
#include "PFImporter.h"
#include <QString>
#include <QStringList>
#include <QRegExp>
#include <QtDebug>
#include <ios>
#include <iostream>
#include <algorithm>
#include <antlr/ANTLRException.hpp>
#include "../parsers/PFCfgLexer.hpp"
#include "../parsers/PFCfgParser.hpp"
extern int fwbdebug;
using namespace std;
/*
* Only this module depends on PFCfgLexer and PFCfgParser,
* so only this file is recompiled when we change grammar
*/
void PFImporter::run()
{
QStringList err;
QString parser_err = QObject::tr("Parser error:");
QString gen_err = QObject::tr("Error:");
std::ostringstream parser_debug;
/* Do a bit of preprocessing of the input to simplify crazy grammar.
*
* Do the following (will add more stuff here in the future):
*
* - fold lines split with '\'
* - find macro definitions and perform all macro sustitutions
*/
QMap<QString, QString> named_addresses;
QStringList whole_input_tmp;
input.seekg (0, ios::beg);
char buf[8192];
while (!input.eof())
{
input.getline(buf, sizeof(buf)-1);
whole_input_tmp.append(QString(buf));
}
QString whole_input = whole_input_tmp.join("\n");
QRegExp line_continuation("\\\\\\s*\n");
whole_input.replace(line_continuation, "");
QRegExp macro_definition_1("^\\s*(\\S+)\\s*=\\s*\"(.*)\"$");
QRegExp macro_definition_2("^\\s*(\\S+)\\s*=\\s*([^\"]*)$"); // no quotes
QMap<QString, QString> macros;
foreach(QString str, whole_input.split("\n"))
{
if (macro_definition_1.indexIn(str) != -1)
{
macros[macro_definition_1.cap(1)] = macro_definition_1.cap(2);
}
if (macro_definition_2.indexIn(str) != -1)
{
macros[macro_definition_2.cap(1)] = macro_definition_2.cap(2);
}
}
if (fwbdebug)
qDebug() << "Macros defined in this file: " << macros;
// make several passes: sometimes macros can use other macros
int pass = 0;
while (1)
{
bool has_macros = false;
QMapIterator<QString, QString> it(macros);
while (it.hasNext())
{
it.next();
QString macro_name = it.key();
QString macro_value = it.value();
if (whole_input.contains("$" + macro_name))
{
has_macros = true;
whole_input.replace( "$" + macro_name, macro_value);
if (fwbdebug)
qDebug() << "Pass " << pass
<< "Macro substitution: "
<< macro_name << ":" << macro_value;
}
}
if (! has_macros) break;
pass++;
}
if (fwbdebug)
{
qDebug() << "pf.conf file after line unfolding and macro substitution:";
qDebug() << whole_input;
}
istringstream normalized_input(whole_input.toStdString());
PFCfgLexer lexer(normalized_input);
PFCfgParser parser(lexer);
parser.importer = this;
if (fwbdebug) parser.dbg = &std::cerr;
else parser.dbg = &parser_debug;
try
{
parser.cfgfile();
} catch(ANTLR_USE_NAMESPACE(antlr)ANTLRException &e)
{
err << parser_err + " " + e.toString().c_str();
} catch(ObjectMakerException &e)
{
err << gen_err + " " + e.toString();
} catch(ImporterException &e)
{
err << gen_err + " " + e.toString();
} catch(std::exception& e)
{
err << parser_err + " " + e.what();
}
if (haveFirewallObject())
{
if (countInterfaces()==0) err << noInterfacesErrorMessage();
if (countRules()==0) err << noRulesErrorMessage();
} else
{
err << parser_err;
err << noFirewallErrorMessage();
err << commonFailureErrorMessage();
}
if (!err.isEmpty())
*logger << err.join("\n").toUtf8().constData();
}

132
src/import/PreImport.cpp
View File

@ -25,6 +25,38 @@
#include <QRegExp>
#include <functional>
using namespace std;
class matchPFDirectionIn : public matchPFDirection
{
public:
virtual bool operator()(const QString &str)
{
return str.contains(" in ");
}
};
class matchPFDirectionOut : public matchPFDirection
{
public:
virtual bool operator()(const QString &str)
{
return str.contains(" out ");
}
};
class matchPFDirectionBoth : public matchPFDirection
{
public:
virtual bool operator()(const QString &str)
{
return ! str.contains(" in ") && ! str.contains(" out ");
}
};
void PreImport::scan()
{
@ -131,6 +163,105 @@ void PreImport::scan()
}
}
}
/*
* fwbuilder generates PF configuration that always uses "quick"
* keyword to make the first matching rule stop processing. A lot
* of existing pf.conf files use the other model where PF commands
* do not use this keyword, so that all rules inspect the packet
* and the last matching rule makes the decision. Fwbuilder can
* not generate PF configuration in this style and can not import
* it. We look for "block" command without "quick" parameter to
* determine if the configuration offered for import is written in
* this style.
* We refuse to import policies that have "block" line with no
* "quick" word, unless there are other command(s) with "quick"
* after it. We should do this comparison keeping direction in
* mind because it is possible to have "block in all" and then
* "pass out quick something". It looks like a style with "block
* all" at the top used to set up default policy is quite
* popular. Configuration written in this style has "block all
* log" at the top (or in the middle), followed by a bunch of
* specific "pass quick" rules. We can import this if "block all
* log" is the last rule, but not if it is followed by some pass
* rules with no "quick".
*/
if (platform == PF)
{
matchPFDirectionIn dir_in;
matchPFDirectionOut dir_out;
matchPFDirectionBoth dir_both;
if (isReversePFConfigurationStyle(dir_in) ||
isReversePFConfigurationStyle(dir_out) ||
isReversePFConfigurationStyle(dir_both))
{
platform = PF_REVERSE;
}
}
}
bool PreImport::isReversePFConfigurationStyle(matchPFDirection &dir_op)
{
bool has_block_no_quick = false;
bool has_command_with_quick_after_block = false;
bool has_command_with_no_quick_after_block = false;
QRegExp cont("\\\\\\s*\n");
QString line;
QStringListIterator it(*buffer);
while (it.hasNext())
{
// first, unfold lines ending with "\"
line = it.next();
int cont_idx;
while ( (cont_idx = cont.indexIn(line)) > -1 && it.hasNext())
{
line.insert(cont_idx, it.next());
}
line = line.trimmed();
if (line.startsWith("#")) continue;
if (line.isEmpty()) continue;
if ( ! dir_op(line)) continue;
if (line.contains(" quick"))
{
// check if after the line with "block" and no "quick"
// comes a line with action "pass" and "quick" word.
// This is a mixed-style policy and we can try to
// import it.
if (has_block_no_quick &&
(line.startsWith("pass ") || line.startsWith("block ")))
{
has_command_with_quick_after_block = true;
continue;
}
} else
{
// check if this is a line with action "block" and no
// "quick" word
if (line.startsWith("block "))
{
has_block_no_quick = true;
continue;
}
if (has_block_no_quick)
{
has_command_with_no_quick_after_block = true;
break;
}
}
}
return (has_block_no_quick && has_command_with_no_quick_after_block &&
! has_command_with_quick_after_block);
}
QString PreImport::getPlatformAsString()
@ -161,6 +292,7 @@ QString PreImport::getPlatformAsString()
break;
case PreImport::PF:
case PreImport::PF_REVERSE:
platform_string = "pf";
break;
}

11
src/import/PreImport.h
View File

@ -30,12 +30,16 @@
#include <QStringList>
class matchPFDirection
{
public:
virtual bool operator()(const QString&) {return false;}
};
/*
* This class scans firewall configuration and tries to guess platform
* and some other parameters
*/
class PreImport
{
const QStringList *buffer;
@ -43,7 +47,7 @@ class PreImport
public:
enum Platforms { UNKNOWN, IPTABLES, IPTABLES_WITH_COUNTERS,
PF, IOSACL, PIX, FWSM } ;
PF, PF_REVERSE, IOSACL, PIX, FWSM } ;
private:
@ -55,6 +59,7 @@ public:
void scan();
enum Platforms getPlatform() { return platform; }
QString getPlatformAsString();
bool isReversePFConfigurationStyle(matchPFDirection &dir_op);
};
#endif

25
src/import/import.pro
View File

@ -20,18 +20,21 @@ SOURCES = QStringListOperators.cpp \
PIXImporter.cpp \
PIXImporterNat.cpp \
PIXImporterRun.cpp \
PFImporter.cpp \
PFImporterRun.cpp \
HEADERS = QStringListOperators.h \
PreImport.h \
objectMaker.h \
addressObjectMaker.h \
serviceObjectMaker.h \
getProtoByName.h \
getServByName.h \
Importer.h \
IOSImporter.h \
IPTImporter.h \
PIXImporter.h \
HEADERS = QStringListOperators.h \
PreImport.h \
objectMaker.h \
addressObjectMaker.h \
serviceObjectMaker.h \
getProtoByName.h \
getServByName.h \
Importer.h \
IOSImporter.h \
IPTImporter.h \
PIXImporter.h \
PFImporter.h \
CONFIG += staticlib

29
src/libfwbuilder/src/fwbuilder/ObjectMatcher.cpp
View File

@ -92,7 +92,7 @@ bool ObjectMatcher::complexMatch(Address *obj1, Address *obj2)
int cluster_id = obj2->getInt("parent_cluster_id");
if (obj1->getId() == cluster_id) return true;
}
void* res = obj1->dispatch(this, obj2);
return (res != NULL);
}
@ -411,8 +411,18 @@ void* ObjectMatcher::dispatch(AddressRange *obj1, void *_obj2)
return NULL;
}
void* ObjectMatcher::dispatch(MultiAddressRunTime*, void*)
/*
* Special case: run-time DNSName object with source name "self"
* matches firewall.
*/
void* ObjectMatcher::dispatch(MultiAddressRunTime *obj1, void *_obj2)
{
FWObject *obj2 = (FWObject*)(_obj2);
if (obj1->getSubstitutionTypeName() == DNSName::TYPENAME &&
obj1->getSourceName() == "self" && Firewall::isA(obj2))
return obj1;
return NULL; // never matches in this implementation
}
@ -433,13 +443,26 @@ void* ObjectMatcher::dispatch(Firewall *obj1, void *_obj2)
{
FWObject *obj2 = (FWObject*)(_obj2);
if (obj1->getId() == obj2->getId()) return obj1;
/*
* Special case: run-time DNSName object with source name "self"
* matches firewall.
*/
MultiAddressRunTime *mart = MultiAddressRunTime::cast(obj2);
if (mart)
{
if (mart->getSubstitutionTypeName() == DNSName::TYPENAME &&
mart->getSourceName() == "self")
return obj1;
}
/*
* match only if all interfaces of obj1 match obj2
*/
bool res = true;
list<FWObject*> l = obj1->getByTypeDeep(Interface::TYPENAME);
for (list<FWObject*>::iterator it = l.begin(); it!=l.end(); ++it)
res &= checkComplexMatchForSingleAddress(Interface::cast(*it), obj2);
res &= checkComplexMatchForSingleAddress(Interface::cast(*it), obj2);
return res ? obj1 : NULL;
}

60
src/libfwbuilder/src/fwcompiler/Compiler.cpp
View File

@ -519,8 +519,16 @@ void Compiler::_expand_interface(Rule *rule,
}
}
bool compare_addresses(Address *a1, Address *a2)
bool compare_addresses(FWObject *o1, FWObject *o2)
{
Address *a1 = Address::cast(o1);
Address *a2 = Address::cast(o2);
if (a1 == NULL || a2 == NULL)
{
// one or both could be MultiAddress objects (e.g. DNSName)
return o1->getName() < o2->getName();
}
const InetAddr *addr1 = a1->getAddressPtr();
const InetAddr *addr2 = a2->getAddressPtr();
if (addr1 == NULL) return true;
@ -541,18 +549,18 @@ void Compiler::_expand_addr(Rule *rule, FWObject *s,
list<FWObject*> cl;
_expand_addr_recursive(rule, s, cl, expand_cluster_interfaces_fully);
list<Address*> expanded_addresses;
list<FWObject*> expanded_addresses;
for (FWObject::iterator i=cl.begin(); i!=cl.end(); ++i)
{
expanded_addresses.push_back(Address::cast(*i));
expanded_addresses.push_back(*i);
}
expanded_addresses.sort(compare_addresses);
s->clearChildren();
for (list<Address*>::iterator i1=expanded_addresses.begin();
i1!=expanded_addresses.end(); ++i1)
for (list<FWObject*>::iterator i1=expanded_addresses.begin();
i1!=expanded_addresses.end(); ++i1)
{
s->addRef( *i1 );
}
@ -860,6 +868,48 @@ bool Compiler::splitIfRuleElementMatchesFW::processNext()
return true;
}
/*
* This rule processor replaces firewall object in given rule element
* with run-time DNSName object with name "self" and source name (A
* record) set to "self". This is a trick in that when compliers see
* objects like that in a rule, they just put source name in the
* generated code verbatim. This is useful for firewall platforms that
* support keyword "self" (e.g. PF).
*
* Always call this RE after splitIfFirewallInSrc or splitIfFirewallInDst
*/
bool Compiler::ReplaceFirewallObjectWithSelfInRE::processNext()
{
Rule *rule = prev_processor->getNextRule();
if (rule==NULL) return false;
RuleElement *re = RuleElement::cast(rule->getFirstByType(re_type));
for (list<FWObject*>::iterator i1=re->begin(); i1!=re->end(); ++i1)
{
FWObject *obj = FWReference::getObject(*i1);
if (obj == compiler->fw)
{
DNSName *self = DNSName::cast(
compiler->persistent_objects->findObjectByName(
DNSName::TYPENAME, "self"));
if (self == NULL)
{
self = compiler->dbcopy->createDNSName();
self->setName("self");
self->setRunTime(true);
self->setSourceName("self");
compiler->persistent_objects->add(self, false);
}
re->addRef(self);
re->removeRef(compiler->fw);
break;
}
}
tmp_queue.push_back(rule);
return true;
}
bool Compiler::equalObj::operator()(FWObject *o)
{

17
src/libfwbuilder/src/fwcompiler/Compiler.h
View File

@ -828,9 +828,20 @@ public:
virtual bool processNext();
};
/**
* This rule processor replaces firewall object with
* DNSName object "self" configured as run-time with source
* name "self".
*/
class ReplaceFirewallObjectWithSelfInRE : public BasicRuleProcessor
{
std::string re_type;
public:
ReplaceFirewallObjectWithSelfInRE(const std::string &n,
std::string _type) :
BasicRuleProcessor(n) { re_type=_type; }
virtual bool processNext();
};
/**
* prints rule in some universal format (close to that visible

21
src/libfwbuilder/src/fwcompiler/PolicyCompiler.h
View File

@ -187,6 +187,27 @@ namespace fwcompiler {
expandMultipleAddressesInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {}
};
class ReplaceFirewallObjectWithSelfInSrc : public Compiler::ReplaceFirewallObjectWithSelfInRE
{
public:
ReplaceFirewallObjectWithSelfInSrc(const std::string &n) :
ReplaceFirewallObjectWithSelfInRE(
n, libfwbuilder::RuleElementSrc::TYPENAME) {}
};
class ReplaceFirewallObjectWithSelfInDst : public Compiler::ReplaceFirewallObjectWithSelfInRE
{
public:
ReplaceFirewallObjectWithSelfInDst(const std::string &n) :
ReplaceFirewallObjectWithSelfInRE(
n, libfwbuilder::RuleElementDst::TYPENAME) {}
};
/**
* processes rules with negation in Itf
*/

27
src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp
View File

@ -180,12 +180,31 @@ void IC_PlatformWarningPage::initializePage()
case PreImport::PF:
m_dialog->platform->setText(tr("pf"));
m_dialog->platformSpecificWarning->setText(
tr("Firewall Builder does not support import of PF "
"configurations at this time. Click the button below to "
"vote to have this feature added in a future release."
tr("Firewall Builder supports import PF "
"configuration from a pf.conf file. Tables will be imported "
"as object groups and their names will be preserved. "
"Macros are expanded in place and not imported as "
"objects. Import of anchors is not supported at this time."
));
platformOk = true;
break;
case PreImport::PF_REVERSE:
m_dialog->platform->setText(tr("pf"));
m_dialog->platformSpecificWarning->setText(
tr(
"<html><p>This appears to be PF configuration designed "
"without use of the <b>\"quick\"</b> keyword, where "
"the packet is evaluated by all filtering rules in "
"sequential order and the last matching rule decides "
"what action is to be taken. Firewall Builder uses "
"different rule model, where the first matching rule "
"is always final and makes the decision on the action. "
"This means Firewall Builder can only import PF "
"configuration written using <b>\"quick\"</b> "
"keywords.</p></html>"
));
platformOk = false;
m_dialog->voteForFeatureButton->show();
break;
}

4
src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp
View File

@ -30,6 +30,7 @@
#include "IOSImporter.h"
#include "IPTImporter.h"
#include "PIXImporter.h"
#include "PFImporter.h"
#include "objectMaker.h"
#include <QWidget>
@ -92,6 +93,9 @@ void ImporterThread::run()
if (platform == "pix" || platform == "fwsm") importer = new PIXImporter(
lib, instream, logger, firewallName.toUtf8().constData());
if (platform == "pf") importer = new PFImporter(
lib, instream, logger, firewallName.toUtf8().constData());
if (importer)
{

1755
src/parsers/PFCfgLexer.cpp Normal file
View File

@ -0,0 +1,1755 @@
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.cpp"$ */
#line 42 "pf.g"
// gets inserted before the antlr generated includes in the cpp
// file
#line 8 "PFCfgLexer.cpp"
#include "PFCfgLexer.hpp"
#include <antlr/CharBuffer.hpp>
#include <antlr/TokenStreamException.hpp>
#include <antlr/TokenStreamIOException.hpp>
#include <antlr/TokenStreamRecognitionException.hpp>
#include <antlr/CharStreamException.hpp>
#include <antlr/CharStreamIOException.hpp>
#include <antlr/NoViableAltForCharException.hpp>
#line 48 "pf.g"
// gets inserted after the antlr generated includes in the cpp
// file
#include <antlr/Token.hpp>
#include <antlr/TokenBuffer.hpp>
#line 25 "PFCfgLexer.cpp"
#line 1 "pf.g"
#line 27 "PFCfgLexer.cpp"
PFCfgLexer::PFCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in)
: ANTLR_USE_NAMESPACE(antlr)CharScanner(new ANTLR_USE_NAMESPACE(antlr)CharBuffer(in),true)
{
initLiterals();
}
PFCfgLexer::PFCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib)
: ANTLR_USE_NAMESPACE(antlr)CharScanner(ib,true)
{
initLiterals();
}
PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state)
: ANTLR_USE_NAMESPACE(antlr)CharScanner(state,true)
{
initLiterals();
}
void PFCfgLexer::initLiterals()
{
literals["vrrp"] = 61;
literals["critical"] = 100;
literals["ospf"] = 59;
literals["rdp"] = 53;
literals["disable"] = 107;
literals["scrub"] = 12;
literals["ipsec"] = 90;
literals["inet"] = 45;
literals["pcp"] = 92;
literals["emergencies"] = 102;
literals["debugging"] = 101;
literals["persist"] = 16;
literals["snp"] = 96;
literals["timeout"] = 32;
literals["to"] = 42;
literals["flags"] = 71;
literals["isis"] = 63;
literals["icmp6-type"] = 74;
literals["const"] = 17;
literals["pptp"] = 94;
literals["pass"] = 33;
literals["no"] = 77;
literals["from"] = 64;
literals["igrp"] = 89;
literals["pim"] = 93;
literals["tagged"] = 75;
literals["rsvp"] = 54;
literals["route-to"] = 69;
literals["nos"] = 91;
literals["quit"] = 86;
literals["->"] = 109;
literals["icmp-type"] = 72;
literals["exit"] = 85;
literals["modulate"] = 79;
literals["nat"] = 29;
literals["range"] = 98;
literals["urpf-failed"] = 65;
literals["out"] = 36;
literals["queue"] = 10;
literals["gre"] = 55;
literals["set"] = 11;
literals["warnings"] = 106;
literals["ah"] = 57;
literals["host"] = 97;
literals["interface"] = 87;
literals["rip"] = 95;
literals["icmp6"] = 88;
literals["notifications"] = 105;
literals["file"] = 19;
literals["synproxy"] = 80;
literals["altq"] = 9;
literals["any"] = 66;
literals["esp"] = 56;
literals["alerts"] = 99;
literals["all"] = 40;
literals["inet6"] = 46;
literals["inactive"] = 108;
literals["label"] = 82;
literals["no-route"] = 67;
literals["udp"] = 52;
literals["reply-to"] = 70;
literals["tag"] = 76;
literals["port"] = 83;
literals["code"] = 73;
literals["ip"] = 48;
literals["table"] = 13;
literals["eigrp"] = 58;
literals["errors"] = 103;
literals["ipip"] = 60;
literals["antispoof"] = 8;
literals["binat"] = 30;
literals["igmp"] = 50;
literals["on"] = 44;
literals["state"] = 81;
literals["proto"] = 47;
literals["log"] = 37;
literals["rdr"] = 31;
literals["informational"] = 104;
literals["self"] = 25;
literals["in"] = 35;
literals["keep"] = 78;
literals["block"] = 34;
literals["l2tp"] = 62;
literals["quick"] = 43;
literals["user"] = 41;
literals["icmp"] = 49;
literals["tcp"] = 51;
}
ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
{
ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken;
for (;;) {
ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken;
int _ttype = ANTLR_USE_NAMESPACE(antlr)Token::INVALID_TYPE;
resetText();
try { // for lexical and char stream error handling
switch ( LA(1)) {
case 0xa /* '\n' */ :
case 0xd /* '\r' */ :
{
mNEWLINE(true);
theRetToken=_returnToken;
break;
}
case 0x30 /* '0' */ :
case 0x31 /* '1' */ :
case 0x32 /* '2' */ :
case 0x33 /* '3' */ :
case 0x34 /* '4' */ :
case 0x35 /* '5' */ :
case 0x36 /* '6' */ :
case 0x37 /* '7' */ :
case 0x38 /* '8' */ :
case 0x39 /* '9' */ :
case 0x3a /* ':' */ :
case 0x41 /* 'A' */ :
case 0x42 /* 'B' */ :
case 0x43 /* 'C' */ :
case 0x44 /* 'D' */ :
case 0x45 /* 'E' */ :
case 0x46 /* 'F' */ :
case 0x47 /* 'G' */ :
case 0x48 /* 'H' */ :
case 0x49 /* 'I' */ :
case 0x4a /* 'J' */ :
case 0x4b /* 'K' */ :
case 0x4c /* 'L' */ :
case 0x4d /* 'M' */ :
case 0x4e /* 'N' */ :
case 0x4f /* 'O' */ :
case 0x50 /* 'P' */ :
case 0x51 /* 'Q' */ :
case 0x52 /* 'R' */ :
case 0x53 /* 'S' */ :
case 0x54 /* 'T' */ :
case 0x55 /* 'U' */ :
case 0x56 /* 'V' */ :
case 0x57 /* 'W' */ :
case 0x58 /* 'X' */ :
case 0x59 /* 'Y' */ :
case 0x5a /* 'Z' */ :
case 0x61 /* 'a' */ :
case 0x62 /* 'b' */ :
case 0x63 /* 'c' */ :
case 0x64 /* 'd' */ :
case 0x65 /* 'e' */ :
case 0x66 /* 'f' */ :
case 0x67 /* 'g' */ :
case 0x68 /* 'h' */ :
case 0x69 /* 'i' */ :
case 0x6a /* 'j' */ :
case 0x6b /* 'k' */ :
case 0x6c /* 'l' */ :
case 0x6d /* 'm' */ :
case 0x6e /* 'n' */ :
case 0x6f /* 'o' */ :
case 0x70 /* 'p' */ :
case 0x71 /* 'q' */ :
case 0x72 /* 'r' */ :
case 0x73 /* 's' */ :
case 0x74 /* 't' */ :
case 0x75 /* 'u' */ :
case 0x76 /* 'v' */ :
case 0x77 /* 'w' */ :
case 0x78 /* 'x' */ :
case 0x79 /* 'y' */ :
case 0x7a /* 'z' */ :
{
mNUMBER_ADDRESS_OR_WORD(true);
theRetToken=_returnToken;
break;
}
case 0x7c /* '|' */ :
{
mPIPE_CHAR(true);
theRetToken=_returnToken;
break;
}
case 0x25 /* '%' */ :
{
mPERCENT(true);
theRetToken=_returnToken;
break;
}
case 0x26 /* '&' */ :
{
mAMPERSAND(true);
theRetToken=_returnToken;
break;
}
case 0x27 /* '\'' */ :
{
mAPOSTROPHE(true);
theRetToken=_returnToken;
break;
}
case 0x2a /* '*' */ :
{
mSTAR(true);
theRetToken=_returnToken;
break;
}
case 0x2b /* '+' */ :
{
mPLUS(true);
theRetToken=_returnToken;
break;
}
case 0x2c /* ',' */ :
{
mCOMMA(true);
theRetToken=_returnToken;
break;
}
case 0x2d /* '-' */ :
{
mMINUS(true);
theRetToken=_returnToken;
break;
}
case 0x2e /* '.' */ :
{
mDOT(true);
theRetToken=_returnToken;
break;
}
case 0x2f /* '/' */ :
{
mSLASH(true);
theRetToken=_returnToken;
break;
}
case 0x3b /* ';' */ :
{
mSEMICOLON(true);
theRetToken=_returnToken;
break;
}
case 0x3d /* '=' */ :
{
mEQUAL(true);
theRetToken=_returnToken;
break;
}
case 0x3f /* '?' */ :
{
mQUESTION(true);
theRetToken=_returnToken;
break;
}
case 0x40 /* '@' */ :
{
mCOMMERCIAL_AT(true);
theRetToken=_returnToken;
break;
}
case 0x28 /* '(' */ :
{
mOPENING_PAREN(true);
theRetToken=_returnToken;
break;
}
case 0x29 /* ')' */ :
{
mCLOSING_PAREN(true);
theRetToken=_returnToken;
break;
}
case 0x5b /* '[' */ :
{
mOPENING_SQUARE(true);
theRetToken=_returnToken;
break;
}
case 0x5d /* ']' */ :
{
mCLOSING_SQUARE(true);
theRetToken=_returnToken;
break;
}
case 0x7b /* '{' */ :
{
mOPENING_BRACE(true);
theRetToken=_returnToken;
break;
}
case 0x7d /* '}' */ :
{
mCLOSING_BRACE(true);
theRetToken=_returnToken;
break;
}
case 0x5e /* '^' */ :
{
mCARET(true);
theRetToken=_returnToken;
break;
}
case 0x5f /* '_' */ :
{
mUNDERLINE(true);
theRetToken=_returnToken;
break;
}
case 0x7e /* '~' */ :
{
mTILDE(true);
theRetToken=_returnToken;
break;
}
case 0x21 /* '!' */ :
{
mEXLAMATION(true);
theRetToken=_returnToken;
break;
}
case 0x3c /* '<' */ :
{
mLESS_THAN(true);
theRetToken=_returnToken;
break;
}
case 0x3e /* '>' */ :
{
mGREATER_THAN(true);
theRetToken=_returnToken;
break;
}
default:
if ((LA(1) == 0x23 /* '#' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) {
mLINE_COMMENT(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x22 /* '\"' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) {
mSTRING(true);
theRetToken=_returnToken;
}
else if ((_tokenSet_0.member(LA(1)))) {
mWhitespace(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x23 /* '#' */ ) && (true)) {
mNUMBER_SIGN(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x22 /* '\"' */ ) && (true)) {
mDOUBLE_QUOTE(true);
theRetToken=_returnToken;
}
else {
if (LA(1)==EOF_CHAR)
{
uponEOF();
_returnToken = makeToken(ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE);
}
else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
}
if ( !_returnToken )
goto tryAgain; // found SKIP token
_ttype = _returnToken->getType();
_ttype = testLiteralsTable(_ttype);
_returnToken->setType(_ttype);
return _returnToken;
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& e) {
throw ANTLR_USE_NAMESPACE(antlr)TokenStreamRecognitionException(e);
}
catch (ANTLR_USE_NAMESPACE(antlr)CharStreamIOException& csie) {
throw ANTLR_USE_NAMESPACE(antlr)TokenStreamIOException(csie.io);
}
catch (ANTLR_USE_NAMESPACE(antlr)CharStreamException& cse) {
throw ANTLR_USE_NAMESPACE(antlr)TokenStreamException(cse.getMessage());
}
tryAgain:;
}
}
void PFCfgLexer::mLINE_COMMENT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = LINE_COMMENT;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match("#");
{ // ( ... )*
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
{
match(_tokenSet_1);
}
}
else {
goto _loop151;
}
}
_loop151:;
} // ( ... )*
mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mNEWLINE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NEWLINE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
{
if ((LA(1) == 0xd /* '\r' */ ) && (LA(2) == 0xa /* '\n' */ )) {
match("\r\n");
}
else if ((LA(1) == 0xd /* '\r' */ ) && (true)) {
match('\r' /* charlit */ );
}
else if ((LA(1) == 0xa /* '\n' */ )) {
match('\n' /* charlit */ );
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
if ( inputState->guessing==0 ) {
#line 1021 "pf.g"
newline();
#line 480 "PFCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mWhitespace(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = Whitespace;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
{
switch ( LA(1)) {
case 0x3 /* '\3' */ :
case 0x4 /* '\4' */ :
case 0x5 /* '\5' */ :
case 0x6 /* '\6' */ :
case 0x7 /* '\7' */ :
case 0x8 /* '\10' */ :
{
matchRange('\3','\10');
break;
}
case 0x9 /* '\t' */ :
{
match('\t' /* charlit */ );
break;
}
case 0xb /* '\13' */ :
{
match('\13' /* charlit */ );
break;
}
case 0xc /* '\14' */ :
{
match('\14' /* charlit */ );
break;
}
case 0xe /* '\16' */ :
case 0xf /* '\17' */ :
case 0x10 /* '\20' */ :
case 0x11 /* '\21' */ :
case 0x12 /* '\22' */ :
case 0x13 /* '\23' */ :
case 0x14 /* '\24' */ :
case 0x15 /* '\25' */ :
case 0x16 /* '\26' */ :
case 0x17 /* '\27' */ :
case 0x18 /* '\30' */ :
case 0x19 /* '\31' */ :
case 0x1a /* '\32' */ :
case 0x1b /* '\33' */ :
case 0x1c /* '\34' */ :
case 0x1d /* '\35' */ :
case 0x1e /* '\36' */ :
case 0x1f /* '\37' */ :
{
matchRange('\16','\37');
break;
}
case 0x20 /* ' ' */ :
{
match(' ' /* charlit */ );
break;
}
default:
if (((LA(1) >= 0x7f && LA(1) <= 0xff))) {
matchRange('\177',static_cast<unsigned char>('\377'));
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
}
if ( inputState->guessing==0 ) {
#line 1016 "pf.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 561 "PFCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mINT_CONST(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = INT_CONST;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mHEX_CONST(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = HEX_CONST;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mNUMBER(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NUMBER;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mNEG_INT_CONST(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NEG_INT_CONST;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mCOLON(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = COLON;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mHEX_DIGIT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = HEX_DIGIT;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
matchRange('0','9');
matchRange('a','f');
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mDIGIT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = DIGIT;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
matchRange('0','9');
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mNUM_3DIGIT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NUM_3DIGIT;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
{
matchRange('0','9');
}
{
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
{
matchRange('0','9');
}
{
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
matchRange('0','9');
}
else {
}
}
}
else {
}
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mNUM_HEX_4DIGIT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NUM_HEX_4DIGIT;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
mHEX_DIGIT(false);
{
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
{
mHEX_DIGIT(false);
}
{
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
{
mHEX_DIGIT(false);
}
{
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mHEX_DIGIT(false);
}
else {
}
}
}
else {
}
}
}
else {
}
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NUMBER_ADDRESS_OR_WORD;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
bool synPredMatched176 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) {
int _m176 = mark();
synPredMatched176 = true;
inputState->guessing++;
try {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched176 = false;
}
rewind(_m176);
inputState->guessing--;
}
if ( synPredMatched176 ) {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
}
if ( inputState->guessing==0 ) {
#line 1058 "pf.g"
_ttype = IPV4;
#line 778 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched183 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) {
int _m183 = mark();
synPredMatched183 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt180=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt180>=1 ) { goto _loop180; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt180++;
}
_loop180:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt182=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt182>=1 ) { goto _loop182; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt182++;
}
_loop182:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched183 = false;
}
rewind(_m183);
inputState->guessing--;
}
if ( synPredMatched183 ) {
{
{ // ( ... )+
int _cnt186=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt186>=1 ) { goto _loop186; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt186++;
}
_loop186:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt188=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt188>=1 ) { goto _loop188; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt188++;
}
_loop188:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1061 "pf.g"
_ttype = NUMBER;
#line 861 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched207 = false;
if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x39 /* '9' */ )))) {
int _m207 = mark();
synPredMatched207 = true;
inputState->guessing++;
try {
{
match(':' /* charlit */ );
match(':' /* charlit */ );
mNUM_HEX_4DIGIT(false);
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched207 = false;
}
rewind(_m207);
inputState->guessing--;
}
if ( synPredMatched207 ) {
match(':' /* charlit */ );
match(':' /* charlit */ );
mNUM_HEX_4DIGIT(false);
{ // ( ... )*
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
mNUM_HEX_4DIGIT(false);
}
else {
goto _loop209;
}
}
_loop209:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 1084 "pf.g"
_ttype = IPV6;
#line 903 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched192 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )))) {
int _m192 = mark();
synPredMatched192 = true;
inputState->guessing++;
try {
{
mNUM_HEX_4DIGIT(false);
match(':' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched192 = false;
}
rewind(_m192);
inputState->guessing--;
}
if ( synPredMatched192 ) {
{
bool synPredMatched197 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) {
int _m197 = mark();
synPredMatched197 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt196=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mNUM_HEX_4DIGIT(false);
match(':' /* charlit */ );
}
else {
if ( _cnt196>=1 ) { goto _loop196; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt196++;
}
_loop196:;
} // ( ... )+
match(':' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched197 = false;
}
rewind(_m197);
inputState->guessing--;
}
if ( synPredMatched197 ) {
{
{ // ( ... )+
int _cnt200=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mNUM_HEX_4DIGIT(false);
match(':' /* charlit */ );
}
else {
if ( _cnt200>=1 ) { goto _loop200; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt200++;
}
_loop200:;
} // ( ... )+
match(':' /* charlit */ );
{
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mNUM_HEX_4DIGIT(false);
{ // ( ... )*
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
mNUM_HEX_4DIGIT(false);
}
else {
goto _loop203;
}
}
_loop203:;
} // ( ... )*
}
else {
}
}
}
if ( inputState->guessing==0 ) {
#line 1075 "pf.g"
_ttype = IPV6;
#line 1000 "PFCfgLexer.cpp"
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ ))) {
mNUM_HEX_4DIGIT(false);
{ // ( ... )+
int _cnt205=0;
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
mNUM_HEX_4DIGIT(false);
}
else {
if ( _cnt205>=1 ) { goto _loop205; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt205++;
}
_loop205:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 1078 "pf.g"
_ttype = IPV6;
#line 1023 "PFCfgLexer.cpp"
}
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
if ( inputState->guessing==0 ) {
#line 1080 "pf.g"
_ttype = IPV6;
#line 1034 "PFCfgLexer.cpp"
}
}
else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) {
match(':' /* charlit */ );
match(':' /* charlit */ );
if ( inputState->guessing==0 ) {
#line 1087 "pf.g"
_ttype = IPV6;
#line 1043 "PFCfgLexer.cpp"
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
{ // ( ... )+
int _cnt190=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt190>=1 ) { goto _loop190; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt190++;
}
_loop190:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 1066 "pf.g"
_ttype = INT_CONST;
#line 1064 "PFCfgLexer.cpp"
}
}
else if ((LA(1) == 0x3a /* ':' */ ) && (true)) {
match(':' /* charlit */ );
if ( inputState->guessing==0 ) {
#line 1090 "pf.g"
_ttype = COLON;
#line 1072 "PFCfgLexer.cpp"
}
}
else if ((_tokenSet_3.member(LA(1)))) {
{
switch ( LA(1)) {
case 0x61 /* 'a' */ :
case 0x62 /* 'b' */ :
case 0x63 /* 'c' */ :
case 0x64 /* 'd' */ :
case 0x65 /* 'e' */ :
case 0x66 /* 'f' */ :
case 0x67 /* 'g' */ :
case 0x68 /* 'h' */ :
case 0x69 /* 'i' */ :
case 0x6a /* 'j' */ :
case 0x6b /* 'k' */ :
case 0x6c /* 'l' */ :
case 0x6d /* 'm' */ :
case 0x6e /* 'n' */ :
case 0x6f /* 'o' */ :
case 0x70 /* 'p' */ :
case 0x71 /* 'q' */ :
case 0x72 /* 'r' */ :
case 0x73 /* 's' */ :
case 0x74 /* 't' */ :
case 0x75 /* 'u' */ :
case 0x76 /* 'v' */ :
case 0x77 /* 'w' */ :
case 0x78 /* 'x' */ :
case 0x79 /* 'y' */ :
case 0x7a /* 'z' */ :
{
matchRange('a','z');
break;
}
case 0x41 /* 'A' */ :
case 0x42 /* 'B' */ :
case 0x43 /* 'C' */ :
case 0x44 /* 'D' */ :
case 0x45 /* 'E' */ :
case 0x46 /* 'F' */ :
case 0x47 /* 'G' */ :
case 0x48 /* 'H' */ :
case 0x49 /* 'I' */ :
case 0x4a /* 'J' */ :
case 0x4b /* 'K' */ :
case 0x4c /* 'L' */ :
case 0x4d /* 'M' */ :
case 0x4e /* 'N' */ :
case 0x4f /* 'O' */ :
case 0x50 /* 'P' */ :
case 0x51 /* 'Q' */ :
case 0x52 /* 'R' */ :
case 0x53 /* 'S' */ :
case 0x54 /* 'T' */ :
case 0x55 /* 'U' */ :
case 0x56 /* 'V' */ :
case 0x57 /* 'W' */ :
case 0x58 /* 'X' */ :
case 0x59 /* 'Y' */ :
case 0x5a /* 'Z' */ :
{
matchRange('A','Z');
break;
}
default:
{
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
}
{ // ( ... )*
for (;;) {
switch ( LA(1)) {
case 0x22 /* '\"' */ :
{
match('\"' /* charlit */ );
break;
}
case 0x24 /* '$' */ :
{
match('$' /* charlit */ );
break;
}
case 0x25 /* '%' */ :
{
match('%' /* charlit */ );
break;
}
case 0x26 /* '&' */ :
{
match('&' /* charlit */ );
break;
}
case 0x2d /* '-' */ :
{
match('-' /* charlit */ );
break;
}
case 0x30 /* '0' */ :
case 0x31 /* '1' */ :
case 0x32 /* '2' */ :
case 0x33 /* '3' */ :
case 0x34 /* '4' */ :
case 0x35 /* '5' */ :
case 0x36 /* '6' */ :
case 0x37 /* '7' */ :
case 0x38 /* '8' */ :
case 0x39 /* '9' */ :
{
matchRange('0','9');
break;
}
case 0x3b /* ';' */ :
{
match(';' /* charlit */ );
break;
}
case 0x3f /* '?' */ :
{
match('?' /* charlit */ );
break;
}
case 0x40 /* '@' */ :
{
match('@' /* charlit */ );
break;
}
case 0x41 /* 'A' */ :
case 0x42 /* 'B' */ :
case 0x43 /* 'C' */ :
case 0x44 /* 'D' */ :
case 0x45 /* 'E' */ :
case 0x46 /* 'F' */ :
case 0x47 /* 'G' */ :
case 0x48 /* 'H' */ :
case 0x49 /* 'I' */ :
case 0x4a /* 'J' */ :
case 0x4b /* 'K' */ :
case 0x4c /* 'L' */ :
case 0x4d /* 'M' */ :
case 0x4e /* 'N' */ :
case 0x4f /* 'O' */ :
case 0x50 /* 'P' */ :
case 0x51 /* 'Q' */ :
case 0x52 /* 'R' */ :
case 0x53 /* 'S' */ :
case 0x54 /* 'T' */ :
case 0x55 /* 'U' */ :
case 0x56 /* 'V' */ :
case 0x57 /* 'W' */ :
case 0x58 /* 'X' */ :
case 0x59 /* 'Y' */ :
case 0x5a /* 'Z' */ :
{
matchRange('A','Z');
break;
}
case 0x5c /* '\\' */ :
{
match('\\' /* charlit */ );
break;
}
case 0x5e /* '^' */ :
{
match('^' /* charlit */ );
break;
}
case 0x5f /* '_' */ :
{
match('_' /* charlit */ );
break;
}
case 0x60 /* '`' */ :
{
match('`' /* charlit */ );
break;
}
case 0x61 /* 'a' */ :
case 0x62 /* 'b' */ :
case 0x63 /* 'c' */ :
case 0x64 /* 'd' */ :
case 0x65 /* 'e' */ :
case 0x66 /* 'f' */ :
case 0x67 /* 'g' */ :
case 0x68 /* 'h' */ :
case 0x69 /* 'i' */ :
case 0x6a /* 'j' */ :
case 0x6b /* 'k' */ :
case 0x6c /* 'l' */ :
case 0x6d /* 'm' */ :
case 0x6e /* 'n' */ :
case 0x6f /* 'o' */ :
case 0x70 /* 'p' */ :
case 0x71 /* 'q' */ :
case 0x72 /* 'r' */ :
case 0x73 /* 's' */ :
case 0x74 /* 't' */ :
case 0x75 /* 'u' */ :
case 0x76 /* 'v' */ :
case 0x77 /* 'w' */ :
case 0x78 /* 'x' */ :
case 0x79 /* 'y' */ :
case 0x7a /* 'z' */ :
{
matchRange('a','z');
break;
}
default:
{
goto _loop212;
}
}
}
_loop212:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 1102 "pf.g"
_ttype = WORD;
#line 1292 "PFCfgLexer.cpp"
}
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}}}
_ttype = testLiteralsTable(_ttype);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mSTRING(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = STRING;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('\"' /* charlit */ );
{ // ( ... )*
for (;;) {
if ((_tokenSet_4.member(LA(1)))) {
matchNot('\"' /* charlit */ );
}
else {
goto _loop215;
}
}
_loop215:;
} // ( ... )*
match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mPIPE_CHAR(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = PIPE_CHAR;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('|' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mNUMBER_SIGN(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NUMBER_SIGN;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('#' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mPERCENT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = PERCENT;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('%' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mAMPERSAND(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = AMPERSAND;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('&' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mAPOSTROPHE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = APOSTROPHE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('\'' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mSTAR(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = STAR;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('*' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mPLUS(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = PLUS;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('+' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mCOMMA(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = COMMA;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match(',' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mMINUS(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = MINUS;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('-' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mDOT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = DOT;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('.' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mSLASH(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = SLASH;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('/' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mSEMICOLON(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = SEMICOLON;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match(';' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mEQUAL(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = EQUAL;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('=' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mQUESTION(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = QUESTION;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('?' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mCOMMERCIAL_AT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = COMMERCIAL_AT;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('@' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mOPENING_PAREN(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = OPENING_PAREN;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('(' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mCLOSING_PAREN(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = CLOSING_PAREN;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match(')' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mOPENING_SQUARE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = OPENING_SQUARE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('[' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mCLOSING_SQUARE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = CLOSING_SQUARE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match(']' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mOPENING_BRACE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = OPENING_BRACE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('{' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mCLOSING_BRACE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = CLOSING_BRACE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('}' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mCARET(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = CARET;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('^' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mUNDERLINE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = UNDERLINE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('_' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mTILDE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = TILDE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('~' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mEXLAMATION(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = EXLAMATION;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('!' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mLESS_THAN(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = LESS_THAN;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('<' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mGREATER_THAN(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = GREATER_THAN;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('>' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mDOUBLE_QUOTE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = DOUBLE_QUOTE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
const unsigned long PFCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, 2147483648UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x7f 0x80 0x81
// 0x82 0x83 0x84 0x85 0x86 0x87 0x88
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_0(_tokenSet_0_data_,16);
const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! \" # $ %
// & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G
// H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h
// i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// . 0 1 2 3 4 5 6 7 8 9
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_2(_tokenSet_2_data_,10);
const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 0UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h
// i j k l m n o p q r s t u v w x y z
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10);
const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13
// 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $
// % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F
// G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g
// h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,16);

106
src/parsers/PFCfgLexer.hpp Normal file
View File

@ -0,0 +1,106 @@
#ifndef INC_PFCfgLexer_hpp_
#define INC_PFCfgLexer_hpp_
#line 25 "pf.g"
// gets inserted before antlr generated includes in the header
// file
#include "PFImporter.h"
#line 11 "PFCfgLexer.hpp"
#include <antlr/config.hpp>
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.hpp"$ */
#include <antlr/CommonToken.hpp>
#include <antlr/InputBuffer.hpp>
#include <antlr/BitSet.hpp>
#include "PFCfgParserTokenTypes.hpp"
#include <antlr/CharScanner.hpp>
#line 32 "pf.g"
// gets inserted after antlr generated includes in the header file
// outside any generated namespace specifications
#include <sstream>
class PFImporter;
#line 28 "PFCfgLexer.hpp"
#line 56 "pf.g"
// gets inserted after generated namespace specifications in the
// header file. But outside the generated class.
#line 34 "PFCfgLexer.hpp"
class CUSTOM_API PFCfgLexer : public ANTLR_USE_NAMESPACE(antlr)CharScanner, public PFCfgParserTokenTypes
{
#line 1 "pf.g"
#line 38 "PFCfgLexer.hpp"
private:
void initLiterals();
public:
bool getCaseSensitiveLiterals() const
{
return true;
}
public:
PFCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in);
PFCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib);
PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state);
ANTLR_USE_NAMESPACE(antlr)RefToken nextToken();
public: void mLINE_COMMENT(bool _createToken);
public: void mNEWLINE(bool _createToken);
public: void mWhitespace(bool _createToken);
protected: void mINT_CONST(bool _createToken);
protected: void mHEX_CONST(bool _createToken);
protected: void mNUMBER(bool _createToken);
protected: void mNEG_INT_CONST(bool _createToken);
protected: void mCOLON(bool _createToken);
protected: void mHEX_DIGIT(bool _createToken);
protected: void mDIGIT(bool _createToken);
protected: void mNUM_3DIGIT(bool _createToken);
protected: void mNUM_HEX_4DIGIT(bool _createToken);
public: void mNUMBER_ADDRESS_OR_WORD(bool _createToken);
public: void mSTRING(bool _createToken);
public: void mPIPE_CHAR(bool _createToken);
public: void mNUMBER_SIGN(bool _createToken);
public: void mPERCENT(bool _createToken);
public: void mAMPERSAND(bool _createToken);
public: void mAPOSTROPHE(bool _createToken);
public: void mSTAR(bool _createToken);
public: void mPLUS(bool _createToken);
public: void mCOMMA(bool _createToken);
public: void mMINUS(bool _createToken);
public: void mDOT(bool _createToken);
public: void mSLASH(bool _createToken);
public: void mSEMICOLON(bool _createToken);
public: void mEQUAL(bool _createToken);
public: void mQUESTION(bool _createToken);
public: void mCOMMERCIAL_AT(bool _createToken);
public: void mOPENING_PAREN(bool _createToken);
public: void mCLOSING_PAREN(bool _createToken);
public: void mOPENING_SQUARE(bool _createToken);
public: void mCLOSING_SQUARE(bool _createToken);
public: void mOPENING_BRACE(bool _createToken);
public: void mCLOSING_BRACE(bool _createToken);
public: void mCARET(bool _createToken);
public: void mUNDERLINE(bool _createToken);
public: void mTILDE(bool _createToken);
public: void mEXLAMATION(bool _createToken);
public: void mLESS_THAN(bool _createToken);
public: void mGREATER_THAN(bool _createToken);
public: void mDOUBLE_QUOTE(bool _createToken);
private:
static const unsigned long _tokenSet_0_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0;
static const unsigned long _tokenSet_1_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1;
static const unsigned long _tokenSet_2_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2;
static const unsigned long _tokenSet_3_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3;
static const unsigned long _tokenSet_4_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4;
};
#endif /*INC_PFCfgLexer_hpp_*/

3587
src/parsers/PFCfgParser.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

241
src/parsers/PFCfgParser.hpp Normal file
View File

@ -0,0 +1,241 @@
#ifndef INC_PFCfgParser_hpp_
#define INC_PFCfgParser_hpp_
#line 25 "pf.g"
// gets inserted before antlr generated includes in the header
// file
#include "PFImporter.h"
#line 11 "PFCfgParser.hpp"
#include <antlr/config.hpp>
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.hpp"$ */
#include <antlr/TokenStream.hpp>
#include <antlr/TokenBuffer.hpp>
#include "PFCfgParserTokenTypes.hpp"
#include <antlr/LLkParser.hpp>
#line 32 "pf.g"
// gets inserted after antlr generated includes in the header file
// outside any generated namespace specifications
#include <sstream>
class PFImporter;
#line 28 "PFCfgParser.hpp"
#line 56 "pf.g"
// gets inserted after generated namespace specifications in the
// header file. But outside the generated class.
#line 34 "PFCfgParser.hpp"
class CUSTOM_API PFCfgParser : public ANTLR_USE_NAMESPACE(antlr)LLkParser, public PFCfgParserTokenTypes
{
#line 81 "pf.g"
// additional methods and members
public:
std::ostream *dbg;
PFImporter *importer;
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex)
{
importer->addMessageToLog("Parser error: " + ex.toString());
std::cerr << ex.toString() << std::endl;
}
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s)
{
importer->addMessageToLog("Parser error: " + s);
std::cerr << s << std::endl;
}
/// Parser warning-reporting function can be overridden in subclass
virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s)
{
importer->addMessageToLog("Parser warning: " + s);
std::cerr << s << std::endl;
}
#line 38 "PFCfgParser.hpp"
public:
void initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& factory );
protected:
PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf, int k);
public:
PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf);
protected:
PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer, int k);
public:
PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer);
PFCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& state);
int getNumTokens() const
{
return PFCfgParser::NUM_TOKENS;
}
const char* getTokenName( int type ) const
{
if( type > getNumTokens() ) return 0;
return PFCfgParser::tokenNames[type];
}
const char* const* getTokenNames() const
{
return PFCfgParser::tokenNames;
}
public: void cfgfile();
public: void comment();
public: void macro_definition();
public: void altq_command();
public: void antispoof_command();
public: void queue_command();
public: void set_command();
public: void scrub_command();
public: void table_command();
public: void nat_command();
public: void rdr_command();
public: void binat_command();
public: void pass_command();
public: void block_command();
public: void timeout_command();
public: void unknown_command();
public: void tableaddr_spec();
public: void rule_extended();
public: void direction();
public: void logging();
public: void quick();
public: void intrface();
public: void route();
public: void address_family();
public: void protospec();
public: void hosts();
public: void filteropts();
public: void logopts();
public: void logopt();
public: void ifspec();
public: void interface_list();
public: void proto_def();
public: void proto_name();
public: void proto_number();
public: void proto_list();
public: void hosts_from();
public: void hosts_to();
public: void src_hosts_part();
public: void src_port_part();
public: void dst_hosts_part();
public: void dst_port_part();
public: void common_hosts_part();
public: void host();
public: void host_list();
public: void route_to();
public: void reply_to();
public: void routehost();
public: void routehost_list();
public: void filteropt();
public: void tcp_flags();
public: void icmp_type();
public: void icmp6_type();
public: void tagged();
public: void tag_clause();
public: void state();
public: void queue();
public: void label();
public: void icmp_type_code();
public: void icmp_list();
public: void port_op();
public: void port_op_list();
public: void unary_port_op();
public: void binary_port_op();
public: void port_def();
public:
ANTLR_USE_NAMESPACE(antlr)RefAST getAST()
{
return returnAST;
}
protected:
ANTLR_USE_NAMESPACE(antlr)RefAST returnAST;
private:
static const char* tokenNames[];
#ifndef NO_STATIC_CONSTS
static const int NUM_TOKENS = 137;
#else
enum {
NUM_TOKENS = 137
};
#endif
static const unsigned long _tokenSet_0_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0;
static const unsigned long _tokenSet_1_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1;
static const unsigned long _tokenSet_2_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2;
static const unsigned long _tokenSet_3_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3;
static const unsigned long _tokenSet_4_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4;
static const unsigned long _tokenSet_5_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_5;
static const unsigned long _tokenSet_6_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_6;
static const unsigned long _tokenSet_7_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_7;
static const unsigned long _tokenSet_8_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_8;
static const unsigned long _tokenSet_9_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_9;
static const unsigned long _tokenSet_10_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_10;
static const unsigned long _tokenSet_11_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_11;
static const unsigned long _tokenSet_12_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_12;
static const unsigned long _tokenSet_13_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_13;
static const unsigned long _tokenSet_14_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_14;
static const unsigned long _tokenSet_15_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_15;
static const unsigned long _tokenSet_16_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_16;
static const unsigned long _tokenSet_17_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_17;
static const unsigned long _tokenSet_18_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_18;
static const unsigned long _tokenSet_19_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_19;
static const unsigned long _tokenSet_20_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_20;
static const unsigned long _tokenSet_21_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_21;
static const unsigned long _tokenSet_22_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_22;
static const unsigned long _tokenSet_23_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_23;
static const unsigned long _tokenSet_24_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_24;
static const unsigned long _tokenSet_25_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_25;
static const unsigned long _tokenSet_26_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_26;
static const unsigned long _tokenSet_27_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_27;
static const unsigned long _tokenSet_28_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_28;
static const unsigned long _tokenSet_29_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_29;
static const unsigned long _tokenSet_30_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_30;
static const unsigned long _tokenSet_31_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_31;
static const unsigned long _tokenSet_32_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_32;
};
#endif /*INC_PFCfgParser_hpp_*/

153
src/parsers/PFCfgParserTokenTypes.hpp Normal file
View File

@ -0,0 +1,153 @@
#ifndef INC_PFCfgParserTokenTypes_hpp_
#define INC_PFCfgParserTokenTypes_hpp_
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */
#ifndef CUSTOM_API
# define CUSTOM_API
#endif
#ifdef __cplusplus
struct CUSTOM_API PFCfgParserTokenTypes {
#endif
enum {
EOF_ = 1,
NEWLINE = 4,
LINE_COMMENT = 5,
WORD = 6,
EQUAL = 7,
ANTISPOOF = 8,
ALTQ = 9,
QUEUE = 10,
SET = 11,
SCRUB = 12,
TABLE = 13,
LESS_THAN = 14,
GREATER_THAN = 15,
PERSIST = 16,
CONST = 17,
COUNTERS = 18,
FILE = 19,
STRING = 20,
OPENING_BRACE = 21,
COMMA = 22,
CLOSING_BRACE = 23,
EXLAMATION = 24,
SELF = 25,
IPV4 = 26,
SLASH = 27,
INT_CONST = 28,
NAT = 29,
BINAT = 30,
RDR = 31,
TIMEOUT = 32,
PASS = 33,
BLOCK = 34,
IN = 35,
OUT = 36,
LOG = 37,
OPENING_PAREN = 38,
CLOSING_PAREN = 39,
ALL = 40,
USER = 41,
TO = 42,
QUICK = 43,
ON = 44,
INET = 45,
INET6 = 46,
PROTO = 47,
IP = 48,
ICMP = 49,
IGMP = 50,
TCP = 51,
UDP = 52,
RDP = 53,
RSVP = 54,
GRE = 55,
ESP = 56,
AH = 57,
EIGRP = 58,
OSPF = 59,
IPIP = 60,
VRRP = 61,
L2TP = 62,
ISIS = 63,
FROM = 64,
URPF_FAILED = 65,
ANY = 66,
NO_ROUTE = 67,
IPV6 = 68,
ROUTE_TO = 69,
REPLY_TO = 70,
FLAGS = 71,
ICMP_TYPE = 72,
ICMP_CODE = 73,
ICMP6_TYPE = 74,
TAGGED = 75,
TAG = 76,
NO = 77,
KEEP = 78,
MODULATE = 79,
SYNPROXY = 80,
STATE = 81,
LABEL = 82,
PORT = 83,
COLON = 84,
EXIT = 85,
QUIT = 86,
INTRFACE = 87,
ICMP6 = 88,
IGRP = 89,
IPSEC = 90,
NOS = 91,
PCP = 92,
PIM = 93,
PPTP = 94,
RIP = 95,
SNP = 96,
HOST = 97,
RANGE = 98,
LOG_LEVEL_ALERTS = 99,
LOG_LEVEL_CRITICAL = 100,
LOG_LEVEL_DEBUGGING = 101,
LOG_LEVEL_EMERGENCIES = 102,
LOG_LEVEL_ERRORS = 103,
LOG_LEVEL_INFORMATIONAL = 104,
LOG_LEVEL_NOTIFICATIONS = 105,
LOG_LEVEL_WARNINGS = 106,
LOG_LEVEL_DISABLE = 107,
LOG_LEVEL_INACTIVE = 108,
TRANSLATE_TO = 109,
Whitespace = 110,
HEX_CONST = 111,
NUMBER = 112,
NEG_INT_CONST = 113,
HEX_DIGIT = 114,
DIGIT = 115,
NUM_3DIGIT = 116,
NUM_HEX_4DIGIT = 117,
NUMBER_ADDRESS_OR_WORD = 118,
PIPE_CHAR = 119,
NUMBER_SIGN = 120,
PERCENT = 121,
AMPERSAND = 122,
APOSTROPHE = 123,
STAR = 124,
PLUS = 125,
MINUS = 126,
DOT = 127,
SEMICOLON = 128,
QUESTION = 129,
COMMERCIAL_AT = 130,
OPENING_SQUARE = 131,
CLOSING_SQUARE = 132,
CARET = 133,
UNDERLINE = 134,
TILDE = 135,
DOUBLE_QUOTE = 136,
NULL_TREE_LOOKAHEAD = 3
};
#ifdef __cplusplus
};
#endif
#endif /*INC_PFCfgParserTokenTypes_hpp_*/

135
src/parsers/PFCfgParserTokenTypes.txt Normal file
View File

@ -0,0 +1,135 @@
// $ANTLR 2.7.7 (20100319): pf.g -> PFCfgParserTokenTypes.txt$
PFCfgParser // output token vocab name
NEWLINE=4
LINE_COMMENT=5
WORD=6
EQUAL=7
ANTISPOOF="antispoof"=8
ALTQ="altq"=9
QUEUE="queue"=10
SET="set"=11
SCRUB="scrub"=12
TABLE="table"=13
LESS_THAN=14
GREATER_THAN=15
PERSIST="persist"=16
CONST="const"=17
COUNTERS=18
FILE="file"=19
STRING=20
OPENING_BRACE=21
COMMA=22
CLOSING_BRACE=23
EXLAMATION=24
SELF="self"=25
IPV4=26
SLASH=27
INT_CONST=28
NAT="nat"=29
BINAT="binat"=30
RDR="rdr"=31
TIMEOUT="timeout"=32
PASS="pass"=33
BLOCK="block"=34
IN="in"=35
OUT="out"=36
LOG="log"=37
OPENING_PAREN=38
CLOSING_PAREN=39
ALL="all"=40
USER="user"=41
TO="to"=42
QUICK="quick"=43
ON="on"=44
INET="inet"=45
INET6="inet6"=46
PROTO="proto"=47
IP="ip"=48
ICMP="icmp"=49
IGMP="igmp"=50
TCP="tcp"=51
UDP="udp"=52
RDP="rdp"=53
RSVP="rsvp"=54
GRE="gre"=55
ESP="esp"=56
AH="ah"=57
EIGRP="eigrp"=58
OSPF="ospf"=59
IPIP="ipip"=60
VRRP="vrrp"=61
L2TP="l2tp"=62
ISIS="isis"=63
FROM="from"=64
URPF_FAILED="urpf-failed"=65
ANY="any"=66
NO_ROUTE="no-route"=67
IPV6=68
ROUTE_TO="route-to"=69
REPLY_TO="reply-to"=70
FLAGS="flags"=71
ICMP_TYPE="icmp-type"=72
ICMP_CODE="code"=73
ICMP6_TYPE="icmp6-type"=74
TAGGED="tagged"=75
TAG="tag"=76
NO="no"=77
KEEP="keep"=78
MODULATE="modulate"=79
SYNPROXY="synproxy"=80
STATE="state"=81
LABEL="label"=82
PORT="port"=83
COLON=84
EXIT="exit"=85
QUIT="quit"=86
INTRFACE="interface"=87
ICMP6="icmp6"=88
IGRP="igrp"=89
IPSEC="ipsec"=90
NOS="nos"=91
PCP="pcp"=92
PIM="pim"=93
PPTP="pptp"=94
RIP="rip"=95
SNP="snp"=96
HOST="host"=97
RANGE="range"=98
LOG_LEVEL_ALERTS="alerts"=99
LOG_LEVEL_CRITICAL="critical"=100
LOG_LEVEL_DEBUGGING="debugging"=101
LOG_LEVEL_EMERGENCIES="emergencies"=102
LOG_LEVEL_ERRORS="errors"=103
LOG_LEVEL_INFORMATIONAL="informational"=104
LOG_LEVEL_NOTIFICATIONS="notifications"=105
LOG_LEVEL_WARNINGS="warnings"=106
LOG_LEVEL_DISABLE="disable"=107
LOG_LEVEL_INACTIVE="inactive"=108
TRANSLATE_TO="->"=109
Whitespace=110
HEX_CONST=111
NUMBER=112
NEG_INT_CONST=113
HEX_DIGIT=114
DIGIT=115
NUM_3DIGIT=116
NUM_HEX_4DIGIT=117
NUMBER_ADDRESS_OR_WORD=118
PIPE_CHAR=119
NUMBER_SIGN=120
PERCENT=121
AMPERSAND=122
APOSTROPHE=123
STAR=124
PLUS=125
MINUS=126
DOT=127
SEMICOLON=128
QUESTION=129
COMMERCIAL_AT=130
OPENING_SQUARE=131
CLOSING_SQUARE=132
CARET=133
UNDERLINE=134
TILDE=135
DOUBLE_QUOTE=136

7
src/parsers/parsers.pro
View File

@ -10,7 +10,9 @@ SOURCES = IOSCfgLexer.cpp \
IPTCfgLexer.cpp \
IPTCfgParser.cpp \
PIXCfgLexer.cpp \
PIXCfgParser.cpp
PIXCfgParser.cpp \
PFCfgLexer.cpp \
PFCfgParser.cpp
HEADERS = ../../config.h \
IOSCfgLexer.hpp \
@ -22,6 +24,9 @@ HEADERS = ../../config.h \
PIXCfgLexer.hpp \
PIXCfgParser.hpp \
PIXCfgParserTokenTypes.hpp \
PFCfgLexer.hpp \
PFCfgParser.hpp \
PFCfgParserTokenTypes.hpp \
CONFIG += staticlib

1147
src/parsers/pf.g Normal file
View File

@ -0,0 +1,1147 @@
/*
Firewall Builder
Copyright (C) 2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
header "pre_include_hpp"
{
// gets inserted before antlr generated includes in the header
// file
#include "PFImporter.h"
}
header "post_include_hpp"
{
// gets inserted after antlr generated includes in the header file
// outside any generated namespace specifications
#include <sstream>
class PFImporter;
}
header "pre_include_cpp"
{
// gets inserted before the antlr generated includes in the cpp
// file
}
header "post_include_cpp"
{
// gets inserted after the antlr generated includes in the cpp
// file
#include <antlr/Token.hpp>
#include <antlr/TokenBuffer.hpp>
}
header
{
// gets inserted after generated namespace specifications in the
// header file. But outside the generated class.
}
options
{
language="Cpp";
}
class PFCfgParser extends Parser;
options
{
k = 2;
// when default error handler is disabled, parser errors cause
// exception and terminate parsing process. We can catch the exception
// and make the error appear in importer log, but import process
// terminates which is not always optimal
//
// defaultErrorHandler = false;
// see http://www.antlr2.org/doc/options.html
}
{
// additional methods and members
public:
std::ostream *dbg;
PFImporter *importer;
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex)
{
importer->addMessageToLog("Parser error: " + ex.toString());
std::cerr << ex.toString() << std::endl;
}
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s)
{
importer->addMessageToLog("Parser error: " + s);
std::cerr << s << std::endl;
}
/// Parser warning-reporting function can be overridden in subclass
virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s)
{
importer->addMessageToLog("Parser warning: " + s);
std::cerr << s << std::endl;
}
}
cfgfile :
(
comment
|
macro_definition
|
altq_command
|
antispoof_command
|
queue_command
|
set_command
|
scrub_command
|
table_command
|
nat_command
|
rdr_command
|
binat_command
|
pass_command
|
block_command
|
timeout_command
|
unknown_command
|
NEWLINE
)*
;
//****************************************************************
comment : LINE_COMMENT ;
//****************************************************************
macro_definition : WORD EQUAL
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
consumeUntil(NEWLINE);
}
;
//****************************************************************
antispoof_command : ANTISPOOF
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Warning: import of 'antispoof' commands has not been implemented yet."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
altq_command : ALTQ
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Error: import of 'altq' commands is not supported."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
queue_command : QUEUE
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Error: import of 'queue' commands is not supported."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
set_command : SET
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Warning: import of 'set' commands has not been implemented yet."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
scrub_command : SCRUB
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Warning: import of 'scrub' commands has not been implemented yet."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
table_command :
TABLE
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
}
LESS_THAN
name:WORD
GREATER_THAN
( PERSIST ) ?
( CONST ) ?
( COUNTERS )?
(
FILE file:STRING
{
importer->newAddressTableObject(
name->getText(), file->getText());
}
|
OPENING_BRACE
tableaddr_spec
(
( COMMA )?
tableaddr_spec
)*
CLOSING_BRACE
{
importer->newAddressTableObject(
name->getText(), importer->tmp_group);
}
)
;
tableaddr_spec { AddressSpec as; } :
( EXLAMATION { as.neg = true; } )?
(
WORD
{
as.at = AddressSpec::INTERFACE_NAME;
as.address = LT(0)->getText();
}
|
SELF
{
as.at = AddressSpec::SPECIAL_ADDRESS;
as.address = "self";
}
|
IPV4
{
as.at = AddressSpec::HOST_ADDRESS;
as.address = LT(0)->getText();
}
(
SLASH
{
as.at = AddressSpec::NETWORK_ADDRESS;
}
( IPV4 | INT_CONST )
{
as.netmask = LT(0)->getText();
}
)?
)
{
importer->tmp_group.push_back(as);
}
;
//****************************************************************
nat_command : NAT
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Warning: import of 'nat' commands has not been implemented yet."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
binat_command : BINAT
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Error: import of 'binat' commands is not supported."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
rdr_command : RDR
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Warning: import of 'rdr' commands has not been implemented yet."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
timeout_command : TIMEOUT
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Warning: import of 'timeout' commands has not been implemented yet."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
unknown_command : WORD
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
consumeUntil(NEWLINE);
}
;
//****************************************************************
pass_command : PASS
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newPolicyRule();
importer->action = "pass";
*dbg << LT(1)->getLine() << ":" << " pass ";
}
rule_extended NEWLINE
{
importer->pushRule();
}
;
block_command : BLOCK
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newPolicyRule();
importer->action = "block";
*dbg << LT(1)->getLine() << ":" << " block ";
}
rule_extended NEWLINE
{
importer->pushRule();
}
;
rule_extended :
( direction )?
( logging )?
( quick )?
( intrface )?
( route )?
( address_family )?
( protospec )?
( hosts )?
( filteropts )?
;
direction : ( IN | OUT )
{
importer->direction = LT(0)->getText();
}
;
logging :
LOG (logopts)?
{
importer->logging = true;
}
;
logopts :
OPENING_PAREN
logopt
(
COMMA { importer->logopts += ","; }
logopt
)*
CLOSING_PAREN
;
logopt : ALL | USER | TO WORD
{
importer->logopts += LT(0)->getText();
}
;
quick : QUICK
{
importer->quick = true;
}
;
intrface : ON ( ifspec | interface_list )
;
ifspec { InterfaceSpec is; } :
( EXLAMATION { is.neg = true; } )?
WORD
{
is.name = LT(0)->getText();
importer->iface_group.push_back(is);
importer->newInterface(is.name);
}
;
interface_list :
OPENING_BRACE
ifspec
(
( COMMA )?
ifspec
)*
CLOSING_BRACE
;
address_family : INET | INET6
{
importer->address_family = LT(0)->getText();
}
;
protospec : PROTO proto_def
;
proto_def :
(
proto_name
|
proto_number
|
proto_list
)
;
proto_name : (IP | ICMP | IGMP | TCP | UDP | RDP | RSVP | GRE | ESP | AH |
EIGRP | OSPF | IPIP | VRRP | L2TP | ISIS )
{
importer->proto_list.push_back(LT(0)->getText());
}
;
proto_number : INT_CONST
{
importer->proto_list.push_back(LT(0)->getText());
}
;
proto_list :
OPENING_BRACE
proto_def
(
( COMMA )?
proto_def
)*
CLOSING_BRACE
;
hosts :
ALL
{
importer->src_group.push_back(
AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
importer->dst_group.push_back(
AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
}
|
( hosts_from )? ( hosts_to )?
;
hosts_from :
FROM ( src_hosts_part )? ( src_port_part )?
;
hosts_to :
TO ( dst_hosts_part )? ( dst_port_part )?
;
src_hosts_part :
(
common_hosts_part
|
URPF_FAILED
{
importer->tmp_group.push_back(
AddressSpec(AddressSpec::SPECIAL_ADDRESS, false,
"urpf-failed", ""));
}
)
{
importer->src_neg = importer->tmp_neg;
importer->src_group.splice(importer->src_group.begin(),
importer->tmp_group);
}
;
dst_hosts_part :
common_hosts_part
{
importer->dst_neg = importer->tmp_neg;
importer->dst_group.splice(importer->dst_group.begin(),
importer->tmp_group);
}
;
common_hosts_part :
ANY
{
importer->tmp_group.push_back(
AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
}
|
NO_ROUTE
{
importer->tmp_group.push_back(
AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "no-route", ""));
}
|
host
|
host_list
;
host { AddressSpec as; } :
( EXLAMATION { as.neg = true; } )?
(
WORD
{
// interface name or domain/host name
as.at = AddressSpec::INTERFACE_NAME;
as.address = LT(0)->getText();
}
|
SELF
{
as.at = AddressSpec::SPECIAL_ADDRESS;
as.address = "self";
}
|
IPV6
{
importer->addMessageToLog(
QString("Error: IPv6 import is not supported. "));
consumeUntil(NEWLINE);
}
|
IPV4
{
as.at = AddressSpec::HOST_ADDRESS;
as.address = LT(0)->getText();
}
(
SLASH
{
as.at = AddressSpec::NETWORK_ADDRESS;
}
( IPV4 | INT_CONST )
{
as.netmask = LT(0)->getText();
}
)?
|
LESS_THAN tn:WORD GREATER_THAN
{
as.at = AddressSpec::TABLE;
as.address = tn->getText();
}
)
{
importer->tmp_group.push_back(as);
}
;
host_list :
OPENING_BRACE
host
(
COMMA
host
)*
CLOSING_BRACE
;
// ************************************************************************
route :
route_to | reply_to
;
route_to :
ROUTE_TO ( routehost | routehost_list )
{
importer->route_type = PFImporter::ROUTE_TO;
}
;
reply_to :
REPLY_TO ( routehost | routehost_list )
{
importer->route_type = PFImporter::REPLY_TO;
}
;
routehost { RouteSpec rs; } :
OPENING_PAREN
WORD { rs.iface = LT(0)->getText(); }
(h:IPV4 | v6:IPV6) (SLASH (nm:IPV4 | nm6:INT_CONST))?
{
if (v6)
{
importer->addMessageToLog(
QString("Error: IPv6 import is not supported. "));
consumeUntil(NEWLINE);
} else
{
if (h) rs.address = h->getText();
if (nm) rs.netmask = nm->getText();
importer->route_group.push_back(rs);
}
}
CLOSING_PAREN
;
routehost_list :
OPENING_BRACE
routehost
(
( COMMA )?
routehost
)*
CLOSING_BRACE
;
// ************************************************************************
filteropts :
filteropt
(
( COMMA )?
filteropt
)*
;
filteropt :
tcp_flags
|
icmp_type
|
icmp6_type
|
tagged
|
tag_clause
|
state
|
queue
|
label
;
tcp_flags :
FLAGS
(
ANY
{
importer->flags_check = "any";
importer->flags_mask = "all";
}
|
( check:WORD )? SLASH ( mask:WORD )?
{
if (check)
importer->flags_check = check->getText();
else
importer->flags_check = "any";
if (mask)
importer->flags_mask = mask->getText();
else
importer->flags_mask = "all";
}
)
;
icmp_type :
ICMP_TYPE
(
icmp_type_code
|
icmp_list
)
;
icmp_type_code { std::string icmp_type, icmp_code; } :
( WORD | INT_CONST ) { icmp_type = LT(0)->getText(); }
(
ICMP_CODE ( WORD | INT_CONST ) { icmp_code = LT(0)->getText(); }
)?
{
importer->icmp_type_code_group.push_back(
str_tuple(icmp_type, icmp_code));
}
;
icmp_list :
OPENING_BRACE
icmp_type_code
(
( COMMA )?
icmp_type_code
)*
CLOSING_BRACE
;
icmp6_type :
ICMP6_TYPE
{
importer->addMessageToLog(
QString("Error: ICMP6 import is not supported. "));
consumeUntil(NEWLINE);
}
;
tagged :
TAGGED WORD
{
importer->tagged = LT(0)->getText();
}
;
tag_clause :
TAG WORD
{
importer->tag = LT(0)->getText();
}
;
state :
(
NO
|
KEEP
|
MODULATE
|
SYNPROXY
)
{
importer->state_op = LT(0)->getText();
}
STATE
;
queue :
QUEUE
(
WORD { importer->queue += LT(0)->getText(); }
|
OPENING_PAREN
WORD { importer->queue += LT(0)->getText(); }
(
COMMA { importer->queue += ","; }
WORD { importer->queue += LT(0)->getText(); }
)*
CLOSING_PAREN
)
;
label :
LABEL STRING
;
//****************************************************************
src_port_part :
PORT ( port_op | port_op_list )
{
importer->src_port_group.splice(importer->src_port_group.begin(),
importer->tmp_port_group);
}
;
dst_port_part :
PORT ( port_op | port_op_list )
{
importer->dst_port_group.splice(importer->dst_port_group.begin(),
importer->tmp_port_group);
}
;
unary_port_op :
(
EQUAL { importer->tmp_port_op = "="; }
|
EXLAMATION EQUAL { importer->tmp_port_op = "!="; }
|
LESS_THAN { importer->tmp_port_op = "<"; }
|
LESS_THAN EQUAL { importer->tmp_port_op = "<="; }
|
GREATER_THAN { importer->tmp_port_op = ">"; }
|
GREATER_THAN EQUAL { importer->tmp_port_op = ">="; }
)
;
binary_port_op :
(
LESS_THAN GREATER_THAN { importer->tmp_port_op = "<>"; }
|
GREATER_THAN LESS_THAN { importer->tmp_port_op = "><"; }
|
COLON { importer->tmp_port_op = ":"; }
)
;
port_op { PortSpec ps; } :
(
unary_port_op { ps.port_op = importer->tmp_port_op; }
port_def
{
ps.port1 = importer->tmp_port_def;
ps.port2 = importer->tmp_port_def;
}
|
port_def
{
ps.port1 = importer->tmp_port_def;
ps.port2 = ps.port1;
ps.port_op = "=";
}
(
binary_port_op { ps.port_op = importer->tmp_port_op; }
port_def { ps.port2 = LT(0)->getText(); }
)?
)
{
importer->tmp_port_group.push_back(ps);
}
;
port_def :
WORD | INT_CONST
{
importer->tmp_port_def = LT(0)->getText();
}
;
port_op_list :
OPENING_BRACE
port_op
(
( COMMA )?
port_op
)*
CLOSING_BRACE
;
//****************************************************************
class PFCfgLexer extends Lexer;
options
{
k = 3;
// ASCII only
charVocabulary = '\3'..'\377';
}
tokens
{
EXIT = "exit";
QUIT = "quit";
NO = "no";
INTRFACE = "interface";
PASS = "pass";
BLOCK = "block";
QUICK = "quick";
IN = "in";
OUT = "out";
ON = "on";
PROTO = "proto";
FROM = "from";
TO = "to";
INET = "inet";
INET6 = "inet6";
// protocols
IP = "ip";
ICMP = "icmp";
ICMP6 = "icmp6";
TCP = "tcp";
UDP = "udp";
AH = "ah";
EIGRP = "eigrp";
ESP = "esp";
GRE = "gre";
IGMP = "igmp";
IGRP = "igrp";
IPIP = "ipip";
IPSEC = "ipsec";
NOS = "nos";
OSPF = "ospf";
PCP = "pcp";
PIM = "pim";
PPTP = "pptp";
RIP = "rip";
SNP = "snp";
RDP = "rdp";
RSVP = "rsvp";
VRRP = "vrrp";
L2TP = "l2tp";
ISIS = "isis";
HOST = "host";
ANY = "any";
ALL = "all";
USER = "user";
PORT = "port";
RANGE = "range";
LOG = "log";
NO_ROUTE = "no-route";
SELF = "self";
URPF_FAILED = "urpf-failed";
LOG_LEVEL_ALERTS = "alerts";
LOG_LEVEL_CRITICAL = "critical";
LOG_LEVEL_DEBUGGING = "debugging";
LOG_LEVEL_EMERGENCIES = "emergencies";
LOG_LEVEL_ERRORS = "errors";
LOG_LEVEL_INFORMATIONAL = "informational";
LOG_LEVEL_NOTIFICATIONS = "notifications";
LOG_LEVEL_WARNINGS = "warnings";
LOG_LEVEL_DISABLE = "disable";
LOG_LEVEL_INACTIVE = "inactive";
TIMEOUT = "timeout";
ALTQ = "altq";
ANTISPOOF = "antispoof";
SET = "set";
SCRUB = "scrub";
NAT = "nat";
RDR = "rdr";
BINAT = "binat";
TABLE = "table";
CONST = "const";
PERSIST = "persist";
FILE = "file";
QUEUE = "queue";
LABEL = "label";
ROUTE_TO = "route-to";
REPLY_TO = "reply-to";
TAG = "tag";
TAGGED = "tagged";
TRANSLATE_TO = "->";
STATE = "state";
KEEP = "keep";
MODULATE = "modulate";
SYNPROXY = "synproxy";
FLAGS = "flags";
ICMP_TYPE = "icmp-type";
ICMP6_TYPE = "icmp6-type";
ICMP_CODE = "code";
}
LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ;
Whitespace : ( '\003'..'\010' | '\t' | '\013' | '\f' | '\016'.. '\037' | '\177'..'\377' | ' ' )
{ $setType(ANTLR_USE_NAMESPACE(antlr)Token::SKIP); } ;
//COMMENT_START : '!' ;
NEWLINE : ( "\r\n" | '\r' | '\n' ) { newline(); } ;
protected
INT_CONST:;
protected
HEX_CONST:;
protected
NUMBER:;
protected
NEG_INT_CONST:;
protected
COLON : ;
protected
HEX_DIGIT : '0'..'9' 'a'..'f' ;
protected
DIGIT : '0'..'9' ;
protected
NUM_3DIGIT: ('0'..'9') (('0'..'9') ('0'..'9')?)? ;
protected
NUM_HEX_4DIGIT: HEX_DIGIT ((HEX_DIGIT) ((HEX_DIGIT) (HEX_DIGIT)?)?)? ;
NUMBER_ADDRESS_OR_WORD
options {
testLiterals = true;
}
:
( NUM_3DIGIT '.' NUM_3DIGIT '.' ) =>
(NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT)
{ $setType(IPV4); }
|
( (DIGIT)+ '.' (DIGIT)+ )=> ( (DIGIT)+ '.' (DIGIT)+ )
{ $setType(NUMBER); }
// |
// ( (DIGIT)+ ':' (DIGIT)+ )=> ( (DIGIT)+ ':' (DIGIT)+ )
// { $setType(PORT_RANGE); }
|
( DIGIT )+ { $setType(INT_CONST); }
// IPv6 RULE
| (NUM_HEX_4DIGIT ':')=>
(
((NUM_HEX_4DIGIT ':')+ ':')=>
(
(NUM_HEX_4DIGIT ':')+ ':'
(NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)*)?
) { $setType(IPV6); }
| NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)+
{ $setType(IPV6); }
) { $setType(IPV6); }
| (':' ':' NUM_HEX_4DIGIT)=>
':' ':' NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)*
{ $setType(IPV6); }
| ':' ':'
{ $setType(IPV6); }
| ':'
{ $setType(COLON); }
|
// making sure ',' '(' ')' '=' '<' '>' '+' are not part of WORD do
// not start WORD with '$' since we expand macros in PFImporterRun
// using regex.
// double quote " should be included, without it STRING does not match
( 'a'..'z' | 'A'..'Z' )
( '"' | '$' | '%' | '&' | '-' | '0'..'9' | ';' |
'?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )*
{ $setType(WORD); }
;
STRING : '"' (~'"')* '"';
PIPE_CHAR : '|';
NUMBER_SIGN : '#' ;
// DOLLAR : '$' ;
PERCENT : '%' ;
AMPERSAND : '&' ;
APOSTROPHE : '\'' ;
STAR : '*' ;
PLUS : '+' ;
COMMA : ',' ;
MINUS : '-' ;
DOT : '.' ;
SLASH : '/' ;
//COLON : ':' ;
SEMICOLON : ';' ;
EQUAL : '=';
QUESTION : '?' ;
COMMERCIAL_AT : '@' ;
OPENING_PAREN : '(' ;
CLOSING_PAREN : ')' ;
OPENING_SQUARE : '[' ;
CLOSING_SQUARE : ']' ;
OPENING_BRACE : '{' ;
CLOSING_BRACE : '}' ;
CARET : '^' ;
UNDERLINE : '_' ;
TILDE : '~' ;
EXLAMATION : '!';
LESS_THAN : '<' ;
GREATER_THAN : '>' ;
DOUBLE_QUOTE : '"';

17
src/pflib/PolicyCompiler_pf.cpp
View File

@ -29,6 +29,7 @@
#include "NATCompiler_pf.h"
#include "fwbuilder/AddressTable.h"
#include "fwbuilder/DNSName.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/FailoverClusterGroup.h"
#include "fwbuilder/Firewall.h"
@ -655,6 +656,8 @@ bool PolicyCompiler_pf::addLoopbackForRedirect::processNext()
for (FWObject::iterator j=dst->begin(); j!=dst->end(); j++)
{
FWObject *o2 = FWReference::getObject(*j);
if (o2->getName() == "self" && DNSName::isA(o2)) continue;
Address *a = Address::cast( o2 );
assert(a);
@ -937,7 +940,20 @@ void PolicyCompiler_pf::compile()
// "process interface policy rules and store interface ids"));
add(new splitIfFirewallInSrc("split rule if firewall is in Src"));
add(new ReplaceFirewallObjectWithSelfInSrc(
"Replace firewall object with 'self' in Src"));
add(new splitIfFirewallInDst("split rule if firewall is in Dst"));
add(new ReplaceFirewallObjectWithSelfInDst(
"Replace firewall object with 'self' in Dst"));
// call these again since "self" is a MultiAddress object
add( new swapMultiAddressObjectsInSrc(
" swap MultiAddress -> MultiAddressRunTime in Src"));
add( new swapMultiAddressObjectsInDst(
" swap MultiAddress -> MultiAddressRunTime in Dst"));
add(new fillDirection("determine directions"));
// commented out for bug #2828602
@ -949,6 +965,7 @@ void PolicyCompiler_pf::compile()
"add loopback to rules that permit redirected services"));
add(new ExpandMultipleAddresses(
"expand objects with multiple addresses"));
add(new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add(new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls"));

4
src/pflib/PolicyCompiler_pf_writers.cpp
View File

@ -758,7 +758,7 @@ string PolicyCompiler_pf::PrintRule::_printTCPFlags(libfwbuilder::TCPService *sr
return str;
}
void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool )
void PolicyCompiler_pf::PrintRule::_printAddr(Address *o, bool )
{
MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o);
if (atrt!=NULL)
@ -880,7 +880,7 @@ void PolicyCompiler_pf::PrintRule::_printDstAddr(RuleElement *rel)
FWReference *oref = FWReference::cast(o);
if (o && oref!=NULL) o=oref->getPointer();
Address *dst= Address::cast(o);
Address *dst = Address::cast(o);
_printNegation(rel);

6
test/ipt/cluster1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:18 2011 PDT by vadim
# Generated Thu May 26 14:18:20 2011 PDT by vadim
#
# files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw
#
@ -609,7 +609,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-base-rulesets.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:25 2011 PDT by vadim
# Generated Thu May 26 14:17:25 2011 PDT by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
#
@ -466,7 +466,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:25 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:38 2011 PDT by vadim
# Generated Thu May 26 14:17:30 2011 PDT by vadim
#
# files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw
#
@ -723,7 +723,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:38 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:38 2011 PDT by vadim
# Generated Thu May 26 14:17:31 2011 PDT by vadim
#
# files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw
#
@ -987,7 +987,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:38 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:49 2011 PDT by vadim
# Generated Thu May 26 14:17:36 2011 PDT by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
#
@ -617,7 +617,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:49 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-4-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:00 2011 PDT by vadim
# Generated Thu May 26 14:17:41 2011 PDT by vadim
#
# files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw
#
@ -568,7 +568,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:00 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:49 2011 PDT by vadim
# Generated Thu May 26 14:17:36 2011 PDT by vadim
#
# files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw
#
@ -604,7 +604,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:49 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:51 2011 PDT by vadim
# Generated Thu May 26 14:17:40 2011 PDT by vadim
#
# files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:51 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:53 2011 PDT by vadim
# Generated Thu May 26 14:17:44 2011 PDT by vadim
#
# files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw
#
@ -422,7 +422,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:53 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:44 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:55 2011 PDT by vadim
# Generated Thu May 26 14:17:45 2011 PDT by vadim
#
# files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw
#
@ -466,7 +466,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:55 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sun May 15 12:01:42 2011 PDT by vadim
# Generated Thu May 26 14:17:47 2011 PDT by vadim
#
# files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw
#
@ -539,7 +539,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sun May 15 12:01:42 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:58 2011 PDT by vadim
# Generated Thu May 26 14:17:49 2011 PDT by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw
#
@ -463,7 +463,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:58 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:00 2011 PDT by vadim
# Generated Thu May 26 14:17:52 2011 PDT by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw
#
@ -463,7 +463,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:00 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:52 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:02 2011 PDT by vadim
# Generated Thu May 26 14:17:53 2011 PDT by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw
#
@ -463,7 +463,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:02 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-nd-ns-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:02 2011 PDT by vadim
# Generated Thu May 26 14:17:56 2011 PDT by vadim
#
# files: * firewall-ipv6-nd-ns-1.fw /etc/firewall-ipv6-nd-ns-1.fw
#
@ -463,7 +463,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:02 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-nd-ns-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:04 2011 PDT by vadim
# Generated Thu May 26 14:17:57 2011 PDT by vadim
#
# files: * firewall-ipv6-nd-ns-2.fw /etc/firewall-ipv6-nd-ns-2.fw
#
@ -467,7 +467,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:04 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:05 2011 PDT by vadim
# Generated Thu May 26 14:17:59 2011 PDT by vadim
#
# files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw
#
@ -441,7 +441,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:05 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:59 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:06 2011 PDT by vadim
# Generated Thu May 26 14:18:00 2011 PDT by vadim
#
# files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw
#
@ -441,7 +441,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:06 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:00 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:07 2011 PDT by vadim
# Generated Thu May 26 14:18:03 2011 PDT by vadim
#
# files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw
#
@ -441,7 +441,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:07 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:03 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-server-1-s.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:08 2011 PDT by vadim
# Generated Thu May 26 14:18:04 2011 PDT by vadim
#
# files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw
#
@ -414,7 +414,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:08 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:37 2011 PDT by vadim
# Generated Thu May 26 14:14:24 2011 PDT by vadim
#
# files: * firewall.fw /etc/fw/firewall.fw
#
@ -1397,7 +1397,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:37 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:39 2011 PDT by vadim
# Generated Thu May 26 14:14:27 2011 PDT by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
#
@ -1269,7 +1269,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:39 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall10.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:39 2011 PDT by vadim
# Generated Thu May 26 14:14:27 2011 PDT by vadim
#
# files: * firewall10.fw /etc/fw/firewall10.fw
#
@ -494,7 +494,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:39 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:42 2011 PDT by vadim
# Generated Thu May 26 14:14:32 2011 PDT by vadim
#
# files: * firewall11.fw /etc/fw/firewall11.fw
#
@ -614,7 +614,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:42 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall12.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:42 2011 PDT by vadim
# Generated Thu May 26 14:14:32 2011 PDT by vadim
#
# files: * firewall12.fw /etc/fw/firewall12.fw
#
@ -532,7 +532,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:42 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall13.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:44 2011 PDT by vadim
# Generated Thu May 26 14:14:37 2011 PDT by vadim
#
# files: * firewall13.fw /etc/fw/firewall13.fw
#
@ -406,7 +406,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:44 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall14.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:44 2011 PDT by vadim
# Generated Thu May 26 14:14:37 2011 PDT by vadim
#
# files: * firewall14.fw /etc/fw/firewall14.fw
#
@ -425,7 +425,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:44 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall15.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:47 2011 PDT by vadim
# Generated Thu May 26 14:14:42 2011 PDT by vadim
#
# files: * firewall15.fw /etc/fw/firewall15.fw
#
@ -409,7 +409,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:47 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall16.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:47 2011 PDT by vadim
# Generated Thu May 26 14:14:42 2011 PDT by vadim
#
# files: * firewall16.fw /etc/fw/firewall16.fw
#
@ -513,7 +513,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:47 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall17.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:49 2011 PDT by vadim
# Generated Thu May 26 14:14:46 2011 PDT by vadim
#
# files: * firewall17.fw /etc/fw/firewall17.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:49 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall18.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:50 2011 PDT by vadim
# Generated Thu May 26 14:14:46 2011 PDT by vadim
#
# files: * firewall18.fw /etc/fw/firewall18.fw
#
@ -527,7 +527,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:50 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall19.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:52 2011 PDT by vadim
# Generated Thu May 26 14:14:51 2011 PDT by vadim
#
# files: * firewall19.fw /etc/fw/firewall19.fw
#
@ -531,7 +531,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:52 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall2-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:00 2011 PDT by vadim
# Generated Thu May 26 14:15:04 2011 PDT by vadim
#
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
#
@ -1451,7 +1451,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:00 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:04 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:04 2011 PDT by vadim
# Generated Thu May 26 14:15:09 2011 PDT by vadim
#
# files: * firewall2-2.fw /etc/fw/firewall2-2.fw
#
@ -1280,7 +1280,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:04 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:09 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:05 2011 PDT by vadim
# Generated Thu May 26 14:15:13 2011 PDT by vadim
#
# files: * firewall2-3.fw /etc/fw/firewall2-3.fw
#
@ -1139,7 +1139,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:05 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:08 2011 PDT by vadim
# Generated Thu May 26 14:15:18 2011 PDT by vadim
#
# files: * firewall2-4.fw /etc/fw/firewall2-4.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:08 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:18 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:10 2011 PDT by vadim
# Generated Thu May 26 14:15:22 2011 PDT by vadim
#
# files: * firewall2-5.fw /etc/fw/firewall2-5.fw
#
@ -476,7 +476,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:10 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:12 2011 PDT by vadim
# Generated Thu May 26 14:15:27 2011 PDT by vadim
#
# files: * firewall2-6.fw /etc/fw/firewall2-6.fw
#
@ -503,7 +503,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:12 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:14 2011 PDT by vadim
# Generated Thu May 26 14:15:32 2011 PDT by vadim
#
# files: * firewall2-7.fw /etc/fw/firewall2-7.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:14 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:54 2011 PDT by vadim
# Generated Thu May 26 14:14:53 2011 PDT by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
#
@ -1503,7 +1503,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:54 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:53 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall20-ipv6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:56 2011 PDT by vadim
# Generated Thu May 26 14:14:57 2011 PDT by vadim
#
# files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw
#
@ -477,7 +477,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:56 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall20.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:54 2011 PDT by vadim
# Generated Thu May 26 14:14:54 2011 PDT by vadim
#
# files: * firewall20.fw /etc/fw/firewall20.fw
#
@ -695,7 +695,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:54 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:54 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall21-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:58 2011 PDT by vadim
# Generated Thu May 26 14:15:02 2011 PDT by vadim
#
# files: * firewall21-1.fw /etc/fw/firewall21-1.fw
#
@ -495,7 +495,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:58 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall21.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:39:56 2011 PDT by vadim
# Generated Thu May 26 14:14:58 2011 PDT by vadim
#
# files: * firewall21.fw /etc/fw/firewall21.fw
#
@ -494,7 +494,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:39:56 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:14:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall22.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:00 2011 PDT by vadim
# Generated Thu May 26 14:15:05 2011 PDT by vadim
#
# files: * firewall22.fw /etc/fw/firewall22.fw
#
@ -411,7 +411,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:00 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall23-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:06 2011 PDT by vadim
# Generated Thu May 26 14:15:13 2011 PDT by vadim
#
# files: * firewall23-1.fw /etc/fw/firewall23-1.fw
#
@ -585,7 +585,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:06 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall23.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:03 2011 PDT by vadim
# Generated Thu May 26 14:15:08 2011 PDT by vadim
#
# files: * firewall23.fw /etc/fw/firewall23.fw
#
@ -497,7 +497,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:03 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall24.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:07 2011 PDT by vadim
# Generated Thu May 26 14:15:17 2011 PDT by vadim
#
# files: * firewall24.fw /etc/fw/firewall24.fw
#
@ -514,7 +514,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:07 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall25.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:10 2011 PDT by vadim
# Generated Thu May 26 14:15:22 2011 PDT by vadim
#
# files: * firewall25.fw /etc/fw/firewall25.fw
#
@ -705,7 +705,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:10 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall26.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:12 2011 PDT by vadim
# Generated Thu May 26 14:15:27 2011 PDT by vadim
#
# files: * firewall26.fw /etc/fw/firewall26.fw
#
@ -585,7 +585,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:12 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall27.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:14 2011 PDT by vadim
# Generated Thu May 26 14:15:32 2011 PDT by vadim
#
# files: * firewall27.fw /etc/fw/firewall27.fw
#
@ -567,7 +567,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:14 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall28.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:17 2011 PDT by vadim
# Generated Thu May 26 14:15:36 2011 PDT by vadim
#
# files: * firewall28.fw /etc/fw/firewall28.fw
#
@ -430,7 +430,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:17 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall29.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:17 2011 PDT by vadim
# Generated Thu May 26 14:15:36 2011 PDT by vadim
#
# files: * firewall29.fw /etc/fw/firewall29.fw
#
@ -465,7 +465,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:17 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:19 2011 PDT by vadim
# Generated Thu May 26 14:15:41 2011 PDT by vadim
#
# files: * firewall3.fw /etc/fw/firewall3.fw
#
@ -599,7 +599,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall30.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:19 2011 PDT by vadim
# Generated Thu May 26 14:15:41 2011 PDT by vadim
#
# files: * firewall30.fw /etc/fw/firewall30.fw
#
@ -396,7 +396,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall31.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:22 2011 PDT by vadim
# Generated Thu May 26 14:15:45 2011 PDT by vadim
#
# files: * firewall31.fw /etc/fw/firewall31.fw
#
@ -468,7 +468,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:22 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall32.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:22 2011 PDT by vadim
# Generated Thu May 26 14:15:45 2011 PDT by vadim
#
# files: * firewall32.fw /etc/fw/firewall32.fw
#
@ -439,7 +439,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:22 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

17
test/ipt/firewall33-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:29 2011 PDT by vadim
# Generated Thu May 26 14:15:50 2011 PDT by vadim
#
# files: * firewall33-1.fw /etc/fw/firewall33-1.fw
#
@ -416,12 +416,11 @@ script_body() {
#
$IPTABLES -N Cid438728A918346.0
$IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.99 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.103 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.104 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.105 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.106 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.147 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.112 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.113 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.114 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.115 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.116 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -547,7 +546,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:29 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

17
test/ipt/firewall33.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:29 2011 PDT by vadim
# Generated Thu May 26 14:15:51 2011 PDT by vadim
#
# files: * firewall33.fw /etc/fw/firewall33.fw
#
@ -466,12 +466,11 @@ script_body() {
$IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.99 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.103 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.104 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.105 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.106 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.147 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.112 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.113 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.114 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.115 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.116 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -596,7 +595,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:29 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:31 2011 PDT by vadim
# Generated Thu May 26 14:15:55 2011 PDT by vadim
#
# files: * firewall34.fw /etc/fw/firewall34.fw
#
@ -671,7 +671,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:31 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall35.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:31 2011 PDT by vadim
# Generated Thu May 26 14:15:55 2011 PDT by vadim
#
# files: * firewall35.fw /etc/fw/firewall35.fw
#
@ -563,7 +563,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:31 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:34 2011 PDT by vadim
# Generated Thu May 26 14:16:00 2011 PDT by vadim
#
# files: * firewall36-1.fw /etc/firewall36-1.fw
#
@ -454,7 +454,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:34 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:36 2011 PDT by vadim
# Generated Thu May 26 14:16:04 2011 PDT by vadim
#
# files: * firewall36-2.fw /etc/firewall36-2.fw
#
@ -454,7 +454,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:36 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:33 2011 PDT by vadim
# Generated Thu May 26 14:16:00 2011 PDT by vadim
#
# files: * firewall36.fw /etc/firewall36.fw
#
@ -518,7 +518,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:33 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall37-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:38 2011 PDT by vadim
# Generated Thu May 26 14:16:07 2011 PDT by vadim
#
# files: * firewall37-1.fw /etc/fw/firewall37-1.fw
#
@ -987,7 +987,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:38 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

81
test/ipt/firewall37-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:39 2011 PDT by vadim
# Generated Thu May 26 14:16:09 2011 PDT by vadim
#
# files: * firewall37-2.fw /etc/fw/firewall37-2.fw
#
@ -328,6 +328,14 @@ script_body() {
# ================ Table 'mangle', rule set classify_2
#
# Rule classify_2 0 (global)
#
echo "Rule classify_2 0 (global)"
#
$IPTABLES -N classify_2 -t mangle
$IPTABLES -t mangle -A classify_2 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:12
# ================ Table 'mangle', rule set Policy
#
# Rule 0 (eth0)
@ -497,6 +505,38 @@ script_body() {
$IPTABLES -t mangle -A POSTROUTING -i eth0 -s 192.168.1.0/24 -j Cid994761X26049.1
$IPTABLES -t mangle -A Cid994761X26049.1 -p icmp -m icmp --icmp-type 8/0 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A Cid994761X26049.1 -p tcp -m tcp --dport 80 -j CLASSIFY --set-class 1:2
#
# Rule 16 (global)
#
echo "Rule 16 (global)"
#
# test for #2405
# branching in mangle; branch rule set
# uses CLASSIFY that is ivalid in PREROUTING
# "Assume fw is part of any" is off for this rule
$IPTABLES -t mangle -A PREROUTING -j classify_2
$IPTABLES -t mangle -A POSTROUTING -j classify_2
$IPTABLES -t mangle -A FORWARD -j classify_2
#
# Rule 17 (global)
#
echo "Rule 17 (global)"
#
# test for #2405
# branching in mangle; branch rule set
# uses CLASSIFY that is ivalid in PREROUTING
# "Assume fw is part of any" is off for this rule
# Should create branch in OUTPUT instead of
# enumerating all ip addresses of the fw in PREROUTING
$IPTABLES -t mangle -A PREROUTING -s 22.22.23.22 -j classify_2
$IPTABLES -t mangle -A PREROUTING -s 192.168.1.22 -j classify_2
$IPTABLES -t mangle -A PREROUTING -s 192.168.2.1 -j classify_2
$IPTABLES -t mangle -A POSTROUTING -s 22.22.23.22 -j classify_2
$IPTABLES -t mangle -A POSTROUTING -s 192.168.1.22 -j classify_2
$IPTABLES -t mangle -A POSTROUTING -s 192.168.2.1 -j classify_2
$IPTABLES -t mangle -A FORWARD -s 22.22.23.22 -j classify_2
$IPTABLES -t mangle -A FORWARD -s 192.168.1.22 -j classify_2
$IPTABLES -t mangle -A FORWARD -s 192.168.2.1 -j classify_2
# ================ Table 'filter', rule set Policy
#
@ -580,12 +620,35 @@ script_body() {
#
echo "Rule 16 (global)"
#
$IPTABLES -N RULE_16
$IPTABLES -A OUTPUT -j RULE_16
$IPTABLES -A INPUT -j RULE_16
$IPTABLES -A FORWARD -j RULE_16
$IPTABLES -A RULE_16 -j LOG --log-level info --log-prefix "RULE 16 -- DENY "
$IPTABLES -A RULE_16 -j DROP
# test for #2405
# branching in mangle; branch rule set
# uses CLASSIFY that is ivalid in PREROUTING
# "Assume fw is part of any" is off for this rule
$IPTABLES -N classify_2
$IPTABLES -A FORWARD -j classify_2
#
# Rule 17 (global)
#
echo "Rule 17 (global)"
#
# test for #2405
# branching in mangle; branch rule set
# uses CLASSIFY that is ivalid in PREROUTING
# "Assume fw is part of any" is off for this rule
# Should create branch in OUTPUT instead of
# enumerating all ip addresses of the fw in PREROUTING
$IPTABLES -A OUTPUT -j classify_2
#
# Rule 18 (global)
#
echo "Rule 18 (global)"
#
$IPTABLES -N RULE_18
$IPTABLES -A OUTPUT -j RULE_18
$IPTABLES -A INPUT -j RULE_18
$IPTABLES -A FORWARD -j RULE_18
$IPTABLES -A RULE_18 -j LOG --log-level info --log-prefix "RULE 18 -- DENY "
$IPTABLES -A RULE_18 -j DROP
}
ip_forward() {
@ -641,7 +704,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:39 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

86
test/ipt/firewall37.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:41 2011 PDT by vadim
# Generated Thu May 26 14:16:05 2011 PDT by vadim
#
# files: * firewall37.fw /etc/fw/firewall37.fw
#
@ -618,21 +618,29 @@ script_body() {
#
echo "Rule 30 (global)"
#
$IPTABLES -t mangle -A POSTROUTING -s 22.22.23.22 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A POSTROUTING -s 192.168.1.22 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A POSTROUTING -s 192.168.2.1 -j CLASSIFY --set-class 1:2
#
# Rule 31 (global)
#
echo "Rule 31 (global)"
#
# testing for bug #1618381
# classify action is non-terminating
# in this firewall object
$IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j CLASSIFY --set-class 1:10
#
# Rule 31 (eth0)
# Rule 32 (eth0)
#
echo "Rule 31 (eth0)"
echo "Rule 32 (eth0)"
#
# second rule for bug #1618381
$IPTABLES -t mangle -A POSTROUTING -o eth0 -j CLASSIFY --set-class 1:11
#
# Rule 32 (global)
# Rule 33 (global)
#
echo "Rule 32 (global)"
echo "Rule 33 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid459A026219324.0 -t mangle
@ -641,9 +649,9 @@ script_body() {
$IPTABLES -t mangle -A Cid459A026219324.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -t mangle -A Cid459A026219324.0 -j CLASSIFY --set-class 1:10
#
# Rule 33 (global)
# Rule 34 (global)
#
echo "Rule 33 (global)"
echo "Rule 34 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid459A5AFB19324.0 -t mangle
@ -653,9 +661,9 @@ script_body() {
$IPTABLES -t mangle -A Cid459A5AFB19324.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -t mangle -A Cid459A5AFB19324.0 -j CLASSIFY --set-class 1:10
#
# Rule 34 (eth0)
# Rule 35 (eth0)
#
echo "Rule 34 (eth0)"
echo "Rule 35 (eth0)"
#
# bug #1618381
# this rule uses multiport
@ -665,9 +673,9 @@ script_body() {
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j CLASSIFY --set-class 1:11
#
# Rule 36 (global)
# Rule 37 (global)
#
echo "Rule 36 (global)"
echo "Rule 37 (global)"
#
$IPTABLES -t mangle -A PREROUTING -j mymark
$IPTABLES -t mangle -A POSTROUTING -j mymark
@ -1150,9 +1158,9 @@ script_body() {
$IPTABLES -A Out_RULE_29 -j LOG --log-level info --log-prefix "RULE 29 -- ACCEPT "
$IPTABLES -A Out_RULE_29 -j ACCEPT
#
# Rule 30 (global)
# Rule 31 (global)
#
echo "Rule 30 (global)"
echo "Rule 31 (global)"
#
# testing for bug #1618381
# classify action is non-terminating
@ -1161,9 +1169,9 @@ script_body() {
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT
#
# Rule 31 (eth0)
# Rule 32 (eth0)
#
echo "Rule 31 (eth0)"
echo "Rule 32 (eth0)"
#
# second rule for bug #1618381
$IPTABLES -A INPUT -i eth0 -j ACCEPT
@ -1171,9 +1179,9 @@ script_body() {
$IPTABLES -A OUTPUT -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -j ACCEPT
#
# Rule 32 (global)
# Rule 33 (global)
#
echo "Rule 32 (global)"
echo "Rule 33 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid459A026219324.0
@ -1184,9 +1192,9 @@ script_body() {
$IPTABLES -A Cid459A026219324.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -A Cid459A026219324.0 -j ACCEPT
#
# Rule 33 (global)
# Rule 34 (global)
#
echo "Rule 33 (global)"
echo "Rule 34 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid459A5AFB19324.0
@ -1200,9 +1208,9 @@ script_body() {
$IPTABLES -A Cid459A5AFB19324.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -A Cid459A5AFB19324.0 -j ACCEPT
#
# Rule 34 (eth0)
# Rule 35 (eth0)
#
echo "Rule 34 (eth0)"
echo "Rule 35 (eth0)"
#
# bug #1618381
# this rule uses multiport
@ -1221,24 +1229,13 @@ script_body() {
$IPTABLES -A FORWARD -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
#
# Rule 35 (global)
#
echo "Rule 35 (global)"
#
$IPTABLES -A INPUT -s 192.168.1.0/24 -j TCPMSS --set-mss 1400
$IPTABLES -A OUTPUT -s 192.168.1.0/24 -j TCPMSS --set-mss 1400
$IPTABLES -A FORWARD -s 192.168.1.0/24 -j TCPMSS --set-mss 1400
#
# Rule 36 (global)
#
echo "Rule 36 (global)"
#
$IPTABLES -N RULE_36
$IPTABLES -A OUTPUT -j RULE_36
$IPTABLES -A INPUT -j RULE_36
$IPTABLES -A FORWARD -j RULE_36
$IPTABLES -A RULE_36 -j LOG --log-level info --log-prefix "RULE 36 -- BRANCH "
$IPTABLES -A RULE_36 -j mymark
$IPTABLES -A INPUT -s 192.168.1.0/24 -j TCPMSS --set-mss 1400
$IPTABLES -A OUTPUT -s 192.168.1.0/24 -j TCPMSS --set-mss 1400
$IPTABLES -A FORWARD -s 192.168.1.0/24 -j TCPMSS --set-mss 1400
#
# Rule 37 (global)
#
@ -1248,8 +1245,19 @@ script_body() {
$IPTABLES -A OUTPUT -j RULE_37
$IPTABLES -A INPUT -j RULE_37
$IPTABLES -A FORWARD -j RULE_37
$IPTABLES -A RULE_37 -j LOG --log-level info --log-prefix "RULE 37 -- DENY "
$IPTABLES -A RULE_37 -j DROP
$IPTABLES -A RULE_37 -j LOG --log-level info --log-prefix "RULE 37 -- BRANCH "
$IPTABLES -A RULE_37 -j mymark
#
# Rule 38 (global)
#
echo "Rule 38 (global)"
#
$IPTABLES -N RULE_38
$IPTABLES -A OUTPUT -j RULE_38
$IPTABLES -A INPUT -j RULE_38
$IPTABLES -A FORWARD -j RULE_38
$IPTABLES -A RULE_38 -j LOG --log-level info --log-prefix "RULE 38 -- DENY "
$IPTABLES -A RULE_38 -j DROP
}
ip_forward() {
@ -1305,7 +1313,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:41 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall38.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:41 2011 PDT by vadim
# Generated Thu May 26 14:16:11 2011 PDT by vadim
#
# files: * firewall38.fw /etc/fw/firewall38.fw
#
@ -540,7 +540,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:41 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall39.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:43 2011 PDT by vadim
# Generated Thu May 26 14:16:13 2011 PDT by vadim
#
# files: * firewall39.fw /etc/fw/firewall39.fw
#
@ -820,7 +820,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:43 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:13 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:44 2011 PDT by vadim
# Generated Thu May 26 14:16:14 2011 PDT by vadim
#
# files: * firewall4.fw /etc/fw/firewall4.fw
#
@ -733,7 +733,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:44 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:14 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall40-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:46 2011 PDT by vadim
# Generated Thu May 26 14:16:18 2011 PDT by vadim
#
# files: * firewall40-1.fw /etc/firewall40-1.fw
#
@ -12,8 +12,8 @@
#
# more complex and realistic combination of Tag and Route rules that are in the separate Policy rule set
# firewall40-1:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
# firewall40-1:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
# firewall40-1:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
# firewall40-1:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
FWBDEBUG=""
@ -462,7 +462,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:46 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:18 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall40-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:47 2011 PDT by vadim
# Generated Thu May 26 14:16:20 2011 PDT by vadim
#
# files: * firewall40-2.fw /etc/firewall40-2.fw
#
@ -12,8 +12,8 @@
#
# more complex and realistic combination of Tag and Route rules that are in the separate Policy rule set. Here the top Policy rule set is empty
# firewall40-2:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
# firewall40-2:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
# firewall40-2:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
# firewall40-2:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
FWBDEBUG=""
@ -449,7 +449,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:47 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall40.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:45 2011 PDT by vadim
# Generated Thu May 26 14:16:17 2011 PDT by vadim
#
# files: * firewall40.fw /etc/firewall40.fw
#
@ -12,8 +12,8 @@
#
# more complex and realistic combination of Tag and Route rules
# firewall40:Policy:3: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
# firewall40:Policy:4: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
# firewall40:Policy:3: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
# firewall40:Policy:4: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
FWBDEBUG=""
@ -455,7 +455,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:45 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall41-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:49 2011 PDT by vadim
# Generated Thu May 26 14:16:24 2011 PDT by vadim
#
# files: * firewall41-1.fw /etc/firewall41-1.fw
#
@ -596,7 +596,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:49 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall41.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:50 2011 PDT by vadim
# Generated Thu May 26 14:16:22 2011 PDT by vadim
#
# files: * firewall41.fw /etc/firewall41.fw
#
@ -480,7 +480,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:50 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall42.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:52 2011 PDT by vadim
# Generated Thu May 26 14:16:28 2011 PDT by vadim
#
# files: * firewall42.fw /etc/fw/firewall42.fw
#
@ -405,7 +405,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:52 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:54 2011 PDT by vadim
# Generated Thu May 26 14:16:29 2011 PDT by vadim
#
# files: * firewall5.fw /etc/fw/firewall5.fw
#
@ -647,7 +647,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:54 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall50.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:54 2011 PDT by vadim
# Generated Thu May 26 14:16:31 2011 PDT by vadim
#
# files: * firewall50.fw /etc/fw/firewall50.fw
#
@ -439,7 +439,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:54 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall51.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:56 2011 PDT by vadim
# Generated Thu May 26 14:16:33 2011 PDT by vadim
#
# files: * firewall51.fw /etc/fw/firewall51.fw
#
@ -512,7 +512,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:56 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:56 2011 PDT by vadim
# Generated Thu May 26 14:16:35 2011 PDT by vadim
#
# files: * firewall6.fw /etc/fw/firewall6.fw
#
@ -534,7 +534,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:56 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall60.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:58 2011 PDT by vadim
# Generated Thu May 26 14:16:37 2011 PDT by vadim
#
# files: * firewall60.fw /etc/firewall60.fw
#
@ -440,7 +440,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:58 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:58 2011 PDT by vadim
# Generated Thu May 26 14:16:38 2011 PDT by vadim
#
# files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw
#
@ -520,7 +520,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:40:58 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:00 2011 PDT by vadim
# Generated Thu May 26 14:16:41 2011 PDT by vadim
#
# files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw
#
@ -526,7 +526,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:00 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:01 2011 PDT by vadim
# Generated Thu May 26 14:16:42 2011 PDT by vadim
#
# files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw
#
@ -513,7 +513,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:01 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:02 2011 PDT by vadim
# Generated Thu May 26 14:16:45 2011 PDT by vadim
#
# files: * firewall61-1.4.fw /etc/firewall61-1.4.fw
#
@ -514,7 +514,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:02 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall62.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:03 2011 PDT by vadim
# Generated Thu May 26 14:16:46 2011 PDT by vadim
#
# files: * firewall62.fw /etc/firewall62.fw
#
@ -590,7 +590,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:03 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:46 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall63.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:04 2011 PDT by vadim
# Generated Thu May 26 14:16:49 2011 PDT by vadim
#
# files: * firewall63.fw /etc/firewall63.fw
#
@ -410,7 +410,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:04 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:05 2011 PDT by vadim
# Generated Thu May 26 14:16:50 2011 PDT by vadim
#
# files: * firewall7.fw /etc/fw/firewall7.fw
#
@ -494,7 +494,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:05 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall70.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:07 2011 PDT by vadim
# Generated Thu May 26 14:16:52 2011 PDT by vadim
#
# files: * firewall70.fw iptables.sh
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:07 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:52 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall71.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:07 2011 PDT by vadim
# Generated Thu May 26 14:16:54 2011 PDT by vadim
#
# files: * firewall71.fw /etc/fw/firewall71.fw
#
@ -449,7 +449,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:07 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:54 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall72-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:09 2011 PDT by vadim
# Generated Thu May 26 14:16:56 2011 PDT by vadim
#
# files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw
#
@ -581,7 +581,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:09 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall72-1.4.3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:09 2011 PDT by vadim
# Generated Thu May 26 14:16:57 2011 PDT by vadim
#
# files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw
#
@ -581,7 +581,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:09 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall73.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:11 2011 PDT by vadim
# Generated Thu May 26 14:17:01 2011 PDT by vadim
#
# files: * firewall73.fw /etc/fw/firewall73.fw
#
@ -544,7 +544,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:11 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall74.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:11 2011 PDT by vadim
# Generated Thu May 26 14:17:01 2011 PDT by vadim
#
# files: * firewall74.fw /etc/fw/firewall74.fw
#
@ -396,7 +396,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:11 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:13 2011 PDT by vadim
# Generated Thu May 26 14:17:05 2011 PDT by vadim
#
# files: * firewall8.fw /etc/fw/firewall8.fw
#
@ -381,7 +381,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:13 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall80.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:14 2011 PDT by vadim
# Generated Thu May 26 14:17:05 2011 PDT by vadim
#
# files: * firewall80.fw /etc/fw/firewall80.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:14 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall81.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:15 2011 PDT by vadim
# Generated Thu May 26 14:17:08 2011 PDT by vadim
#
# files: * firewall81.fw /etc/fw/firewall81.fw
#
@ -441,7 +441,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:15 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:16 2011 PDT by vadim
# Generated Thu May 26 14:17:09 2011 PDT by vadim
#
# files: * firewall82.fw /etc/firewall82.fw
#
@ -434,7 +434,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:16 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:18 2011 PDT by vadim
# Generated Thu May 26 14:17:12 2011 PDT by vadim
#
# files: * firewall82_A.fw /etc/fw/firewall82_A.fw
#
@ -421,7 +421,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:18 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:12 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_B.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:18 2011 PDT by vadim
# Generated Thu May 26 14:17:13 2011 PDT by vadim
#
# files: * firewall82_B.fw /etc/fw/firewall82_B.fw
#
@ -384,7 +384,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:18 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:13 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:20 2011 PDT by vadim
# Generated Thu May 26 14:17:16 2011 PDT by vadim
#
# files: * firewall9.fw /etc/fw/firewall9.fw
#
@ -642,7 +642,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:20 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:20 2011 PDT by vadim
# Generated Thu May 26 14:17:17 2011 PDT by vadim
#
# files: * firewall90.fw /etc/fw/firewall90.fw
#
@ -404,7 +404,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:20 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall91.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:22 2011 PDT by vadim
# Generated Thu May 26 14:17:20 2011 PDT by vadim
#
# files: * firewall91.fw /etc/fw/firewall91.fw
#
@ -404,7 +404,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:22 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall92.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:22 2011 PDT by vadim
# Generated Thu May 26 14:17:21 2011 PDT by vadim
#
# files: * firewall92.fw /etc/fw/firewall92.fw
#
@ -440,7 +440,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:22 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall93.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:41:25 2011 PDT by vadim
# Generated Thu May 26 14:17:25 2011 PDT by vadim
#
# files: * firewall93.fw /etc/fw/firewall93.fw
#
@ -483,7 +483,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:41:25 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fw-A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:11 2011 PDT by vadim
# Generated Thu May 26 14:18:08 2011 PDT by vadim
#
# files: * fw-A.fw /sw/FWbuilder/fw-A.fw
#
@ -745,7 +745,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:11 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fw1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:09 2011 PDT by vadim
# Generated Thu May 26 14:18:07 2011 PDT by vadim
#
# files: * fw1.fw /etc/fw1.fw
#
@ -546,7 +546,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:09 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fwbuilder.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:40:51 2011 PDT by vadim
# Generated Thu May 26 14:16:26 2011 PDT by vadim
#
# files: * fwbuilder.fw /etc/init.d/fwbuilder.fw
#
@ -504,7 +504,7 @@ status_action() {
}
start() {
log "Activating firewall script generated Sat May 14 15:40:51 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:16:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:18 2011 PDT by vadim
# Generated Thu May 26 14:18:22 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh
#
@ -747,7 +747,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:18 2011 PDT by vadim
# Generated Thu May 26 14:18:22 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh
#
@ -751,7 +751,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:18 2011 PDT by vadim
# Generated Thu May 26 14:18:21 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw
#
@ -864,7 +864,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:18 2011 PDT by vadim
# Generated Thu May 26 14:18:21 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw
#
@ -762,7 +762,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:19 2011 PDT by vadim
# Generated Thu May 26 14:18:22 2011 PDT by vadim
#
# files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw
#
@ -728,7 +728,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:19 2011 PDT by vadim
# Generated Thu May 26 14:18:23 2011 PDT by vadim
#
# files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw
#
@ -641,7 +641,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:11 2011 PDT by vadim
# Generated Thu May 26 14:18:11 2011 PDT by vadim
#
# files: * host.fw /etc/fw/host.fw
#
@ -443,7 +443,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:11 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/openais_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:19 2011 PDT by vadim
# Generated Thu May 26 14:18:23 2011 PDT by vadim
#
# files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw
#
@ -728,7 +728,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/openais_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:19 2011 PDT by vadim
# Generated Thu May 26 14:18:23 2011 PDT by vadim
#
# files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw
#
@ -632,7 +632,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/rc.firewall.local
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:13 2011 PDT by vadim
# Generated Thu May 26 14:18:12 2011 PDT by vadim
#
# files: * rc.firewall.local /etc/rc.d//rc.firewall.local
#

6
test/ipt/rh90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:13 2011 PDT by vadim
# Generated Thu May 26 14:18:15 2011 PDT by vadim
#
# files: * rh90.fw /etc/rh90.fw
#
@ -442,7 +442,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:13 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:15 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/secuwall_cluster_1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:19 2011 PDT by vadim
# Generated Thu May 26 14:18:23 2011 PDT by vadim
#
# files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw
#
@ -426,7 +426,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:19 2011 PDT by vadim
# Generated Thu May 26 14:18:23 2011 PDT by vadim
#
# files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw
#
@ -421,7 +421,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:19 2011 PDT by vadim
# Generated Thu May 26 14:18:23 2011 PDT by vadim
#
# files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw
#
@ -418,7 +418,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:15 2011 PDT by vadim
# Generated Thu May 26 14:18:19 2011 PDT by vadim
#
# files: * test-shadowing-1.fw /etc/test-shadowing-1.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:15 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:17 2011 PDT by vadim
# Generated Thu May 26 14:18:20 2011 PDT by vadim
#
# files: * test-shadowing-2.fw /etc/test-shadowing-2.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:17 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:18 2011 PDT by vadim
# Generated Thu May 26 14:18:22 2011 PDT by vadim
#
# files: * test-shadowing-3.fw /etc/test-shadowing-3.fw
#
@ -499,7 +499,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test_fw.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:15 2011 PDT by vadim
# Generated Thu May 26 14:18:16 2011 PDT by vadim
#
# files: * test_fw.fw /etc/test_fw.fw
#
@ -591,7 +591,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:15 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:19 2011 PDT by vadim
# Generated Thu May 26 14:18:24 2011 PDT by vadim
#
# files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw
#
@ -731,7 +731,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:20 2011 PDT by vadim
# Generated Thu May 26 14:18:24 2011 PDT by vadim
#
# files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw
#
@ -636,7 +636,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:20 2011 PDT by vadim
# Generated Thu May 26 14:18:24 2011 PDT by vadim
#
# files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw
#
@ -663,7 +663,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:20 2011 PDT by vadim
# Generated Thu May 26 14:18:24 2011 PDT by vadim
#
# files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw
#
@ -568,7 +568,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3542
# Firewall Builder fwb_ipt v4.3.0.3546
#
# Generated Sat May 14 15:42:20 2011 PDT by vadim
# Generated Thu May 26 14:18:24 2011 PDT by vadim
#
# files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw
#
@ -544,7 +544,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/pf/firewall-base-rulesets.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:33 2011 PDT by vadim
# Generated Thu May 26 14:09:41 2011 PDT by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
# files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
@ -169,7 +169,7 @@ configure_interfaces() {
update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
}
log "Activating firewall script generated Tue May 10 14:53:33 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:41 2011 by vadim"
set_kernel_vars
configure_interfaces

8
test/pf/firewall-ipv6-1.conf.orig
View File

@ -46,7 +46,7 @@ pass quick inet6 proto tcp from 2001:5c0:0:2::24 to fe80::21d:9ff:fe8b:8e94 p
# firewall-ipv6-1:Policy:3: error: Rule '3 (global)' shadows rule '7 (global)' below it
# firewall-ipv6-1:Policy:3: warning: Changing rule direction due to self reference
pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 3 -- ACCEPT "
pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to self port 22 keep state label "RULE 3 -- ACCEPT "
#
# Rule 4 (global)
# firewall-ipv6-1:Policy:4: error: Rule '4 (global)' shadows rule '6 (global)' below it
@ -59,15 +59,15 @@ pass log quick inet6 proto tcp from <tbl.r5.s> to fe80::21d:9ff:fe8b:8e94 po
# Rule 6 (global)
# firewall-ipv6-1:Policy:6: warning: Changing rule direction due to self reference
pass in log quick inet6 proto tcp from <tbl.r4.s> to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 6 -- ACCEPT "
pass in log quick inet6 proto tcp from <tbl.r4.s> to self port 22 keep state label "RULE 6 -- ACCEPT "
#
# Rule 7 (global)
# firewall-ipv6-1:Policy:7: warning: Changing rule direction due to self reference
pass in log quick inet6 proto tcp from <tbl.r5.s> to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 7 -- ACCEPT "
pass in log quick inet6 proto tcp from <tbl.r5.s> to self port 22 keep state label "RULE 7 -- ACCEPT "
#
# Rule 8 (global)
pass in log quick inet6 from any to fe80::21d:9ff:fe8b:8e94 keep state label "RULE 8 -- ACCEPT "
pass in log quick inet6 from any to self keep state label "RULE 8 -- ACCEPT "
#
# Rule 9 (global)
pass log quick inet6 from fe80::/64 to any keep state label "RULE 9 -- ACCEPT "

6
test/pf/firewall-ipv6-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:33 2011 PDT by vadim
# Generated Thu May 26 14:09:41 2011 PDT by vadim
#
# files: * firewall-ipv6-1.fw pf-ipv6.fw
# files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
@ -181,7 +181,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Tue May 10 14:53:33 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:41 2011 by vadim"
set_kernel_vars
configure_interfaces

14
test/pf/firewall-ipv6-2.conf.orig
View File

@ -5,7 +5,7 @@
# Tables: (5)
table <tbl.r4.s> { 222.222.222.22 , 222.222.222.23 }
table <tbl.r4.sx> { 2001:5c0:0:2::24 , 3ffe:1200:2000::/36 , 3ffe:1200:2001:1:8000::1 }
table <tbl.r5.s> { 61.150.47.112 , 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 192.168.1.0 }
table <tbl.r5.s> { 61.150.47.112 , 74.125.224.112 , 74.125.224.113 , 74.125.224.114 , 74.125.224.115 , 74.125.224.116 , 192.168.1.0 }
table <tbl.r5.sx> { 2001:5c0:0:2::24 , 3ffe:1200:2001:1:8000::1 }
table <tbl.r7.s> { 61.150.47.112 , 192.168.1.0 }
@ -28,10 +28,10 @@ pass log quick inet proto tcp from <tbl.r5.s> to 1.1.1.1 port 22 keep state
# Rule 7 (global)
# firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference
pass in log quick inet proto tcp from <tbl.r7.s> to 1.1.1.1 port 22 keep state label "RULE 7 -- ACCEPT "
pass in log quick inet proto tcp from <tbl.r7.s> to self port 22 keep state label "RULE 7 -- ACCEPT "
#
# Rule 8 (global)
pass in log quick inet from any to 1.1.1.1 keep state label "RULE 8 -- ACCEPT "
pass in log quick inet from any to self keep state label "RULE 8 -- ACCEPT "
#
# Rule 11 (global)
pass log quick inet from <tbl.r7.s> to any keep state label "RULE 11 -- ACCEPT "
@ -83,7 +83,7 @@ pass quick inet6 proto tcp from 2001:5c0:0:2::24 to fe80::21d:9ff:fe8b:8e94 p
# firewall-ipv6-2:Policy:3: error: Rule '3 (global)' shadows rule '7 (global)' below it
# firewall-ipv6-2:Policy:3: warning: Changing rule direction due to self reference
pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 3 -- ACCEPT "
pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to self port 22 keep state label "RULE 3 -- ACCEPT "
#
# Rule 4 (global)
# firewall-ipv6-2:Policy:4: error: Rule '4 (global)' shadows rule '6 (global)' below it
@ -96,15 +96,15 @@ pass log quick inet6 proto tcp from <tbl.r5.sx> to fe80::21d:9ff:fe8b:8e94 p
# Rule 6 (global)
# firewall-ipv6-2:Policy:6: warning: Changing rule direction due to self reference
pass in log quick inet6 proto tcp from <tbl.r4.sx> to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 6 -- ACCEPT "
pass in log quick inet6 proto tcp from <tbl.r4.sx> to self port 22 keep state label "RULE 6 -- ACCEPT "
#
# Rule 7 (global)
# firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference
pass in log quick inet6 proto tcp from <tbl.r5.sx> to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 7 -- ACCEPT "
pass in log quick inet6 proto tcp from <tbl.r5.sx> to self port 22 keep state label "RULE 7 -- ACCEPT "
#
# Rule 8 (global)
pass in log quick inet6 from any to fe80::21d:9ff:fe8b:8e94 keep state label "RULE 8 -- ACCEPT "
pass in log quick inet6 from any to self keep state label "RULE 8 -- ACCEPT "
#
# Rule 9 (global)
pass log quick inet6 from fe80::/64 to any keep state label "RULE 9 -- ACCEPT "

6
test/pf/firewall-ipv6-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:34 2011 PDT by vadim
# Generated Thu May 26 14:09:43 2011 PDT by vadim
#
# files: * firewall-ipv6-2.fw pf.fw
# files: firewall-ipv6-2.conf pf.conf
@ -185,7 +185,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall-ipv6-3.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:34 2011 PDT by vadim
# Generated Thu May 26 14:09:43 2011 PDT by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
# files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf

10
test/pf/firewall.conf.orig
View File

@ -50,10 +50,10 @@ rdr proto tcp from any to any port 80 -> 127.0.0.1 port 3128
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 192.168.1.100 to <tbl.r2> port 22 flags S/SA modulate state label "RULE -1 - ACCEPT"
pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags S/SA modulate state label "RULE -1 - ACCEPT"
#
# Rule 0 (eth1)
block in log quick on eth1 inet from any to <tbl.r2> fragment label "RULE 0 - DROP"
block in log quick on eth1 inet from any to self fragment label "RULE 0 - DROP"
#
# Rule 1 (eth1)
# Automatically generated rule blocking short fragments
@ -61,14 +61,14 @@ block in log quick on eth1 inet from any to any fragment label "RULE 1 -
#
# Rule 2 (eth1)
# Automatically generated anti-spoofing rule
block in log quick on eth1 inet from <tbl.r2> to any label "RULE 2 - DROP"
block in log quick on eth1 inet from self to any label "RULE 2 - DROP"
block in log quick on eth1 inet from 192.168.1.0/24 to any label "RULE 2 - DROP"
#
# Rule 3 (eth0)
# комментарий по-русски, Проверяем конвертацию в Utf-8
# firewall:Policy:3: warning: Changing rule direction due to self reference
pass in quick on eth0 inet proto udp from 192.168.1.0/24 to <tbl.r2> port 53 keep state label "RULE 3 - ACCEPT"
pass in quick on eth0 inet proto udp from 192.168.1.0/24 to self port 53 keep state label "RULE 3 - ACCEPT"
#
# Rule 4 (eth0)
# code should go into INPUT chain with
@ -109,7 +109,7 @@ pass quick inet from any to 192.168.1.10 keep state label "RULE 16 - ACCEPT"
# firewall:Policy:18: error: Rule '18 (global)' shadows rule '21 (global)' below it
# firewall:Policy:18: warning: Changing rule direction due to self reference
pass out quick inet from <tbl.r2> to any keep state label "RULE 18 - ACCEPT"
pass out quick inet from self to any keep state label "RULE 18 - ACCEPT"
pass quick inet from 192.168.1.0/24 to any keep state label "RULE 18 - ACCEPT"
#
# Rule 19 (global)

6
test/pf/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:08 2011 PDT by vadim
# Generated Thu May 26 14:08:53 2011 PDT by vadim
#
# files: * firewall.fw /etc/pf.fw
# files: firewall.conf /etc/pf.conf
@ -173,7 +173,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:08:53 2011 by vadim"
set_kernel_vars
configure_interfaces

11
test/pf/firewall1.conf.orig
View File

@ -18,12 +18,11 @@
scrub in all fragment reassemble
# Tables: (7)
# Tables: (6)
table <tbl.r0.s> { 22.22.22.22 , 192.168.1.1 }
table <tbl.r11> { 192.168.1.10 , 192.168.1.20 }
table <tbl.r11.s> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.0/24 , 192.168.2.1 }
table <tbl.r11.s> { self , 192.168.2.0/24 }
table <tbl.r16> { 33.33.33.0/24 , 33.33.44.0/24 }
table <tbl.r18.d> { 22.22.22.22 , 22.22.23.23 , 127.0.0.1 , 192.168.1.1 , 192.168.2.1 }
table <tbl.r7> { 192.168.1.0/24 , 192.168.2.0/24 }
table <tbl.r9> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 }
@ -113,7 +112,7 @@ block quick on eth0 inet proto 50 from <tbl.r11> to ! <tbl.r11>
#
# Rule 2 (eth1)
# Anti-spoofing rule
block in log quick on eth1 inet from <tbl.r9> to any
block in log quick on eth1 inet from self to any
block in log quick on eth1 inet from 192.168.1.0/24 to any
#
# Rule 3 (eth1)
@ -144,7 +143,7 @@ block log quick inet proto icmp from ! <tbl.r11> to any icmp-type 3
# this rule is shaded by rule above.
# firewall1:Policy:10: warning: Changing rule direction due to self reference
block in log quick inet proto icmp from ! <tbl.r11> to <tbl.r9> icmp-type 3
block in log quick inet proto icmp from ! <tbl.r11> to self icmp-type 3
#
# Rule 11 (global)
# this rule shades rule below
@ -168,7 +167,7 @@ pass quick inet from 192.168.1.0/24 to any keep state
# Rule 18 (global)
# firewall1:Policy:18: warning: Changing rule direction due to self reference
pass in quick inet proto tcp from any to <tbl.r18.d> port 3128 keep state
pass in quick inet proto tcp from any to self port 3128 keep state
#
# Rule 19 (eth0)
# rule from http://www.benzedrine.cx/transquid.html

6
test/pf/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:08 2011 PDT by vadim
# Generated Thu May 26 14:08:55 2011 PDT by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
# files: firewall1.conf /etc/fw/firewall1.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:08:55 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-1.conf.orig
View File

@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags S/SA keep state
pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags S/SA keep state
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags S/SA keep state

6
test/pf/firewall10-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:09 2011 PDT by vadim
# Generated Thu May 26 14:08:56 2011 PDT by vadim
#
# files: * firewall10-1.fw /etc/fw/firewall10-1.fw
# files: firewall10-1.conf /etc/fw/firewall10-1.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Tue May 10 14:53:09 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:08:56 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-2.conf.orig
View File

@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 modulate state
pass in quick inet proto tcp from 192.168.1.100 to self port 22 modulate state
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } modulate state

6
test/pf/firewall10-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:10 2011 PDT by vadim
# Generated Thu May 26 14:08:58 2011 PDT by vadim
#
# files: * firewall10-2.fw /etc/fw/firewall10-2.fw
# files: firewall10-2.conf /etc/fw/firewall10-2.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Tue May 10 14:53:10 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:08:58 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-3.conf.orig
View File

@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 keep state
pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } keep state

6
test/pf/firewall10-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:11 2011 PDT by vadim
# Generated Thu May 26 14:09:00 2011 PDT by vadim
#
# files: * firewall10-3.fw /etc/fw/firewall10-3.fw
# files: firewall10-3.conf /etc/fw/firewall10-3.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Tue May 10 14:53:11 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:00 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-4.conf.orig
View File

@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags any
pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags any
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags any

6
test/pf/firewall10-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:13 2011 PDT by vadim
# Generated Thu May 26 14:09:04 2011 PDT by vadim
#
# files: * firewall10-4.fw /etc/fw/firewall10-4.fw
# files: firewall10-4.conf /etc/fw/firewall10-4.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Tue May 10 14:53:13 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:04 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-5.conf.orig
View File

@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 keep state
pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state
#
# Rule 0 (enc0)
# This adds "pass out ... keep state"

6
test/pf/firewall10-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:14 2011 PDT by vadim
# Generated Thu May 26 14:09:07 2011 PDT by vadim
#
# files: * firewall10-5.fw /etc/fw/firewall10-5.fw
# files: firewall10-5.conf /etc/fw/firewall10-5.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Tue May 10 14:53:14 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:07 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-6.conf.orig
View File

@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags any
pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags any
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags any

6
test/pf/firewall10-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:15 2011 PDT by vadim
# Generated Thu May 26 14:09:09 2011 PDT by vadim
#
# files: * firewall10-6.fw /etc/fw/firewall10-6.fw
# files: firewall10-6.conf /etc/fw/firewall10-6.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Tue May 10 14:53:15 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:09 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall100.conf.orig
View File

@ -7,14 +7,10 @@ set timeout udp.single 5
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl 1 max-mss 1460)
# Tables: (1)
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "

6
test/pf/firewall100.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:08 2011 PDT by vadim
# Generated Thu May 26 14:08:55 2011 PDT by vadim
#
# files: * firewall100.fw /etc/fw/pf.fw
# files: firewall100.conf /etc/fw/path\ with\ space/pf.conf
@ -167,7 +167,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:08:55 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall101.conf.orig
View File

@ -7,14 +7,10 @@ set timeout udp.single 5
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl 1 max-mss 1460)
# Tables: (1)
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "

6
test/pf/firewall101.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:09 2011 PDT by vadim
# Generated Thu May 26 14:08:56 2011 PDT by vadim
#
# files: * firewall101.fw /etc/fw/pf.fw
# files: firewall101.conf /etc/fw/path\ with\ space/pf.conf
@ -170,7 +170,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Tue May 10 14:53:09 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:08:56 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall102.conf.orig
View File

@ -7,14 +7,10 @@ set timeout udp.single 5
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl 1 max-mss 1460)
# Tables: (1)
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "

4
test/pf/firewall102.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:10 2011 PDT by vadim
# Generated Thu May 26 14:08:58 2011 PDT by vadim
#
# files: * firewall102.fw /etc/fw/pf.fw
# files: firewall102.conf /etc/fw/path\ with\ space/pf.conf

6
test/pf/firewall103-1.conf.orig
View File

@ -7,14 +7,10 @@ set timeout udp.single 5
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl 1 max-mss 1460)
# Tables: (1)
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "

6
test/pf/firewall103-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:12 2011 PDT by vadim
# Generated Thu May 26 14:09:02 2011 PDT by vadim
#
# files: * firewall103-1.fw /etc/fw/pf.fw
# files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf
@ -394,7 +394,7 @@ configure_interfaces() {
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
}
log "Activating firewall script generated Tue May 10 14:53:12 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:02 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall103-2.conf.orig
View File

@ -7,14 +7,10 @@ set timeout udp.single 5
scrub all reassemble tcp no-df
scrub out all random-id min-ttl 1 max-mss 1460
# Tables: (1)
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "

6
test/pf/firewall103-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:12 2011 PDT by vadim
# Generated Thu May 26 14:09:02 2011 PDT by vadim
#
# files: * firewall103-2.fw /etc/fw/pf.fw
# files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf
@ -394,7 +394,7 @@ configure_interfaces() {
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
}
log "Activating firewall script generated Tue May 10 14:53:12 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:02 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall103.conf.orig
View File

@ -7,14 +7,10 @@ set timeout udp.single 5
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl 1 max-mss 1460)
# Tables: (1)
table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "

6
test/pf/firewall103.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:11 2011 PDT by vadim
# Generated Thu May 26 14:09:00 2011 PDT by vadim
#
# files: * firewall103.fw /etc/fw/pf.fw
# files: firewall103.conf /etc/fw/path\ with\ space/pf.conf
@ -397,7 +397,7 @@ configure_interfaces() {
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
}
log "Activating firewall script generated Tue May 10 14:53:11 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:00 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall104-1.conf.orig
View File

@ -7,14 +7,10 @@ set timeout udp.single 5
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl 1 max-mss 1460)
# Tables: (1)
table <tbl.r0.d> { bridge0 , 10.1.1.81 , 10.3.14.81 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "

6
test/pf/firewall104-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:14 2011 PDT by vadim
# Generated Thu May 26 14:09:05 2011 PDT by vadim
#
# files: * firewall104-1.fw /etc/fw/pf.fw
# files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf
@ -393,7 +393,7 @@ configure_interfaces() {
$IFCONFIG bridge0 -stp em3
}
log "Activating firewall script generated Tue May 10 14:53:14 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:05 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall104.conf.orig
View File

@ -7,14 +7,10 @@ set timeout udp.single 5
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl 1 max-mss 1460)
# Tables: (1)
table <tbl.r0.d> { bridge0 , 10.1.1.81 , 10.3.14.81 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "

6
test/pf/firewall104.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.1
# Firewall Builder fwb_pf v4.3.0.3546
#
# Generated Tue May 10 14:53:13 2011 PDT by vadim
# Generated Thu May 26 14:09:04 2011 PDT by vadim
#
# files: * firewall104.fw /etc/fw/pf.fw
# files: firewall104.conf /etc/fw/path\ with\ space/pf.conf
@ -396,7 +396,7 @@ configure_interfaces() {
$IFCONFIG bridge0 stp em3
}
log "Activating firewall script generated Tue May 10 14:53:13 2011 by vadim"
log "Activating firewall script generated Thu May 26 14:09:04 2011 by vadim"
set_kernel_vars
configure_interfaces

Some files were not shown because too many files have changed in this diff Show More