mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-05-10 19:14:57 +02:00
fixes #602 move method CompilerDriver_ipt::processStateSyncGroups to the base class CompilerDriver
This commit is contained in:
Vadim Kurland
@@ -918,6 +918,40 @@ void CompilerDriver::copyFailoverInterface(Cluster *cluster,
|
||||
cluster->addCopyOf(iface, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Do something with state sync cluster groups. Find interfaces that
|
||||
* were placed in the group and store the name in the variable
|
||||
* "state_sync_interface" which is used later to associate policy rule
|
||||
* that should be added to permit state sync protocol with right
|
||||
* interface. For iptables we add rule to permit conntrackd, for PIX
|
||||
* we generate "failover" commands, etc.
|
||||
*/
|
||||
void CompilerDriver::processStateSyncGroups(Cluster *cluster, Firewall *member_fw)
|
||||
{
|
||||
for (FWObjectTypedChildIterator it = cluster->findByType(StateSyncClusterGroup::TYPENAME);
|
||||
it != it.end(); ++it)
|
||||
{
|
||||
FWObject *state_sync_group = *it;
|
||||
for (FWObjectTypedChildIterator grp_it =
|
||||
state_sync_group->findByType(FWObjectReference::TYPENAME);
|
||||
grp_it != grp_it.end(); ++grp_it)
|
||||
{
|
||||
FWObject *iface = FWObjectReference::getObject(*grp_it);
|
||||
if (iface->isChildOf(member_fw))
|
||||
{
|
||||
member_fw->getOptionsObject()->setStr(
|
||||
"state_sync_group_id",
|
||||
FWObjectDatabase::getStringId(state_sync_group->getId()));
|
||||
|
||||
member_fw->getOptionsObject()->setStr(
|
||||
"state_sync_interface",
|
||||
iface->getName());
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify that there is at least one Cluster interface and that all
|
||||
* have unique names and IP addresses.
|
||||
|
||||
@@ -174,7 +174,7 @@ public:
|
||||
libfwbuilder::Firewall *fw);
|
||||
|
||||
virtual void processStateSyncGroups(libfwbuilder::Cluster*,
|
||||
libfwbuilder::Firewall*) {};
|
||||
libfwbuilder::Firewall*);
|
||||
|
||||
std::string indent(int n_spaces, const std::string &txt);
|
||||
QString indent(int n_spaces, const QString &txt);
|
||||
|
||||
@@ -109,9 +109,6 @@ public:
|
||||
std::map<const std::string, bool> &minus_n_commands_nat);
|
||||
|
||||
|
||||
virtual void processStateSyncGroups(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall *member_fw);
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -1,86 +0,0 @@
|
||||
/*
|
||||
|
||||
Firewall Builder
|
||||
|
||||
Copyright (C) 2009 NetCitadel, LLC
|
||||
|
||||
Author: Vadim Kurland vadim@vk.crocodile.org
|
||||
|
||||
$Id$
|
||||
|
||||
This program is free software which we release under the GNU General Public
|
||||
License. You may redistribute and/or modify this program under the terms
|
||||
of that license as published by the Free Software Foundation; either
|
||||
version 2 of the License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
To get a copy of the GNU General Public License, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
*/
|
||||
|
||||
#include "../../config.h"
|
||||
#include "../../build_num"
|
||||
|
||||
#include <assert.h>
|
||||
|
||||
#include "CompilerDriver_ipt.h"
|
||||
|
||||
#include "fwbuilder/Cluster.h"
|
||||
#include "fwbuilder/ClusterGroup.h"
|
||||
#include "fwbuilder/Firewall.h"
|
||||
#include "fwbuilder/Interface.h"
|
||||
#include "fwbuilder/StateSyncClusterGroup.h"
|
||||
|
||||
using namespace std;
|
||||
using namespace libfwbuilder;
|
||||
using namespace fwcompiler;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Do something with state sync cluster groups. Currently we only know
|
||||
* about conntrack groups. For these, we find interfaces that were
|
||||
* placed in the group and store the name in the variable
|
||||
* "conntrack_interface" which is used later in insertConntrackRule
|
||||
* to associate this rule with right interface
|
||||
*/
|
||||
void CompilerDriver_ipt::processStateSyncGroups(Cluster *cluster,
|
||||
Firewall *member_fw)
|
||||
{
|
||||
for (FWObjectTypedChildIterator it = cluster->findByType(StateSyncClusterGroup::TYPENAME);
|
||||
it != it.end(); ++it)
|
||||
{
|
||||
FWObject *state_sync_group = *it;
|
||||
// there is only one supported state sync procol for Linux,
|
||||
// conntrack. So if the groups exits but the type is empty
|
||||
// (as happens when the group has just been created), assume it is
|
||||
// conntrack.
|
||||
if (state_sync_group->getStr("type") == "conntrack" ||
|
||||
state_sync_group->getStr("type").empty())
|
||||
{
|
||||
for (FWObjectTypedChildIterator grp_it =
|
||||
state_sync_group->findByType(FWObjectReference::TYPENAME);
|
||||
grp_it != grp_it.end(); ++grp_it)
|
||||
{
|
||||
FWObject *iface = FWObjectReference::getObject(*grp_it);
|
||||
if (iface->isChildOf(member_fw))
|
||||
{
|
||||
member_fw->getOptionsObject()->setStr(
|
||||
"conntrack_group_id",
|
||||
FWObjectDatabase::getStringId(state_sync_group->getId()));
|
||||
|
||||
member_fw->getOptionsObject()->setStr(
|
||||
"conntrack_interface",
|
||||
iface->getName());
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -291,7 +291,7 @@ int OSConfigurator_secuwall::generateManagementFile()
|
||||
|
||||
/* conntrackd */
|
||||
s.clear();
|
||||
s = options->getStr("conntrack_interface").c_str();
|
||||
s = options->getStr("state_sync_interface").c_str();
|
||||
stream << "CONNTRACKD=";
|
||||
if (s.isEmpty())
|
||||
{
|
||||
|
||||
@@ -4605,14 +4605,14 @@ bool PolicyCompiler_ipt::isMangleOnlyRuleSet(const string &ruleset_name)
|
||||
void PolicyCompiler_ipt::insertConntrackRule()
|
||||
{
|
||||
FWOptions* options = fw->getOptionsObject();
|
||||
string conntrack_iface_name = options->getStr("conntrack_interface");
|
||||
string conntrack_iface_name = options->getStr("state_sync_interface");
|
||||
if (conntrack_iface_name.empty())
|
||||
{
|
||||
/* CONNTRACK not active, nothing left to do */
|
||||
return;
|
||||
}
|
||||
|
||||
string conntrack_group_id = options->getStr("conntrack_group_id");
|
||||
string conntrack_group_id = options->getStr("state_sync_group_id");
|
||||
StateSyncClusterGroup *state_sync_group =
|
||||
StateSyncClusterGroup::cast(
|
||||
dbcopy->findInIndex(
|
||||
|
||||
@@ -6,7 +6,6 @@ include(../../qmake.inc)
|
||||
TEMPLATE = lib
|
||||
|
||||
SOURCES = CompilerDriver_ipt.cpp \
|
||||
CompilerDriver_ipt_cluster.cpp \
|
||||
CompilerDriver_ipt_run.cpp \
|
||||
CompilerDriver_ipt_policy.cpp \
|
||||
CompilerDriver_ipt_nat.cpp \
|
||||
|
||||
@@ -136,9 +136,6 @@ public:
|
||||
const std::string &firewall_id,
|
||||
const std::string &single_rule_id);
|
||||
|
||||
void processStateSyncGroups(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall *member_fw);
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -1,76 +0,0 @@
|
||||
/*
|
||||
|
||||
Firewall Builder
|
||||
|
||||
Copyright (C) 2009 NetCitadel, LLC
|
||||
|
||||
Author: Vadim Kurland vadim@vk.crocodile.org
|
||||
|
||||
$Id$
|
||||
|
||||
This program is free software which we release under the GNU General Public
|
||||
License. You may redistribute and/or modify this program under the terms
|
||||
of that license as published by the Free Software Foundation; either
|
||||
version 2 of the License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
To get a copy of the GNU General Public License, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
*/
|
||||
|
||||
#include "../../config.h"
|
||||
#include "../../build_num"
|
||||
|
||||
#include <assert.h>
|
||||
|
||||
#include "CompilerDriver_pf.h"
|
||||
|
||||
#include "fwbuilder/Cluster.h"
|
||||
#include "fwbuilder/ClusterGroup.h"
|
||||
#include "fwbuilder/Firewall.h"
|
||||
#include "fwbuilder/Interface.h"
|
||||
#include "fwbuilder/StateSyncClusterGroup.h"
|
||||
|
||||
using namespace std;
|
||||
using namespace libfwbuilder;
|
||||
using namespace fwcompiler;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Do something with state sync cluster groups. Currently we only know
|
||||
* about conntrack groups. For these, we find interfaces that were
|
||||
* placed in the group and store the name in the variable
|
||||
* "conntrack_interface" which is used later in insertConntrackRule
|
||||
* to associate this rule with right interface
|
||||
*/
|
||||
void CompilerDriver_pf::processStateSyncGroups(Cluster *cluster,
|
||||
Firewall *member_fw)
|
||||
{
|
||||
for (FWObjectTypedChildIterator it = cluster->findByType(StateSyncClusterGroup::TYPENAME);
|
||||
it != it.end(); ++it)
|
||||
{
|
||||
FWObject *state_sync_group = *it;
|
||||
if (state_sync_group->getStr("type") == "pfsync")
|
||||
{
|
||||
for (FWObjectTypedChildIterator grp_it =
|
||||
state_sync_group->findByType(FWObjectReference::TYPENAME);
|
||||
grp_it != grp_it.end(); ++grp_it)
|
||||
{
|
||||
FWObject *iface = FWObjectReference::getObject(*grp_it);
|
||||
if (iface->getParent()->getId() == member_fw->getId())
|
||||
{
|
||||
member_fw->getOptionsObject()->setStr("pfsync_interface",
|
||||
iface->getName());
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -279,7 +279,7 @@ string OSConfigurator_bsd::configureInterfaces()
|
||||
* ifconfig pfsyncN syncdev syncdev [syncpeer syncpeer]
|
||||
*/
|
||||
FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME);
|
||||
for ( ; i!=i.end(); ++i )
|
||||
for ( ; i!=i.end(); ++i)
|
||||
{
|
||||
Interface *iface = Interface::cast(*i);
|
||||
assert(iface);
|
||||
|
||||
@@ -27,7 +27,6 @@ SOURCES = TableFactory.cpp \
|
||||
PolicyCompiler_pf.cpp \
|
||||
PolicyCompiler_pf_writers.cpp \
|
||||
CompilerDriver_pf.cpp \
|
||||
CompilerDriver_pf_cluster.cpp \
|
||||
CompilerDriver_pf_run.cpp \
|
||||
CompilerDriver_ipf.cpp \
|
||||
CompilerDriver_ipf_run.cpp \
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="12" lastModified="1253911075" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="13" lastModified="1253911075" id="root">
|
||||
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
|
||||
<ObjectRef ref="id2735X69605"/>
|
||||
<ObjectRef ref="sysid0"/>
|
||||
@@ -11,7 +11,7 @@
|
||||
<FailoverClusterGroup id="id2719X89830" type="vrrp" name="cluster3:vrrp0:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">vrrp_secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
<ServiceRef ref="sysid1"/>
|
||||
@@ -33,18 +33,18 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">bridge</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
<Option name="vlan_id"/>
|
||||
</InterfaceOptions>
|
||||
<Interface id="id10491X48869" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">ethernet</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
<Option name="vlan_id"/>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id10493X48869" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
|
||||
@@ -81,7 +81,7 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">100</Option>
|
||||
</InterfaceOptions>
|
||||
@@ -92,7 +92,7 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">101</Option>
|
||||
</InterfaceOptions>
|
||||
@@ -105,7 +105,7 @@
|
||||
<ObjectRef ref="id3631X95766"/>
|
||||
<Cluster id="id3631X95766" host_OS="openbsd" inactive="False" lastCompiled="1244758659" lastInstalled="0" lastModified="1244757366" platform="pf" name="pf_cluster_1" comment="" ro="False">
|
||||
<NAT id="id3640X95766" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id3162X39764" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id3162X39764" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -126,7 +126,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id11381X39764" disabled="False" group="" position="1" comment="">
|
||||
<NATRule action="Translate" id="id11381X39764" disabled="False" group="" position="1" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -147,7 +147,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id11397X39764" disabled="False" group="" position="2" comment="">
|
||||
<NATRule action="Translate" id="id11397X39764" disabled="False" group="" position="2" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -168,7 +168,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id15078X39764" disabled="False" group="" position="3" comment="">
|
||||
<NATRule action="Translate" id="id15078X39764" disabled="False" group="" position="3" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@@ -189,7 +189,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id16591X39764" disabled="False" group="" position="4" comment="">
|
||||
<NATRule action="Translate" id="id16591X39764" disabled="False" group="" position="4" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@@ -210,7 +210,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id16611X39764" disabled="False" group="" position="5" comment="">
|
||||
<NATRule action="Translate" id="id16611X39764" disabled="False" group="" position="5" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@@ -398,18 +398,18 @@
|
||||
</Management>
|
||||
<FirewallOptions>
|
||||
<Option name="accept_new_tcp_with_no_syn">False</Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_carp_interfaces">True</Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_pfsync_interfaces">True</Option>
|
||||
<Option name="configure_vlan_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="fallback_log">False</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
@@ -418,11 +418,11 @@
|
||||
<Option name="log_prefix">RULE %N -- %A </Option>
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modulate_state">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_adaptive_end">0</Option>
|
||||
<Option name="pf_adaptive_start">0</Option>
|
||||
@@ -442,7 +442,7 @@
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_limit_table_entries">0</Option>
|
||||
<Option name="pf_limit_tables">0</Option>
|
||||
<Option name="pf_optimization"></Option>
|
||||
<Option name="pf_optimization"/>
|
||||
<Option name="pf_other_first">0</Option>
|
||||
<Option name="pf_other_multiple">0</Option>
|
||||
<Option name="pf_other_single">0</Option>
|
||||
@@ -482,9 +482,9 @@
|
||||
<Option name="pf_udp_multiple">0</Option>
|
||||
<Option name="pf_udp_single">0</Option>
|
||||
<Option name="prolog_place">fw_file</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="sshArgs"/>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<ObjectRef ref="id3346X26920"/>
|
||||
@@ -507,18 +507,18 @@
|
||||
</Management>
|
||||
<FirewallOptions>
|
||||
<Option name="accept_new_tcp_with_no_syn">False</Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_carp_interfaces">True</Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_pfsync_interfaces">False</Option>
|
||||
<Option name="configure_vlan_interfaces">False</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="fallback_log">False</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
@@ -527,11 +527,11 @@
|
||||
<Option name="log_prefix">RULE %N -- %A </Option>
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modulate_state">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_adaptive_end">0</Option>
|
||||
<Option name="pf_adaptive_start">0</Option>
|
||||
@@ -551,7 +551,7 @@
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_limit_table_entries">0</Option>
|
||||
<Option name="pf_limit_tables">0</Option>
|
||||
<Option name="pf_optimization"></Option>
|
||||
<Option name="pf_optimization"/>
|
||||
<Option name="pf_other_first">0</Option>
|
||||
<Option name="pf_other_multiple">0</Option>
|
||||
<Option name="pf_other_single">0</Option>
|
||||
@@ -591,9 +591,9 @@
|
||||
<Option name="pf_udp_multiple">0</Option>
|
||||
<Option name="pf_udp_single">0</Option>
|
||||
<Option name="prolog_place">fw_file</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="sshArgs"/>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Cluster id="id3867X13237" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" name="vrrp_cluster_2" comment="" ro="False">
|
||||
@@ -674,7 +674,7 @@
|
||||
<ObjectGroup id="id1502X69605" name="Clusters" comment="" ro="False">
|
||||
<Cluster id="id2366X75741" host_OS="secuwall" inactive="True" lastCompiled="1248670597" lastInstalled="0" lastModified="1251419063" platform="iptables" name="cluster1" comment="" ro="False">
|
||||
<NAT id="id2370X75741" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id4606X78273" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id4606X78273" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -900,7 +900,7 @@
|
||||
</Cluster>
|
||||
<Cluster id="id2772X94039" host_OS="linux24" inactive="False" lastCompiled="1248541095" lastInstalled="0" lastModified="1253911174" platform="iptables" name="vrrp_cluster_1" comment="" ro="False">
|
||||
<NAT id="id2866X94039" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2867X94039" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id2867X94039" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -1063,15 +1063,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@@ -1194,7 +1194,7 @@
|
||||
</Cluster>
|
||||
<Cluster id="id3433X13311" host_OS="linux24" inactive="False" lastCompiled="1251482764" lastInstalled="0" lastModified="1253910805" platform="iptables" name="heartbeat_cluster_1" comment="This is an example of linux/heartbeat cluster with two policy rule sets. Branching rule in the top policy passes control to rule set to_fw, which is different in member firewalls. See ticket #372 for explanation. " ro="False">
|
||||
<NAT id="id3587X13311" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id3588X13311" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id3588X13311" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -1345,12 +1345,12 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="branch_id">id6187X76214</Option>
|
||||
<Option name="classify_str"></Option>
|
||||
<Option name="classify_str"/>
|
||||
<Option name="connlimit_masklen">0</Option>
|
||||
<Option name="connlimit_value">0</Option>
|
||||
<Option name="custom_str"></Option>
|
||||
<Option name="custom_str"/>
|
||||
<Option name="firewall_is_part_of_any_and_networks">False</Option>
|
||||
<Option name="hashlimit_burst">0</Option>
|
||||
<Option name="hashlimit_dstlimit">False</Option>
|
||||
@@ -1361,34 +1361,34 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="ipf_route_opt_addr"></Option>
|
||||
<Option name="ipf_route_opt_if"></Option>
|
||||
<Option name="ipf_route_opt_addr"/>
|
||||
<Option name="ipf_route_opt_if"/>
|
||||
<Option name="ipf_route_option">route_through</Option>
|
||||
<Option name="ipfw_classify_method">2</Option>
|
||||
<Option name="ipfw_pipe_port_num">0</Option>
|
||||
<Option name="ipfw_pipe_queue_num">0</Option>
|
||||
<Option name="ipt_branch_in_mangle">False</Option>
|
||||
<Option name="ipt_continue">False</Option>
|
||||
<Option name="ipt_gw"></Option>
|
||||
<Option name="ipt_iif"></Option>
|
||||
<Option name="ipt_gw"/>
|
||||
<Option name="ipt_iif"/>
|
||||
<Option name="ipt_mark_connections">False</Option>
|
||||
<Option name="ipt_oif"></Option>
|
||||
<Option name="ipt_oif"/>
|
||||
<Option name="ipt_tee">False</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="pf_fastroute">False</Option>
|
||||
<Option name="pf_route_load_option">none</Option>
|
||||
<Option name="pf_route_opt_addr"></Option>
|
||||
<Option name="pf_route_opt_if"></Option>
|
||||
<Option name="pf_route_opt_addr"/>
|
||||
<Option name="pf_route_opt_if"/>
|
||||
<Option name="pf_route_option">none</Option>
|
||||
<Option name="rule_name_accounting"></Option>
|
||||
<Option name="rule_name_accounting"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@@ -1422,15 +1422,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@@ -1540,7 +1540,7 @@
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
<FirewallOptions>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
</FirewallOptions>
|
||||
<StateSyncClusterGroup id="id3604X13311" master_iface="id2843X69605" type="conntrack" name="State Sync Group" comment="">
|
||||
<ObjectRef ref="id2843X69605"/>
|
||||
@@ -1553,7 +1553,7 @@
|
||||
</Cluster>
|
||||
<Cluster id="id3937X13563" host_OS="linux24" lastCompiled="1248541096" lastInstalled="0" lastModified="1251419063" platform="iptables" name="vrrp_cluster_2" comment="" ro="False">
|
||||
<NAT id="id3941X13563" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id5083X25627" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id5083X25627" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -1716,15 +1716,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@@ -1830,7 +1830,7 @@
|
||||
</Cluster>
|
||||
<Cluster id="id4400X28690" host_OS="linux24" inactive="False" lastCompiled="1248555910" lastInstalled="0" lastModified="1253911350" platform="iptables" name="openais_cluster_1" comment="" ro="False">
|
||||
<NAT id="id4568X28690" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id4569X28690" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id4569X28690" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -1993,15 +1993,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@@ -2035,15 +2035,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@@ -2239,15 +2239,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix">/second</Option>
|
||||
<Option name="hashlimit_value">10</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@@ -2291,30 +2291,30 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_vlan_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@@ -2329,11 +2329,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@@ -2351,13 +2351,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@@ -2400,15 +2400,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix">/second</Option>
|
||||
<Option name="hashlimit_value">20</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@@ -2435,29 +2435,29 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@@ -2472,11 +2472,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@@ -2494,13 +2494,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@@ -2527,9 +2527,9 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">ethernet</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
<Option name="vlan_id"/>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id4038X2906" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
@@ -2547,28 +2547,28 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@@ -2583,11 +2583,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@@ -2605,13 +2605,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@@ -2652,9 +2652,9 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">bonding</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
<Option name="vlan_id"/>
|
||||
</InterfaceOptions>
|
||||
<Interface id="id3807X49120" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
@@ -2677,28 +2677,28 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@@ -2713,11 +2713,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@@ -2735,13 +2735,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@@ -2810,16 +2810,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_bonding_interfaces">True</Option>
|
||||
<Option name="configure_bridge_interfaces">True</Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
@@ -2827,14 +2827,14 @@
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@@ -2849,11 +2849,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@@ -2871,13 +2871,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@@ -2935,7 +2935,7 @@
|
||||
<InterfaceOptions>
|
||||
<Option name="bonding_mode">blance xor</Option>
|
||||
<Option name="bonding_policy">balance-xor</Option>
|
||||
<Option name="bondng_driver_options"></Option>
|
||||
<Option name="bondng_driver_options"/>
|
||||
<Option name="dev_plus_vid">False</Option>
|
||||
<Option name="dev_plus_vid_no_pad">False</Option>
|
||||
<Option name="enable_stp">True</Option>
|
||||
@@ -2965,12 +2965,12 @@
|
||||
<Interface id="id6778X41225" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="bond1.123" comment="" ro="False">
|
||||
<IPv4 id="id16320X39036" name="linux-bonding-1:bond1:bond1.123:ip" comment="" ro="False" address="172.16.2.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="bonding_policy"></Option>
|
||||
<Option name="bondng_driver_options"></Option>
|
||||
<Option name="bonding_policy"/>
|
||||
<Option name="bondng_driver_options"/>
|
||||
<Option name="enable_stp">False</Option>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">123</Option>
|
||||
<Option name="xmit_hash_policy"></Option>
|
||||
<Option name="xmit_hash_policy"/>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
</Interface>
|
||||
@@ -2996,16 +2996,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_bonding_interfaces">True</Option>
|
||||
<Option name="configure_bridge_interfaces">True</Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
@@ -3013,14 +3013,14 @@
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@@ -3035,11 +3035,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@@ -3057,13 +3057,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="12" lastModified="1247165520" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="13" lastModified="1247165520" id="root">
|
||||
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
<StateSyncClusterGroup id="id3505X94039" type="conntrack" name="State Sync Group-1" comment="">
|
||||
@@ -24,7 +24,7 @@
|
||||
</StateSyncClusterGroup>
|
||||
<ObjectRef ref="id10491X48869"/>
|
||||
<ObjectRef ref="id10489X48869"/>
|
||||
<Interface id="id10489X48869" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="br0" comment="" ro="False">
|
||||
<Interface id="id10489X48869" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="br0" comment="" ro="False">
|
||||
<IPv4 id="id11790X48869" name="secuwall-1:br0:ip" comment="" ro="False" address="2.2.2.2" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
@@ -34,7 +34,7 @@
|
||||
<Option name="type">bridge</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
</InterfaceOptions>
|
||||
<Interface id="id10491X48869" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<Interface id="id10491X48869" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
@@ -44,22 +44,26 @@
|
||||
<Option name="vlan_id"></Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id10493X48869" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False"/>
|
||||
<Interface id="id10493X48869" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Interface id="id5112X49120" dyn="False" security_level="0" unnum="False" unprotected="False" name="New Interface" comment="" ro="False"/>
|
||||
<Interface id="id3209X42281" dyn="False" security_level="0" unnum="False" unprotected="False" name="carp2" comment="" ro="False">
|
||||
</Interface>
|
||||
<Interface id="id5112X49120" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="New Interface" comment="" ro="False">
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Interface id="id3209X42281" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="carp2" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="carp_password">my_secret</Option>
|
||||
<Option name="type">carp</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id3211X42281" dyn="False" security_level="0" unnum="False" unprotected="False" name="carp3" comment="" ro="False">
|
||||
<Interface id="id3211X42281" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="carp3" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="carp_password">my_secret</Option>
|
||||
<Option name="type">carp</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id3203X35714" dyn="False" security_level="0" unnum="False" unprotected="False" name="vrrp0" comment="" ro="False">
|
||||
<Interface id="id3203X35714" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="vrrp0" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="type">vrrp</Option>
|
||||
<Option name="vrrp_secret">my_secret</Option>
|
||||
@@ -68,7 +72,7 @@
|
||||
<StateSyncClusterGroup id="id7981X81475" type="pfsync" name="pfsync group 2" comment="">
|
||||
<ClusterGroupOptions/>
|
||||
</StateSyncClusterGroup>
|
||||
<Interface id="id2960X48869" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vlan100" comment="" ro="False">
|
||||
<Interface id="id2960X48869" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vlan100" comment="" ro="False">
|
||||
<IPv4 id="id3508X48869" name="eth1:vlan100:ip" comment="" ro="False" address="10.10.100.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
@@ -79,7 +83,7 @@
|
||||
<Option name="vlan_id">100</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id9262X48869" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vlan101" comment="" ro="False">
|
||||
<Interface id="id9262X48869" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vlan101" comment="" ro="False">
|
||||
<IPv4 id="id9264X48869" name="eth1:vlan101:ip" comment="" ro="False" address="10.10.101.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
@@ -102,7 +106,7 @@
|
||||
<ObjectRef ref="id2366X75741"/>
|
||||
<Cluster id="id2366X75741" host_OS="secuwall" lastCompiled="1247150655" lastInstalled="0" lastModified="1242671896" platform="iptables" name="cluster1" comment="" ro="False">
|
||||
<NAT id="id2370X75741" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id4606X78273" disabled="False" position="0" comment="">
|
||||
<NATRule id="id4606X78273" disabled="False" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -253,7 +257,7 @@
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id2371X75741" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id2374X75741" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp0" comment="" ro="False">
|
||||
<Interface id="id2374X75741" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp0" comment="" ro="False">
|
||||
<IPv4 id="id2375X75741" name="cluster1:vrrp0:ip" comment="" ro="False" address="172.24.0.1" netmask="255.255.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
@@ -266,7 +270,7 @@
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
<Interface id="id2379X75741" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp1" comment="" ro="False">
|
||||
<Interface id="id2379X75741" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp1" comment="" ro="False">
|
||||
<IPv4 id="id2380X75741" name="cluster1:vrrp1:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
@@ -274,7 +278,7 @@
|
||||
</InterfaceOptions>
|
||||
<FailoverClusterGroup id="id2382X75741" master_iface="id2844X69605" type="vrrp" name="cluster1:vrrp1:members" comment=""/>
|
||||
</Interface>
|
||||
<Interface id="id3213X42281" dyn="False" security_level="0" unnum="False" unprotected="False" name="vrrp2" comment="" ro="False">
|
||||
<Interface id="id3213X42281" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="vrrp2" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="type">vrrp</Option>
|
||||
@@ -291,7 +295,7 @@
|
||||
<ObjectRef ref="id2772X94039"/>
|
||||
<Cluster id="id2772X94039" host_OS="linux24" inactive="False" lastCompiled="1247150656" lastInstalled="0" lastModified="1243709194" platform="iptables" name="linux_cluster_1" comment="" ro="False">
|
||||
<NAT id="id2866X94039" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2867X94039" disabled="False" position="0" comment="">
|
||||
<NATRule id="id2867X94039" disabled="False" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -524,7 +528,7 @@
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id2881X94039" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id2882X94039" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp0" comment="" ro="False">
|
||||
<Interface id="id2882X94039" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp0" comment="" ro="False">
|
||||
<IPv4 id="id2889X94039" name="cluster1-1:vrrp0:ip" comment="" ro="False" address="172.24.0.1" netmask="255.255.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
@@ -537,7 +541,7 @@
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
<Interface id="id2895X94039" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp1" comment="" ro="False">
|
||||
<Interface id="id2895X94039" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp1" comment="" ro="False">
|
||||
<IPv4 id="id2901X94039" name="cluster1-1:vrrp1:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
@@ -554,7 +558,7 @@
|
||||
<NAT id="id2712X89830" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id2711X89830" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id2713X89830" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id2716X89830" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp0" comment="" ro="False">
|
||||
<Interface id="id2716X89830" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp0" comment="" ro="False">
|
||||
<IPv4 id="id2717X89830" name="cluster3:vrrp0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
@@ -562,7 +566,7 @@
|
||||
</InterfaceOptions>
|
||||
<FailoverClusterGroup id="id3048X95200" master_iface="id4030X2906" type="vrrp" name="Failover group" comment=""/>
|
||||
</Interface>
|
||||
<Interface id="id2721X89830" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp1" comment="" ro="False">
|
||||
<Interface id="id2721X89830" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vrrp1" comment="" ro="False">
|
||||
<IPv4 id="id2722X89830" name="cluster3:vrrp1:ip" comment="" ro="False" address="172.24.0.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
@@ -577,13 +581,13 @@
|
||||
<NAT id="id3102X82837" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id3101X82837" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id3103X82837" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id3104X82837" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<Interface id="id3104X82837" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<IPv4 id="id3109X82837" name="gw1-bridge:eth0:ip" comment="" ro="False" address="172.24.0.2" netmask="255.255.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="type">ethernet</Option>
|
||||
<Option name="vlan_id">0</Option>
|
||||
</InterfaceOptions>
|
||||
<Interface id="id3111X82837" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="" ro="False">
|
||||
<Interface id="id3111X82837" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="dev_plus_vid">False</Option>
|
||||
<Option name="dev_plus_vid_no_pad">True</Option>
|
||||
@@ -594,7 +598,7 @@
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
</Interface>
|
||||
<Interface id="id3114X82837" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="br1" comment="" ro="False">
|
||||
<Interface id="id3114X82837" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="br1" comment="" ro="False">
|
||||
<IPv4 id="id3117X82837" name="gw1-bridge:br1:ip" comment="" ro="False" address="192.168.1.2" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="dev_plus_vid">False</Option>
|
||||
@@ -606,7 +610,7 @@
|
||||
<Option name="vlan_plus_vid">False</Option>
|
||||
<Option name="vlan_plus_vid_no_pad">True</Option>
|
||||
</InterfaceOptions>
|
||||
<Interface id="id3127X82837" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<Interface id="id3127X82837" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="dev_plus_vid">False</Option>
|
||||
<Option name="dev_plus_vid_no_pad">False</Option>
|
||||
@@ -616,9 +620,11 @@
|
||||
<Option name="vlan_plus_vid_no_pad">True</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id3129X82837" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False"/>
|
||||
<Interface id="id3129X82837" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Interface id="id3119X82837" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
</Interface>
|
||||
<Interface id="id3119X82837" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<IPv4 id="id3121X82837" name="gw1-bridge:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
@@ -714,13 +720,13 @@
|
||||
<NAT id="id2827X69605" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id2741X69605" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id2842X69605" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id2843X69605" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<Interface id="id2843X69605" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<IPv4 id="id3764X78273" name="linux-1:eth0:ip" comment="" ro="False" address="172.24.0.2" netmask="255.255.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="type">ethernet</Option>
|
||||
<Option name="vlan_id">0</Option>
|
||||
</InterfaceOptions>
|
||||
<Interface id="id3188X29979" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="" ro="False">
|
||||
<Interface id="id3188X29979" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="dev_plus_vid">False</Option>
|
||||
<Option name="dev_plus_vid_no_pad">True</Option>
|
||||
@@ -731,15 +737,16 @@
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
</Interface>
|
||||
<Interface id="id2844X69605" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
|
||||
<Interface id="id2844X69605" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
|
||||
<IPv4 id="id2846X69605" name="linux-1:eth1:ip" comment="" ro="False" address="192.168.1.2" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="type">ethernet</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id2847X69605" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<Interface id="id2847X69605" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<IPv4 id="id2849X69605" name="linux-1:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Management address="192.168.1.2">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
@@ -830,14 +837,17 @@
|
||||
<NAT id="id3101X69605" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id3015X69605" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id3116X69605" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id3117X69605" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<Interface id="id3117X69605" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<IPv4 id="id3765X78273" name="linux-2:eth0:ip" comment="" ro="False" address="172.24.0.3" netmask="255.255.0.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Interface id="id3118X69605" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
|
||||
<Interface id="id3118X69605" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
|
||||
<IPv4 id="id3120X69605" name="linux-2:eth1:ip" comment="" ro="False" address="192.168.1.3" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Interface id="id3121X69605" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<Interface id="id3121X69605" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<IPv4 id="id3123X69605" name="linux-2:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Management address="192.168.1.3">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
@@ -926,14 +936,14 @@
|
||||
<NAT id="id4028X2906" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id4027X2906" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id4029X2906" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id4030X2906" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<Interface id="id4030X2906" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<IPv4 id="id4032X2906" name="secuwall-1:eth0:ip" comment="" ro="False" address="172.24.0.2" netmask="255.255.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="type">ethernet</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id4033X2906" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
|
||||
<Interface id="id4033X2906" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
|
||||
<IPv4 id="id4036X2906" name="secuwall-1:eth1:ip" comment="" ro="False" address="192.168.1.2" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
@@ -944,8 +954,12 @@
|
||||
<Option name="vlan_id"></Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id4038X2906" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<Interface id="id4038X2906" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<IPv4 id="id4040X2906" name="secuwall-1:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_type">ethernet</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Management address="192.168.1.2">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
@@ -1034,16 +1048,28 @@
|
||||
<NAT id="id4053X2906" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id4052X2906" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id4054X2906" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id4055X2906" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<Interface id="id4055X2906" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<IPv4 id="id4057X2906" name="secuwall-2:eth0:ip" comment="" ro="False" address="172.24.0.3" netmask="255.255.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_type">ethernet</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id4058X2906" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
|
||||
<Interface id="id4058X2906" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
|
||||
<IPv4 id="id4060X2906" name="secuwall-2:eth1:ip" comment="" ro="False" address="192.168.1.3" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_type">ethernet</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id4061X2906" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<Interface id="id4061X2906" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<IPv4 id="id4063X2906" name="secuwall-2:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_type">ethernet</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id3805X49120" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="br0" comment="" ro="False">
|
||||
<Interface id="id3805X49120" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="br0" comment="" ro="False">
|
||||
<IPv4 id="id3809X49120" name="secuwall-2:br0:ip" comment="" ro="False" address="2.2.2.2" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
@@ -1053,13 +1079,18 @@
|
||||
<Option name="type">bonding</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
</InterfaceOptions>
|
||||
<Interface id="id3807X49120" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<Interface id="id3807X49120" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="type">ethernet</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id3808X49120" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False"/>
|
||||
<Interface id="id3808X49120" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_type">ethernet</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
</Interface>
|
||||
<Management address="192.168.1.3">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
@@ -1148,7 +1179,7 @@
|
||||
<ObjectGroup id="id1502X69605" name="Clusters" comment="" ro="False">
|
||||
<Cluster id="id3631X95766" host_OS="openbsd" inactive="False" lastCompiled="1248551815" lastInstalled="0" lastModified="1247165543" platform="pf" name="pf_cluster_1" comment=" " ro="False">
|
||||
<NAT id="id3640X95766" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id3162X39764" disabled="False" position="0" comment="">
|
||||
<NATRule id="id3162X39764" disabled="False" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -1169,7 +1200,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id11381X39764" disabled="False" group="" position="1" comment="">
|
||||
<NATRule id="id11381X39764" disabled="False" group="" position="1" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -1190,7 +1221,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id11397X39764" disabled="False" group="" position="2" comment="">
|
||||
<NATRule id="id11397X39764" disabled="False" group="" position="2" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@@ -1211,7 +1242,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id15078X39764" disabled="False" group="" position="3" comment="">
|
||||
<NATRule id="id15078X39764" disabled="False" group="" position="3" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@@ -1232,7 +1263,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id16591X39764" disabled="False" group="" position="4" comment="">
|
||||
<NATRule id="id16591X39764" disabled="False" group="" position="4" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@@ -1253,7 +1284,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id16611X39764" disabled="False" group="" position="5" comment="">
|
||||
<NATRule id="id16611X39764" disabled="False" group="" position="5" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@@ -1398,7 +1429,7 @@
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id3641X95766" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id3642X95766" dyn="False" label="pf_clsuter_1 carp0" mgmt="False" security_level="0" unnum="False" unprotected="False" name="carp0" comment="" ro="False">
|
||||
<Interface id="id3642X95766" dedicated_failover="False" dyn="False" label="pf_clsuter_1 carp0" mgmt="False" security_level="0" unnum="False" unprotected="False" name="carp0" comment="" ro="False">
|
||||
<IPv4 id="id3647X95766" name="pf_cluster_1:carp0:ip" comment="" ro="False" address="172.24.0.1" netmask="255.255.255.0"/>
|
||||
<IPv4 id="id16633X39764" name="pf_cluster_1:carp0:ip-1" comment="" ro="False" address="172.24.0.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
@@ -1417,7 +1448,7 @@
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
<Interface id="id3651X95766" dyn="False" label="pf_cluster_1 carp1" mgmt="False" security_level="0" unnum="False" unprotected="False" name="carp1" comment="" ro="False">
|
||||
<Interface id="id3651X95766" dedicated_failover="False" dyn="False" label="pf_cluster_1 carp1" mgmt="False" security_level="0" unnum="False" unprotected="False" name="carp1" comment="" ro="False">
|
||||
<IPv4 id="id3656X95766" name="pf_cluster_1:carp1:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
@@ -1432,7 +1463,7 @@
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
<Interface id="id3695X33400" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<Interface id="id3695X33400" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
<IPv4 id="id3697X33400" name="pf_cluster_1:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="carp_password">my_secret</Option>
|
||||
@@ -1473,7 +1504,7 @@
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id5644X42213" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id5470X42213" dyn="False" label="pf_clsuter_1 carp0" mgmt="False" security_level="0" unnum="False" unprotected="False" name="carp0" comment="" ro="False">
|
||||
<Interface id="id5470X42213" dedicated_failover="False" dyn="False" label="pf_clsuter_1 carp0" mgmt="False" security_level="0" unnum="False" unprotected="False" name="carp0" comment="" ro="False">
|
||||
<IPv4 id="id5478X42213" name="pf_cluster_1-1:carp0:ip1" comment="" ro="False" address="172.24.0.1" netmask="255.255.255.0"/>
|
||||
<IPv4 id="id5479X42213" name="pf_cluster_1-1:carp0:ip2" comment="" ro="False" address="172.24.0.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
@@ -1492,7 +1523,7 @@
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
<Interface id="id5485X42213" dyn="False" label="pf_cluster_1 carp1" mgmt="False" security_level="0" unnum="False" unprotected="False" name="carp1" comment="" ro="False">
|
||||
<Interface id="id5485X42213" dedicated_failover="False" dyn="False" label="pf_cluster_1 carp1" mgmt="False" security_level="0" unnum="False" unprotected="False" name="carp1" comment="" ro="False">
|
||||
<IPv4 id="id5492X42213" name="pf_cluster_1-1:carp1:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
@@ -1523,7 +1554,7 @@
|
||||
<NAT id="id3646X20162" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id3645X20162" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id3647X20162" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id3650X20162" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="carp0" comment="" ro="False">
|
||||
<Interface id="id3650X20162" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="carp0" comment="" ro="False">
|
||||
<IPv4 id="id3651X20162" name="pf_cluster_3:carp0:ip" comment="" ro="False" address="172.24.0.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="type">cluster_interface</Option>
|
||||
@@ -1535,7 +1566,7 @@
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
<Interface id="id3655X20162" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="carp1" comment="" ro="False">
|
||||
<Interface id="id3655X20162" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="carp1" comment="" ro="False">
|
||||
<IPv4 id="id3656X20162" name="pf_cluster_3:carp1:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="type">cluster_interface</Option>
|
||||
@@ -1547,7 +1578,7 @@
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
<Interface id="id3660X20162" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
|
||||
<Interface id="id3660X20162" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
|
||||
<IPv4 id="id3661X20162" name="pf_cluster_3:lo0:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="type">cluster_interface</Option>
|
||||
@@ -1595,18 +1626,19 @@
|
||||
<NAT id="id2831X26920" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id2830X26920" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id2832X26920" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id2833X26920" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="en0" comment="" ro="False">
|
||||
<Interface id="id2833X26920" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="en0" comment="" ro="False">
|
||||
<IPv4 id="id2834X26920" name="openbsd-1:en0:ip" comment="" ro="False" address="172.24.0.2" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
<Interface id="id3234X10904" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vlan0" comment="" ro="False">
|
||||
<Interface id="id3234X10904" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vlan0" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">100</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
</Interface>
|
||||
<Interface id="id2835X26920" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="en1" comment="" ro="False">
|
||||
<Interface id="id2835X26920" dedicated_failover="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="en1" comment="" ro="False">
|
||||
<IPv4 id="id2836X26920" name="openbsd-1:en1:ip" comment="" ro="False" address="192.168.1.2" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Management address="0.0.0.0">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
@@ -1708,11 +1740,13 @@
|
||||
<NAT id="id3344X26920" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id3343X26920" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id3345X26920" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id3346X26920" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="en0" comment="" ro="False">
|
||||
<Interface id="id3346X26920" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="en0" comment="" ro="False">
|
||||
<IPv4 id="id3348X26920" name="openbsd-2:en0:ip" comment="" ro="False" address="172.24.0.3" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Interface id="id3349X26920" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="en1" comment="" ro="False">
|
||||
<Interface id="id3349X26920" dedicated_failover="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="en1" comment="" ro="False">
|
||||
<IPv4 id="id3351X26920" name="openbsd-2:en1:ip" comment="" ro="False" address="192.168.1.3" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Management address="0.0.0.0">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
@@ -1814,18 +1848,19 @@
|
||||
<NAT id="id7310X42213" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id7309X42213" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id7311X42213" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id7296X42213" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="en0" comment="" ro="False">
|
||||
<Interface id="id7296X42213" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="en0" comment="" ro="False">
|
||||
<IPv4 id="id7301X42213" name="freebsd-1:en0:ip" comment="" ro="False" address="172.24.0.2" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
<Interface id="id7303X42213" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vlan0" comment="" ro="False">
|
||||
<Interface id="id7303X42213" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="vlan0" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">100</Option>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
</Interface>
|
||||
<Interface id="id7306X42213" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="en1" comment="" ro="False">
|
||||
<Interface id="id7306X42213" dedicated_failover="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="en1" comment="" ro="False">
|
||||
<IPv4 id="id7308X42213" name="freebsd-1:en1:ip" comment="" ro="False" address="192.168.1.2" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Management address="0.0.0.0">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
@@ -1928,11 +1963,13 @@
|
||||
<NAT id="id7330X42213" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Policy id="id7329X42213" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Routing id="id7331X42213" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
|
||||
<Interface id="id7323X42213" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="en0" comment="" ro="False">
|
||||
<Interface id="id7323X42213" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="en0" comment="" ro="False">
|
||||
<IPv4 id="id7325X42213" name="freebsd-2:en0:ip" comment="" ro="False" address="172.24.0.3" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Interface id="id7326X42213" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="en1" comment="" ro="False">
|
||||
<Interface id="id7326X42213" dedicated_failover="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="en1" comment="" ro="False">
|
||||
<IPv4 id="id7328X42213" name="freebsd-2:en1:ip" comment="" ro="False" address="192.168.1.3" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Management address="0.0.0.0">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
|
||||
Reference in New Issue
Block a user