onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2025-10-16 07:28:25 +02:00
Code Issues Releases Wiki Activity

fixes #2091 ethernet intrface options a used twice if the interface is a bridge port

Browse Source
This commit is contained in:
Vadim Kurland 2011-02-14 16:08:54 -08:00
parent ec5bb2290d
commit bee424b3d0
72 changed files with 1039 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/ChangeLog
View File

@ -1,5 +1,12 @@
2011-02-14 vadim <vadim@netcitadel.com>
* OSConfigurator_bsd_interfaces.cpp (configureInterfaces): fixes
#2091 "ethernet intrface options a used twice if the interface is
a bridge port". When an interface appeared twice in the firewall
configuration, such as when it is used as a bridge port and
vlan parent interface, options configured for it in its settings
dialog were added twice to the generated configuration.
* OSConfigurator_freebsd.cpp (interfaceConfigLineBridge): fixes
#2092 "option "stp" should be optional in the ifconfig command
that builds bridge interface for FreeBSD". The dialog provides

17
src/libgui/bsdifaceoptsdialog_q.ui
View File

@ -172,26 +172,13 @@
</property>
</widget>
</item>
<item row="3" column="1" colspan="3">
<item row="3" column="1" colspan="4">
<widget class="QLineEdit" name="iface_options">
<property name="toolTip">
<string>additional arguments for ifconfig</string>
</property>
</widget>
</item>
<item row="3" column="4">
<spacer name="horizontalSpacer_4">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>147</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="4" column="0" colspan="5">
<widget class="QStackedWidget" name="options_stack">
<property name="sizePolicy">
@ -281,7 +268,7 @@
</widget>
</widget>
</item>
<item row="5" column="0" colspan="2">
<item row="5" column="0">
<spacer>
<property name="orientation">
<enum>Qt::Vertical</enum>

4
src/pflib/OSConfigurator_bsd_interfaces.cpp
View File

@ -302,6 +302,10 @@ string OSConfigurator_bsd::configureInterfaces()
// sort interfaces by name
all_names.sort();
// remove duplicates. We get duplicates in all_names when an
// interface appears twice, once as a bridge port and another time as
// vlan parent interface
all_names.removeDuplicates();
ipv6_names.sort();
intf_names.sort();

4
test/pf/firewall-base-rulesets.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:49 2011 PST by vadim
# Generated Mon Feb 14 16:07:54 2011 PST by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
# files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
@ -163,7 +163,7 @@ configure_interfaces() {
update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:49 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:54 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall-ipv6-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:49 2011 PST by vadim
# Generated Mon Feb 14 16:07:55 2011 PST by vadim
#
# files: * firewall-ipv6-1.fw pf-ipv6.fw
# files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
@ -175,7 +175,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:49 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:55 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall-ipv6-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:50 2011 PST by vadim
# Generated Mon Feb 14 16:07:56 2011 PST by vadim
#
# files: * firewall-ipv6-2.fw pf.fw
# files: firewall-ipv6-2.conf pf.conf
@ -179,7 +179,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:50 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall-ipv6-3.fw.orig
View File

@ -3,7 +3,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:50 2011 PST by vadim
# Generated Mon Feb 14 16:07:56 2011 PST by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
# files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf

4
test/pf/firewall.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:17 2011 PST by vadim
# Generated Mon Feb 14 16:07:22 2011 PST by vadim
#
# files: * firewall.fw /etc/pf.fw
# files: firewall.conf /etc/pf.conf
@ -167,7 +167,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:17 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:22 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:17 2011 PST by vadim
# Generated Mon Feb 14 16:07:23 2011 PST by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
# files: firewall1.conf /etc/fw/firewall1.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:17 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:23 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall10-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:20 2011 PST by vadim
# Generated Mon Feb 14 16:07:25 2011 PST by vadim
#
# files: * firewall10-1.fw /etc/fw/firewall10-1.fw
# files: firewall10-1.conf /etc/fw/firewall10-1.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:20 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:25 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall10-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:21 2011 PST by vadim
# Generated Mon Feb 14 16:07:26 2011 PST by vadim
#
# files: * firewall10-2.fw /etc/fw/firewall10-2.fw
# files: firewall10-2.conf /etc/fw/firewall10-2.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:21 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:26 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall10-3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:22 2011 PST by vadim
# Generated Mon Feb 14 16:07:27 2011 PST by vadim
#
# files: * firewall10-3.fw /etc/fw/firewall10-3.fw
# files: firewall10-3.conf /etc/fw/firewall10-3.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:22 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:27 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall10-4.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:24 2011 PST by vadim
# Generated Mon Feb 14 16:07:29 2011 PST by vadim
#
# files: * firewall10-4.fw /etc/fw/firewall10-4.fw
# files: firewall10-4.conf /etc/fw/firewall10-4.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:24 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:29 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall10-5.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:26 2011 PST by vadim
# Generated Mon Feb 14 16:07:31 2011 PST by vadim
#
# files: * firewall10-5.fw /etc/fw/firewall10-5.fw
# files: firewall10-5.conf /etc/fw/firewall10-5.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:26 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:31 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall10-6.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:27 2011 PST by vadim
# Generated Mon Feb 14 16:07:32 2011 PST by vadim
#
# files: * firewall10-6.fw /etc/fw/firewall10-6.fw
# files: firewall10-6.conf /etc/fw/firewall10-6.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:27 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:32 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall100.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:18 2011 PST by vadim
# Generated Mon Feb 14 16:07:23 2011 PST by vadim
#
# files: * firewall100.fw /etc/fw/pf.fw
# files: firewall100.conf /etc/fw/path\ with\ space/pf.conf
@ -161,7 +161,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:18 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:23 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall101.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:19 2011 PST by vadim
# Generated Mon Feb 14 16:07:24 2011 PST by vadim
#
# files: * firewall101.fw /etc/fw/pf.fw
# files: firewall101.conf /etc/fw/path\ with\ space/pf.conf
@ -164,7 +164,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:19 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:24 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall102.fw.orig
View File

@ -3,7 +3,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:20 2011 PST by vadim
# Generated Mon Feb 14 16:07:25 2011 PST by vadim
#
# files: * firewall102.fw /etc/fw/pf.fw
# files: firewall102.conf /etc/fw/path\ with\ space/pf.conf

4
test/pf/firewall103-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:23 2011 PST by vadim
# Generated Mon Feb 14 16:07:28 2011 PST by vadim
#
# files: * firewall103-1.fw /etc/fw/pf.fw
# files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf
@ -387,7 +387,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:23 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:28 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall103-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:23 2011 PST by vadim
# Generated Mon Feb 14 16:07:28 2011 PST by vadim
#
# files: * firewall103-2.fw /etc/fw/pf.fw
# files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf
@ -387,7 +387,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:23 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:28 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall103.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:21 2011 PST by vadim
# Generated Mon Feb 14 16:07:26 2011 PST by vadim
#
# files: * firewall103.fw /etc/fw/pf.fw
# files: firewall103.conf /etc/fw/path\ with\ space/pf.conf
@ -390,7 +390,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:21 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:26 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall104-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:25 2011 PST by vadim
# Generated Mon Feb 14 16:07:30 2011 PST by vadim
#
# files: * firewall104-1.fw /etc/fw/pf.fw
# files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf
@ -386,7 +386,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:25 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:30 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall104.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:24 2011 PST by vadim
# Generated Mon Feb 14 16:07:29 2011 PST by vadim
#
# files: * firewall104.fw /etc/fw/pf.fw
# files: firewall104.conf /etc/fw/path\ with\ space/pf.conf
@ -389,7 +389,7 @@ configure_interfaces() {
update_addresses_of_interface "em3" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:24 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:29 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall105.fw.orig
View File

@ -3,7 +3,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:25 2011 PST by vadim
# Generated Mon Feb 14 16:07:30 2011 PST by vadim
#
# files: * firewall105.fw /etc/fw/pf.fw
# files: firewall105.conf /etc/fw/path\ with\ space/pf.conf

2
test/pf/firewall106.fw.orig
View File

@ -3,7 +3,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:27 2011 PST by vadim
# Generated Mon Feb 14 16:07:31 2011 PST by vadim
#
# files: * firewall106.fw /etc/fw/pf.fw
# files: firewall106.conf /etc/fw/path\ with\ space/pf.conf

4
test/pf/firewall107.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:28 2011 PST by vadim
# Generated Mon Feb 14 16:07:32 2011 PST by vadim
#
# files: * firewall107.fw /etc/fw/pf.fw
# files: firewall107.conf /etc/fw/path\ with\ space/pf.conf
@ -388,7 +388,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:28 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:32 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall108.fw.orig
View File

@ -3,7 +3,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:29 2011 PST by vadim
# Generated Mon Feb 14 16:07:33 2011 PST by vadim
#
# files: * firewall108.fw /etc/fw/pf.fw
# files: firewall108.conf /etc/fw/path\ with\ space/pf.conf

25
test/pf/firewall109-1.conf.orig Normal file
View File

@ -0,0 +1,25 @@
set timeout udp.single 5
#
# Scrub rules
#
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl 1 max-mss 1460)
# Tables: (1)
table <tbl.r9998.d> { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r9998.d> port 22 label "RULE 9998 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "
#
# Rule fallback rule
# fallback rule
block quick inet from any to any no state label "RULE 10000 -- DROP "

39
test/pf/firewall109-1.fw.orig Executable file
View File

@ -0,0 +1,39 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 16:07:34 2011 PST by vadim
#
# files: * firewall109-1.fw /etc/fw/pf.fw
# files: firewall109-1.conf /etc/fw/path\ with\ space/pf.conf
#
# Compiled for pf 4.7
#
# complex configuration with bridge and vlan, rc.conf format
gateway_enable="YES"
cloned_interfaces="vlan101 vlan102 bridge0"
network_interfaces="bridge0 em0 vlan101 vlan102"
ifconfig_bridge0="addm em1 -stp em1 addm em2 -stp em2 up 192.168.1.1 netmask 0xffffff00"
ifconfig_em0="10.3.14.81 netmask 0xffffff00"
ifconfig_em1="up media 100baseTX mediaopt full-duplex up"
vlans_em2="vlan101 vlan102"
create_args_vlan101="vlan 101 vlandev em2"
create_args_vlan102="vlan 102 vlandev em2"
ifconfig_em2="up media 100baseTX mediaopt full-duplex up"
pfsync_enable="YES"
ifconfig_vlan101="192.168.101.1 netmask 0xffffff00"
ifconfig_vlan102="192.168.102.1 netmask 0xffffff00"
pf_enable="YES"
pf_rules="/etc/fw/path\ with\ space/pf.conf"

25
test/pf/firewall109.conf.orig Normal file
View File

@ -0,0 +1,25 @@
set timeout udp.single 5
#
# Scrub rules
#
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl 1 max-mss 1460)
# Tables: (1)
table <tbl.r9998.d> { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 }
#
# Rule backup ssh access rule
# backup ssh access rule
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r9998.d> port 22 label "RULE 9998 -- ACCEPT "
#
# Rule 0 (global)
block log quick inet from any to any no state label "RULE 0 -- DROP "
#
# Rule fallback rule
# fallback rule
block quick inet from any to any no state label "RULE 10000 -- DROP "

411
test/pf/firewall109.fw.orig Executable file
View File

@ -0,0 +1,411 @@
#!/bin/sh
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 16:07:34 2011 PST by vadim
#
# files: * firewall109.fw /etc/fw/pf.fw
# files: firewall109.conf /etc/fw/path\ with\ space/pf.conf
#
# Compiled for pf 4.7
#
# complex configuration with bridge and vlan
FWDIR=`dirname $0`
IFCONFIG="/sbin/ifconfig"
PFCTL="/sbin/pfctl"
IPFW="/sbin/ipfw"
IPF="/sbin/ipf"
IPNAT="/sbin/ipnat"
SYSCTL="/sbin/sysctl"
LOGGER="/usr/bin/logger"
log() {
echo "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
func=$1
list1=$2
list2=$3
cmd=$4
for intf in $list1
do
echo $list2 | grep -q $intf || {
# $vlan is absent in list 2
$func $intf $cmd
}
done
}
missing_address() {
address=$1
cmd=$2
oldIFS=$IFS
IFS="@"
set $address
addr=$1
interface=$2
IFS=$oldIFS
if echo "$addr" | grep -q ':'
then
inet="inet6"
addr=$(echo "$addr" | sed 's!/! prefixlen !')
else
inet="inet"
addr=$(echo "$addr" | sed 's!/! netmask !')
fi
parameter=""
test "$cmd" = "add" && {
echo "# Adding ip address: $interface $addr"
parameter="alias"
}
test "$cmd" = "del" && {
echo "# Removing ip address: $interface $addr"
parameter="delete"
}
$FWBDEBUG $IFCONFIG $interface $inet $addr $parameter
$FWBDEBUG $IFCONFIG $interface up
}
list_addresses_by_scope() {
interface=$1
scope=$2
ignore_list=$3
scope_regex="1"
if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi
$IFCONFIG $interface | sed "s/%$interface//" | \
awk -v IGNORED="$ignore_list" \
"BEGIN {
split(IGNORED,ignored_arr);
for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;}
}
(/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \
while read addr; do
echo "${addr}@$interface"
done | sort
}
update_addresses_of_interface() {
ignore_list=$2
set $1
interface=$1
shift
FWB_ADDRS=$(
for addr in $*; do
echo "${addr}@$interface"
done | sort
)
CURRENT_ADDRS_ALL_SCOPES=""
CURRENT_ADDRS_GLOBAL_SCOPE=""
$IFCONFIG $interface >/dev/null 2>&1 && {
CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list")
CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list")
} || {
echo "# Interface $interface does not exist"
# Stop the script if we are not in test mode
test -z "$FWBDEBUG" && exit 1
}
diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add
diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del
}
missing_vlan() {
vlan=$1
cmd=$2
oldIFS=$IFS
IFS="@"
set $vlan
subint=$1
parent=$2
IFS=$oldIFS
vlan_id=$(echo $subint | sed 's/vlan//')
test "$cmd" = "add" && {
echo "# Adding VLAN interface $subint (parent: $parent)"
$FWBDEBUG $IFCONFIG $subint vlan $vlan_id vlandev $parent || exit 1
$FWBDEBUG $IFCONFIG $subint up || exit 1
}
test "$cmd" = "rem" && {
echo "# Removing VLAN interface $subint (parent: $parent)"
$FWBDEBUG $IFCONFIG $subint vlan $vlan_id -vlandev || exit 1
$FWBDEBUG $IFCONFIG $subint destroy || exit 1
}
}
parse_fwb_vlans() {
set $1
vlan_parent_interface=$1
shift
FWB_VLANS=$(
for subint in $*; do
echo "${subint}@$vlan_parent_interface"
done | sort
)
echo $FWB_VLANS
}
parse_current_vlans() {
vlan_parent_interface=$1
$IFCONFIG | grep 'vlan: ' | sed 's/parent interface://' | \
while read x vlan_id parent
do
test "$parent" = "$vlan_parent_interface" && echo "vlan$vlan_id@$parent"
done | sort
}
update_vlans_of_interface() {
args="$1"
set $1
vlan_parent_interface=$1
FWB_VLANS=$(parse_fwb_vlans "$args")
CURRENT_VLANS=$(parse_current_vlans $vlan_parent_interface)
$IFCONFIG $vlan_parent_interface up || exit 1
diff_intf missing_vlan "$FWB_VLANS" "$CURRENT_VLANS" add
diff_intf missing_vlan "$CURRENT_VLANS" "$FWB_VLANS" rem
}
sync_vlan_interfaces() {
$IFCONFIG | awk -v IGNORED="$*" \
'BEGIN {
split(IGNORED,ignored_arr);
for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;}
}
($1 ~ /^vlan[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\
while read intf; do
echo "# Deleting vlan interface $intf"
$FWBDEBUG $IFCONFIG $intf destroy || exit 1
done
for intf in $*; do
$IFCONFIG $intf >/dev/null 2>&1 || {
echo "# Creating vlan interface $intf"
$FWBDEBUG $IFCONFIG $intf create || exit 1
}
done
}
BRCONFIG="$IFCONFIG"
missing_port() {
intf=$1
cmd=$2
oldIFS=$IFS
IFS="@"
set $intf
port=$1
bridge_interface=$2
IFS=$oldIFS
echo "# Updating bridge configuration: $bridge_interface $cmd $port"
$FWBDEBUG $BRCONFIG $bridge_interface $cmd $port
test "$cmd" = "addm" && $FWBDEBUG $IFCONFIG $port up
}
update_bridge_interface() {
bridge_interface=$1
shift
FWB_PORTS=""
CURRENT_PORTS=""
FWB_PORTS=$(
for subint in $*; do
echo "${subint}@$bridge_interface"
done | sort
)
# this is really redundant because we create missing bridge
# interfaces in sync_bridge_interfaces. However will leave this
# here so that function update_bridge can be used without prior
# call to sync_bridge_interfaces The difference is that
# sync_bridge_interfaces also deletes bridge interfaces that exist
# on the machine but are missing in fwbuilder confgiuration. The
# update_bridge function can only add bridge interfaces.
$BRCONFIG $bridge_interface >/dev/null 2>&1 || {
echo "# Creating bridge interface $bridge_interface"
$FWBDEBUG $IFCONFIG $bridge_interface create
$FWBDEBUG $IFCONFIG $bridge_interface up
}
PORTS=$(
$BRCONFIG $bridge_interface | awk '($1~/member:/) { print $2; }'
)
test -n "$PORTS" && {
CURRENT_PORTS=$(
for subint in $PORTS; do
echo "${subint}@$bridge_interface"
done | sort
)
}
# first delete bridge ports, then add. This way, if an interface
# moves from one bridge to another, we remove it first and then
# add. It would not work if we tried to add it first, brctl issues
# an error:
# device eth2 is already a member of a bridge; can't enslave it to bridge br1.
#
diff_intf missing_port "$CURRENT_PORTS" "$FWB_PORTS" deletem
diff_intf missing_port "$FWB_PORTS" "$CURRENT_PORTS" addm
}
sync_bridge_interfaces() {
$BRCONFIG -a | awk -F: -v IGNORED="$*" \
'BEGIN {
split(IGNORED,ignored_arr);
for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;}
}
($1 ~ /^bridge[0-9]/ && !($1 in ignored_dict)) {print $1;}' | \
while read brintf; do
echo "# Deleting bridge interface $brintf"
$FWBDEBUG $IFCONFIG $brintf down
$FWBDEBUG $IFCONFIG $brintf destroy
done
for brint in $*; do
$BRCONFIG $brint >/dev/null 2>&1 || {
echo "# Creating bridge interface $brintf"
$FWBDEBUG $IFCONFIG $brint create
$FWBDEBUG $IFCONFIG $brint up
}
done
}
sync_carp_interfaces() {
$IFCONFIG | awk -v IGNORED="$*" \
'BEGIN {
split(IGNORED,ignored_arr);
for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;}
}
($1 ~ /^carp[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\
while read intf; do
echo "# Deleting carp interface $intf"
$FWBDEBUG $IFCONFIG $intf destroy
done
for intf in $*; do
$IFCONFIG $intf >/dev/null 2>&1 || {
echo "# Creating carp interface $intf"
$SYSCTL -w net.inet.carp.allow=1
$FWBDEBUG $IFCONFIG $intf create || {
echo "Error: CARP interface $intf could not be created. Does the kernel have CARP enabled?"
exit 1
}
}
done
}
sync_pfsync_interfaces() {
$IFCONFIG | awk -v IGNORED="$*" \
'BEGIN {
split(IGNORED,ignored_arr);
for (a in ignored_arr) {ii=ignored_arr[a]":"; ignored_dict[ii]=1;}
}
($1 ~ /^pfsync[0-9]/ && !($1 in ignored_dict)) {print $1;}' | sed 's/://' |\
while read intf; do
echo "# Deleting pfsync interface $intf"
$FWBDEBUG $IFCONFIG $intf destroy
done
for intf in $*; do
$IFCONFIG $intf >/dev/null 2>&1 || {
echo "# Creating pfsync interface $intf"
$FWBDEBUG $IFCONFIG $intf create
}
done
}
verify_interfaces() {
:
}
set_kernel_vars() {
:
$SYSCTL -w net.inet.ip.forwarding=1
}
prolog_commands() {
:
}
epilog_commands() {
:
}
run_epilog_and_exit() {
epilog_commands
exit $1
}
configure_interfaces() {
:
sync_vlan_interfaces vlan101 vlan102
sync_bridge_interfaces bridge0
sync_carp_interfaces
sync_pfsync_interfaces
update_bridge_interface bridge0 "em1 em2"
$IFCONFIG bridge0 -stp em1
$IFCONFIG bridge0 -stp em2
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
update_addresses_of_interface "em0 10.3.14.81/0xffffff00" ""
update_addresses_of_interface "em1" ""
$IFCONFIG em1 media 100baseTX mediaopt full-duplex up
update_vlans_of_interface "em2 vlan101 vlan102"
update_addresses_of_interface "em2" ""
$IFCONFIG em2 media 100baseTX mediaopt full-duplex up
update_addresses_of_interface "vlan101 192.168.101.1/0xffffff00" ""
update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 16:07:34 2011 by vadim"
set_kernel_vars
configure_interfaces
prolog_commands
$PFCTL -f /etc/fw/path\ with\ space/pf.conf || exit 1
epilog_commands

4
test/pf/firewall11.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:29 2011 PST by vadim
# Generated Mon Feb 14 16:07:35 2011 PST by vadim
#
# files: * firewall11.fw /etc/firewall11.fw
# files: firewall11.conf /etc/firewall11.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:29 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:35 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall110.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:30 2011 PST by vadim
# Generated Mon Feb 14 16:07:35 2011 PST by vadim
#
# files: * firewall110.fw /etc/fw/firewall110.fw
# files: firewall110.conf /etc/fw/firewall110.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:30 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:35 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall12.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:30 2011 PST by vadim
# Generated Mon Feb 14 16:07:36 2011 PST by vadim
#
# files: * firewall12.fw /etc/fw/firewall12.fw
# files: firewall12.conf /etc/fw/firewall12.conf
@ -159,7 +159,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:30 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:36 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall13.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:31 2011 PST by vadim
# Generated Mon Feb 14 16:07:36 2011 PST by vadim
#
# files: * firewall13.fw /etc/fw/firewall13.fw
# files: firewall13.conf /etc/fw/firewall13.conf
@ -88,7 +88,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:31 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:36 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall14-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:32 2011 PST by vadim
# Generated Mon Feb 14 16:07:38 2011 PST by vadim
#
# files: * firewall14-1.fw /etc/firewall14-1.fw
# files: firewall14-1.conf /etc/firewall14-1.conf
@ -241,7 +241,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:32 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:38 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall14.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:31 2011 PST by vadim
# Generated Mon Feb 14 16:07:37 2011 PST by vadim
#
# files: * firewall14.fw /etc/firewall14.fw
# files: firewall14.conf /etc/firewall14.conf
@ -241,7 +241,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:31 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:37 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall2-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:34 2011 PST by vadim
# Generated Mon Feb 14 16:07:40 2011 PST by vadim
#
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
# files: firewall2-1.conf /etc/fw/firewall2-1.conf
@ -88,7 +88,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:34 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:40 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:32 2011 PST by vadim
# Generated Mon Feb 14 16:07:38 2011 PST by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
# files: firewall2.conf /etc/fw/firewall2.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:32 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:38 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall20.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:33 2011 PST by vadim
# Generated Mon Feb 14 16:07:39 2011 PST by vadim
#
# files: * firewall20.fw /etc/fw/firewall20.fw
# files: firewall20.conf /etc/fw/firewall20.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:33 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:39 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall21.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:33 2011 PST by vadim
# Generated Mon Feb 14 16:07:39 2011 PST by vadim
#
# files: * firewall21.fw /etc/fw/firewall21.fw
# files: firewall21.conf /etc/fw/firewall21.conf
@ -81,7 +81,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:33 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:39 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall22.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:35 2011 PST by vadim
# Generated Mon Feb 14 16:07:40 2011 PST by vadim
#
# files: * firewall22.fw /etc/fw/firewall22.fw
# files: firewall22.conf /etc/fw/firewall22.conf
@ -80,7 +80,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:35 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:40 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:35 2011 PST by vadim
# Generated Mon Feb 14 16:07:41 2011 PST by vadim
#
# files: * firewall3.fw /etc/firewall3.fw
# files: firewall3.conf /etc/firewall3.conf
@ -159,7 +159,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:35 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:41 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall33.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:36 2011 PST by vadim
# Generated Mon Feb 14 16:07:42 2011 PST by vadim
#
# files: * firewall33.fw /etc/fw/firewall33.fw
# files: firewall33.conf /etc/fw/firewall33.conf
@ -162,7 +162,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:36 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:42 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall34.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:36 2011 PST by vadim
# Generated Mon Feb 14 16:07:42 2011 PST by vadim
#
# files: * firewall34.fw /etc/fw/firewall34.fw
# files: firewall34.conf /etc/fw/firewall34.conf
@ -158,7 +158,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:36 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:42 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall38.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:37 2011 PST by vadim
# Generated Mon Feb 14 16:07:43 2011 PST by vadim
#
# files: * firewall38.fw /etc/fw/firewall38.fw
# files: firewall38.conf /etc/fw/firewall38.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:37 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:43 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall39.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:38 2011 PST by vadim
# Generated Mon Feb 14 16:07:43 2011 PST by vadim
#
# files: * firewall39.fw pf.fw
# files: firewall39.conf pf.conf
@ -79,7 +79,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:38 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:43 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall4.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:38 2011 PST by vadim
# Generated Mon Feb 14 16:07:44 2011 PST by vadim
#
# files: * firewall4.fw pf.fw
# files: firewall4.conf /etc/fw/pf.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:38 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:44 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall40-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:39 2011 PST by vadim
# Generated Mon Feb 14 16:07:45 2011 PST by vadim
#
# files: * firewall40-1.fw /etc/firewall40-1.fw
# files: firewall40-1.conf /etc/firewall40-1.conf
@ -176,7 +176,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:39 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:45 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall40.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:39 2011 PST by vadim
# Generated Mon Feb 14 16:07:44 2011 PST by vadim
#
# files: * firewall40.fw /etc/firewall40.fw
# files: firewall40.conf /etc/firewall40.conf
@ -160,7 +160,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:39 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:44 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall41.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:40 2011 PST by vadim
# Generated Mon Feb 14 16:07:46 2011 PST by vadim
#
# files: * firewall41.fw /etc/firewall41.fw
# files: firewall41.conf /etc/firewall41.conf
@ -163,7 +163,7 @@ configure_interfaces() {
update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:40 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:46 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall5.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:40 2011 PST by vadim
# Generated Mon Feb 14 16:07:46 2011 PST by vadim
#
# files: * firewall5.fw /etc/fw/firewall5.fw
# files: firewall5.conf /etc/fw/firewall5.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:40 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:46 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall51.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:41 2011 PST by vadim
# Generated Mon Feb 14 16:07:47 2011 PST by vadim
#
# files: * firewall51.fw /etc/fw/firewall51.fw
# files: firewall51.conf /etc/fw/firewall51.conf
@ -80,7 +80,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:41 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:47 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall6.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:41 2011 PST by vadim
# Generated Mon Feb 14 16:07:47 2011 PST by vadim
#
# files: * firewall6.fw /etc/fw/firewall6.fw
# files: firewall6.conf /etc/fw/firewall6.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:41 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:47 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall62.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:42 2011 PST by vadim
# Generated Mon Feb 14 16:07:48 2011 PST by vadim
#
# files: * firewall62.fw /etc/firewall62.fw
# files: firewall62.conf /etc/firewall62.conf
@ -185,7 +185,7 @@ configure_interfaces() {
update_addresses_of_interface "en1 222.222.222.222/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:42 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:48 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall63.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:42 2011 PST by vadim
# Generated Mon Feb 14 16:07:48 2011 PST by vadim
#
# files: * firewall63.fw /etc/fw/firewall63.fw
# files: firewall63.conf /etc/fw/firewall63.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:42 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:48 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall7.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:44 2011 PST by vadim
# Generated Mon Feb 14 16:07:49 2011 PST by vadim
#
# files: * firewall7.fw /etc/fw/firewall7.fw
# files: firewall7.conf /etc/fw/firewall7.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:44 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:49 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall70.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:44 2011 PST by vadim
# Generated Mon Feb 14 16:07:50 2011 PST by vadim
#
# files: * firewall70.fw /etc/fw/firewall70.fw
# files: firewall70.conf /etc/fw/firewall70.conf
@ -82,7 +82,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:44 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:50 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall8.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:45 2011 PST by vadim
# Generated Mon Feb 14 16:07:51 2011 PST by vadim
#
# files: * firewall8.fw /etc/firewall8.fw
# files: firewall8.conf /etc/firewall8.conf
@ -72,7 +72,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:45 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:51 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall80-4.5.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:46 2011 PST by vadim
# Generated Mon Feb 14 16:07:52 2011 PST by vadim
#
# files: * firewall80-4.5.fw /etc/firewall80-4.5.fw
# files: firewall80-4.5.conf /etc/firewall80-4.5.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:46 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:52 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall80.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:45 2011 PST by vadim
# Generated Mon Feb 14 16:07:51 2011 PST by vadim
#
# files: * firewall80.fw /etc/firewall80.fw
# files: firewall80.conf /etc/firewall80.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:45 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:51 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall9.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:46 2011 PST by vadim
# Generated Mon Feb 14 16:07:52 2011 PST by vadim
#
# files: * firewall9.fw /etc/fw/firewall9.fw
# files: firewall9.conf /etc/fw/firewall9.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Feb 14 15:52:46 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:52 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall91.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:47 2011 PST by vadim
# Generated Mon Feb 14 16:07:53 2011 PST by vadim
#
# files: * firewall91.fw /etc/fw/pf.fw
# files: firewall91.conf /etc/fw/pf.conf
@ -240,7 +240,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:47 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:53 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall92.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:47 2011 PST by vadim
# Generated Mon Feb 14 16:07:53 2011 PST by vadim
#
# files: * firewall92.fw /etc/fw/pf.fw
# files: firewall92.conf /etc/fw/path\ with\ space/pf.conf
@ -160,7 +160,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:47 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:53 2011 by vadim"
set_kernel_vars
configure_interfaces

405
test/pf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1297645439" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1297727981" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -1536,6 +1536,7 @@
</InterfaceOptions>
</Interface>
</Interface>
<IPv4 id="id35220X5121" name="firewall109:em1:ip" comment="" ro="False" address="10.1.1.81" netmask="255.255.255.0"/>
</Library>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1_clusters" name="Clusters" comment="" ro="False"/>
@ -22556,6 +22557,408 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id35204X5121" host_OS="freebsd" inactive="False" lastCompiled="1297728239" lastInstalled="1271995582" lastModified="1297727993" platform="pf" version="4.7" name="firewall109" comment="complex configuration with bridge and vlan" ro="False">
<NAT id="id35272X5121" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id35241X5121" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id35243X5121" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id35275X5121" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id35212X5121" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="em0" comment="" ro="False">
<IPv4 id="id35215X5121" name="firewall109:em0:ip" comment="" ro="False" address="10.3.14.81" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id35217X5121" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="True" unprotected="False" name="em1" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id35222X5121" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="True" unprotected="False" name="em2" comment="" ro="False">
<InterfaceOptions>
<Option name="type">ethernet</Option>
</InterfaceOptions>
<Interface id="id35231X5121" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="vlan101" comment="" ro="False">
<IPv4 id="id35234X5121" name="firewall109:em2:vlan101:ip" comment="" ro="False" address="192.168.101.1" netmask="255.255.255.0"/>
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="type">8021q</Option>
<Option name="vlan_id">101</Option>
</InterfaceOptions>
</Interface>
<Interface id="id35236X5121" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="vlan102" comment="" ro="False">
<IPv4 id="id35239X5121" name="firewall109:em2:vlan102:ip" comment="" ro="False" address="192.168.102.1" netmask="255.255.255.0"/>
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="type">8021q</Option>
<Option name="vlan_id">102</Option>
</InterfaceOptions>
</Interface>
</Interface>
<Interface id="id35379X5121" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="bridge0" comment="" ro="False">
<IPv4 id="id35360X5600" name="firewall109:bridge0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="type">bridge</Option>
<Option name="vlan_id">0</Option>
</InterfaceOptions>
<Interface id="id35413X5121" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="em1" comment="" ro="False">
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options">media 100baseTX mediaopt full-duplex up</Option>
<Option name="type">ethernet</Option>
<Option name="vlan_id">0</Option>
</InterfaceOptions>
</Interface>
<Interface id="id35431X5121" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="em2" comment="" ro="False">
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options">media 100baseTX mediaopt full-duplex up</Option>
<Option name="type">ethernet</Option>
<Option name="vlan_id">0</Option>
</InterfaceOptions>
</Interface>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser">root</Option>
<Option name="altAddress"></Option>
<Option name="check_shading">True</Option>
<Option name="cmdline">-xt</Option>
<Option name="compiler"></Option>
<Option name="conf1_file"></Option>
<Option name="conf_file_name_on_firewall">/etc/fw/path with space/pf.conf</Option>
<Option name="configure_bridge_interfaces">True</Option>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">True</Option>
<Option name="configure_vlan_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="generate_rc_conf_file">False</Option>
<Option name="generate_shell_script">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr">10.3.14.30</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">false</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
<Option name="pf_block_policy"></Option>
<Option name="pf_do_limit_frags">False</Option>
<Option name="pf_do_limit_src_nodes">False</Option>
<Option name="pf_do_limit_states">False</Option>
<Option name="pf_do_limit_table_entries">False</Option>
<Option name="pf_do_limit_tables">False</Option>
<Option name="pf_do_scrub">True</Option>
<Option name="pf_do_timeout_frag">False</Option>
<Option name="pf_do_timeout_interval">False</Option>
<Option name="pf_flush_states">False</Option>
<Option name="pf_icmp_error">0</Option>
<Option name="pf_icmp_first">0</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_src_nodes">0</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
<Option name="pf_scrub_fragm_crop">False</Option>
<Option name="pf_scrub_fragm_drop_ovl">False</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_scrub_minttl">1</Option>
<Option name="pf_scrub_no_df">True</Option>
<Option name="pf_scrub_random_id">True</Option>
<Option name="pf_scrub_reassemble">False</Option>
<Option name="pf_scrub_reassemble_tcp">True</Option>
<Option name="pf_scrub_use_maxmss">True</Option>
<Option name="pf_scrub_use_minttl">True</Option>
<Option name="pf_set_adaptive">False</Option>
<Option name="pf_set_debug"></Option>
<Option name="pf_set_icmp_error">False</Option>
<Option name="pf_set_icmp_first">False</Option>
<Option name="pf_set_other_first">False</Option>
<Option name="pf_set_other_multiple">False</Option>
<Option name="pf_set_other_single">False</Option>
<Option name="pf_set_tcp_closed">False</Option>
<Option name="pf_set_tcp_closing">False</Option>
<Option name="pf_set_tcp_established">False</Option>
<Option name="pf_set_tcp_finwait">False</Option>
<Option name="pf_set_tcp_first">False</Option>
<Option name="pf_set_tcp_opening">False</Option>
<Option name="pf_set_udp_first">False</Option>
<Option name="pf_set_udp_multiple">False</Option>
<Option name="pf_set_udp_single">True</Option>
<Option name="pf_state_policy"></Option>
<Option name="pf_tcp_closed">0</Option>
<Option name="pf_tcp_closing">0</Option>
<Option name="pf_tcp_established">0</Option>
<Option name="pf_tcp_finwait">0</Option>
<Option name="pf_tcp_first">0</Option>
<Option name="pf_tcp_opening">0</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pf_udp_first">0</Option>
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">5</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="script_name_on_firewall">/etc/fw/pf.fw</Option>
<Option name="sshArgs"></Option>
</FirewallOptions>
</Firewall>
<Firewall id="id35385X5600" host_OS="freebsd" inactive="False" lastCompiled="1297728261" lastInstalled="1271995582" lastModified="1297727987" platform="pf" version="4.7" name="firewall109-1" comment="complex configuration with bridge and vlan, rc.conf format" ro="False">
<NAT id="id35466X5600" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id35435X5600" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id35437X5600" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id35469X5600" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id35393X5600" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="em0" comment="" ro="False">
<IPv4 id="id35396X5600" name="firewall109:em0:ip" comment="" ro="False" address="10.3.14.81" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id35398X5600" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="True" unprotected="False" name="em1" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id35401X5600" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="True" unprotected="False" name="em2" comment="" ro="False">
<InterfaceOptions>
<Option name="type">ethernet</Option>
</InterfaceOptions>
<Interface id="id35410X5600" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="vlan101" comment="" ro="False">
<IPv4 id="id35413X5600" name="firewall109:em2:vlan101:ip" comment="" ro="False" address="192.168.101.1" netmask="255.255.255.0"/>
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="type">8021q</Option>
<Option name="vlan_id">101</Option>
</InterfaceOptions>
</Interface>
<Interface id="id35415X5600" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="vlan102" comment="" ro="False">
<IPv4 id="id35418X5600" name="firewall109:em2:vlan102:ip" comment="" ro="False" address="192.168.102.1" netmask="255.255.255.0"/>
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="type">8021q</Option>
<Option name="vlan_id">102</Option>
</InterfaceOptions>
</Interface>
</Interface>
<Interface id="id35420X5600" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="bridge0" comment="" ro="False">
<IPv4 id="id35427X5600" name="firewall109:bridge0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="type">bridge</Option>
<Option name="vlan_id">0</Option>
</InterfaceOptions>
<Interface id="id35429X5600" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="em1" comment="" ro="False">
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options">media 100baseTX mediaopt full-duplex up</Option>
<Option name="type">ethernet</Option>
<Option name="vlan_id">0</Option>
</InterfaceOptions>
</Interface>
<Interface id="id35432X5600" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="em2" comment="" ro="False">
<InterfaceOptions>
<Option name="enable_stp">False</Option>
<Option name="iface_configure_mtu">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options">media 100baseTX mediaopt full-duplex up</Option>
<Option name="type">ethernet</Option>
<Option name="vlan_id">0</Option>
</InterfaceOptions>
</Interface>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser">root</Option>
<Option name="altAddress"></Option>
<Option name="check_shading">True</Option>
<Option name="cmdline">-xt</Option>
<Option name="compiler"></Option>
<Option name="conf1_file"></Option>
<Option name="conf_file_name_on_firewall">/etc/fw/path with space/pf.conf</Option>
<Option name="configure_bridge_interfaces">True</Option>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">True</Option>
<Option name="configure_vlan_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="generate_rc_conf_file">True</Option>
<Option name="generate_shell_script">False</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr">10.3.14.30</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">false</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
<Option name="pf_do_limit_frags">False</Option>
<Option name="pf_do_limit_src_nodes">False</Option>
<Option name="pf_do_limit_states">False</Option>
<Option name="pf_do_limit_table_entries">False</Option>
<Option name="pf_do_limit_tables">False</Option>
<Option name="pf_do_scrub">True</Option>
<Option name="pf_do_timeout_frag">False</Option>
<Option name="pf_do_timeout_interval">False</Option>
<Option name="pf_flush_states">False</Option>
<Option name="pf_icmp_error">0</Option>
<Option name="pf_icmp_first">0</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_src_nodes">0</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
<Option name="pf_scrub_fragm_crop">False</Option>
<Option name="pf_scrub_fragm_drop_ovl">False</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_scrub_minttl">1</Option>
<Option name="pf_scrub_no_df">True</Option>
<Option name="pf_scrub_random_id">True</Option>
<Option name="pf_scrub_reassemble">False</Option>
<Option name="pf_scrub_reassemble_tcp">True</Option>
<Option name="pf_scrub_use_maxmss">True</Option>
<Option name="pf_scrub_use_minttl">True</Option>
<Option name="pf_set_adaptive">False</Option>
<Option name="pf_set_icmp_error">False</Option>
<Option name="pf_set_icmp_first">False</Option>
<Option name="pf_set_other_first">False</Option>
<Option name="pf_set_other_multiple">False</Option>
<Option name="pf_set_other_single">False</Option>
<Option name="pf_set_tcp_closed">False</Option>
<Option name="pf_set_tcp_closing">False</Option>
<Option name="pf_set_tcp_established">False</Option>
<Option name="pf_set_tcp_finwait">False</Option>
<Option name="pf_set_tcp_first">False</Option>
<Option name="pf_set_tcp_opening">False</Option>
<Option name="pf_set_udp_first">False</Option>
<Option name="pf_set_udp_multiple">False</Option>
<Option name="pf_set_udp_single">True</Option>
<Option name="pf_state_policy"></Option>
<Option name="pf_tcp_closed">0</Option>
<Option name="pf_tcp_closing">0</Option>
<Option name="pf_tcp_established">0</Option>
<Option name="pf_tcp_finwait">0</Option>
<Option name="pf_tcp_first">0</Option>
<Option name="pf_tcp_opening">0</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pf_udp_first">0</Option>
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">5</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="script_name_on_firewall">/etc/fw/pf.fw</Option>
<Option name="sshArgs"></Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time" comment="" ro="False"/>
</Library>

5
test/pf/pf_cluster_1_openbsd-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:50 2011 PST by vadim
# Generated Mon Feb 14 16:07:56 2011 PST by vadim
#
# files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw
# files: pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf
@ -290,10 +290,9 @@ configure_interfaces() {
$IFCONFIG pfsync0 up
update_addresses_of_interface "en1 192.168.1.2/0xffffff00" ""
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:50 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim"
set_kernel_vars
configure_interfaces

5
test/pf/pf_cluster_1_openbsd-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:51 2011 PST by vadim
# Generated Mon Feb 14 16:07:56 2011 PST by vadim
#
# files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw
# files: pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf
@ -187,10 +187,9 @@ configure_interfaces() {
update_addresses_of_interface "en0 172.24.0.3/0xffffff00 172.24.0.2/0xffffff00" ""
update_addresses_of_interface "en1 192.168.1.3/0xffffff00" ""
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:51 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/pf_cluster_2_freebsd-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:51 2011 PST by vadim
# Generated Mon Feb 14 16:07:56 2011 PST by vadim
#
# files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw
# files: pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf
@ -294,7 +294,7 @@ configure_interfaces() {
update_addresses_of_interface "en1 192.168.1.2/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:51 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/pf_cluster_2_freebsd-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:51 2011 PST by vadim
# Generated Mon Feb 14 16:07:56 2011 PST by vadim
#
# files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw
# files: pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf
@ -191,7 +191,7 @@ configure_interfaces() {
update_addresses_of_interface "en1 192.168.1.3/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:51 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:56 2011 by vadim"
set_kernel_vars
configure_interfaces

5
test/pf/pf_cluster_3_openbsd-3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:51 2011 PST by vadim
# Generated Mon Feb 14 16:07:57 2011 PST by vadim
#
# files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw
# files: pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf
@ -292,11 +292,10 @@ configure_interfaces() {
update_vlans_of_interface "en2 vlan100"
update_addresses_of_interface "en2" ""
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
update_addresses_of_interface "vlan100 172.20.0.2/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:51 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:57 2011 by vadim"
set_kernel_vars
configure_interfaces

5
test/pf/pf_cluster_3_openbsd-4.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:51 2011 PST by vadim
# Generated Mon Feb 14 16:07:57 2011 PST by vadim
#
# files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw
# files: pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf
@ -190,11 +190,10 @@ configure_interfaces() {
update_addresses_of_interface "en1 192.168.1.3/0xffffff00" ""
update_addresses_of_interface "en2" ""
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
update_addresses_of_interface "vlan100 172.20.0.3/0xffffff00" ""
}
log "Activating firewall script generated Mon Feb 14 15:52:51 2011 by vadim"
log "Activating firewall script generated Mon Feb 14 16:07:57 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/pf_cluster_4_rc.conf.local
View File

@ -3,7 +3,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3476
#
# Generated Mon Feb 14 15:52:51 2011 PST by vadim
# Generated Mon Feb 14 16:07:57 2011 PST by vadim
#
# files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
# files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf