onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity

see #2367 merged latest changes from development branch; this merged transformation for v18->v19 XML file upgrades; upgraded test files for PF

Browse Source
This commit is contained in:
Vadim Kurland 2011-05-04 16:43:05 -07:00
commit c096684c20
10 changed files with 532 additions and 585 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/ChangeLog
View File

@ -1,3 +1,14 @@
2011-05-04 Vadim Kurland <vadim@netcitadel.com>
* FWObjectDatabase_18.xslt: XSLT transformation to upgrade data
files from DTD v18 to DTD v19. This transformation finds
"PolicyRule" elements with missing "Itf" child elements and fixes
them by adding such element with a reference pointint to "any".
Fixes #2383
* fwbuilder.dtd.in: Element "Itf" (an interface) of "PolicyRule"
should be required. DTD version increment.
2011-05-03 vadim <vadim@netcitadel.com>
* PolicyCompiler_ipt.cpp (processNext): see #2367 "Multiple

2
src/libfwbuilder/etc/fwbuilder.dtd
View File

@ -255,7 +255,7 @@ own compiler) we do not define content model for this element.
>
<!ELEMENT PolicyRule (Src,Dst,Srv?,Itf?,When?,PolicyRuleOptions?)>
<!ELEMENT PolicyRule (Src,Dst,Srv,Itf,When?,PolicyRuleOptions?)>
<!ATTLIST PolicyRule
id ID #REQUIRED
disabled %BOOLEAN; "False"

2
src/libfwbuilder/etc/fwbuilder.dtd.in
View File

@ -255,7 +255,7 @@ own compiler) we do not define content model for this element.
>
<!ELEMENT PolicyRule (Src,Dst,Srv?,Itf?,When?,PolicyRuleOptions?)>
<!ELEMENT PolicyRule (Src,Dst,Srv,Itf,When?,PolicyRuleOptions?)>
<!ATTLIST PolicyRule
id ID #REQUIRED
disabled %BOOLEAN; "False"

226
src/libfwbuilder/migration/FWObjectDatabase_18.xslt
View File

@ -1,8 +1,9 @@
<!--
FWObjectDatabase_17.xslt 2011-05-03
FWObjectDatabase_18.xslt 2011-05-04
Author: Vadim Kurland
Description: translates fwbuilder object database from v18 to 19
finds PolicyRule elements with missing Itf
child element and fixes them
-->
@ -22,217 +23,46 @@
</xsl:copy>
</xsl:template>
<xsl:template match="//fwb:PolicyRule[attribute::action='Tag']" mode="copy">
<xsl:variable name="ipt_make_terminating"
select="../../fwb:FirewallOptions/fwb:Option[attribute::name='classify_mark_terminating']"/>
<xsl:variable name="pf_make_terminating"
select="fwb:PolicyRuleOptions/fwb:Option[attribute::name='pf_tag_terminating']"/>
<xsl:template match="//fwb:PolicyRule" mode="copy">
<xsl:element name="PolicyRule" namespace="http://www.fwbuilder.org/1.0/">
<xsl:copy-of select="@id"/>
<xsl:copy-of select="@disabled"/>
<xsl:copy-of select="@position"/>
<xsl:copy-of select="@direction"/>
<xsl:copy-of select="@*"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Src" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Dst" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Srv" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:choose>
<xsl:when test="$ipt_make_terminating = 'True'">
<xsl:attribute name="action">Accept</xsl:attribute>
</xsl:when>
<xsl:when test="$pf_make_terminating = 'True'">
<xsl:attribute name="action">Accept</xsl:attribute>
<xsl:when test="fwb:Itf">
<xsl:apply-templates select="fwb:Itf" mode="copy"/>
</xsl:when>
<xsl:otherwise>
<xsl:attribute name="action">Continue</xsl:attribute>
<xsl:element name="Itf" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="neg">False</xsl:attribute>
<xsl:element name="ObjectRef" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="ref">sysid0</xsl:attribute>
</xsl:element>
</xsl:element>
</xsl:otherwise>
</xsl:choose>
<xsl:copy-of select="@log"/>
<xsl:copy-of select="@comment"/>
<xsl:copy-of select="@group"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Src" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Dst" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Srv" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Itf" mode="copy"/>
<xsl:text>
</xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:When" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:element name="PolicyRuleOptions" namespace="http://www.fwbuilder.org/1.0/">
<xsl:text>
</xsl:text>
<xsl:for-each select="fwb:PolicyRuleOptions/fwb:Option">
<xsl:copy-of select="."/>
<xsl:text>
</xsl:text>
</xsl:for-each>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">tagging</xsl:attribute>True</xsl:element>
<xsl:text>
</xsl:text>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">classification</xsl:attribute>False</xsl:element>
<xsl:text>
</xsl:text>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">routing</xsl:attribute>False</xsl:element>
<xsl:text>
</xsl:text>
</xsl:element>
<xsl:apply-templates select="fwb:PolicyRuleOptions" mode="copy"/>
<xsl:text>
</xsl:text>
</xsl:text>
</xsl:element>
</xsl:template>
<xsl:template match="//fwb:PolicyRule[attribute::action='Classify']" mode="copy">
<xsl:variable name="ipt_make_terminating"
select="../../fwb:FirewallOptions/fwb:Option[attribute::name='classify_mark_terminating']"/>
<xsl:variable name="pf_make_terminating"
select="fwb:PolicyRuleOptions/fwb:Option[attribute::name='pf_classify_terminating']"/>
<xsl:element name="PolicyRule" namespace="http://www.fwbuilder.org/1.0/">
<xsl:copy-of select="@id"/>
<xsl:copy-of select="@disabled"/>
<xsl:copy-of select="@position"/>
<xsl:copy-of select="@direction"/>
<xsl:choose>
<xsl:when test="$ipt_make_terminating = 'True'">
<xsl:attribute name="action">Accept</xsl:attribute>
</xsl:when>
<xsl:when test="$pf_make_terminating = 'True'">
<xsl:attribute name="action">Accept</xsl:attribute>
</xsl:when>
<xsl:otherwise>
<xsl:attribute name="action">Continue</xsl:attribute>
</xsl:otherwise>
</xsl:choose>
<xsl:copy-of select="@log"/>
<xsl:copy-of select="@comment"/>
<xsl:copy-of select="@group"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Src" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Dst" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Srv" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Itf" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:When" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:element name="PolicyRuleOptions" namespace="http://www.fwbuilder.org/1.0/">
<xsl:text>
</xsl:text>
<xsl:for-each select="fwb:PolicyRuleOptions/fwb:Option">
<xsl:copy-of select="."/>
<xsl:text>
</xsl:text>
</xsl:for-each>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">tagging</xsl:attribute>False</xsl:element>
<xsl:text>
</xsl:text>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">classification</xsl:attribute>True</xsl:element>
<xsl:text>
</xsl:text>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">routing</xsl:attribute>False</xsl:element>
<xsl:text>
</xsl:text>
</xsl:element>
<xsl:text>
</xsl:text>
</xsl:element>
</xsl:template>
<xsl:template match="//fwb:PolicyRule[attribute::action='Route']" mode="copy">
<xsl:element name="PolicyRule" namespace="http://www.fwbuilder.org/1.0/">
<xsl:copy-of select="@id"/>
<xsl:copy-of select="@disabled"/>
<xsl:copy-of select="@position"/>
<xsl:copy-of select="@direction"/>
<xsl:attribute name="action">Continue</xsl:attribute>
<xsl:copy-of select="@log"/>
<xsl:copy-of select="@comment"/>
<xsl:copy-of select="@group"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Src" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Dst" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Srv" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:Itf" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:apply-templates select="fwb:When" mode="copy"/>
<xsl:text>
</xsl:text>
<xsl:element name="PolicyRuleOptions" namespace="http://www.fwbuilder.org/1.0/">
<xsl:text>
</xsl:text>
<xsl:for-each select="fwb:PolicyRuleOptions/fwb:Option">
<xsl:copy-of select="."/>
<xsl:text>
</xsl:text>
</xsl:for-each>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">tagging</xsl:attribute>False</xsl:element>
<xsl:text>
</xsl:text>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">classification</xsl:attribute>False</xsl:element>
<xsl:text>
</xsl:text>
<xsl:element name="Option" namespace="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="name">routing</xsl:attribute>True</xsl:element>
<xsl:text>
</xsl:text>
</xsl:element>
<xsl:text>
</xsl:text>
</xsl:element>
</xsl:template>
<xsl:template match="*[attribute::id='root']">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="version">19</xsl:attribute>

1
src/libfwbuilder/migration/migration.pro
View File

@ -93,5 +93,6 @@ target.files = FWObjectDatabase_0.8.7.xslt \
FWObjectDatabase_16.xslt \
FWObjectDatabase_17.xslt \
FWObjectDatabase_18.xslt \
FWObjectDatabase_19.xslt \

3
src/libgui/ProjectPanel.cpp
View File

@ -1383,7 +1383,8 @@ void ProjectPanel::visibilityChangedForTreePanel(bool f)
<< "isWindow()=" << m_panel->treeDockWidget->isWindow()
<< "mdiWindow->isMaximized()=" << mdiWindow->isMaximized();
adjustDockWidths(!f || m_panel->treeDockWidget->isFloating());
adjustDockWidths(!m_panel->treeDockWidget->isVisible() ||
m_panel->treeDockWidget->isFloating());
#if 0
if (m_panel->treeDockWidget->isVisible() &&

2
test/ipt/cluster-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="19" lastModified="1272731422" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1272731422" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>

2
test/ipt/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="19" lastModified="1302483417" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1302483417" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>

692
test/pf/cluster-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1297993801" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1297993801" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -51,9 +51,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -69,9 +69,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -100,17 +100,17 @@
</ObjectGroup>
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
</CustomService>
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
@ -365,54 +365,54 @@
</ServiceGroup>
<ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
<CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
<CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC.&#10;Works on iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/&#10;" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
<CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and requires patch-o-matic &#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
<CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
<CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
@ -435,7 +435,7 @@
<FailoverClusterGroup id="id2719X89830" type="vrrp" name="cluster3:vrrp0:members" comment="">
<ClusterGroupOptions>
<Option name="vrrp_secret">vrrp_secret</Option>
<Option name="vrrp_vrid"></Option>
<Option name="vrrp_vrid"/>
</ClusterGroupOptions>
</FailoverClusterGroup>
<StateSyncClusterGroup id="id2762X92940" type="conntrack" name="State Sync Group-1" comment="">
@ -453,18 +453,18 @@
<Option name="iface_disablearp">False</Option>
<Option name="iface_disableboot">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="iface_options"/>
<Option name="type">bridge</Option>
<Option name="vlan_id"></Option>
<Option name="vlan_id"/>
</InterfaceOptions>
<Interface id="id10491X48869" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<InterfaceOptions>
<Option name="iface_disablearp">False</Option>
<Option name="iface_disableboot">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="iface_options"/>
<Option name="type">ethernet</Option>
<Option name="vlan_id"></Option>
<Option name="vlan_id"/>
</InterfaceOptions>
</Interface>
<Interface id="id10493X48869" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
@ -501,7 +501,7 @@
<Option name="iface_disablearp">False</Option>
<Option name="iface_disableboot">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="iface_options"/>
<Option name="type">8021q</Option>
<Option name="vlan_id">100</Option>
</InterfaceOptions>
@ -512,7 +512,7 @@
<Option name="iface_disablearp">False</Option>
<Option name="iface_disableboot">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="iface_options"/>
<Option name="type">8021q</Option>
<Option name="vlan_id">101</Option>
</InterfaceOptions>
@ -550,131 +550,131 @@
</NAT>
<Policy id="id2369X75741" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id2913X78273" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2896X78273" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2879X78273" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2862X78273" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="id3F530CC8"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2845X78273" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2828X78273" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2811X78273" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id2371X75741" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
@ -746,132 +746,132 @@
</NAT>
<Policy id="id2780X94039" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3055X14356" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="id3054X14356"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="id3068X14356"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
</PolicyRule>
<PolicyRule id="id2781X94039" disabled="False" group="" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2794X94039" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2806X94039" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3725X2234" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2818X94039" disabled="False" group="" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="id3F530CC8"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2830X94039" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<PolicyRuleOptions>
<Option name="connlimit_masklen">0</Option>
<Option name="connlimit_value">0</Option>
<Option name="firewall_is_part_of_any_and_networks">False</Option>
@ -884,75 +884,75 @@
<Option name="hashlimit_mode_dstport">False</Option>
<Option name="hashlimit_mode_srcip">False</Option>
<Option name="hashlimit_mode_srcport">False</Option>
<Option name="hashlimit_name"></Option>
<Option name="hashlimit_name"/>
<Option name="hashlimit_size">0</Option>
<Option name="hashlimit_suffix"></Option>
<Option name="hashlimit_suffix"/>
<Option name="hashlimit_value">0</Option>
<Option name="limit_burst">0</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="log_level"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
</PolicyRule>
<PolicyRule id="id2842X94039" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id2854X94039" disabled="False" group="" log="True" position="8" action="Deny" direction="Both" comment="">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3087X2234" disabled="False" group="" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id2881X94039" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
@ -1078,16 +1078,16 @@
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_bonding_interfaces">True</Option>
<Option name="configure_bridge_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
@ -1095,14 +1095,14 @@
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="flush_and_set_default_policy">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
@ -1117,11 +1117,11 @@
<Option name="loopback_interface">lo</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_timeout_frag">30</Option>
@ -1139,13 +1139,13 @@
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="secuwall_add_files">False</Option>
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
<Option name="secuwall_dns_reso1">files</Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -1201,29 +1201,29 @@
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="configure_vlan_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="flush_and_set_default_policy">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
@ -1238,11 +1238,11 @@
<Option name="loopback_interface">lo</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_timeout_frag">30</Option>
@ -1260,13 +1260,13 @@
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="secuwall_add_files">False</Option>
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
<Option name="secuwall_dns_reso1">files</Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -1306,28 +1306,28 @@
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="flush_and_set_default_policy">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
@ -1342,11 +1342,11 @@
<Option name="loopback_interface">lo</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_timeout_frag">30</Option>
@ -1364,13 +1364,13 @@
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="secuwall_add_files">False</Option>
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
<Option name="secuwall_dns_reso1">files</Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -1403,9 +1403,9 @@
<Option name="iface_disablearp">False</Option>
<Option name="iface_disableboot">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="iface_options"/>
<Option name="type">ethernet</Option>
<Option name="vlan_id"></Option>
<Option name="vlan_id"/>
</InterfaceOptions>
</Interface>
<Interface id="id4038X2906" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
@ -1423,28 +1423,28 @@
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="flush_and_set_default_policy">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
@ -1459,11 +1459,11 @@
<Option name="loopback_interface">lo</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_timeout_frag">30</Option>
@ -1481,13 +1481,13 @@
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="secuwall_add_files">False</Option>
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
<Option name="secuwall_dns_reso1">files</Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -1534,9 +1534,9 @@
<Option name="iface_disablearp">False</Option>
<Option name="iface_disableboot">False</Option>
<Option name="iface_mtu">1500</Option>
<Option name="iface_options"></Option>
<Option name="iface_options"/>
<Option name="type">bonding</Option>
<Option name="vlan_id"></Option>
<Option name="vlan_id"/>
</InterfaceOptions>
<Interface id="id3807X49120" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<InterfaceOptions>
@ -1559,28 +1559,28 @@
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="flush_and_set_default_policy">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
@ -1595,11 +1595,11 @@
<Option name="loopback_interface">lo</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_timeout_frag">30</Option>
@ -1617,13 +1617,13 @@
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="secuwall_add_files">False</Option>
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
<Option name="secuwall_dns_reso1">files</Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -2747,18 +2747,18 @@
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">True</Option>
<Option name="configure_vlan_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="ignore_empty_groups">False</Option>
@ -2767,11 +2767,11 @@
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -2791,7 +2791,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -2831,9 +2831,9 @@
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3337X26920" host_OS="openbsd" inactive="False" lastCompiled="1264267285" lastInstalled="0" lastModified="1297119444" platform="pf" version="4.x" name="openbsd-2" comment="" ro="False">
@ -2867,18 +2867,18 @@
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">False</Option>
<Option name="configure_vlan_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="ignore_empty_groups">False</Option>
@ -2887,11 +2887,11 @@
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -2911,7 +2911,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -2951,9 +2951,9 @@
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
<Firewall id="id7290X42213" host_OS="freebsd" inactive="False" lastCompiled="1296754097" lastInstalled="0" lastModified="1296755154" platform="pf" version="4.x" name="freebsd-1" comment="" ro="False">
@ -2981,18 +2981,18 @@
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">True</Option>
<Option name="configure_vlan_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
@ -3002,11 +3002,11 @@
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -3026,7 +3026,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -3066,9 +3066,9 @@
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
<Firewall id="id7317X42213" host_OS="freebsd" inactive="False" lastCompiled="1296754097" lastInstalled="0" lastModified="1245802420" platform="pf" version="4.x" name="freebsd-2" comment="" ro="False">
@ -3096,18 +3096,18 @@
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">False</Option>
<Option name="configure_vlan_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
@ -3117,11 +3117,11 @@
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -3141,7 +3141,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -3181,9 +3181,9 @@
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
<Firewall id="id39233X50958" host_OS="openbsd" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1297119363" platform="pf" version="4.6" name="openbsd-3" comment="" ro="False">
@ -3229,18 +3229,18 @@
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">True</Option>
<Option name="configure_vlan_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="ignore_empty_groups">False</Option>
@ -3249,11 +3249,11 @@
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -3273,7 +3273,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -3313,9 +3313,9 @@
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
<Firewall id="id39405X50958" host_OS="openbsd" inactive="False" lastCompiled="1264267285" lastInstalled="0" lastModified="1297119370" platform="pf" version="4.6" name="openbsd-4" comment="" ro="False">
@ -3361,18 +3361,18 @@
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">False</Option>
<Option name="configure_vlan_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="ignore_empty_groups">False</Option>
@ -3381,11 +3381,11 @@
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -3405,7 +3405,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -3445,9 +3445,9 @@
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
<Firewall id="id200587X1082" host_OS="freebsd" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1296694652" platform="pf" version="" name="freebsd-1-1" comment="" ro="False">
@ -3475,20 +3475,20 @@
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="conf1_file">pf.conf</Option>
<Option name="conf_file_name_on_firewall"></Option>
<Option name="conf_file_name_on_firewall"/>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">True</Option>
<Option name="configure_vlan_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
@ -3500,7 +3500,7 @@
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="openbsd_ip_forward">1</Option>
@ -3525,7 +3525,7 @@
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -3554,7 +3554,7 @@
<Option name="pf_set_udp_first">False</Option>
<Option name="pf_set_udp_multiple">False</Option>
<Option name="pf_set_udp_single">False</Option>
<Option name="pf_state_policy"></Option>
<Option name="pf_state_policy"/>
<Option name="pf_tcp_closed">0</Option>
<Option name="pf_tcp_closing">0</Option>
<Option name="pf_tcp_established">0</Option>
@ -3567,10 +3567,10 @@
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="script_name_on_firewall"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="script_name_on_firewall"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
<Firewall id="id200626X1082" host_OS="freebsd" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1296694663" platform="pf" version="" name="freebsd-2-1" comment="" ro="False">
@ -3598,20 +3598,20 @@
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="conf1_file">pf.conf</Option>
<Option name="conf_file_name_on_firewall"></Option>
<Option name="conf_file_name_on_firewall"/>
<Option name="configure_carp_interfaces">True</Option>
<Option name="configure_interfaces">True</Option>
<Option name="configure_pfsync_interfaces">True</Option>
<Option name="configure_vlan_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
@ -3623,7 +3623,7 @@
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="openbsd_ip_forward">1</Option>
@ -3648,7 +3648,7 @@
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -3677,7 +3677,7 @@
<Option name="pf_set_udp_first">False</Option>
<Option name="pf_set_udp_multiple">False</Option>
<Option name="pf_set_udp_single">False</Option>
<Option name="pf_state_policy"></Option>
<Option name="pf_state_policy"/>
<Option name="pf_tcp_closed">0</Option>
<Option name="pf_tcp_closing">0</Option>
<Option name="pf_tcp_established">0</Option>
@ -3690,10 +3690,10 @@
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="script_name_on_firewall"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="script_name_on_firewall"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
</ObjectGroup>

176
test/pf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1297891427" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1297891427" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -8609,7 +8609,7 @@
<RuleSetOptions/>
</NAT>
<Policy id="id43EC5DE22355" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id43EC5DE32355" disabled="False" group="" log="False" position="0" action="Tag" direction="Inbound" comment="">
<PolicyRule id="id43EC5DE32355" disabled="False" group="" log="False" position="0" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -8627,11 +8627,14 @@
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipfw_pipe_method">0</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="routing">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="tagging">True</Option>
<Option name="tagobject_id">id43F4556A28869</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -8800,7 +8803,7 @@
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id43F4407F28542" disabled="False" group="" log="False" position="10" action="Classify" direction="Both" comment="">
<PolicyRule id="id43F4407F28542" disabled="False" group="" log="False" position="10" action="Continue" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -8818,12 +8821,15 @@
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classification">True</Option>
<Option name="classify_str">mail</Option>
<Option name="custom_str"></Option>
<Option name="ipfw_pipe_method">0</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="routing">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
<Option name="tagging">False</Option>
<Option name="tagvalue"></Option>
</PolicyRuleOptions>
</PolicyRule>
@ -9440,7 +9446,7 @@
<RuleSetOptions/>
</NAT>
<Policy id="id445DB34832739" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id445DB34932739" disabled="False" group="" log="False" position="0" action="Tag" direction="Inbound" comment="">
<PolicyRule id="id445DB34932739" disabled="False" group="" log="False" position="0" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -9458,11 +9464,14 @@
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipfw_pipe_method">0</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="routing">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="tagging">True</Option>
<Option name="tagobject_id">id43F4556A28869</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -9621,7 +9630,7 @@
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id445DB3B732739" disabled="False" group="" log="False" position="9" action="Classify" direction="Both" comment="">
<PolicyRule id="id445DB3B732739" disabled="False" group="" log="False" position="9" action="Continue" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -9639,12 +9648,15 @@
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classification">True</Option>
<Option name="classify_str">mail</Option>
<Option name="custom_str"></Option>
<Option name="ipfw_pipe_method">0</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="routing">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
<Option name="tagging">False</Option>
<Option name="tagvalue"></Option>
</PolicyRuleOptions>
</PolicyRule>
@ -10035,7 +10047,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id449490212976" disabled="False" group="" log="False" position="2" action="Route" direction="Inbound" comment="">
<PolicyRule id="id449490212976" disabled="False" group="" log="False" position="2" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -10056,6 +10068,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
@ -10074,11 +10087,13 @@
<Option name="pf_route_opt_addr">192.0.2.10</Option>
<Option name="pf_route_opt_if">le1</Option>
<Option name="pf_route_option">route_through</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4494AF342976" disabled="False" group="" log="False" position="3" action="Route" direction="Inbound" comment="">
<PolicyRule id="id4494AF342976" disabled="False" group="" log="False" position="3" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -10098,6 +10113,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
@ -10116,8 +10132,10 @@
<Option name="pf_route_opt_addr">192.0.3.10</Option>
<Option name="pf_route_opt_if">le2</Option>
<Option name="pf_route_option">route_through</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id44958DBE3539" disabled="False" group="" log="False" position="4" action="Accept" direction="Outbound" comment="">
@ -12494,7 +12512,7 @@
<RuleSetOptions/>
</NAT>
<Policy id="id476458B09697" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id47646C979697" disabled="False" group="" log="False" position="0" action="Route" direction="Inbound" comment="">
<PolicyRule id="id47646C979697" disabled="False" group="" log="False" position="0" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -12514,6 +12532,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -12549,11 +12568,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id47646C869697" disabled="False" group="" log="False" position="1" action="Route" direction="Inbound" comment="">
<PolicyRule id="id47646C869697" disabled="False" group="" log="False" position="1" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -12573,6 +12594,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -12608,11 +12630,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id47646C759697" disabled="False" group="" log="False" position="2" action="Route" direction="Inbound" comment="">
<PolicyRule id="id47646C759697" disabled="False" group="" log="False" position="2" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -12632,6 +12656,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -12667,11 +12692,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id476480059697" disabled="False" group="" log="False" position="3" action="Route" direction="Inbound" comment="">
<PolicyRule id="id476480059697" disabled="False" group="" log="False" position="3" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -12691,6 +12718,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#7694C0</Option>
<Option name="custom_str"></Option>
@ -12726,11 +12754,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id476480169697" disabled="False" group="" log="False" position="4" action="Route" direction="Inbound" comment="">
<PolicyRule id="id476480169697" disabled="False" group="" log="False" position="4" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -12750,6 +12780,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#7694C0</Option>
<Option name="custom_str"></Option>
@ -12785,11 +12816,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id476480279697" disabled="False" group="" log="False" position="5" action="Route" direction="Inbound" comment="">
<PolicyRule id="id476480279697" disabled="False" group="" log="False" position="5" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -12809,6 +12842,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#7694C0</Option>
<Option name="custom_str"></Option>
@ -12844,11 +12878,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id476458C99697" disabled="False" group="" log="False" position="6" action="Route" direction="Inbound" comment="">
<PolicyRule id="id476458C99697" disabled="False" group="" log="False" position="6" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -12868,6 +12904,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#C0BA44</Option>
<Option name="custom_str"></Option>
@ -12903,11 +12940,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id476458D69697" disabled="False" group="" log="False" position="7" action="Route" direction="Inbound" comment="">
<PolicyRule id="id476458D69697" disabled="False" group="" log="False" position="7" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -12927,6 +12966,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#C0BA44</Option>
<Option name="custom_str"></Option>
@ -12962,11 +13002,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4764592B9697" disabled="False" group="" log="False" position="8" action="Route" direction="Inbound" comment="">
<PolicyRule id="id4764592B9697" disabled="False" group="" log="False" position="8" action="Continue" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -12986,6 +13028,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#C0BA44</Option>
<Option name="custom_str"></Option>
@ -13021,11 +13064,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4764BABB9697" disabled="False" group="" log="False" position="9" action="Route" direction="Inbound" comment="this should fail because&#10;it has one address for the next&#10;hop and it is /32.&#10;Run compiler with&#10;command line argument -xt&#10;to convert errors to warnings&#10;and make it generate .conf &#10;file anyway">
<PolicyRule id="id4764BABB9697" disabled="False" group="" log="False" position="9" action="Continue" direction="Inbound" comment="this should fail because&#10;it has one address for the next&#10;hop and it is /32.&#10;Run compiler with&#10;command line argument -xt&#10;to convert errors to warnings&#10;and make it generate .conf &#10;file anyway">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13045,6 +13090,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#C86E6E</Option>
<Option name="custom_str"></Option>
@ -13080,11 +13126,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4764BACC9697" disabled="False" group="" log="False" position="10" action="Route" direction="Inbound" comment="this should fail because&#10;it has one address for the next&#10;hop and it is /32.&#10;">
<PolicyRule id="id4764BACC9697" disabled="False" group="" log="False" position="10" action="Continue" direction="Inbound" comment="this should fail because&#10;it has one address for the next&#10;hop and it is /32.&#10;">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13104,6 +13152,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#C86E6E</Option>
<Option name="custom_str"></Option>
@ -13139,11 +13188,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id476509419697" disabled="False" group="" log="False" position="11" action="Route" direction="Inbound" comment="this should fail because&#10;it ip address in next hop&#10;is illegal">
<PolicyRule id="id476509419697" disabled="False" group="" log="False" position="11" action="Continue" direction="Inbound" comment="this should fail because&#10;it ip address in next hop&#10;is illegal">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13163,6 +13214,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#C86E6E</Option>
<Option name="custom_str"></Option>
@ -13198,14 +13250,16 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id16074X72625" name="routes" comment="testing different options for the route-to action" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id16087X72625" disabled="False" group="" log="False" position="0" action="Route" direction="Inbound" comment="route_through, load balancing random">
<PolicyRule id="id16087X72625" disabled="False" group="" log="False" position="0" action="Continue" direction="Inbound" comment="route_through, load balancing random">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13225,6 +13279,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13260,11 +13315,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id16104X72625" disabled="False" group="" log="False" position="1" action="Route" direction="Inbound" comment="error: interface is required">
<PolicyRule id="id16104X72625" disabled="False" group="" log="False" position="1" action="Continue" direction="Inbound" comment="error: interface is required">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13284,6 +13341,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13319,11 +13377,13 @@
<Option name="pf_route_option">route_reply_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id16121X72625" disabled="False" group="" log="False" position="2" action="Route" direction="Inbound" comment="error: interface is required">
<PolicyRule id="id16121X72625" disabled="False" group="" log="False" position="2" action="Continue" direction="Inbound" comment="error: interface is required">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13343,6 +13403,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13378,11 +13439,13 @@
<Option name="pf_route_option">route_copy_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id16138X72625" disabled="False" group="" log="False" position="3" action="Route" direction="Inbound" comment="fastroute">
<PolicyRule id="id16138X72625" disabled="False" group="" log="False" position="3" action="Continue" direction="Inbound" comment="fastroute">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13402,6 +13465,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13437,11 +13501,13 @@
<Option name="pf_route_option">none</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id16155X72625" disabled="False" group="" log="False" position="4" action="Route" direction="Inbound" comment="fastroute">
<PolicyRule id="id16155X72625" disabled="False" group="" log="False" position="4" action="Continue" direction="Inbound" comment="fastroute">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13461,6 +13527,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13496,11 +13563,13 @@
<Option name="pf_route_option">none</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id16172X72625" disabled="False" group="" log="False" position="5" action="Route" direction="Inbound" comment="fastroute">
<PolicyRule id="id16172X72625" disabled="False" group="" log="False" position="5" action="Continue" direction="Inbound" comment="fastroute">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13520,6 +13589,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13555,11 +13625,13 @@
<Option name="pf_route_option">none</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id22949X72625" disabled="False" group="" log="False" position="6" action="Route" direction="Inbound" comment="route_through, load balancing none&#10;error: interface is required">
<PolicyRule id="id22949X72625" disabled="False" group="" log="False" position="6" action="Continue" direction="Inbound" comment="route_through, load balancing none&#10;error: interface is required">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13579,6 +13651,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13614,11 +13687,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id22966X72625" disabled="False" group="" log="False" position="7" action="Route" direction="Inbound" comment="route_through, load balancing bitmask&#10;error: interface is required">
<PolicyRule id="id22966X72625" disabled="False" group="" log="False" position="7" action="Continue" direction="Inbound" comment="route_through, load balancing bitmask&#10;error: interface is required">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13638,6 +13713,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13673,11 +13749,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id29767X72625" disabled="False" group="" log="False" position="8" action="Route" direction="Inbound" comment="route_through, load balancing random&#10;error: interface is required">
<PolicyRule id="id29767X72625" disabled="False" group="" log="False" position="8" action="Continue" direction="Inbound" comment="route_through, load balancing random&#10;error: interface is required">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13697,6 +13775,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13732,11 +13811,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id29784X72625" disabled="False" group="" log="False" position="9" action="Route" direction="Inbound" comment="route_through, load balancing source hash&#10;error: interface is required">
<PolicyRule id="id29784X72625" disabled="False" group="" log="False" position="9" action="Continue" direction="Inbound" comment="route_through, load balancing source hash&#10;error: interface is required">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13756,6 +13837,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13791,11 +13873,13 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id29801X72625" disabled="False" group="" log="False" position="10" action="Route" direction="Inbound" comment="route_through, load balancing round robin&#10;error: interface is required">
<PolicyRule id="id29801X72625" disabled="False" group="" log="False" position="10" action="Continue" direction="Inbound" comment="route_through, load balancing round robin&#10;error: interface is required">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
@ -13815,6 +13899,7 @@
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#8BC065</Option>
<Option name="custom_str"></Option>
@ -13850,8 +13935,10 @@
<Option name="pf_route_option">route_through</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="routing">True</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id16075X72625" disabled="False" group="" log="True" position="11" action="Deny" direction="Both" comment="">
@ -20753,7 +20840,7 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id22238X59856" disabled="False" group="" log="False" position="2" action="Tag" direction="Both" comment="">
<PolicyRule id="id22238X59856" disabled="False" group="" log="False" position="2" action="Continue" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -20771,6 +20858,7 @@
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
@ -20790,8 +20878,10 @@
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">none</Option>
<Option name="routing">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">True</Option>
<Option name="tagobject_id">id43F4556A28869</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -23338,12 +23428,12 @@
<Option name="sshArgs"></Option>
</FirewallOptions>
</Firewall>
<Firewall id="id164588X20402" host_OS="freebsd" inactive="False" lastCompiled="1297645524" lastInstalled="0" lastModified="1297648836" platform="pf" version="" name="firewall110" comment="testing shadowing of rules with tag action " ro="False">
<Firewall id="id164588X20402" host_OS="freebsd" inactive="False" lastCompiled="1297645524" lastInstalled="0" lastModified="1304552385" platform="pf" version="" name="firewall110" comment="testing shadowing of rules with tag action " ro="False">
<NAT id="id164956X20402" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id164614X20402" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id345014X20402" disabled="False" group="" log="False" position="0" action="Tag" direction="Both" comment="see #1867 this rule is non-terminating and should not shadow next&#10;">
<PolicyRule id="id345014X20402" disabled="False" group="" log="False" position="0" action="Continue" direction="Both" comment="see #1867 this rule is non-terminating and should not shadow next&#10;">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -23361,6 +23451,7 @@
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="color">#C0BA44</Option>
<Option name="custom_str"></Option>
@ -23398,12 +23489,14 @@
<Option name="pf_sloppy_tracker">False</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="pf_synproxy">False</Option>
<Option name="routing">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
<Option name="tagging">True</Option>
<Option name="tagobject_id">id1391120443</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id344958X20402" disabled="False" group="" log="False" position="1" action="Classify" direction="Both" comment="">
<PolicyRule id="id344958X20402" disabled="False" group="" log="False" position="1" action="Continue" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -23421,6 +23514,7 @@
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classification">False</Option>
<Option name="classify_str">ssh_q</Option>
<Option name="color">#C0BA44</Option>
<Option name="custom_str"></Option>
@ -23437,6 +23531,7 @@
<Option name="ipt_oif"></Option>
<Option name="ipt_tee">False</Option>
<Option name="log_prefix"></Option>
<Option name="pf_classify_str"></Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_keep_state">False</Option>
<Option name="pf_max_src_conn">0</Option>
@ -23458,11 +23553,14 @@
<Option name="pf_sloppy_tracker">False</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="pf_synproxy">False</Option>
<Option name="routing">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">False</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id164616X20402" disabled="False" group="" log="False" position="2" action="Tag" direction="Both" comment="">
<PolicyRule id="id164616X20402" disabled="False" group="" log="False" position="2" action="Continue" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -23480,11 +23578,14 @@
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipfw_pipe_method">0</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="routing">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="tagging">True</Option>
<Option name="tagobject_id">id43F4556A28869</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -25207,7 +25308,7 @@
<RuleSetOptions/>
</NAT>
<Policy id="id3AF5A2BC" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id48472A0C23126" disabled="False" group="" log="False" position="0" action="Tag" direction="Both" comment="">
<PolicyRule id="id48472A0C23126" disabled="False" group="" log="False" position="0" action="Continue" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -25225,6 +25326,7 @@
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classification">False</Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
@ -25244,8 +25346,10 @@
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">route_through</Option>
<Option name="routing">False</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagging">True</Option>
<Option name="tagobject_id">id4847247323126</Option>
</PolicyRuleOptions>
</PolicyRule>