onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2025-10-16 15:38:43 +02:00
Code Issues Releases Wiki Activity

refs #1908 : added nat rule option to force the rule to be "static"; new build number

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-11 18:32:54 -08:00
parent e1230a0a14
commit c6abdb0fc6
46 changed files with 303 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
# build number is like "nano" version number. I am incrementing build
# number during development cycle
#
BUILD_NUM="3428"
BUILD_NUM="3429"
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

2
VERSION.h
View File

@ -1,2 +1,2 @@
#define VERSION "4.2.0.3428"
#define VERSION "4.2.0.3429"
#define GENERATION "4.2"

15
doc/ChangeLog
View File

@ -1,5 +1,20 @@
2011-01-11 vadim <vadim@netcitadel.com>
* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1908 "ASA NAT -
cannot configure static NAT translations with (inside,outside)".
Added NAT rule option to make source nat rules "static". The
option is presented to the user as a checkbox in a NAT rule
options dialog which is only enabled when platform is "pix" and
version >= 8.3. Policy compiler generates "twice nat" rules with
keyword "static" in the following cases: when TSrc is "original",
so the rule translates destination and not source or when numbers
of ip addresses represented by OSrc and TSrc are equal. If TSrc is
not "original" and represents different number of ip addresses
than OSrc, compiler looks at the new rule option. If the checkbox
is turned off, then it generates "twice nat" rule with option
"dynamic". If the checkbox is turned on, then it generates the
rule with option "static".
* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1902 "Add NAT
rule option "translate dns" for PIX". The option is only available
for ASA 8.3 or later.

2
packaging/fwbuilder-static-qt.spec
View File

@ -3,7 +3,7 @@
%define name fwbuilder
%define version 4.2.0.3428
%define version 4.2.0.3429
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
packaging/fwbuilder.control
View File

@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
Priority: extra
Section: checkinstall
Maintainer: vadim@fwbuilder.org
Version: 4.2.0.3428-1
Version: 4.2.0.3429-1
Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
Description: Firewall Builder GUI and policy compilers

2
packaging/fwbuilder.spec
View File

@ -1,6 +1,6 @@
%define name fwbuilder
%define version 4.2.0.3428
%define version 4.2.0.3429
%define release 1
%if "%_vendor" == "MandrakeSoft"

15
src/cisco_lib/NATCompiler_asa8_writers.cpp
View File

@ -185,7 +185,20 @@ void NATCompiler_asa8::PrintRule::printSDNAT(NATRule *rule)
cmd << "source";
if (tsrc->isAny()) cmd << "static";
else cmd << "dynamic";
else
{
/*
* Default behavior: if the number of ip addresses in OSrc is equal to
* that in TSrc, then use "static". Otherwise use "dynamic". However if
* rule option "asa8_nat_static" is true, use "static".
*/
if (osrc->dimension() == tsrc->dimension()) cmd << "static";
else
{
if (ropt->getBool("asa8_nat_static")) cmd << "static";
else cmd << "dynamic";
}
}
cmd << pix_comp->getASA8Object(osrc)->getCommandWord();
if (tsrc->isAny())

14
src/libgui/NATRuleOptionsDialog.cpp
View File

@ -119,9 +119,17 @@ void NATRuleOptionsDialog::loadFWObject(FWObject *o)
if (platform=="pix" || platform=="fwsm")
{
m_dialog->asa8_nat_dns->setEnabled(
libfwbuilder::XMLTools::version_compare(version,"8.3")>=0);
data.registerOption(m_dialog->asa8_nat_dns , ropt, "asa8_nat_dns" );
if (libfwbuilder::XMLTools::version_compare(version,"8.3")>=0)
{
m_dialog->asa8_nat_dns->setEnabled(true);
m_dialog->asa8_nat_static->setEnabled(true);
data.registerOption(m_dialog->asa8_nat_dns, ropt, "asa8_nat_dns");
data.registerOption(m_dialog->asa8_nat_static, ropt, "asa8_nat_static");
} else
{
m_dialog->asa8_nat_dns->setEnabled(false);
m_dialog->asa8_nat_static->setEnabled(false);
}
}
init = true;

35
src/libgui/natruleoptionsdialog_q.ui
View File

@ -292,13 +292,30 @@
<number>12</number>
</property>
<item row="0" column="0">
<widget class="QLabel" name="label_2">
<property name="text">
<string>Need nice long explanation of the meaning of the &quot;static&quot; option below</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QCheckBox" name="asa8_nat_static">
<property name="text">
<string>Build &quot;static&quot; twice-nat rule</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QCheckBox" name="asa8_nat_dns">
<property name="text">
<string>Make this NAT rule translate DNS replies. You also need to enable DNS inspection in the firewall object advanced settings dialog.</string>
</property>
</widget>
</item>
<item row="1" column="0">
<item row="3" column="0">
<spacer name="verticalSpacer_3">
<property name="orientation">
<enum>Qt::Vertical</enum>
@ -479,6 +496,22 @@
</hint>
</hints>
</connection>
<connection>
<sender>asa8_nat_static</sender>
<signal>stateChanged(int)</signal>
<receiver>NATRuleOptionsDialog_q</receiver>
<slot>changed()</slot>
<hints>
<hint type="sourcelabel">
<x>470</x>
<y>60</y>
</hint>
<hint type="destinationlabel">
<x>470</x>
<y>172</y>
</hint>
</hints>
</connection>
</connections>
<slots>
<slot>changed()</slot>

3
src/libgui/platforms.cpp
View File

@ -363,7 +363,8 @@ bool isDefaultNATRuleOptions(FWOptions *opt)
if (platform=="pix" || platform=="fwsm")
{
res = (!opt->getBool("asa8_nat_dns"));
res = (! opt->getBool("asa8_nat_dns") &&
! opt->getBool("asa8_nat_static"));
}
}
return res;

4
test/pix/cluster1-1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:28 2011 PST by vadim
! Generated Tue Jan 11 18:31:41 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1-1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:28 2011 PST by vadim
! Generated Tue Jan 11 18:31:41 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:28 2011 PST by vadim
! Generated Tue Jan 11 18:31:41 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:28 2011 PST by vadim
! Generated Tue Jan 11 18:31:41 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:04 2011 PST by vadim
! Generated Tue Jan 11 18:31:16 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:05 2011 PST by vadim
! Generated Tue Jan 11 18:31:17 2011 PST by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported

4
test/pix/firewall10.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:05 2011 PST by vadim
! Generated Tue Jan 11 18:31:18 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall11.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:06 2011 PST by vadim
! Generated Tue Jan 11 18:31:18 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall12.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:07 2011 PST by vadim
! Generated Tue Jan 11 18:31:19 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall13.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:07 2011 PST by vadim
! Generated Tue Jan 11 18:31:20 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall14.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:08 2011 PST by vadim
! Generated Tue Jan 11 18:31:20 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:09 2011 PST by vadim
! Generated Tue Jan 11 18:31:21 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall20.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:09 2011 PST by vadim
! Generated Tue Jan 11 18:31:22 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:11 2011 PST by vadim
! Generated Tue Jan 11 18:31:23 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:10 2011 PST by vadim
! Generated Tue Jan 11 18:31:22 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall22.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:11 2011 PST by vadim
! Generated Tue Jan 11 18:31:24 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:12 2011 PST by vadim
! Generated Tue Jan 11 18:31:25 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall33.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:13 2011 PST by vadim
! Generated Tue Jan 11 18:31:26 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall34.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:14 2011 PST by vadim
! Generated Tue Jan 11 18:31:27 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:15 2011 PST by vadim
! Generated Tue Jan 11 18:31:27 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall50.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:16 2011 PST by vadim
! Generated Tue Jan 11 18:31:28 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall6.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:16 2011 PST by vadim
! Generated Tue Jan 11 18:31:29 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall8.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:17 2011 PST by vadim
! Generated Tue Jan 11 18:31:30 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall80.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:18 2011 PST by vadim
! Generated Tue Jan 11 18:31:31 2011 PST by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported

4
test/pix/firewall81.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:19 2011 PST by vadim
! Generated Tue Jan 11 18:31:31 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall82.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:19 2011 PST by vadim
! Generated Tue Jan 11 18:31:32 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

6
test/pix/firewall83.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:20 2011 PST by vadim
! Generated Tue Jan 11 18:31:33 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -139,7 +139,7 @@ object service http
quit
!
! Rule 0 (NAT)
nat (inside,outside) source dynamic hostA:eth0 interface service http http
nat (inside,outside) source static hostA:eth0 interface service http http

4
test/pix/firewall9.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:21 2011 PST by vadim
! Generated Tue Jan 11 18:31:33 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

45
test/pix/firewall90.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:21 2011 PST by vadim
! Generated Tue Jan 11 18:31:34 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -150,10 +150,10 @@ quit
nat (inside,outside) source dynamic Internal_net interface service http http
!
! Rule 1 (NAT)
nat (inside,outside) source dynamic hostA:eth0 firewall90:FastEthernet1:ip-1 destination static spamhost1 spamhost1 service smtp smtp
nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip-1 destination static spamhost1 spamhost1 service smtp smtp
!
! Rule 2 (NAT)
nat (inside,outside) source dynamic hostA:eth0 interface service smtp smtp
nat (inside,outside) source static hostA:eth0 interface service smtp smtp
!
! Rule 3 (NAT)
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 service smtp smtp
@ -163,24 +163,24 @@ nat (inside,outside) source dynamic internal_subnet_2 firewall90:FastEthernet1:i
nat (inside,outside) source dynamic test_range_1 firewall90:FastEthernet1:ip-1 destination static spamhost1 spamhost1 service smtp smtp
!
! Rule 5 (NAT)
nat (inside,outside) source dynamic hostA:eth0 firewall90:FastEthernet1:ip-1 destination static spamhost1 external_gw_1 service smtp smtp
nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip-1 destination static spamhost1 external_gw_1 service smtp smtp
!
! Rule 6 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 firewall90:FastEthernet1:ip service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 external_gw2 service smtp smtp
nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip service smtp smtp
nat (inside,outside) source static hostA:eth0 external_gw2 service smtp smtp
!
! Rule 7 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 interface service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 external_gw2 service smtp smtp
nat (inside,outside) source static hostA:eth0 interface service smtp smtp
nat (inside,outside) source static hostA:eth0 external_gw2 service smtp smtp
!
! Rule 8 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 interface service smtp smtp
nat (inside,outside) source static hostA:eth0 interface service smtp smtp
!
! Rule 9 (NAT)
! for #1902
@ -197,6 +197,31 @@ nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:i
! cant use dns with service translation either
! firewall90:NAT:11: error: Option 'translate dns' can not be used in combination with service matching or translation
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 service smtp smtp dns
!
! Rule 12 (NAT)
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip-1
!
! Rule 13 (NAT)
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source dynamic hostA:eth0 outside_range
!
! Rule 14 (NAT)
! for #1908
! "static" vs "dynamic"
nat (outside,outside) source dynamic outside_range firewall90:FastEthernet1:ip-1
!
! Rule 15 (NAT)
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1
!
! Rule 16 (NAT)
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source static internal_subnet_1 firewall90:FastEthernet1:ip-1

4
test/pix/firewall91.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:22 2011 PST by vadim
! Generated Tue Jan 11 18:31:35 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall92.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:23 2011 PST by vadim
! Generated Tue Jan 11 18:31:35 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/fwsm1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:23 2011 PST by vadim
! Generated Tue Jan 11 18:31:36 2011 PST by vadim
!
! Compiled for fwsm 2.3
! Outbound ACLs: supported

4
test/pix/fwsm2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:24 2011 PST by vadim
! Generated Tue Jan 11 18:31:37 2011 PST by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported

119
test/pix/objects-for-regression-tests.fwb
View File

@ -18228,7 +18228,7 @@ no sysopt nodnsalias outbound
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294771876" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294798951" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -18507,6 +18507,123 @@ no sysopt nodnsalias outbound
<Option name="color">#8BC065</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id20877X22142" disabled="False" group="" position="12" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id20049X29963"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id76573X22142" disabled="False" group="" position="13" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D196750"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id132365X22142" disabled="False" group="" position="14" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="id3D196750"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id20049X29963"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id188268X22142" disabled="False" group="" position="15" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id20049X29963"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id244282X22142" disabled="False" group="" position="16" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id20049X29963"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_dns">False</Option>
<Option name="asa8_nat_static">True</Option>
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id19857X26146" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">

4
test/pix/pix515.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:25 2011 PST by vadim
! Generated Tue Jan 11 18:31:38 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/real.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3427
! Firewall Builder fwb_pix v4.2.0.3429
!
! Generated Tue Jan 11 10:54:26 2011 PST by vadim
! Generated Tue Jan 11 18:31:39 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported