onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 03:37:15 +01:00
Code Issues Releases Wiki Activity

fixes #1912 Compiler error for ASA 8+ firewalls that have multiple networks in Policy rule and no network matches network zone

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-12 16:03:06 -08:00
parent 77ae2185f2
commit c9d0505af1
39 changed files with 67 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/cisco_lib/ASA8ObjectGroup.cpp
View File

@ -124,7 +124,7 @@ string ASA8ObjectGroup::toString() throw(FWException)
continue;
}
throw FWException("Unknown object group type");
throw FWException("ASA8ObjectGroup: Unknown object group type");
}
}
ostr << " exit" << endl << endl;
@ -137,7 +137,8 @@ string ASA8ObjectGroup::getObjectGroupClass()
{
case NETWORK: return "network";
case MIXED_SERVICE: return "service";;
default: throw FWException("Unknown object group type");
default:
throw FWException("ASA8ObjectGroup: Unknown object group type");
}
}

29
src/cisco_lib/ObjectGroupsSupport.cpp
View File

@ -121,9 +121,10 @@ bool CreateObjectGroups::processNext()
string version = compiler->fw->getStr("version");
string platform = compiler->fw->getStr("platform");
bool supports_mixed_groups = Resources::platform_res[platform]->getResourceBool(
string("/FWBuilderResources/Target/options/") +
"version_" + version + "/supports_mixed_service_groups");
bool supports_mixed_groups =
Resources::platform_res[platform]->getResourceBool(
string("/FWBuilderResources/Target/options/") +
"version_" + version + "/supports_mixed_service_groups");
BaseObjectGroup *obj_group = findObjectGroup(re);
if (obj_group==NULL)
@ -131,20 +132,19 @@ bool CreateObjectGroups::processNext()
//obj_group= new BaseObjectGroup();
obj_group = ObjectGroupFactory::createObjectGroup(compiler->fw);
if (supports_mixed_groups)
FWObject *o = re->front();
FWObject *obj = FWReference::getObject(o);
obj_group->setObjectGroupTypeFromFWObject(obj);
if (obj_group->isServiceGroup() && supports_mixed_groups)
{
obj_group->setObjectGroupType(BaseObjectGroup::MIXED_SERVICE);
} else
{
FWObject *o = re->front();
FWObject *obj = FWReference::getObject(o);
obj_group->setObjectGroupTypeFromFWObject(obj);
}
}
QStringList gn;
if (!rule_iface->getLabel().empty())
gn.push_back(rule_iface->getLabel().c_str());
gn.push_back(rule->getUniqueId().c_str());
gn.push_back(name_suffix.c_str());
obj_group->setName(gn.join(".").toStdString());
@ -153,10 +153,11 @@ bool CreateObjectGroups::processNext()
for (FWObject::iterator i1=re->begin(); i1!=re->end(); ++i1)
{
FWObject *o = *i1;
FWObject *o = *i1;
FWObject *obj = o;
if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer();
obj_group->addRef( obj );
if (FWReference::cast(o)!=NULL)
obj = FWReference::cast(o)->getPointer();
obj_group->addRef(obj);
}
}
re->clearChildren(false); // do not want to destroy children objects

5
src/cisco_lib/PIXObjectGroup.cpp
View File

@ -121,7 +121,7 @@ string PIXObjectGroup::toString() throw(FWException)
continue;
}
throw FWException("Unknown object group type");
throw FWException("PIXObjectGroup: Unknown object group type");
}
}
ostr << " exit" << endl << endl;
@ -137,7 +137,8 @@ string PIXObjectGroup::getObjectGroupClass()
case ICMP_TYPE: return "icmp-type";
case TCP_SERVICE: return "service";
case UDP_SERVICE: return "service";
default: throw FWException("Unknown object group type");
default:
throw FWException("PIXObjectGroup: Unknown object group type");
}
}

2
test/pix/cluster1-1_pix1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:11 2011 PST by vadim
! Generated Wed Jan 12 16:02:34 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/cluster1-1_pix2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:11 2011 PST by vadim
! Generated Wed Jan 12 16:02:35 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/cluster1_pix1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:10 2011 PST by vadim
! Generated Wed Jan 12 16:02:34 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/cluster1_pix2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:10 2011 PST by vadim
! Generated Wed Jan 12 16:02:34 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:37 2011 PST by vadim
! Generated Wed Jan 12 16:02:00 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:38 2011 PST by vadim
! Generated Wed Jan 12 16:02:01 2011 PST by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported

2
test/pix/firewall10.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:39 2011 PST by vadim
! Generated Wed Jan 12 16:02:02 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall11.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:40 2011 PST by vadim
! Generated Wed Jan 12 16:02:03 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall12.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:41 2011 PST by vadim
! Generated Wed Jan 12 16:02:04 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall13.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:42 2011 PST by vadim
! Generated Wed Jan 12 16:02:05 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall14.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:43 2011 PST by vadim
! Generated Wed Jan 12 16:02:06 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:44 2011 PST by vadim
! Generated Wed Jan 12 16:02:07 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall20.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:45 2011 PST by vadim
! Generated Wed Jan 12 16:02:08 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall21-1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:47 2011 PST by vadim
! Generated Wed Jan 12 16:02:10 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall21.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:46 2011 PST by vadim
! Generated Wed Jan 12 16:02:09 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall22.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:48 2011 PST by vadim
! Generated Wed Jan 12 16:02:11 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall3.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:49 2011 PST by vadim
! Generated Wed Jan 12 16:02:12 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall33.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:50 2011 PST by vadim
! Generated Wed Jan 12 16:02:13 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall34.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:51 2011 PST by vadim
! Generated Wed Jan 12 16:02:14 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall4.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:52 2011 PST by vadim
! Generated Wed Jan 12 16:02:15 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall50.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:53 2011 PST by vadim
! Generated Wed Jan 12 16:02:17 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall6.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:54 2011 PST by vadim
! Generated Wed Jan 12 16:02:17 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall8.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:55 2011 PST by vadim
! Generated Wed Jan 12 16:02:19 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall80.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:56 2011 PST by vadim
! Generated Wed Jan 12 16:02:20 2011 PST by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported

2
test/pix/firewall81.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:57 2011 PST by vadim
! Generated Wed Jan 12 16:02:21 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall82.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:58 2011 PST by vadim
! Generated Wed Jan 12 16:02:22 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall83.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:00:59 2011 PST by vadim
! Generated Wed Jan 12 16:02:23 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall9.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:00 2011 PST by vadim
! Generated Wed Jan 12 16:02:24 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

11
test/pix/firewall90.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:01 2011 PST by vadim
! Generated Wed Jan 12 16:02:25 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -93,6 +93,15 @@ clear config access-list
clear config object-group
clear config icmp
clear config telnet
object-group network outside.id78630X30274.src.net.0
network-object 10.1.2.0 255.255.255.0
network-object 10.1.3.0 255.255.255.0
exit
!
! Rule 0 (global)
access-list outside_acl_in deny ip object-group outside.id78630X30274.src.net.0 any
!
! Rule 1 (global)
access-list inside_acl_in deny ip any any

2
test/pix/firewall91.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:02 2011 PST by vadim
! Generated Wed Jan 12 16:02:26 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall92.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:03 2011 PST by vadim
! Generated Wed Jan 12 16:02:26 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/fwsm1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:04 2011 PST by vadim
! Generated Wed Jan 12 16:02:28 2011 PST by vadim
!
! Compiled for fwsm 2.3
! Outbound ACLs: supported

2
test/pix/fwsm2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:05 2011 PST by vadim
! Generated Wed Jan 12 16:02:29 2011 PST by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported

4
test/pix/objects-for-regression-tests.fwb
View File

@ -18228,7 +18228,7 @@ no sysopt nodnsalias outbound
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294873229" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294875498" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -18670,7 +18670,7 @@ no sysopt nodnsalias outbound
<RuleSetOptions/>
</NAT>
<Policy id="id19857X26146" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id78630X30274" disabled="True" group="" log="False" position="0" action="Deny" direction="Both" comment="">
<PolicyRule id="id78630X30274" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3FA34EFA"/>
<ObjectRef ref="id68966X11724"/>

2
test/pix/pix515.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:07 2011 PST by vadim
! Generated Wed Jan 12 16:02:30 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/real.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Wed Jan 12 15:01:08 2011 PST by vadim
! Generated Wed Jan 12 16:02:31 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported