onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity

see #2554 "PF import: create groups of address objects for macros

Browse Source 
where possible". Importer for PF recognizes macros that define lists
of ip addresses, interfaces or host names and creates object groups
with the same name from them.  Only macros that contain at least one
ip address in the list are recognized.
This commit is contained in:
Vadim Kurland 2011-07-07 16:17:27 -07:00
parent fff5775c39
commit d850139f2d
8 changed files with 879 additions and 562 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/ChangeLog
View File

@ -1,5 +1,12 @@
2011-07-07 Vadim Kurland <vadim@netcitadel.com>
* PFImporterRun.cpp (run): see #2554 "PF import: create groups of
address objects for macros where possible". Importer for PF
recognizes macros that define lists of ip addresses, interfaces or
host names and creates object groups with the same name from them.
Only macros that contain at least one ip address in the list are
recognized.
* PF import: check if a macro used somewhere in the file to be
imported is actually defined and abort if not

5
src/import/PFImporter.h
View File

@ -61,7 +61,10 @@ class PFImporter : public Importer
const std::list< PortSpec > &src_port_spec_list,
const std::list< PortSpec > &dst_port_spec_list,
bool for_nat_rhs);
void substituteMacros(const QMap<QString,QString> &macros,
QString &buffer);
public:
typedef enum {

179
src/import/PFImporterRun.cpp
View File

@ -23,6 +23,8 @@
#include "../../config.h"
#include "fwbuilder/InetAddr.h"
#include "PFImporter.h"
#include <QString>
@ -42,6 +44,7 @@
extern int fwbdebug;
using namespace std;
using namespace libfwbuilder;
/*
@ -81,7 +84,10 @@ void PFImporter::run()
QRegExp inline_comment("#.*$");
QRegExp macro_definition("^\\s*(\\S+)\\s*=\\s*(.*)$");
QRegExp list_of_items("^\\{\\s*((\\S+,?\\s*)+)\\s*\\}$");
QMap<QString, QString> macros;
QMap<QString, QString> macros_source_lines;
foreach(QString str, whole_input.split("\n"))
{
@ -91,49 +97,110 @@ void PFImporter::run()
if (macro_definition.indexIn(work_str) != -1)
{
QString macro_name = macro_definition.cap(1);
QString value = macro_definition.cap(2);
macros[macro_definition.cap(1)] = value.replace("\"", "").trimmed();
value.replace('\"', "");
value = value.simplified();
macros[macro_name] = value;
macros_source_lines[macro_name] = macro_definition.cap(0);
}
}
QMapIterator<QString, QString> it(macros);
while (it.hasNext())
{
it.next();
QString macro_name = it.key();
QString value = it.value();
substituteMacros(macros, value);
macros[macro_name] = value;
}
it = macros;
while (it.hasNext())
{
it.next();
QString macro_name = it.key();
QString value = it.value();
qDebug() << "Macro: name=" << macro_name << "value=" << value;
/*
* Special case: if this macro defines list of addresses
* in '{' '}', we convert it to a table with the same name
* so that importer later on can create object group for
* it.
*
* RegExp list_of_items assumes the string has been
* stripped of any quotes and trimmed.
*/
if (list_of_items.indexIn(value) != -1)
{
qDebug() << "This macro defines a list";
/*
* we only convert to table if the list contains at
* least one ip address. We assume that if there is an
* address there, then all items in the list must
* represent addresses, host names or interface names
* because pf does not allow mixed address/service
* lists anywhere.
*/
QString list_str = list_of_items.cap(1);
list_str.replace(",", "");
QStringList items = list_str.split(QRegExp("\\s"),
QString::SkipEmptyParts);
qDebug() << items;
bool has_address = false;
foreach(QString item, items)
{
qDebug() << "Item:" << item;
if (!item.isEmpty() && (item.contains(':') || item.contains('.')))
{
try
{
InetAddr(item.toStdString());
// stop the loop if string successfully
// converts to an ip address
has_address = true;
break;
} catch(FWException &ex)
{
;
}
}
}
if (has_address)
{
/*
* Convert as follows:
* Macro:
* name = "{ 1.1.1.1 2.2.2.2 }"
* to a table:
* table <name> "{ 1.1.1.1 2.2.2.2 }"
*/
QString table_def("table <%1> %2");
whole_input.replace(macros_source_lines[macro_name],
table_def.arg(macro_name).arg(value));
/*
* And add a macro to the dictionary to map macro_name to
* the table
*/
macros[macro_name] = "<" + macro_name + ">";
qDebug() << "Replacing macro definition with table:";
qDebug() << table_def.arg(macro_name).arg(value);
}
}
}
if (fwbdebug)
qDebug() << "Macros defined in this file: " << macros;
// make several passes: sometimes macros can use other macros
int pass = 0;
while (1)
{
if (fwbdebug) qDebug() << "Pass " << pass;
QMapIterator<QString, QString> it(macros);
while (it.hasNext())
{
it.next();
QString macro_name = it.key();
QString macro_value = it.value();
QRegExp macro_instance(QString("\\$%1(?=\\W)").arg(macro_name));
whole_input.replace(macro_instance, macro_value);
}
QRegExp any_macro_instance("\\$(\\w+)\\W");
if (any_macro_instance.indexIn(whole_input) == -1)
{
break;
} else
{
QString macro_name = any_macro_instance.cap(1);
if (!macros.contains(macro_name))
{
err << gen_err + " " +
QObject::tr("Macro %1 is undefined").arg(macro_name);
*logger << err.join("\n").toUtf8().constData();
return;
}
}
pass++;
}
substituteMacros(macros, whole_input);
if (fwbdebug)
{
@ -188,3 +255,43 @@ void PFImporter::run()
*logger << err.join("\n").toUtf8().constData();
}
void PFImporter::substituteMacros(const QMap<QString,QString> &macros,
QString &buffer)
{
// make several passes: sometimes macros can use other macros
int pass = 0;
while (1)
{
if (fwbdebug) qDebug() << "Pass " << pass;
QMapIterator<QString, QString> it(macros);
while (it.hasNext())
{
it.next();
QString macro_name = it.key();
QString macro_value = it.value();
QRegExp macro_instance(QString("\\$%1(?=\\W)").arg(macro_name));
buffer.replace(macro_instance, macro_value);
}
QRegExp any_macro_instance("\\$(\\w+)\\W");
if (any_macro_instance.indexIn(buffer) == -1)
{
break;
} else
{
QString macro_name = any_macro_instance.cap(1);
if (!macros.contains(macro_name))
{
QString err;
err = QObject::tr("Error: Macro %1 is undefined").arg(macro_name);
*logger << err.toUtf8().constData();
return;
}
}
pass++;
}
}

540
src/unit_tests/PFImporterTest/test_data/pf-hosts-matches.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1309897476" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1310079789" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -442,62 +442,68 @@
</ObjectGroup>
<ObjectGroup id="id9" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id10" name="Groups" comment="" ro="False">
<ObjectGroup id="id11" name="dst_addresses_1" comment="Created during import of line 5" ro="False">
<ObjectGroup id="id11" name="addr_list_macro" comment="Created during import of line 2" ro="False">
<ObjectRef ref="id31"/>
<ObjectRef ref="id32"/>
<ObjectRef ref="id33"/>
<ObjectRef ref="id34"/>
</ObjectGroup>
<ObjectGroup id="id16" name="dst_addresses_1" comment="Created during import of line 5" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id4"/>
<ObjectRef ref="id26"/>
<ObjectRef ref="id35"/>
</ObjectGroup>
<ObjectGroup id="id15" name="dst_addresses_2" comment="Created during import of line 6" ro="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id482"/>
<ObjectGroup id="id20" name="dst_addresses_2" comment="Created during import of line 6" ro="False">
<ObjectRef ref="id468"/>
<ObjectRef ref="id469"/>
</ObjectGroup>
<ObjectGroup id="id18" name="dst_addresses_3" comment="Created during import of line 7" ro="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id481"/>
<ObjectGroup id="id23" name="dst_addresses_3" comment="Created during import of line 7" ro="False">
<ObjectRef ref="id468"/>
<ObjectRef ref="id468"/>
</ObjectGroup>
<ObjectGroup id="id21" name="dst_addresses_4" comment="Created during import of line 8" ro="False">
<ObjectGroup id="id26" name="dst_addresses_4" comment="Created during import of line 8" ro="False">
<ObjectRef ref="id6"/>
<ObjectRef ref="id7"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id24" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id25" name="Networks" comment="" ro="False">
<Network id="id26" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 5" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id27" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 17" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id28" name="net-10.123.12.32/255.255.255.224" comment="Created during import of line 26" ro="False" address="10.123.12.32" netmask="255.255.255.224"/>
<Network id="id29" name="net-10.123.14.8/255.255.255.224" comment="Created during import of line 26" ro="False" address="10.123.14.8" netmask="255.255.255.224"/>
<Network id="id30" name="net-10.123.10.16/255.255.255.240" comment="Created during import of line 26" ro="False" address="10.123.10.16" netmask="255.255.255.240"/>
<Network id="id31" name="net-10.123.0.0/255.255.255.0" comment="Created during import of line 26" ro="False" address="10.123.0.0" netmask="255.255.255.0"/>
<ObjectGroup id="id29" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id30" name="Networks" comment="" ro="False">
<Network id="id31" name="net-10.123.12.32/255.255.255.224" comment="Created during import of line 2" ro="False" address="10.123.12.32" netmask="255.255.255.224"/>
<Network id="id32" name="net-10.123.14.8/255.255.255.224" comment="Created during import of line 2" ro="False" address="10.123.14.8" netmask="255.255.255.224"/>
<Network id="id33" name="net-10.123.10.16/255.255.255.240" comment="Created during import of line 2" ro="False" address="10.123.10.16" netmask="255.255.255.240"/>
<Network id="id34" name="net-10.123.0.0/255.255.255.0" comment="Created during import of line 2" ro="False" address="10.123.0.0" netmask="255.255.255.0"/>
<Network id="id35" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 5" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id36" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 17" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id32" name="Address Ranges" comment="" ro="False"/>
<ObjectGroup id="id37" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id33" name="Services" comment="" ro="False">
<ServiceGroup id="id34" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id35" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id36" name="IP" comment="" ro="False"/>
<ServiceGroup id="id37" name="TCP" comment="" ro="False">
<TCPService id="id38" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 18" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id39" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 21" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id40" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 35" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id41" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 22:22 / 0:0" comment="Created during import of line 38" ro="False" src_range_start="22" src_range_end="22" dst_range_start="0" dst_range_end="0"/>
<ServiceGroup id="id38" name="Services" comment="" ro="False">
<ServiceGroup id="id39" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id40" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id41" name="IP" comment="" ro="False"/>
<ServiceGroup id="id42" name="TCP" comment="" ro="False">
<TCPService id="id43" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 18" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id44" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 21" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id45" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 35" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id46" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 22:22 / 0:0" comment="Created during import of line 38" ro="False" src_range_start="22" src_range_end="22" dst_range_start="0" dst_range_end="0"/>
</ServiceGroup>
<ServiceGroup id="id42" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id43" name="Users" comment="" ro="False"/>
<ServiceGroup id="id44" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id45" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id47" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id48" name="Users" comment="" ro="False"/>
<ServiceGroup id="id49" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id50" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id46" name="Firewalls" comment="" ro="False">
<Firewall id="id47" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 6" ro="False">
<NAT id="id477" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<ObjectGroup id="id51" name="Firewalls" comment="" ro="False">
<Firewall id="id52" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 6" ro="False">
<NAT id="id464" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id49" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id51" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 11">
<Policy id="id54" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id56" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 11">
<Src neg="False">
<ObjectRef ref="id482"/>
<ObjectRef ref="id469"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -512,12 +518,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id63" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 12&#10;import of 'interface:broadcast' is not supported.">
<PolicyRule id="id68" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 12&#10;import of 'interface:broadcast' is not supported.">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -533,12 +539,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id75" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 13&#10;import of 'interface:peer' is not supported.">
<PolicyRule id="id80" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 13&#10;import of 'interface:peer' is not supported.">
<Src neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -554,12 +560,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id87" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 14&#10;import of 'interface:0' is not supported.">
<PolicyRule id="id92" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 14&#10;import of 'interface:0' is not supported.">
<Src neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -575,7 +581,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id99" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 16">
<PolicyRule id="id104" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 16">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -595,12 +601,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id111" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 17">
<PolicyRule id="id116" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 17">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id27"/>
<ObjectRef ref="id36"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -615,15 +621,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id123" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 18">
<PolicyRule id="id128" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 18">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id38"/>
<ServiceRef ref="id43"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -635,15 +641,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id135" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 19">
<PolicyRule id="id140" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 19">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id38"/>
<ServiceRef ref="id43"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -655,7 +661,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id147" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 20">
<PolicyRule id="id152" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 20">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -663,7 +669,7 @@
<ObjectRef ref="id6"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id38"/>
<ServiceRef ref="id43"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -675,15 +681,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id159" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 21">
<PolicyRule id="id164" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 21">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id39"/>
<ServiceRef ref="id44"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -695,7 +701,87 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id171" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 22">
<PolicyRule id="id176" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 22">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id16"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id188" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 23">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id20"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id200" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Created during import of line 24">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id23"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id212" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Created during import of line 25">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id26"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id224" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Created during import of line 26">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -715,15 +801,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id183" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 23">
<PolicyRule id="id236" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Created during import of line 27">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id11"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
<ServiceRef ref="id44"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -735,104 +821,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id195" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Created during import of line 24">
<PolicyRule id="id248" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Created during import of line 28">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id18"/>
<ObjectRef ref="id11"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id207" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Created during import of line 25">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id21"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id219" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Created during import of line 26">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id234" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Created during import of line 27">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id39"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id249" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Created during import of line 28">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id39"/>
<ServiceRef ref="id44"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -844,7 +841,7 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id264" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Created during import of line 30&#10;IPv6 import is not supported. ">
<PolicyRule id="id260" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Created during import of line 30&#10;IPv6 import is not supported. ">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -865,7 +862,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id276" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Created during import of line 31">
<PolicyRule id="id272" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Created during import of line 31">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -885,7 +882,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id288" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Created during import of line 33">
<PolicyRule id="id284" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Created during import of line 33">
<Src neg="False">
<ObjectRef ref="id3"/>
</Src>
@ -905,9 +902,9 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id300" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Created during import of line 34">
<PolicyRule id="id296" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Created during import of line 34">
<Src neg="False">
<ObjectRef ref="id27"/>
<ObjectRef ref="id36"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
@ -925,15 +922,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id312" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="Created during import of line 35">
<PolicyRule id="id308" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="Created during import of line 35">
<Src neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id40"/>
<ServiceRef ref="id45"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -945,15 +942,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id324" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="Created during import of line 36">
<PolicyRule id="id320" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="Created during import of line 36">
<Src neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id40"/>
<ServiceRef ref="id45"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -965,7 +962,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id336" disabled="False" group="" log="False" position="23" action="Accept" direction="Inbound" comment="Created during import of line 37">
<PolicyRule id="id332" disabled="False" group="" log="False" position="23" action="Accept" direction="Inbound" comment="Created during import of line 37">
<Src neg="False">
<ObjectRef ref="id6"/>
</Src>
@ -973,7 +970,7 @@
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id40"/>
<ServiceRef ref="id45"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -985,15 +982,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id348" disabled="False" group="" log="False" position="24" action="Accept" direction="Inbound" comment="Created during import of line 38">
<PolicyRule id="id344" disabled="False" group="" log="False" position="24" action="Accept" direction="Inbound" comment="Created during import of line 38">
<Src neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id41"/>
<ServiceRef ref="id46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -1005,7 +1002,87 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id360" disabled="False" group="" log="False" position="25" action="Accept" direction="Inbound" comment="Created during import of line 39">
<PolicyRule id="id356" disabled="False" group="" log="False" position="25" action="Accept" direction="Inbound" comment="Created during import of line 39">
<Src neg="False">
<ObjectRef ref="id16"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id368" disabled="False" group="" log="False" position="26" action="Accept" direction="Inbound" comment="Created during import of line 40">
<Src neg="False">
<ObjectRef ref="id20"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id380" disabled="False" group="" log="False" position="27" action="Accept" direction="Inbound" comment="Created during import of line 41">
<Src neg="False">
<ObjectRef ref="id23"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id392" disabled="False" group="" log="False" position="28" action="Accept" direction="Inbound" comment="Created during import of line 42">
<Src neg="False">
<ObjectRef ref="id26"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id404" disabled="False" group="" log="False" position="29" action="Accept" direction="Inbound" comment="Created during import of line 43">
<Src neg="False">
<ObjectRef ref="id11"/>
</Src>
@ -1025,15 +1102,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id372" disabled="False" group="" log="False" position="26" action="Accept" direction="Inbound" comment="Created during import of line 40">
<PolicyRule id="id416" disabled="False" group="" log="False" position="30" action="Accept" direction="Inbound" comment="Created during import of line 44">
<Src neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id11"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
<ServiceRef ref="id46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -1045,104 +1122,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id384" disabled="False" group="" log="False" position="27" action="Accept" direction="Inbound" comment="Created during import of line 41">
<PolicyRule id="id428" disabled="False" group="" log="False" position="31" action="Accept" direction="Inbound" comment="Created during import of line 45">
<Src neg="False">
<ObjectRef ref="id18"/>
<ObjectRef ref="id11"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id396" disabled="False" group="" log="False" position="28" action="Accept" direction="Inbound" comment="Created during import of line 42">
<Src neg="False">
<ObjectRef ref="id21"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id408" disabled="False" group="" log="False" position="29" action="Accept" direction="Inbound" comment="Created during import of line 43">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id423" disabled="False" group="" log="False" position="30" action="Accept" direction="Inbound" comment="Created during import of line 44">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id41"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id438" disabled="False" group="" log="False" position="31" action="Accept" direction="Inbound" comment="Created during import of line 45">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id41"/>
<ServiceRef ref="id46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -1154,7 +1142,7 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id453" disabled="False" group="" log="False" position="32" action="Accept" direction="Inbound" comment="Created during import of line 47&#10;IPv6 import is not supported. ">
<PolicyRule id="id440" disabled="False" group="" log="False" position="32" action="Accept" direction="Inbound" comment="Created during import of line 47&#10;IPv6 import is not supported. ">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -1175,7 +1163,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id465" disabled="False" group="" log="False" position="33" action="Accept" direction="Inbound" comment="Created during import of line 48">
<PolicyRule id="id452" disabled="False" group="" log="False" position="33" action="Accept" direction="Inbound" comment="Created during import of line 48">
<Src neg="False">
<ObjectRef ref="id8"/>
</Src>
@ -1197,12 +1185,12 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id479" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<Routing id="id466" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id481" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="pcn0" comment="Created during import of line 6" ro="False">
<Interface id="id468" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="pcn0" comment="Created during import of line 6" ro="False">
<InterfaceOptions/>
<AttachedNetworks id="id482" name="pcn0-net" comment="" ro="False"/>
<AttachedNetworks id="id469" name="pcn0-net" comment="" ro="False"/>
</Interface>
<FirewallOptions>
<Option name="check_shading">true</Option>
@ -1222,7 +1210,7 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id484" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id485" name="Time" comment="" ro="False"/>
<ObjectGroup id="id471" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id472" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

1
src/unit_tests/PFImporterTest/test_data/pf-hosts-matches.output
View File

@ -1,3 +1,4 @@
2: Address Table: <addr_list_macro>: 10.123.12.32/27, 10.123.14.8/27, 10.123.10.16/28, 10.123.0.0/24
5: Address Table: <dst_addresses_1>: 192.168.1.1, 192.168.1.2, 192.168.2.0/24
6: Address Table: <dst_addresses_2>: pcn0, pcn0
6: New interface: pcn0

29
src/unit_tests/PFImporterTest/test_data/pf-macros.conf
View File

@ -1,11 +1,20 @@
one_address = 10.1.1.1 # comment is allowed here
addr_list_1 = "{ 10.123.12.32/27 10.123.14.8/27 10.123.10.16/28 10.123.0.0/24 }"
# another macro is used inside this one recursively
# another macro is used inside this one recursively and only {} are in quotes
addr_list_2 = "{" $one_address 10.123.12.32/27 10.123.14.8/27 10.123.10.16/28 10.123.0.0/24 "}"
# now use comma as a separator
addr_list_3 = "{" $one_address, 10.123.12.33/27, 10.123.14.9/27 "}"
# spaces are mixed with tabs and messed up
addr_list_4 = "{$one_address, 10.123.12.34/27, 10.123.14.10/27}"
# multi-line
addr_list_5 = "{$one_address, \
10.123.12.35/27,\
10.123.14.11/27}"
# another macro name is a substring of this one's name
addr_list_1_foo = "{ 10.1.2.3 10.4.5.6 10.7.8.9 }"
baddies = "{" 192.168.1.1 192.168.1.2 "}" # this works, too
host1 = "192.168.1.1"
host2 = "192.168.1.2"
@ -13,6 +22,12 @@ recursive_macro = "{" $host1 $host2 "}"
tcp_services = "{ ssh, smtp }"
ext_if = "em1"
mixed_macro_1 = "{ $host1 192.168.2.1 www.fwbuilder.org }"
mixed_macro_2 = "{ $host1 192.168.2.1 em1 }"
mixed_macro_3 = "{ $host1 192.168.2.1 em1:network }"
mixed_macro_4 = "{ em1:network www.fwbuilder.org }"
pass in quick from any to $one_address
pass in quick from any to { 10.11.11.11 $one_address }
@ -26,8 +41,14 @@ pass in quick from any to {$one_address , 10.18.18.18 }
pass in quick from any to $addr_list_1
pass in quick from any to $addr_list_2
pass in quick from any to $addr_list_3
pass in quick from any to $addr_list_4
pass in quick from any to $addr_list_5
pass in quick from any to $addr_list_1_foo
block in from $baddies to any
pass out quick on $ext_if proto tcp to $recursive_macro port $tcp_services
pass in quick on $ext_if proto tcp from any to $mixed_macro_1 port 80
pass in quick on $ext_if proto tcp from any to $mixed_macro_2 port 80
pass in quick on $ext_if proto tcp from any to $mixed_macro_3 port 80
pass in quick on $ext_if proto tcp from any to $mixed_macro_4 port 80

636
src/unit_tests/PFImporterTest/test_data/pf-macros.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1309979482" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1310080604" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -432,53 +432,116 @@
<Library id="id0" name="User" comment="" ro="False">
<ObjectGroup id="id1" name="Objects" comment="" ro="False">
<ObjectGroup id="id2" name="Addresses" comment="" ro="False">
<IPv4 id="id3" name="h-10.1.1.1" comment="Created during import of line 16" ro="False" address="10.1.1.1" netmask="255.255.255.255"/>
<IPv4 id="id4" name="h-10.11.11.11" comment="Created during import of line 18" ro="False" address="10.11.11.11" netmask="255.255.255.255"/>
<IPv4 id="id5" name="h-10.12.12.12" comment="Created during import of line 19" ro="False" address="10.12.12.12" netmask="255.255.255.255"/>
<IPv4 id="id6" name="h-10.13.13.13" comment="Created during import of line 20" ro="False" address="10.13.13.13" netmask="255.255.255.255"/>
<IPv4 id="id7" name="h-10.14.14.14" comment="Created during import of line 21" ro="False" address="10.14.14.14" netmask="255.255.255.255"/>
<IPv4 id="id8" name="h-10.15.15.15" comment="Created during import of line 22" ro="False" address="10.15.15.15" netmask="255.255.255.255"/>
<IPv4 id="id9" name="h-10.16.16.16" comment="Created during import of line 23" ro="False" address="10.16.16.16" netmask="255.255.255.255"/>
<IPv4 id="id10" name="h-10.17.17.17" comment="Created during import of line 24" ro="False" address="10.17.17.17" netmask="255.255.255.255"/>
<IPv4 id="id11" name="h-10.18.18.18" comment="Created during import of line 25" ro="False" address="10.18.18.18" netmask="255.255.255.255"/>
<IPv4 id="id12" name="h-10.1.2.3" comment="Created during import of line 29" ro="False" address="10.1.2.3" netmask="255.255.255.255"/>
<IPv4 id="id13" name="h-10.4.5.6" comment="Created during import of line 29" ro="False" address="10.4.5.6" netmask="255.255.255.255"/>
<IPv4 id="id14" name="h-10.7.8.9" comment="Created during import of line 29" ro="False" address="10.7.8.9" netmask="255.255.255.255"/>
<IPv4 id="id15" name="h-192.168.1.1" comment="Created during import of line 31" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-192.168.1.2" comment="Created during import of line 31" ro="False" address="192.168.1.2" netmask="255.255.255.255"/>
<IPv4 id="id3" name="h-10.1.1.1" comment="Created during import of line 5" ro="False" address="10.1.1.1" netmask="255.255.255.255"/>
<IPv4 id="id4" name="h-10.1.2.3" comment="Created during import of line 15" ro="False" address="10.1.2.3" netmask="255.255.255.255"/>
<IPv4 id="id5" name="h-10.4.5.6" comment="Created during import of line 15" ro="False" address="10.4.5.6" netmask="255.255.255.255"/>
<IPv4 id="id6" name="h-10.7.8.9" comment="Created during import of line 15" ro="False" address="10.7.8.9" netmask="255.255.255.255"/>
<IPv4 id="id7" name="h-192.168.1.1" comment="Created during import of line 19" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
<IPv4 id="id8" name="h-192.168.1.2" comment="Created during import of line 19" ro="False" address="192.168.1.2" netmask="255.255.255.255"/>
<IPv4 id="id9" name="h-192.168.2.1" comment="Created during import of line 23" ro="False" address="192.168.2.1" netmask="255.255.255.255"/>
<IPv4 id="id10" name="h-10.11.11.11" comment="Created during import of line 31" ro="False" address="10.11.11.11" netmask="255.255.255.255"/>
<IPv4 id="id11" name="h-10.12.12.12" comment="Created during import of line 32" ro="False" address="10.12.12.12" netmask="255.255.255.255"/>
<IPv4 id="id12" name="h-10.13.13.13" comment="Created during import of line 33" ro="False" address="10.13.13.13" netmask="255.255.255.255"/>
<IPv4 id="id13" name="h-10.14.14.14" comment="Created during import of line 34" ro="False" address="10.14.14.14" netmask="255.255.255.255"/>
<IPv4 id="id14" name="h-10.15.15.15" comment="Created during import of line 35" ro="False" address="10.15.15.15" netmask="255.255.255.255"/>
<IPv4 id="id15" name="h-10.16.16.16" comment="Created during import of line 36" ro="False" address="10.16.16.16" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-10.17.17.17" comment="Created during import of line 37" ro="False" address="10.17.17.17" netmask="255.255.255.255"/>
<IPv4 id="id17" name="h-10.18.18.18" comment="Created during import of line 38" ro="False" address="10.18.18.18" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id17" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id18" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id19" name="Groups" comment="" ro="False"/>
<ObjectGroup id="id20" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id21" name="Networks" comment="" ro="False">
<Network id="id22" name="net-10.123.12.32/255.255.255.224" comment="Created during import of line 27" ro="False" address="10.123.12.32" netmask="255.255.255.224"/>
<Network id="id23" name="net-10.123.14.8/255.255.255.224" comment="Created during import of line 27" ro="False" address="10.123.14.8" netmask="255.255.255.224"/>
<Network id="id24" name="net-10.123.10.16/255.255.255.240" comment="Created during import of line 27" ro="False" address="10.123.10.16" netmask="255.255.255.240"/>
<Network id="id25" name="net-10.123.0.0/255.255.255.0" comment="Created during import of line 27" ro="False" address="10.123.0.0" netmask="255.255.255.0"/>
<ObjectGroup id="id18" name="DNS Names" comment="" ro="False">
<DNSName id="id19" dnsrec="www.fwbuilder.org" dnsrectype="A" run_time="True" name="www.fwbuilder.org" comment="" ro="False"/>
</ObjectGroup>
<ObjectGroup id="id26" name="Address Ranges" comment="" ro="False"/>
<ObjectGroup id="id20" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id21" name="Groups" comment="" ro="False">
<ObjectGroup id="id22" name="addr_list_1" comment="Created during import of line 3" ro="False">
<ObjectRef ref="id66"/>
<ObjectRef ref="id67"/>
<ObjectRef ref="id68"/>
<ObjectRef ref="id69"/>
</ObjectGroup>
<ObjectGroup id="id27" name="addr_list_2" comment="Created during import of line 5" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id66"/>
<ObjectRef ref="id67"/>
<ObjectRef ref="id68"/>
<ObjectRef ref="id69"/>
</ObjectGroup>
<ObjectGroup id="id33" name="addr_list_3" comment="Created during import of line 7" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id70"/>
<ObjectRef ref="id71"/>
</ObjectGroup>
<ObjectGroup id="id37" name="addr_list_4" comment="Created during import of line 9" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id72"/>
<ObjectRef ref="id73"/>
</ObjectGroup>
<ObjectGroup id="id41" name="addr_list_5" comment="Created during import of line 12" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id74"/>
<ObjectRef ref="id75"/>
</ObjectGroup>
<ObjectGroup id="id45" name="addr_list_1_foo" comment="Created during import of line 15" ro="False">
<ObjectRef ref="id4"/>
<ObjectRef ref="id5"/>
<ObjectRef ref="id6"/>
</ObjectGroup>
<ObjectGroup id="id49" name="recursive_macro" comment="Created during import of line 19" ro="False">
<ObjectRef ref="id7"/>
<ObjectRef ref="id8"/>
</ObjectGroup>
<ObjectGroup id="id52" name="mixed_macro_1" comment="Created during import of line 23" ro="False">
<ObjectRef ref="id7"/>
<ObjectRef ref="id9"/>
<ObjectRef ref="id19"/>
</ObjectGroup>
<ObjectGroup id="id56" name="mixed_macro_2" comment="Created during import of line 24" ro="False">
<ObjectRef ref="id7"/>
<ObjectRef ref="id9"/>
<ObjectRef ref="id348"/>
</ObjectGroup>
<ObjectGroup id="id60" name="mixed_macro_3" comment="Created during import of line 25" ro="False">
<ObjectRef ref="id7"/>
<ObjectRef ref="id9"/>
<ObjectRef ref="id349"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id64" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id65" name="Networks" comment="" ro="False">
<Network id="id66" name="net-10.123.12.32/255.255.255.224" comment="Created during import of line 3" ro="False" address="10.123.12.32" netmask="255.255.255.224"/>
<Network id="id67" name="net-10.123.14.8/255.255.255.224" comment="Created during import of line 3" ro="False" address="10.123.14.8" netmask="255.255.255.224"/>
<Network id="id68" name="net-10.123.10.16/255.255.255.240" comment="Created during import of line 3" ro="False" address="10.123.10.16" netmask="255.255.255.240"/>
<Network id="id69" name="net-10.123.0.0/255.255.255.0" comment="Created during import of line 3" ro="False" address="10.123.0.0" netmask="255.255.255.0"/>
<Network id="id70" name="net-10.123.12.33/255.255.255.224" comment="Created during import of line 7" ro="False" address="10.123.12.33" netmask="255.255.255.224"/>
<Network id="id71" name="net-10.123.14.9/255.255.255.224" comment="Created during import of line 7" ro="False" address="10.123.14.9" netmask="255.255.255.224"/>
<Network id="id72" name="net-10.123.12.34/255.255.255.224" comment="Created during import of line 9" ro="False" address="10.123.12.34" netmask="255.255.255.224"/>
<Network id="id73" name="net-10.123.14.10/255.255.255.224" comment="Created during import of line 9" ro="False" address="10.123.14.10" netmask="255.255.255.224"/>
<Network id="id74" name="net-10.123.12.35/255.255.255.224" comment="Created during import of line 12" ro="False" address="10.123.12.35" netmask="255.255.255.224"/>
<Network id="id75" name="net-10.123.14.11/255.255.255.224" comment="Created during import of line 12" ro="False" address="10.123.14.11" netmask="255.255.255.224"/>
</ObjectGroup>
<ObjectGroup id="id76" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id27" name="Services" comment="" ro="False">
<ServiceGroup id="id28" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id29" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id30" name="IP" comment="" ro="False"/>
<ServiceGroup id="id31" name="TCP" comment="" ro="False">
<TCPService id="id32" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 33" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id33" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:25" comment="Created during import of line 33" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<ServiceGroup id="id77" name="Services" comment="" ro="False">
<ServiceGroup id="id78" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id79" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id80" name="IP" comment="" ro="False"/>
<ServiceGroup id="id81" name="TCP" comment="" ro="False">
<TCPService id="id82" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 47" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id83" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:25" comment="Created during import of line 47" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="id84" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 49" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
</ServiceGroup>
<ServiceGroup id="id34" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id35" name="Users" comment="" ro="False"/>
<ServiceGroup id="id36" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id37" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id85" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id86" name="Users" comment="" ro="False"/>
<ServiceGroup id="id87" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id88" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id38" name="Firewalls" comment="" ro="False">
<Firewall id="id39" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 16" ro="False">
<NAT id="id231" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<ObjectGroup id="id89" name="Firewalls" comment="" ro="False">
<Firewall id="id90" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 24" ro="False">
<NAT id="id344" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id41" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id43" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 16">
<Policy id="id92" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id94" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 29">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -498,139 +561,13 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id55" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 18">
<PolicyRule id="id106" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 31">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id68" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 19">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id5"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id81" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 20">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id6"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id94" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 21">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id7"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id107" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 22">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id8"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id120" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 23">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id133" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 24">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id10"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -645,60 +582,13 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id146" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 25">
<PolicyRule id="id119" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 32">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id11"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id159" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 27">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id22"/>
<ObjectRef ref="id23"/>
<ObjectRef ref="id24"/>
<ObjectRef ref="id25"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id174" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 28">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id22"/>
<ObjectRef ref="id23"/>
<ObjectRef ref="id24"/>
<ObjectRef ref="id25"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -713,13 +603,54 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id190" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 29">
<PolicyRule id="id132" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 33">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id12"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id145" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 34">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id13"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id158" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 35">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id14"/>
</Dst>
<Srv neg="False">
@ -735,13 +666,13 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id204" disabled="False" group="" log="False" position="12" action="Deny" direction="Inbound" comment="Created during import of line 31">
<PolicyRule id="id171" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 36">
<Src neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id16"/>
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
<ObjectRef ref="id3"/>
<ObjectRef ref="id15"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -756,20 +687,262 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id217" disabled="False" group="" log="False" position="13" action="Accept" direction="Outbound" comment="Created during import of line 33">
<PolicyRule id="id184" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 37">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id3"/>
<ObjectRef ref="id16"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id32"/>
<ServiceRef ref="id33"/>
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id235"/>
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id197" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 38">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id17"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id210" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 40">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id22"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id222" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 41">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id27"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id234" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 42">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id33"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id246" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Created during import of line 43">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id37"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id258" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Created during import of line 44">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id41"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id270" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Created during import of line 45">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id45"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id282" disabled="False" group="" log="False" position="15" action="Accept" direction="Outbound" comment="Created during import of line 47">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id49"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id82"/>
<ServiceRef ref="id83"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id348"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id295" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Created during import of line 49">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id84"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id348"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id307" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Created during import of line 50">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id56"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id84"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id348"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id319" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Created during import of line 51">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id60"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id84"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id348"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id331" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Created during import of line 52">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id349"/>
<ObjectRef ref="id19"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id84"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id348"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -780,11 +953,12 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id233" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<Routing id="id346" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id235" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="em1" comment="Created during import of line 33" ro="False">
<Interface id="id348" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="em1" comment="Created during import of line 24" ro="False">
<InterfaceOptions/>
<AttachedNetworks id="id349" name="em1-net" comment="" ro="False"/>
</Interface>
<FirewallOptions>
<Option name="check_shading">true</Option>
@ -804,7 +978,7 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id237" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id238" name="Time" comment="" ro="False"/>
<ObjectGroup id="id351" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id352" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

44
src/unit_tests/PFImporterTest/test_data/pf-macros.output
View File

@ -1,15 +1,31 @@
16: filtering rule: action pass; interfaces:
18: filtering rule: action pass; interfaces:
19: filtering rule: action pass; interfaces:
20: filtering rule: action pass; interfaces:
21: filtering rule: action pass; interfaces:
22: filtering rule: action pass; interfaces:
23: filtering rule: action pass; interfaces:
24: filtering rule: action pass; interfaces:
25: filtering rule: action pass; interfaces:
27: filtering rule: action pass; interfaces:
28: filtering rule: action pass; interfaces:
3: Address Table: <addr_list_1>: 10.123.12.32/27, 10.123.14.8/27, 10.123.10.16/28, 10.123.0.0/24
5: Address Table: <addr_list_2>: 10.1.1.1, 10.123.12.32/27, 10.123.14.8/27, 10.123.10.16/28, 10.123.0.0/24
7: Address Table: <addr_list_3>: 10.1.1.1, 10.123.12.33/27, 10.123.14.9/27
9: Address Table: <addr_list_4>: 10.1.1.1, 10.123.12.34/27, 10.123.14.10/27
12: Address Table: <addr_list_5>: 10.1.1.1, 10.123.12.35/27, 10.123.14.11/27
15: Address Table: <addr_list_1_foo>: 10.1.2.3, 10.4.5.6, 10.7.8.9
19: Address Table: <recursive_macro>: 192.168.1.1, 192.168.1.2
23: Address Table: <mixed_macro_1>: 192.168.1.1, 192.168.2.1, www.fwbuilder.org
24: Address Table: <mixed_macro_2>: 192.168.1.1, 192.168.2.1, em1
24: New interface: em1
25: Address Table: <mixed_macro_3>: 192.168.1.1, 192.168.2.1, em1
29: filtering rule: action pass; interfaces:
31: filtering rule: action block; interfaces:
33: New interface: em1
33: filtering rule: action pass; interfaces: em1
31: filtering rule: action pass; interfaces:
32: filtering rule: action pass; interfaces:
33: filtering rule: action pass; interfaces:
34: filtering rule: action pass; interfaces:
35: filtering rule: action pass; interfaces:
36: filtering rule: action pass; interfaces:
37: filtering rule: action pass; interfaces:
38: filtering rule: action pass; interfaces:
40: filtering rule: action pass; interfaces:
41: filtering rule: action pass; interfaces:
42: filtering rule: action pass; interfaces:
43: filtering rule: action pass; interfaces:
44: filtering rule: action pass; interfaces:
45: filtering rule: action pass; interfaces:
47: filtering rule: action pass; interfaces: em1
49: filtering rule: action pass; interfaces: em1
50: filtering rule: action pass; interfaces: em1
51: filtering rule: action pass; interfaces: em1
52: filtering rule: action pass; interfaces: em1