onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity

Merge branch 'development' of ssh://ncgit/var/git/fwbuilder into development

Browse Source
This commit is contained in:
Theron Tock 2011-07-07 23:16:12 -07:00
commit daf46cde28
57 changed files with 3618 additions and 2105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
# build number is like "nano" version number. I am incrementing build
# number during development cycle
#
BUILD_NUM="3557"
BUILD_NUM="3559"
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

2
VERSION.h
View File

@ -1,2 +1,2 @@
#define VERSION "5.0.0.3557"
#define VERSION "5.0.0.3559"
#define GENERATION "5.0"

50
doc/ChangeLog
View File

@ -1,5 +1,55 @@
2011-07-07 Vadim Kurland <vadim@netcitadel.com>
* RoutingCompiler.cpp (processNext): see #2191 "Crash when
compiling a route with table object". Compiler for PF crashed
when run-time AddressTable object was used in RDst of a routing
rule.
* PFImporter.cpp (makeAddressObj): see #2546 "PF import - negation
inside of inline tables is ignored". Since we can not import
address lists or tables that contain a mix of negated and
non-negated items, importer should display an error when it
enounters one of these and mark all rules that use it as "broken"
(rule is colored red and error message is added to the comment).
* PFImporter.cpp (makeAddressObj): see #2556 "PF import: impor of
rules referring to undefined macros". If pf.conf file uses an
undefined macro (there is $macro somewhere but the macro has never
been defined), importer issues a warning, creates run-time DNSName
object with the name "$macro" and marks all rules where it is used
as broken, that is, rules are colored red and the error message is
added to the comment field. Using run-time DNSName object makes
compiler use "$macro" in the generated pf rule which means
fwbuilder generates exactly the same pf rule as the one it tried
to import.
* PFImporterRun.cpp (run): see #2554 "PF import: create groups of
address objects for macros where possible". Importer for PF
recognizes macros that define lists of ip addresses, interfaces or
host names and creates object groups with the same name from them.
Only macros that contain at least one ip address in the list are
recognized.
* PF import: check if a macro used somewhere in the file to be
imported is actually defined and abort if not
* PF import: see #2551 making sure rules that have route-to option
get the call to setRoute() in the importer
2011-07-06 Vadim Kurland <vadim@netcitadel.com>
* applied two patches by Vadim Zhukov persgray@gmail.com to
replace calls to sprintf with safer calls to snprintf and fix some
compiler warnings.
* Importer.cpp (addStandardImportComment): see #2552 "PF import:
add ability to suppress comments referring to line numbers in the
original file".
* PFImporter.cpp (pushPolicyRule): see #2551 "PF Import - source
routing rules are not imported with rule options set". Importer
should import "route-to" rule parameters.
* PFImporter.cpp (newAddressTableObject): see #2546 "PF import -
negation inside of inline tables is ignored". We can not import
PF table definition that has some addresses negated.

2
packaging/fwbuilder-static-qt.spec
View File

@ -3,7 +3,7 @@
%define name fwbuilder
%define version 5.0.0.3557
%define version 5.0.0.3559
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
packaging/fwbuilder.control
View File

@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
Priority: extra
Section: checkinstall
Maintainer: vadim@fwbuilder.org
Version: 5.0.0.3557-1
Version: 5.0.0.3559-1
Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
Description: Firewall Builder GUI and policy compilers

2
packaging/fwbuilder.spec
View File

@ -1,6 +1,6 @@
%define name fwbuilder
%define version 5.0.0.3557
%define version 5.0.0.3559
%define release 1
%if "%_vendor" == "MandrakeSoft"

9
src/antlr/String.cpp
View File

@ -21,24 +21,25 @@ namespace antlr {
// wh: hack for Borland C++ 5.6
#if __BORLANDC__
using std::sprintf;
using std::snprintf;
#endif
// RK: should be using snprintf actually... (or stringstream)
ANTLR_C_USING(sprintf)
ANTLR_C_USING(snprintf)
ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, const int rhs )
{
char tmp[100];
sprintf(tmp,"%d",rhs);
snprintf(tmp, sizeof(tmp), "%d", rhs);
return lhs+tmp;
}
ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, size_t rhs )
{
char tmp[100];
sprintf(tmp,"%u",rhs);
snprintf(tmp, sizeof(tmp), "%zu", rhs);
// sprintf(tmp,"%u",rhs);
return lhs+tmp;
}

5
src/cisco_lib/CompilerDriver_iosacl_run.cpp
View File

@ -110,6 +110,11 @@ QString CompilerDriver_iosacl::assembleFwScript(Cluster *cluster,
options->setStr("prolog_script", options->getStr("iosacl_prolog_script"));
options->setStr("epilog_script", options->getStr("iosacl_epilog_script"));
// we do not offer user a choice of the place where to put prolog
// lines, therefore we can reset this attribute to make sure it
// does not interfere
options->setStr("prolog_place", "");
assembleFwScriptInternal(cluster, fw, cluster_member,
oscnf, &script_skeleton, &top_comment, "!", true);
return script_skeleton.expand();

48
src/import/Importer.cpp
View File

@ -167,6 +167,8 @@ Importer::~Importer()
void Importer::clear()
{
last_comment.clear();
action = "";
protocol = "";
@ -560,6 +562,13 @@ void Importer::pushRule()
// then add it to the current ruleset
current_ruleset->ruleset->add(current_rule);
if (error_tracker->hasWarnings())
{
QStringList warn = error_tracker->getWarnings();
addMessageToLog("Warning: " + warn.join("\n"));
markCurrentRuleBad();
}
if (error_tracker->hasErrors())
{
QStringList err = error_tracker->getErrors();
@ -789,6 +798,9 @@ void Importer::markCurrentRuleBad()
if ( ! current_rule->getComment().empty())
comment.append(QString::fromUtf8(current_rule->getComment().c_str()));
foreach(QString err, error_tracker->getWarnings())
comment.append(err);
foreach(QString err, error_tracker->getErrors())
comment.append(err);
@ -898,6 +910,16 @@ void Importer::addMessageToLog(const QString &msg)
}
}
/**
* This function adds "standard" comment to the object, plus text
* passed as @additional_comment argument. If the object already has
* some comment, it is preserved and new text is appended to it. If
* flag add_standard_comments is false, then comment referring to the
* line number in the original file is not added, but
* @additional_comment is added anyway. Note that we also add comments
* to rules in case of errors but those are not suppressed by the flag
* add_standard_comments
*/
void Importer::addStandardImportComment(FWObject *obj,
const QString &additional_comment)
{
@ -916,10 +938,13 @@ void Importer::addStandardImportComment(FWObject *obj,
if ( ! additional_comment.isEmpty()) comment << additional_comment;
QString file_and_line("Created during import of %1 line %2");
comment << file_and_line
.arg(QString::fromUtf8(input_file_name.c_str()))
.arg(getCurrentLineNumber());
if (add_standard_comments)
{
QString file_and_line("Created during import of %1 line %2");
comment << file_and_line
.arg(QString::fromUtf8(input_file_name.c_str()))
.arg(getCurrentLineNumber());
}
obj->setComment(comment.join("\n").toUtf8().constData());
obj->setBool(".import-commited", true);
@ -991,3 +1016,18 @@ void Importer::rearrangeVlanInterfaces()
}
void Importer::registerBrokenObject(FWObject *obj, const QString &err)
{
broken_objects[obj] = err;
}
bool Importer::isObjectBroken(FWObject *obj)
{
return broken_objects.count(obj) != 0;
}
QString Importer::getBrokenObjectError(FWObject *obj)
{
return broken_objects[obj];
}

15
src/import/Importer.h
View File

@ -142,6 +142,13 @@ protected:
// use this to quickly find objects to avoid creating duplicates
std::map<const std::string,libfwbuilder::FWObject*> all_objects;
// registry of broken objects. Sometimes we create an AddressTable
// or a group object during import that may have some kind of a problem
// that we leave for the user to fix manually. In order to be able to mark
// all rules that use this object as "broken", we should register these
// broken objects somewhere.
std::map<libfwbuilder::FWObject*, QString> broken_objects;
UnidirectionalRuleSet* current_ruleset;
libfwbuilder::Rule* current_rule;
@ -203,6 +210,10 @@ protected:
virtual void addOSrv();
virtual void addLogging();
void registerBrokenObject(libfwbuilder::FWObject *o, const QString &err);
bool isObjectBroken(libfwbuilder::FWObject*);
QString getBrokenObjectError(libfwbuilder::FWObject*);
public:
@ -211,6 +222,9 @@ public:
// making logger public so I can access it from the code in the grammar
libfwbuilder::Logger *logger;
QStringList last_comment;
bool add_standard_comments;
// temporary variables used by parser to store values
// Importer converts these into a proper rule using method
// pushRule()
@ -298,6 +312,7 @@ public:
void setUserChoiceHostOS(const std::string &s) { user_choice_host_os = s; }
void setUserChoiceVersion(const std::string &s) { user_choice_version = s; }
void setAddStandardCommentsFlag(bool f) { add_standard_comments = f; }
virtual void setHostName(const std::string &hn);
virtual void newInterface(const std::string &interface_name);

105
src/import/PFImporter.cpp
View File

@ -507,11 +507,25 @@ FWObject* PFImporter::makeAddressObj(AddressSpec &as)
return intf;
} else
{
// TODO: create and return DNSName object
QString name = QString::fromUtf8(as.address.c_str());
if (name.startsWith('$'))
{
/*
* We perform macro substitutions in
* PFImporter::substituteMacros(), however if we get a
* host name that starts with a '$' here, then this is
* an undefined macro that could not be substituted.
* Mark rule as bad but still create run-time DNSName
* object.
*/
error_tracker->registerWarning(
QObject::tr("Macro '%1' was undefined, rule may be broken")
.arg(name));
}
ObjectSignature sig(error_tracker);
sig.type_name = DNSName::TYPENAME;
sig.object_name = QString::fromUtf8(as.address.c_str());
sig.dns_name = QString::fromUtf8(as.address.c_str());
sig.object_name = name;
sig.dns_name = name;
return address_maker->createObject(sig);
}
}
@ -573,7 +587,12 @@ FWObject* PFImporter::makeAddressObj(AddressSpec &as)
if (as.at == AddressSpec::TABLE)
{
return address_table_registry[as.address.c_str()];
FWObject *at = address_table_registry[as.address.c_str()];
if (isObjectBroken(at))
{
error_tracker->registerError(getBrokenObjectError(at));
}
return at;
}
return NULL;
@ -651,6 +670,13 @@ void PFImporter::pushRule()
assert(current_rule!=NULL);
if (error_tracker->hasWarnings())
{
QStringList warn = error_tracker->getWarnings();
addMessageToLog("Warning: " + warn.join("\n"));
markCurrentRuleBad();
}
if (error_tracker->hasErrors())
{
QStringList err = error_tracker->getErrors();
@ -828,6 +854,52 @@ void PFImporter::pushPolicyRule()
*/
if (! queue.empty()) ropt->setStr("pf_classify_str", queue);
/*
* route-to options
*
*/
if (route_type != UNKNOWN && route_group.size() != 0)
{
switch (route_type)
{
case ROUTE_TO:
ropt->setStr("pf_route_option", "route_through"); break;
case REPLY_TO:
ropt->setStr("pf_route_option", "route_reply_through"); break;
case DUP_TO:
ropt->setStr("pf_route_option", "route_copy_through"); break;
default: ;
}
QStringList route_opt_addr;
list<RouteSpec>::iterator it;
for (it=route_group.begin(); it!=route_group.end(); ++it)
{
RouteSpec &rs = *it;
Interface *intf = getInterfaceByName(rs.iface);
if (intf == NULL)
{
// this interface was never used in "on <intf>" clause before
newInterface(rs.iface);
}
ropt->setStr("pf_route_opt_if", rs.iface);
if (rs.netmask.empty())
route_opt_addr << rs.address.c_str();
else
route_opt_addr << QString("%1/%2")
.arg(rs.address.c_str()).arg(rs.netmask.c_str());
}
ropt->setStr("pf_route_opt_addr", route_opt_addr.join(",").toStdString());
rule->setRouting( ! ropt->getStr("pf_route_option").empty());
}
/*
* Protocols are in proto_list
* Source addresses are in src_group
@ -1308,21 +1380,28 @@ void PFImporter::newAddressTableObject(const string &name,
.arg(QString::fromUtf8(name.c_str()))
.arg(addr_list.join(", ")));
if (has_negations)
{
// can not use error_tracker->registerError() here because
// tables are created before importer encounters any rules and
// so this error can not be associated with a rule.
addMessageToLog(
QObject::tr("Error: import of table definition with negated addresses is not supported."));
}
ObjectMaker maker(Library::cast(library), error_tracker);
FWObject *og =
commitObject(maker.createObject(ObjectGroup::TYPENAME, name.c_str()));
assert(og!=NULL);
address_table_registry[name.c_str()] = og;
if (has_negations)
{
// can not use error_tracker->registerError() here because
// tables are created before importer encounters any rules and
// so this error can not be associated with a rule.
QString err =
QObject::tr("Error: import of table definition with negated "
"addresses is not supported.");
addMessageToLog(err);
err =
QObject::tr("Address table '%1' has a mix of negated and non-negated "
"addresses in the original file.");
registerBrokenObject(og, err.arg(QString::fromUtf8(name.c_str())));
}
for (it=addresses.begin(); it!=addresses.end(); ++it)
{
FWObject *obj = makeAddressObj(*it);

5
src/import/PFImporter.h
View File

@ -61,7 +61,10 @@ class PFImporter : public Importer
const std::list< PortSpec > &src_port_spec_list,
const std::list< PortSpec > &dst_port_spec_list,
bool for_nat_rhs);
void substituteMacros(const QMap<QString,QString> &macros,
QString &buffer);
public:
typedef enum {

157
src/import/PFImporterRun.cpp
View File

@ -23,6 +23,8 @@
#include "../../config.h"
#include "fwbuilder/InetAddr.h"
#include "PFImporter.h"
#include <QString>
@ -42,6 +44,7 @@
extern int fwbdebug;
using namespace std;
using namespace libfwbuilder;
/*
@ -81,7 +84,10 @@ void PFImporter::run()
QRegExp inline_comment("#.*$");
QRegExp macro_definition("^\\s*(\\S+)\\s*=\\s*(.*)$");
QRegExp list_of_items("^\\{\\s*((\\S+,?\\s*)+)\\s*\\}$");
QMap<QString, QString> macros;
QMap<QString, QString> macros_source_lines;
foreach(QString str, whole_input.split("\n"))
{
@ -91,32 +97,110 @@ void PFImporter::run()
if (macro_definition.indexIn(work_str) != -1)
{
QString macro_name = macro_definition.cap(1);
QString value = macro_definition.cap(2);
macros[macro_definition.cap(1)] = value.replace("\"", "").trimmed();
value.replace('\"', "");
value = value.simplified();
macros[macro_name] = value;
macros_source_lines[macro_name] = macro_definition.cap(0);
}
}
QMapIterator<QString, QString> it(macros);
while (it.hasNext())
{
it.next();
QString macro_name = it.key();
QString value = it.value();
substituteMacros(macros, value);
macros[macro_name] = value;
}
it = macros;
while (it.hasNext())
{
it.next();
QString macro_name = it.key();
QString value = it.value();
qDebug() << "Macro: name=" << macro_name << "value=" << value;
/*
* Special case: if this macro defines list of addresses
* in '{' '}', we convert it to a table with the same name
* so that importer later on can create object group for
* it.
*
* RegExp list_of_items assumes the string has been
* stripped of any quotes and trimmed.
*/
if (list_of_items.indexIn(value) != -1)
{
qDebug() << "This macro defines a list";
/*
* we only convert to table if the list contains at
* least one ip address. We assume that if there is an
* address there, then all items in the list must
* represent addresses, host names or interface names
* because pf does not allow mixed address/service
* lists anywhere.
*/
QString list_str = list_of_items.cap(1);
list_str.replace(",", "");
QStringList items = list_str.split(QRegExp("\\s"),
QString::SkipEmptyParts);
qDebug() << items;
bool has_address = false;
foreach(QString item, items)
{
qDebug() << "Item:" << item;
if (!item.isEmpty() && (item.contains(':') || item.contains('.')))
{
try
{
InetAddr(item.toStdString());
// stop the loop if string successfully
// converts to an ip address
has_address = true;
break;
} catch(FWException &ex)
{
;
}
}
}
if (has_address)
{
/*
* Convert as follows:
* Macro:
* name = "{ 1.1.1.1 2.2.2.2 }"
* to a table:
* table <name> "{ 1.1.1.1 2.2.2.2 }"
*/
QString table_def("table <%1> %2");
whole_input.replace(macros_source_lines[macro_name],
table_def.arg(macro_name).arg(value));
/*
* And add a macro to the dictionary to map macro_name to
* the table
*/
macros[macro_name] = "<" + macro_name + ">";
qDebug() << "Replacing macro definition with table:";
qDebug() << table_def.arg(macro_name).arg(value);
}
}
}
if (fwbdebug)
qDebug() << "Macros defined in this file: " << macros;
// make several passes: sometimes macros can use other macros
int pass = 0;
while (1)
{
QMapIterator<QString, QString> it(macros);
while (it.hasNext())
{
it.next();
QString macro_name = it.key();
QString macro_value = it.value();
QRegExp macro_instance(QString("\\$%1(?=\\W)").arg(macro_name));
whole_input.replace(macro_instance, macro_value);
}
QRegExp any_macro_instance("\\$\\w+\\W");
if (! whole_input.contains(any_macro_instance)) break;
pass++;
}
substituteMacros(macros, whole_input);
if (fwbdebug)
{
@ -171,3 +255,38 @@ void PFImporter::run()
*logger << err.join("\n").toUtf8().constData();
}
void PFImporter::substituteMacros(const QMap<QString,QString> &macros,
QString &buffer)
{
// make several passes: sometimes macros can use other macros
QRegExp any_macro_instance("\\$(\\w+)\\W");
for (;;)
{
QMapIterator<QString, QString> it(macros);
while (it.hasNext())
{
it.next();
QString macro_name = it.key();
QString macro_value = it.value();
QRegExp macro_instance(QString("\\$%1(?=\\W)").arg(macro_name));
buffer.replace(macro_instance, macro_value);
}
bool has_known_macros = false;
if (any_macro_instance.indexIn(buffer) != -1)
{
QString macro_name = any_macro_instance.cap(1);
if (macros.contains(macro_name)) has_known_macros = true;
else
{
QString err;
err = QObject::tr("Warning: Macro %1 is undefined").arg(macro_name);
*logger << err.toUtf8().constData();
}
}
if (!has_known_macros) break;
}
}

7
src/import/objectMaker.cpp
View File

@ -81,6 +81,12 @@ void ObjectMakerErrorTracker::registerError(const QString &msg)
error_status = true;
}
void ObjectMakerErrorTracker::registerWarning(const QString &msg)
{
if ( ! warnings.contains(msg)) warnings.append(msg);
warning_status = true;
}
ObjectSignature::ObjectSignature(ObjectMakerErrorTracker *et)
{
@ -317,6 +323,7 @@ ObjectSignature::ObjectSignature(ObjectMakerErrorTracker *et)
}
ObjectSignature::ObjectSignature(const ObjectSignature &other)
: libfwbuilder::Dispatch(other)
{
error_tracker = other.error_tracker;

10
src/import/objectMaker.h
View File

@ -76,15 +76,21 @@ class ObjectMakerErrorTracker
{
QStringList errors;
bool error_status;
QStringList warnings;
bool warning_status;
public:
ObjectMakerErrorTracker() { error_status = false; }
ObjectMakerErrorTracker() { error_status = false; warning_status = false; }
void clear() { error_status = false; errors.clear(); }
void clear() { error_status = false; warning_status = false; errors.clear(); warnings.clear(); }
void registerError(const QString &msg);
bool hasErrors() { return error_status; }
QStringList getErrors() { return errors; }
void registerWarning(const QString &msg);
bool hasWarnings() { return warning_status; }
QStringList getWarnings() { return warnings; }
};

33
src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp
View File

@ -32,6 +32,7 @@
#include "RoutingCompiler.h"
#include "fwbuilder/AddressTable.h"
#include "fwbuilder/AddressRange.h"
#include "fwbuilder/RuleElement.h"
#include "fwbuilder/Network.h"
@ -53,6 +54,7 @@
#include "fwbuilder/XMLTools.h"
#include "fwbuilder/FWException.h"
#include "fwbuilder/Group.h"
#include "fwbuilder/MultiAddress.h"
#include <iostream>
#include <iomanip>
@ -831,4 +833,35 @@ bool RoutingCompiler::createSortedDstIdsLabel::processNext()
return true;
}
/*
* This is identical to
* PolicyCompiler_ipf::processMultiAddressObjectsInRE::processNext()
* TODO: move the code to the class Compiler so it can be reused.
*/
bool RoutingCompiler::processMultiAddressObjectsInRE::processNext()
{
RoutingRule *rule = getNext(); if (rule==NULL) return false;
RuleElement *re = RuleElement::cast( rule->getFirstByType(re_type) );
for (FWObject::iterator i=re->begin(); i!=re->end(); i++)
{
FWObject *o= *i;
if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o);
if (atrt!=NULL && atrt->getSubstitutionTypeName()==AddressTable::TYPENAME)
compiler->abort(
rule,
"Run-time AddressTable objects are not supported.");
AddressTable *at = AddressTable::cast(o);
if (at && at->isRunTime())
compiler->abort(
rule,
"Run-time AddressTable objects are not supported.");
}
tmp_queue.push_back(rule);
return true;
}

20
src/libfwbuilder/src/fwcompiler/RoutingCompiler.h
View File

@ -230,6 +230,26 @@ namespace fwcompiler
};
friend class RoutingCompiler::classifyRoutingRules;
/**
* Placeholders for MultiAddressRunTime objects
*/
class processMultiAddressObjectsInRE : public RoutingRuleProcessor
{
std::string re_type;
public:
processMultiAddressObjectsInRE(const std::string &name,
const std::string &t) : RoutingRuleProcessor(name) { re_type=t; }
virtual bool processNext();
};
class processMultiAddressObjectsInRDst : public processMultiAddressObjectsInRE
{
public:
processMultiAddressObjectsInRDst(const std::string &n) :
processMultiAddressObjectsInRE(
n, libfwbuilder::RuleElementRDst::TYPENAME) {}
};
/**
* detects if rules r1 and r2 are identical (that is, have the
* same effect, rather than use the same objects)

5
src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp
View File

@ -52,8 +52,9 @@ IC_PlatformWarningPage::IC_PlatformWarningPage(QWidget *parent) : QWizardPage(pa
// user-chosen host os and version, so far we only show these for PF
registerField("hostOS*", m_dialog->hostOS);
registerField("version*", m_dialog->version);
registerField("addStandardComments", m_dialog->addStandardComments);
m_dialog->hostOSAndVersionFrame->hide();
m_dialog->importOptionsFrame->hide();
platformOk = false;
}
@ -242,7 +243,7 @@ void IC_PlatformWarningPage::initializePage()
wz->version_list.append(i1->first);
}
m_dialog->hostOSAndVersionFrame->show();
m_dialog->importOptionsFrame->show();
break;
}

2
src/libgui/importFirewallConfigurationWizard/IC_ProgressPage.cpp
View File

@ -158,9 +158,11 @@ void IC_ProgressPage::initializePage()
{
int host_os_idx = field("hostOS").toInt();
int version_idx = field("version").toInt();
bool add_standard_comments = field("addStandardComments").toBool();
importer->setUserChoiceHostOS( wz->host_os_list.at( host_os_idx ));
importer->setUserChoiceVersion( wz->version_list.at( version_idx ));
importer->setAddStandardCommentsFlag(add_standard_comments);
}
connect(importer, SIGNAL(destroyed(QObject*)),

8
src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp
View File

@ -66,6 +66,7 @@ ImporterThread::ImporterThread(QWidget *ui,
this->deduplicate = deduplicate;
importer = NULL;
stopFlag = false;
addStandardComments = false;
}
ImporterThread::~ImporterThread()
@ -83,6 +84,11 @@ void ImporterThread::setUserChoiceVersion(const QString &s)
userChoiceVersion = s;
}
void ImporterThread::setAddStandardCommentsFlag(bool f)
{
addStandardComments = f;
}
void ImporterThread::run()
{
QThreadLogger *logger = new QThreadLogger();
@ -114,6 +120,8 @@ void ImporterThread::run()
if ( ! userChoiceVersion.isEmpty())
importer->setUserChoiceVersion(userChoiceVersion.toStdString());
importer->setAddStandardCommentsFlag(addStandardComments);
importer->setFileName(fileName.toUtf8().constData());
if (deduplicate) importer->prepareForDeduplication();

2
src/libgui/importFirewallConfigurationWizard/ImporterThread.h
View File

@ -56,6 +56,7 @@ class ImporterThread : public QThread
bool stopFlag;
QString userChoiceHostOS;
QString userChoiceVersion;
bool addStandardComments;
public:
ImporterThread(QWidget *ui,
@ -74,6 +75,7 @@ public:
void setUserChoiceHostOS(const QString &s);
void setUserChoiceVersion(const QString &s);
void setAddStandardCommentsFlag(bool f);
signals:
void finished();

184
src/libgui/importFirewallConfigurationWizard/ic_platformwarningpage_q.ui
View File

@ -13,97 +13,103 @@
<property name="windowTitle">
<string>WizardPage</string>
</property>
<layout class="QGridLayout" name="gridLayout_3">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_2">
<item row="0" column="0" colspan="4">
<widget class="QLabel" name="platformSpecificWarning">
<property name="text">
<string>TextLabel</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label">
<property name="text">
<string>Firewall Platform:</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLabel" name="platform">
<property name="text">
<string>TextLabel</string>
</property>
</widget>
</item>
<item row="1" column="2" colspan="2">
<spacer name="horizontalSpacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>388</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="2" column="0" colspan="3">
<widget class="QFrame" name="hostOSAndVersionFrame">
<property name="frameShape">
<enum>QFrame::NoFrame</enum>
</property>
<property name="frameShadow">
<enum>QFrame::Raised</enum>
</property>
<layout class="QGridLayout" name="gridLayout">
<property name="margin">
<number>0</number>
</property>
<item row="0" column="0">
<widget class="QLabel" name="label_2">
<property name="text">
<string>Host OS:</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QComboBox" name="hostOS"/>
</item>
<item row="0" column="2">
<widget class="QLabel" name="label_3">
<property name="text">
<string>Version:</string>
</property>
</widget>
</item>
<item row="0" column="3">
<widget class="QComboBox" name="version"/>
</item>
</layout>
</widget>
</item>
<item row="2" column="3">
<spacer name="horizontalSpacer_2">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>258</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
</layout>
<layout class="QGridLayout" name="gridLayout_2">
<item row="0" column="0" colspan="3">
<widget class="QLabel" name="platformSpecificWarning">
<property name="text">
<string>TextLabel</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label">
<property name="text">
<string>Firewall Platform:</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLabel" name="platform">
<property name="text">
<string>TextLabel</string>
</property>
</widget>
</item>
<item row="1" column="2">
<spacer name="horizontalSpacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>442</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="2" column="0" colspan="3">
<widget class="QFrame" name="importOptionsFrame">
<property name="frameShape">
<enum>QFrame::NoFrame</enum>
</property>
<property name="frameShadow">
<enum>QFrame::Raised</enum>
</property>
<layout class="QGridLayout" name="gridLayout">
<property name="margin">
<number>0</number>
</property>
<item row="0" column="0">
<widget class="QLabel" name="label_2">
<property name="text">
<string>Host OS:</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QComboBox" name="hostOS"/>
</item>
<item row="0" column="2">
<widget class="QLabel" name="label_3">
<property name="text">
<string>Version:</string>
</property>
</widget>
</item>
<item row="0" column="3">
<widget class="QComboBox" name="version"/>
</item>
<item row="0" column="4">
<spacer name="horizontalSpacer_2">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Expanding</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>329</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="1" column="0" colspan="5">
<widget class="QCheckBox" name="addStandardComments">
<property name="text">
<string>Add line numbers in the original file to comments in rules and objects</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item row="3" column="0" colspan="3">
<widget class="QTextBrowser" name="configFileBrowser"/>
</item>
</layout>

13
src/libgui/ruleoptionsdialog_q.ui
View File

@ -1719,7 +1719,7 @@ p, li { white-space: pre-wrap; }
<enum>QTabWidget::Triangular</enum>
</property>
<property name="currentIndex">
<number>6</number>
<number>0</number>
</property>
<widget class="QWidget" name="tab12">
<attribute name="title">
@ -2429,7 +2429,14 @@ p, li { white-space: pre-wrap; }
</widget>
</item>
<item>
<widget class="QLineEdit" name="pf_route_opt_addr"/>
<widget class="QLineEdit" name="pf_route_opt_addr">
<property name="minimumSize">
<size>
<width>300</width>
<height>0</height>
</size>
</property>
</widget>
</item>
</layout>
</item>
@ -2564,7 +2571,7 @@ p, li { white-space: pre-wrap; }
<enum>QTabWidget::Triangular</enum>
</property>
<property name="currentIndex">
<number>1</number>
<number>0</number>
</property>
<widget class="QWidget" name="tab_7">
<attribute name="title">

3
src/libgui/utils.cpp
View File

@ -503,7 +503,8 @@ void doSetObjectIcon(FWObject *obj, QPixmap *pm, int icon_size)
default: icn_sfx = "icon"; break;
}
if (obj->getRO())
// note that we do not have "locked" version of large icons
if (obj->getRO() && icon_size != 2)
icn_alias = ":/Icons/lock";
else
{

1004
src/parsers/PFCfgLexer.cpp
View File

@ -1,4 +1,4 @@
/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.cpp"$ */
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.cpp"$ */
#line 43 "pf.g"
// gets inserted before the antlr generated includes in the cpp
@ -44,92 +44,92 @@ PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& st
void PFCfgLexer::initLiterals()
{
literals["badhead"] = 199;
literals["notifications"] = 233;
literals["badhead"] = 201;
literals["notifications"] = 235;
literals["state-policy"] = 26;
literals["floating"] = 28;
literals["no"] = 84;
literals["counters"] = 72;
literals["esp"] = 126;
literals["routersol"] = 158;
literals["routersol"] = 160;
literals["frags"] = 60;
literals["reply-to"] = 139;
literals["reply-to"] = 140;
literals["icmp.first"] = 49;
literals["string-key"] = 99;
literals["gre"] = 125;
literals["pass"] = 86;
literals["scrub"] = 65;
literals["warnings"] = 234;
literals["warnings"] = 236;
literals["include"] = 6;
literals["skip"] = 32;
literals["timeout"] = 13;
literals["eigrp"] = 128;
literals["icmp-type"] = 149;
literals["transit"] = 197;
literals["icmp-type"] = 151;
literals["transit"] = 199;
literals["inet"] = 115;
literals["no-df"] = 144;
literals["no-df"] = 146;
literals["network"] = 77;
literals["photuris"] = 174;
literals["photuris"] = 176;
literals["igmp"] = 120;
literals["unreach"] = 152;
literals["range"] = 226;
literals["unreach"] = 154;
literals["range"] = 228;
literals["rsvp"] = 124;
literals["debugging"] = 229;
literals["host-tos"] = 187;
literals["paramprob"] = 160;
literals["debugging"] = 231;
literals["host-tos"] = 189;
literals["paramprob"] = 162;
literals["user"] = 113;
literals["interface"] = 215;
literals["interface"] = 217;
literals["adaptive.end"] = 58;
literals["limit"] = 21;
literals["state-defaults"] = 29;
literals["hex-key"] = 98;
literals["net-unk"] = 181;
literals["net-unk"] = 183;
literals["antispoof"] = 9;
literals["udp.single"] = 47;
literals["inforeq"] = 163;
literals["ipv6-here"] = 171;
literals["redir"] = 154;
literals["inforeq"] = 165;
literals["ipv6-here"] = 173;
literals["redir"] = 156;
literals["static-port"] = 88;
literals["common-adv"] = 196;
literals["common-adv"] = 198;
literals["loginterface"] = 22;
literals["ip"] = 118;
literals["mobregreq"] = 172;
literals["mobregreq"] = 174;
literals["conservative"] = 17;
literals["ospf"] = 129;
literals["proto-unr"] = 177;
literals["proto-unr"] = 179;
literals["peer"] = 79;
literals["inforep"] = 164;
literals["errors"] = 231;
literals["inforep"] = 166;
literals["errors"] = 233;
literals["tables-entries"] = 64;
literals["any"] = 136;
literals["mobregrep"] = 173;
literals["label"] = 212;
literals["pptp"] = 222;
literals["synproxy"] = 210;
literals["mobregrep"] = 175;
literals["label"] = 214;
literals["pptp"] = 224;
literals["synproxy"] = 212;
literals["debug"] = 37;
literals["alerts"] = 227;
literals["alerts"] = 229;
literals["all"] = 112;
literals["state"] = 211;
literals["tag"] = 207;
literals["state"] = 213;
literals["tag"] = 209;
literals["in"] = 108;
literals["tables"] = 63;
literals["file"] = 73;
literals["nos"] = 219;
literals["nos"] = 221;
literals["src-nodes"] = 62;
literals["ipv6-where"] = 170;
literals["ipv6-where"] = 172;
literals["require-order"] = 30;
literals["udp"] = 122;
literals["states"] = 61;
literals["sticky-address"] = 101;
literals["return-icmp"] = 106;
literals["redir-tos-net"] = 193;
literals["pim"] = 221;
literals["emergencies"] = 230;
literals["squench"] = 153;
literals["disable"] = 235;
literals["flags"] = 148;
literals["redir-tos-net"] = 195;
literals["pim"] = 223;
literals["emergencies"] = 232;
literals["squench"] = 155;
literals["disable"] = 237;
literals["flags"] = 150;
literals["tcp"] = 121;
literals["net-tos"] = 186;
literals["net-tos"] = 188;
literals["reassemble"] = 38;
literals["adaptive.start"] = 57;
literals["frag"] = 54;
@ -137,58 +137,59 @@ void PFCfgLexer::initLiterals()
literals["icmp"] = 119;
literals["to"] = 114;
literals["return-rst"] = 104;
literals["normal-adv"] = 195;
literals["normal-adv"] = 197;
literals["optimization"] = 15;
literals["log"] = 110;
literals["fragment"] = 141;
literals["snp"] = 224;
literals["fragment"] = 143;
literals["snp"] = 226;
literals["broadcast"] = 78;
literals["icmp6-type"] = 205;
literals["icmp6-type"] = 207;
literals["normal"] = 19;
literals["code"] = 150;
literals["code"] = 152;
literals["if-bound"] = 27;
literals["src.track"] = 56;
literals["drop-ovl"] = 143;
literals["routeradv"] = 157;
literals["drop-ovl"] = 145;
literals["routeradv"] = 159;
literals["other.single"] = 52;
literals["dup-to"] = 141;
literals["bitmask"] = 95;
literals["maskreq"] = 165;
literals["maskreq"] = 167;
literals["ipip"] = 130;
literals["tcp.closed"] = 45;
literals["block"] = 103;
literals["high-latency"] = 18;
literals["udp.first"] = 46;
literals["badlen"] = 201;
literals["badlen"] = 203;
literals["tcp.first"] = 40;
literals["host-unr"] = 176;
literals["host-unr"] = 178;
literals["ah"] = 127;
literals["random-id"] = 147;
literals["modulate"] = 209;
literals["random-id"] = 149;
literals["modulate"] = 211;
literals["interval"] = 55;
literals["maskrep"] = 166;
literals["maskrep"] = 168;
literals["ruleset-optimization"] = 14;
literals["trace"] = 167;
literals["rip"] = 223;
literals["trace"] = 169;
literals["rip"] = 225;
literals["urpf-failed"] = 135;
literals["set"] = 12;
literals["source-hash"] = 97;
literals["critical"] = 228;
literals["quit"] = 214;
literals["critical"] = 230;
literals["quit"] = 216;
literals["icmp.error"] = 50;
literals["const"] = 71;
literals["altq"] = 10;
literals["tcp.closing"] = 43;
literals["port-unr"] = 178;
literals["port-unr"] = 180;
literals["table"] = 67;
literals["redir-tos-host"] = 194;
literals["redir-tos-host"] = 196;
literals["fingerprints"] = 31;
literals["return"] = 25;
literals["optmiss"] = 200;
literals["optmiss"] = 202;
literals["match"] = 66;
literals["keep"] = 208;
literals["net-prohib"] = 184;
literals["keep"] = 210;
literals["net-prohib"] = 186;
literals["inet6"] = 116;
literals["group"] = 140;
literals["group"] = 142;
literals["from"] = 134;
literals["tcp.finwait"] = 44;
literals["hostid"] = 39;
@ -196,64 +197,64 @@ void PFCfgLexer::initLiterals()
literals["vrrp"] = 131;
literals["drop"] = 24;
literals["l2tp"] = 132;
literals["max-mss"] = 146;
literals["isolate"] = 183;
literals["timereq"] = 161;
literals["max-mss"] = 148;
literals["isolate"] = 185;
literals["timereq"] = 163;
literals["aggressive"] = 16;
literals["icmp6"] = 216;
literals["echoreq"] = 156;
literals["icmp6"] = 218;
literals["echoreq"] = 158;
literals["tcp.established"] = 42;
literals["decrypt-fail"] = 204;
literals["mobredir"] = 169;
literals["decrypt-fail"] = 206;
literals["mobredir"] = 171;
literals["other.first"] = 51;
literals["ipsec"] = 218;
literals["ipsec"] = 220;
literals["no-route"] = 137;
literals["random"] = 96;
literals["binat"] = 102;
literals["srcfail"] = 180;
literals["srcfail"] = 182;
literals["self"] = 80;
literals["timerep"] = 162;
literals["crop"] = 142;
literals["host-preced"] = 189;
literals["host"] = 225;
literals["echorep"] = 151;
literals["timerep"] = 164;
literals["crop"] = 144;
literals["host-preced"] = 191;
literals["host"] = 227;
literals["echorep"] = 153;
literals["other.multiple"] = 53;
literals["althost"] = 155;
literals["althost"] = 157;
literals["udp.multiple"] = 48;
literals["cutoff-preced"] = 190;
literals["redir-host"] = 192;
literals["cutoff-preced"] = 192;
literals["redir-host"] = 194;
literals["rdr"] = 89;
literals["tagged"] = 206;
literals["tagged"] = 208;
literals["on"] = 33;
literals["round-robin"] = 100;
literals["pcp"] = 220;
literals["pcp"] = 222;
literals["block-policy"] = 23;
literals["persist"] = 70;
literals["unknown-ind"] = 202;
literals["redir-net"] = 191;
literals["filter-prohib"] = 188;
literals["unknown-ind"] = 204;
literals["redir-net"] = 193;
literals["filter-prohib"] = 190;
literals["nat"] = 85;
literals["satellite"] = 20;
literals["informational"] = 232;
literals["needfrag"] = 179;
literals["informational"] = 234;
literals["needfrag"] = 181;
literals["tcp.opening"] = 41;
literals["igrp"] = 217;
literals["igrp"] = 219;
literals["quick"] = 111;
literals["timex"] = 159;
literals["host-unk"] = 182;
literals["route-to"] = 138;
literals["dataconv"] = 168;
literals["timex"] = 161;
literals["host-unk"] = 184;
literals["route-to"] = 139;
literals["dataconv"] = 170;
literals["rdp"] = 123;
literals["net-unr"] = 175;
literals["net-unr"] = 177;
literals["queue"] = 11;
literals["isis"] = 133;
literals["reassemb"] = 198;
literals["inactive"] = 236;
literals["reassemb"] = 200;
literals["inactive"] = 238;
literals["out"] = 109;
literals["min-ttl"] = 145;
literals["auth-fail"] = 203;
literals["exit"] = 213;
literals["host-prohib"] = 185;
literals["min-ttl"] = 147;
literals["auth-fail"] = 205;
literals["exit"] = 215;
literals["host-prohib"] = 187;
}
ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
@ -265,6 +266,12 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
resetText();
try { // for lexical and char stream error handling
switch ( LA(1)) {
case 0x23 /* '#' */ :
{
mCOMMENT_START(true);
theRetToken=_returnToken;
break;
}
case 0xa /* '\n' */ :
case 0xd /* '\r' */ :
{
@ -272,6 +279,7 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
theRetToken=_returnToken;
break;
}
case 0x24 /* '$' */ :
case 0x30 /* '0' */ :
case 0x31 /* '1' */ :
case 0x32 /* '2' */ :
@ -497,11 +505,7 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
break;
}
default:
if ((LA(1) == 0x23 /* '#' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) {
mLINE_COMMENT(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x22 /* '\"' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) {
if ((LA(1) == 0x22 /* '\"' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) {
mSTRING(true);
theRetToken=_returnToken;
}
@ -509,10 +513,6 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
mWhitespace(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x23 /* '#' */ ) && (true)) {
mNUMBER_SIGN(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x22 /* '\"' */ ) && (true)) {
mDOUBLE_QUOTE(true);
theRetToken=_returnToken;
@ -547,68 +547,6 @@ tryAgain:;
}
}
void PFCfgLexer::mLINE_COMMENT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = LINE_COMMENT;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match("#");
{ // ( ... )*
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
{
match(_tokenSet_1);
}
}
else {
goto _loop275;
}
}
_loop275:;
} // ( ... )*
mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mNEWLINE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NEWLINE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
{
if ((LA(1) == 0xd /* '\r' */ ) && (LA(2) == 0xa /* '\n' */ )) {
match("\r\n");
}
else if ((LA(1) == 0xd /* '\r' */ ) && (true)) {
match('\r' /* charlit */ );
}
else if ((LA(1) == 0xa /* '\n' */ )) {
match('\n' /* charlit */ );
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
if ( inputState->guessing==0 ) {
#line 1982 "pf.g"
newline();
#line 603 "PFCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mWhitespace(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = Whitespace;
@ -678,9 +616,56 @@ void PFCfgLexer::mWhitespace(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 1977 "pf.g"
#line 1996 "pf.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 684 "PFCfgLexer.cpp"
#line 622 "PFCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mCOMMENT_START(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = COMMENT_START;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('#' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mNEWLINE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NEWLINE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
{
if ((LA(1) == 0xd /* '\r' */ ) && (LA(2) == 0xa /* '\n' */ )) {
match("\r\n");
}
else if ((LA(1) == 0xd /* '\r' */ ) && (true)) {
match('\r' /* charlit */ );
}
else if ((LA(1) == 0xa /* '\n' */ )) {
match('\n' /* charlit */ );
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
if ( inputState->guessing==0 ) {
#line 2001 "pf.g"
newline();
#line 669 "PFCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -865,17 +850,17 @@ void PFCfgLexer::mNUM_HEX_4DIGIT(bool _createToken) {
mHEX_DIGIT(false);
{
if ((_tokenSet_2.member(LA(1)))) {
if ((_tokenSet_1.member(LA(1)))) {
{
mHEX_DIGIT(false);
}
{
if ((_tokenSet_2.member(LA(1)))) {
if ((_tokenSet_1.member(LA(1)))) {
{
mHEX_DIGIT(false);
}
{
if ((_tokenSet_2.member(LA(1)))) {
if ((_tokenSet_1.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
@ -905,330 +890,485 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
_ttype = NUMBER_ADDRESS_OR_WORD;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
bool synPredMatched328 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
int _m328 = mark();
synPredMatched328 = true;
inputState->guessing++;
try {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched328 = false;
}
rewind(_m328);
inputState->guessing--;
}
if ( synPredMatched328 ) {
switch ( LA(1)) {
case 0x3a /* ':' */ :
{
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
}
if ( inputState->guessing==0 ) {
#line 2037 "pf.g"
_ttype = IPV4;
#line 941 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched335 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
int _m335 = mark();
synPredMatched335 = true;
bool synPredMatched318 = false;
if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (_tokenSet_1.member(LA(3))))) {
int _m318 = mark();
synPredMatched318 = true;
inputState->guessing++;
try {
{
match(':' /* charlit */ );
match(':' /* charlit */ );
{ // ( ... )+
int _cnt332=0;
int _cnt317=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
if ((_tokenSet_1.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt332>=1 ) { goto _loop332; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt317>=1 ) { goto _loop317; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt332++;
_cnt317++;
}
_loop332:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt334=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt334>=1 ) { goto _loop334; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt334++;
}
_loop334:;
_loop317:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched335 = false;
synPredMatched318 = false;
}
rewind(_m335);
rewind(_m318);
inputState->guessing--;
}
if ( synPredMatched335 ) {
if ( synPredMatched318 ) {
{
match(':' /* charlit */ );
match(':' /* charlit */ );
{ // ( ... )+
int _cnt338=0;
int _cnt321=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
if ((_tokenSet_1.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt338>=1 ) { goto _loop338; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt321>=1 ) { goto _loop321; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt338++;
_cnt321++;
}
_loop338:;
_loop321:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt340=0;
{ // ( ... )*
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
{ // ( ... )+
int _cnt324=0;
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt324>=1 ) { goto _loop324; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt324++;
}
_loop324:;
} // ( ... )+
}
else {
if ( _cnt340>=1 ) { goto _loop340; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
goto _loop325;
}
_cnt340++;
}
_loop340:;
} // ( ... )+
_loop325:;
} // ( ... )*
}
if ( inputState->guessing==0 ) {
#line 2040 "pf.g"
_ttype = NUMBER;
#line 1024 "PFCfgLexer.cpp"
#line 2047 "pf.g"
_ttype = IPV6;
#line 977 "PFCfgLexer.cpp"
}
}
else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) {
{
match(':' /* charlit */ );
match(':' /* charlit */ );
}
if ( inputState->guessing==0 ) {
#line 2049 "pf.g"
_ttype = IPV6;
#line 988 "PFCfgLexer.cpp"
}
}
else if ((LA(1) == 0x3a /* ':' */ ) && (true)) {
match(':' /* charlit */ );
if ( inputState->guessing==0 ) {
#line 2051 "pf.g"
_ttype = COLON;
#line 996 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched303 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_4.member(LA(2))) && (true))) {
int _m303 = mark();
synPredMatched303 = true;
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
break;
}
case 0x24 /* '$' */ :
{
match('$' /* charlit */ );
{
switch ( LA(1)) {
case 0x61 /* 'a' */ :
case 0x62 /* 'b' */ :
case 0x63 /* 'c' */ :
case 0x64 /* 'd' */ :
case 0x65 /* 'e' */ :
case 0x66 /* 'f' */ :
case 0x67 /* 'g' */ :
case 0x68 /* 'h' */ :
case 0x69 /* 'i' */ :
case 0x6a /* 'j' */ :
case 0x6b /* 'k' */ :
case 0x6c /* 'l' */ :
case 0x6d /* 'm' */ :
case 0x6e /* 'n' */ :
case 0x6f /* 'o' */ :
case 0x70 /* 'p' */ :
case 0x71 /* 'q' */ :
case 0x72 /* 'r' */ :
case 0x73 /* 's' */ :
case 0x74 /* 't' */ :
case 0x75 /* 'u' */ :
case 0x76 /* 'v' */ :
case 0x77 /* 'w' */ :
case 0x78 /* 'x' */ :
case 0x79 /* 'y' */ :
case 0x7a /* 'z' */ :
{
matchRange('a','z');
break;
}
case 0x41 /* 'A' */ :
case 0x42 /* 'B' */ :
case 0x43 /* 'C' */ :
case 0x44 /* 'D' */ :
case 0x45 /* 'E' */ :
case 0x46 /* 'F' */ :
case 0x47 /* 'G' */ :
case 0x48 /* 'H' */ :
case 0x49 /* 'I' */ :
case 0x4a /* 'J' */ :
case 0x4b /* 'K' */ :
case 0x4c /* 'L' */ :
case 0x4d /* 'M' */ :
case 0x4e /* 'N' */ :
case 0x4f /* 'O' */ :
case 0x50 /* 'P' */ :
case 0x51 /* 'Q' */ :
case 0x52 /* 'R' */ :
case 0x53 /* 'S' */ :
case 0x54 /* 'T' */ :
case 0x55 /* 'U' */ :
case 0x56 /* 'V' */ :
case 0x57 /* 'W' */ :
case 0x58 /* 'X' */ :
case 0x59 /* 'Y' */ :
case 0x5a /* 'Z' */ :
{
matchRange('A','Z');
break;
}
default:
{
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
}
{ // ( ... )*
for (;;) {
switch ( LA(1)) {
case 0x61 /* 'a' */ :
case 0x62 /* 'b' */ :
case 0x63 /* 'c' */ :
case 0x64 /* 'd' */ :
case 0x65 /* 'e' */ :
case 0x66 /* 'f' */ :
case 0x67 /* 'g' */ :
case 0x68 /* 'h' */ :
case 0x69 /* 'i' */ :
case 0x6a /* 'j' */ :
case 0x6b /* 'k' */ :
case 0x6c /* 'l' */ :
case 0x6d /* 'm' */ :
case 0x6e /* 'n' */ :
case 0x6f /* 'o' */ :
case 0x70 /* 'p' */ :
case 0x71 /* 'q' */ :
case 0x72 /* 'r' */ :
case 0x73 /* 's' */ :
case 0x74 /* 't' */ :
case 0x75 /* 'u' */ :
case 0x76 /* 'v' */ :
case 0x77 /* 'w' */ :
case 0x78 /* 'x' */ :
case 0x79 /* 'y' */ :
case 0x7a /* 'z' */ :
{
matchRange('a','z');
break;
}
case 0x41 /* 'A' */ :
case 0x42 /* 'B' */ :
case 0x43 /* 'C' */ :
case 0x44 /* 'D' */ :
case 0x45 /* 'E' */ :
case 0x46 /* 'F' */ :
case 0x47 /* 'G' */ :
case 0x48 /* 'H' */ :
case 0x49 /* 'I' */ :
case 0x4a /* 'J' */ :
case 0x4b /* 'K' */ :
case 0x4c /* 'L' */ :
case 0x4d /* 'M' */ :
case 0x4e /* 'N' */ :
case 0x4f /* 'O' */ :
case 0x50 /* 'P' */ :
case 0x51 /* 'Q' */ :
case 0x52 /* 'R' */ :
case 0x53 /* 'S' */ :
case 0x54 /* 'T' */ :
case 0x55 /* 'U' */ :
case 0x56 /* 'V' */ :
case 0x57 /* 'W' */ :
case 0x58 /* 'X' */ :
case 0x59 /* 'Y' */ :
case 0x5a /* 'Z' */ :
{
matchRange('A','Z');
break;
}
case 0x30 /* '0' */ :
case 0x31 /* '1' */ :
case 0x32 /* '2' */ :
case 0x33 /* '3' */ :
case 0x34 /* '4' */ :
case 0x35 /* '5' */ :
case 0x36 /* '6' */ :
case 0x37 /* '7' */ :
case 0x38 /* '8' */ :
case 0x39 /* '9' */ :
{
matchRange('0','9');
break;
}
case 0x5f /* '_' */ :
{
match('_' /* charlit */ );
break;
}
default:
{
goto _loop348;
}
}
}
_loop348:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 2075 "pf.g"
_ttype = MACRO;
#line 1170 "PFCfgLexer.cpp"
}
break;
}
default:
bool synPredMatched328 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) {
int _m328 = mark();
synPredMatched328 = true;
inputState->guessing++;
try {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched328 = false;
}
rewind(_m328);
inputState->guessing--;
}
if ( synPredMatched328 ) {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
}
if ( inputState->guessing==0 ) {
#line 2056 "pf.g"
_ttype = IPV4;
#line 1207 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched335 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) {
int _m335 = mark();
synPredMatched335 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt302=0;
int _cnt332=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt302>=1 ) { goto _loop302; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt332>=1 ) { goto _loop332; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt302++;
_cnt332++;
}
_loop302:;
_loop332:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt334=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt334>=1 ) { goto _loop334; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt334++;
}
_loop334:;
} // ( ... )+
match(':' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched303 = false;
synPredMatched335 = false;
}
rewind(_m303);
rewind(_m335);
inputState->guessing--;
}
if ( synPredMatched303 ) {
{
if ( synPredMatched335 ) {
{
{ // ( ... )+
int _cnt307=0;
int _cnt338=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt307>=1 ) { goto _loop307; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt338>=1 ) { goto _loop338; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt307++;
_cnt338++;
}
_loop307:;
_loop338:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt311=0;
int _cnt340=0;
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
{ // ( ... )*
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
goto _loop310;
}
}
_loop310:;
} // ( ... )*
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt311>=1 ) { goto _loop311; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt340>=1 ) { goto _loop340; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt311++;
_cnt340++;
}
_loop311:;
_loop340:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 2022 "pf.g"
_ttype = IPV6;
#line 1105 "PFCfgLexer.cpp"
}
#line 2059 "pf.g"
_ttype = NUMBER;
#line 1290 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched313 = false;
if (((LA(1) == 0x3a /* ':' */ ))) {
int _m313 = mark();
synPredMatched313 = true;
bool synPredMatched303 = false;
if (((_tokenSet_1.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) {
int _m303 = mark();
synPredMatched303 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt302=0;
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt302>=1 ) { goto _loop302; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt302++;
}
_loop302:;
} // ( ... )+
match(':' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched313 = false;
synPredMatched303 = false;
}
rewind(_m313);
rewind(_m303);
inputState->guessing--;
}
if ( synPredMatched313 ) {
if ( synPredMatched303 ) {
{
bool synPredMatched318 = false;
if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (_tokenSet_2.member(LA(3))))) {
int _m318 = mark();
synPredMatched318 = true;
inputState->guessing++;
try {
{
{
{ // ( ... )+
int _cnt307=0;
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt307>=1 ) { goto _loop307; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt307++;
}
_loop307:;
} // ( ... )+
{ // ( ... )+
int _cnt311=0;
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
match(':' /* charlit */ );
{ // ( ... )+
int _cnt317=0;
{ // ( ... )*
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
if ((_tokenSet_1.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt317>=1 ) { goto _loop317; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
goto _loop310;
}
_cnt317++;
}
_loop317:;
} // ( ... )+
}
_loop310:;
} // ( ... )*
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched318 = false;
else {
if ( _cnt311>=1 ) { goto _loop311; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
rewind(_m318);
inputState->guessing--;
_cnt311++;
}
if ( synPredMatched318 ) {
{
match(':' /* charlit */ );
match(':' /* charlit */ );
{ // ( ... )+
int _cnt321=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt321>=1 ) { goto _loop321; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt321++;
}
_loop321:;
} // ( ... )+
{ // ( ... )*
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
{ // ( ... )+
int _cnt324=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt324>=1 ) { goto _loop324; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt324++;
}
_loop324:;
} // ( ... )+
}
else {
goto _loop325;
}
}
_loop325:;
} // ( ... )*
}
if ( inputState->guessing==0 ) {
#line 2028 "pf.g"
_ttype = IPV6;
#line 1207 "PFCfgLexer.cpp"
}
_loop311:;
} // ( ... )+
}
else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) {
{
match(':' /* charlit */ );
match(':' /* charlit */ );
}
if ( inputState->guessing==0 ) {
#line 2030 "pf.g"
_ttype = IPV6;
#line 1218 "PFCfgLexer.cpp"
}
if ( inputState->guessing==0 ) {
#line 2041 "pf.g"
_ttype = IPV6;
#line 1371 "PFCfgLexer.cpp"
}
else if ((LA(1) == 0x3a /* ':' */ ) && (true)) {
match(':' /* charlit */ );
if ( inputState->guessing==0 ) {
#line 2032 "pf.g"
_ttype = COLON;
#line 1226 "PFCfgLexer.cpp"
}
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
@ -1247,12 +1387,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
_loop342:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 2042 "pf.g"
#line 2061 "pf.g"
_ttype = INT_CONST;
#line 1253 "PFCfgLexer.cpp"
#line 1393 "PFCfgLexer.cpp"
}
}
else if ((_tokenSet_5.member(LA(1))) && (true) && (true)) {
else if ((_tokenSet_4.member(LA(1))) && (true) && (true)) {
{
switch ( LA(1)) {
case 0x61 /* 'a' */ :
@ -1472,9 +1612,9 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
_loop345:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 2053 "pf.g"
#line 2072 "pf.g"
_ttype = WORD;
#line 1478 "PFCfgLexer.cpp"
#line 1618 "PFCfgLexer.cpp"
}
}
else {
@ -1498,15 +1638,15 @@ void PFCfgLexer::mSTRING(bool _createToken) {
match('\"' /* charlit */ );
{ // ( ... )*
for (;;) {
if ((_tokenSet_6.member(LA(1)))) {
if ((_tokenSet_5.member(LA(1)))) {
matchNot('\"' /* charlit */ );
}
else {
goto _loop348;
goto _loop351;
}
}
_loop348:;
_loop351:;
} // ( ... )*
match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -1531,20 +1671,6 @@ void PFCfgLexer::mPIPE_CHAR(bool _createToken) {
_saveIndex=0;
}
void PFCfgLexer::mNUMBER_SIGN(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NUMBER_SIGN;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match('#' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void PFCfgLexer::mPERCENT(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = PERCENT;
@ -1923,36 +2049,20 @@ const unsigned long PFCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL,
// 0xe4 0xe5 0xe6 0xe7 0xe8 0xe9 0xea 0xeb 0xec 0xed 0xee 0xef 0xf0 0xf1
// 0xf2 0xf3 0xf4 0xf5 0xf6 0xf7 0xf8 0xf9 0xfa 0xfb 0xfc 0xfd 0xfe 0xff
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_0(_tokenSet_0_data_,16);
const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! \" # $ %
// & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G
// H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h
// i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f
// 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab 0xac 0xad
// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7 0xb8 0xb9 0xba 0xbb
// 0xbc 0xbd 0xbe 0xbf 0xc0 0xc1 0xc2 0xc3 0xc4 0xc5 0xc6 0xc7 0xc8 0xc9
// 0xca 0xcb 0xcc 0xcd 0xce 0xcf 0xd0 0xd1 0xd2 0xd3 0xd4 0xd5 0xd6 0xd7
// 0xd8 0xd9 0xda 0xdb 0xdc 0xdd 0xde 0xdf 0xe0 0xe1 0xe2 0xe3 0xe4 0xe5
// 0xe6 0xe7 0xe8 0xe9 0xea 0xeb 0xec 0xed 0xee 0xef 0xf0 0xf1 0xf2 0xf3
// 0xf4 0xf5 0xf6 0xf7 0xf8 0xf9 0xfa 0xfb 0xfc 0xfd 0xfe 0xff
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 0UL, 67043328UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0 1 2 3 4 5 6 7 8 9 A B C D E F a b c d e f
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_2(_tokenSet_2_data_,10);
const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,10);
const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// . 0 1 2 3 4 5 6 7 8 9
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10);
const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 0UL, 134152192UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_2(_tokenSet_2_data_,10);
const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 134152192UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0 1 2 3 4 5 6 7 8 9 : A B C D E F a b c d e f
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,10);
const unsigned long PFCfgLexer::_tokenSet_5_data_[] = { 0UL, 0UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10);
const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 0UL, 0UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h
// i j k l m n o p q r s t u v w x y z
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_5(_tokenSet_5_data_,10);
const unsigned long PFCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,10);
const unsigned long PFCfgLexer::_tokenSet_5_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13
// 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $
// % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F
@ -1967,5 +2077,5 @@ const unsigned long PFCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 4294967291
// 0xd8 0xd9 0xda 0xdb 0xdc 0xdd 0xde 0xdf 0xe0 0xe1 0xe2 0xe3 0xe4 0xe5
// 0xe6 0xe7 0xe8 0xe9 0xea 0xeb 0xec 0xed 0xee 0xef 0xf0 0xf1 0xf2 0xf3
// 0xf4 0xf5 0xf6 0xf7 0xf8 0xf9 0xfa 0xfb 0xfc 0xfd 0xfe 0xff
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_6(_tokenSet_6_data_,16);
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_5(_tokenSet_5_data_,16);

9
src/parsers/PFCfgLexer.hpp
View File

@ -9,7 +9,7 @@
#line 11 "PFCfgLexer.hpp"
#include <antlr/config.hpp>
/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.hpp"$ */
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.hpp"$ */
#include <antlr/CommonToken.hpp>
#include <antlr/InputBuffer.hpp>
#include <antlr/BitSet.hpp>
@ -48,9 +48,9 @@ public:
PFCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib);
PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state);
ANTLR_USE_NAMESPACE(antlr)RefToken nextToken();
public: void mLINE_COMMENT(bool _createToken);
public: void mNEWLINE(bool _createToken);
public: void mWhitespace(bool _createToken);
public: void mCOMMENT_START(bool _createToken);
public: void mNEWLINE(bool _createToken);
protected: void mINT_CONST(bool _createToken);
protected: void mHEX_CONST(bool _createToken);
protected: void mNUMBER(bool _createToken);
@ -63,7 +63,6 @@ public:
public: void mNUMBER_ADDRESS_OR_WORD(bool _createToken);
public: void mSTRING(bool _createToken);
public: void mPIPE_CHAR(bool _createToken);
public: void mNUMBER_SIGN(bool _createToken);
public: void mPERCENT(bool _createToken);
public: void mAMPERSAND(bool _createToken);
public: void mAPOSTROPHE(bool _createToken);
@ -104,8 +103,6 @@ private:
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4;
static const unsigned long _tokenSet_5_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_5;
static const unsigned long _tokenSet_6_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_6;
};
#endif /*INC_PFCfgLexer_hpp_*/

1355
src/parsers/PFCfgParser.cpp
View File

File diff suppressed because it is too large Load Diff

7
src/parsers/PFCfgParser.hpp
View File

@ -9,7 +9,7 @@
#line 11 "PFCfgParser.hpp"
#include <antlr/config.hpp>
/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.hpp"$ */
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.hpp"$ */
#include <antlr/TokenStream.hpp>
#include <antlr/TokenBuffer.hpp>
#include "PFCfgParserTokenTypes.hpp"
@ -165,6 +165,7 @@ public:
public: void host_list();
public: void route_to();
public: void reply_to();
public: void dup_to();
public: void routehost();
public: void routehost_list();
public: void filteropt();
@ -200,10 +201,10 @@ protected:
private:
static const char* tokenNames[];
#ifndef NO_STATIC_CONSTS
static const int NUM_TOKENS = 261;
static const int NUM_TOKENS = 262;
#else
enum {
NUM_TOKENS = 261
NUM_TOKENS = 262
};
#endif

251
src/parsers/PFCfgParserTokenTypes.hpp
View File

@ -1,7 +1,7 @@
#ifndef INC_PFCfgParserTokenTypes_hpp_
#define INC_PFCfgParserTokenTypes_hpp_
/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */
#ifndef CUSTOM_API
# define CUSTOM_API
@ -13,7 +13,7 @@ struct CUSTOM_API PFCfgParserTokenTypes {
enum {
EOF_ = 1,
NEWLINE = 4,
LINE_COMMENT = 5,
COMMENT_START = 5,
INCLUDE_COMMAND = 6,
WORD = 7,
EQUAL = 8,
@ -146,129 +146,130 @@ struct CUSTOM_API PFCfgParserTokenTypes {
URPF_FAILED = 135,
ANY = 136,
NO_ROUTE = 137,
ROUTE_TO = 138,
REPLY_TO = 139,
GROUP = 140,
LITERAL_fragment = 141,
LITERAL_crop = 142,
// "drop-ovl" = 143
// "no-df" = 144
// "min-ttl" = 145
// "max-mss" = 146
// "random-id" = 147
FLAGS = 148,
ICMP_TYPE = 149,
ICMP_CODE = 150,
LITERAL_echorep = 151,
LITERAL_unreach = 152,
LITERAL_squench = 153,
LITERAL_redir = 154,
LITERAL_althost = 155,
LITERAL_echoreq = 156,
LITERAL_routeradv = 157,
LITERAL_routersol = 158,
LITERAL_timex = 159,
LITERAL_paramprob = 160,
LITERAL_timereq = 161,
LITERAL_timerep = 162,
LITERAL_inforeq = 163,
LITERAL_inforep = 164,
LITERAL_maskreq = 165,
LITERAL_maskrep = 166,
LITERAL_trace = 167,
LITERAL_dataconv = 168,
LITERAL_mobredir = 169,
// "ipv6-where" = 170
// "ipv6-here" = 171
LITERAL_mobregreq = 172,
LITERAL_mobregrep = 173,
LITERAL_photuris = 174,
// "net-unr" = 175
// "host-unr" = 176
// "proto-unr" = 177
// "port-unr" = 178
LITERAL_needfrag = 179,
LITERAL_srcfail = 180,
// "net-unk" = 181
// "host-unk" = 182
LITERAL_isolate = 183,
// "net-prohib" = 184
// "host-prohib" = 185
// "net-tos" = 186
// "host-tos" = 187
// "filter-prohib" = 188
// "host-preced" = 189
// "cutoff-preced" = 190
// "redir-net" = 191
// "redir-host" = 192
// "redir-tos-net" = 193
// "redir-tos-host" = 194
// "normal-adv" = 195
// "common-adv" = 196
LITERAL_transit = 197,
LITERAL_reassemb = 198,
LITERAL_badhead = 199,
LITERAL_optmiss = 200,
LITERAL_badlen = 201,
// "unknown-ind" = 202
// "auth-fail" = 203
// "decrypt-fail" = 204
ICMP6_TYPE = 205,
TAGGED = 206,
TAG = 207,
KEEP = 208,
MODULATE = 209,
SYNPROXY = 210,
STATE = 211,
LABEL = 212,
EXIT = 213,
QUIT = 214,
INTRFACE = 215,
ICMP6 = 216,
IGRP = 217,
IPSEC = 218,
NOS = 219,
PCP = 220,
PIM = 221,
PPTP = 222,
RIP = 223,
SNP = 224,
HOST = 225,
RANGE = 226,
LOG_LEVEL_ALERTS = 227,
LOG_LEVEL_CRITICAL = 228,
LOG_LEVEL_DEBUGGING = 229,
LOG_LEVEL_EMERGENCIES = 230,
LOG_LEVEL_ERRORS = 231,
LOG_LEVEL_INFORMATIONAL = 232,
LOG_LEVEL_NOTIFICATIONS = 233,
LOG_LEVEL_WARNINGS = 234,
LOG_LEVEL_DISABLE = 235,
LOG_LEVEL_INACTIVE = 236,
Whitespace = 237,
HEX_CONST = 238,
NEG_INT_CONST = 239,
HEX_DIGIT = 240,
DIGIT = 241,
NUM_3DIGIT = 242,
NUM_HEX_4DIGIT = 243,
NUMBER_ADDRESS_OR_WORD = 244,
PIPE_CHAR = 245,
NUMBER_SIGN = 246,
PERCENT = 247,
AMPERSAND = 248,
APOSTROPHE = 249,
PLUS = 250,
DOT = 251,
SEMICOLON = 252,
QUESTION = 253,
COMMERCIAL_AT = 254,
OPENING_SQUARE = 255,
CLOSING_SQUARE = 256,
CARET = 257,
UNDERLINE = 258,
TILDE = 259,
DOUBLE_QUOTE = 260,
MACRO = 138,
ROUTE_TO = 139,
REPLY_TO = 140,
DUP_TO = 141,
GROUP = 142,
LITERAL_fragment = 143,
LITERAL_crop = 144,
// "drop-ovl" = 145
// "no-df" = 146
// "min-ttl" = 147
// "max-mss" = 148
// "random-id" = 149
FLAGS = 150,
ICMP_TYPE = 151,
ICMP_CODE = 152,
LITERAL_echorep = 153,
LITERAL_unreach = 154,
LITERAL_squench = 155,
LITERAL_redir = 156,
LITERAL_althost = 157,
LITERAL_echoreq = 158,
LITERAL_routeradv = 159,
LITERAL_routersol = 160,
LITERAL_timex = 161,
LITERAL_paramprob = 162,
LITERAL_timereq = 163,
LITERAL_timerep = 164,
LITERAL_inforeq = 165,
LITERAL_inforep = 166,
LITERAL_maskreq = 167,
LITERAL_maskrep = 168,
LITERAL_trace = 169,
LITERAL_dataconv = 170,
LITERAL_mobredir = 171,
// "ipv6-where" = 172
// "ipv6-here" = 173
LITERAL_mobregreq = 174,
LITERAL_mobregrep = 175,
LITERAL_photuris = 176,
// "net-unr" = 177
// "host-unr" = 178
// "proto-unr" = 179
// "port-unr" = 180
LITERAL_needfrag = 181,
LITERAL_srcfail = 182,
// "net-unk" = 183
// "host-unk" = 184
LITERAL_isolate = 185,
// "net-prohib" = 186
// "host-prohib" = 187
// "net-tos" = 188
// "host-tos" = 189
// "filter-prohib" = 190
// "host-preced" = 191
// "cutoff-preced" = 192
// "redir-net" = 193
// "redir-host" = 194
// "redir-tos-net" = 195
// "redir-tos-host" = 196
// "normal-adv" = 197
// "common-adv" = 198
LITERAL_transit = 199,
LITERAL_reassemb = 200,
LITERAL_badhead = 201,
LITERAL_optmiss = 202,
LITERAL_badlen = 203,
// "unknown-ind" = 204
// "auth-fail" = 205
// "decrypt-fail" = 206
ICMP6_TYPE = 207,
TAGGED = 208,
TAG = 209,
KEEP = 210,
MODULATE = 211,
SYNPROXY = 212,
STATE = 213,
LABEL = 214,
EXIT = 215,
QUIT = 216,
INTRFACE = 217,
ICMP6 = 218,
IGRP = 219,
IPSEC = 220,
NOS = 221,
PCP = 222,
PIM = 223,
PPTP = 224,
RIP = 225,
SNP = 226,
HOST = 227,
RANGE = 228,
LOG_LEVEL_ALERTS = 229,
LOG_LEVEL_CRITICAL = 230,
LOG_LEVEL_DEBUGGING = 231,
LOG_LEVEL_EMERGENCIES = 232,
LOG_LEVEL_ERRORS = 233,
LOG_LEVEL_INFORMATIONAL = 234,
LOG_LEVEL_NOTIFICATIONS = 235,
LOG_LEVEL_WARNINGS = 236,
LOG_LEVEL_DISABLE = 237,
LOG_LEVEL_INACTIVE = 238,
Whitespace = 239,
HEX_CONST = 240,
NEG_INT_CONST = 241,
HEX_DIGIT = 242,
DIGIT = 243,
NUM_3DIGIT = 244,
NUM_HEX_4DIGIT = 245,
NUMBER_ADDRESS_OR_WORD = 246,
PIPE_CHAR = 247,
PERCENT = 248,
AMPERSAND = 249,
APOSTROPHE = 250,
PLUS = 251,
DOT = 252,
SEMICOLON = 253,
QUESTION = 254,
COMMERCIAL_AT = 255,
OPENING_SQUARE = 256,
CLOSING_SQUARE = 257,
CARET = 258,
UNDERLINE = 259,
TILDE = 260,
DOUBLE_QUOTE = 261,
NULL_TREE_LOOKAHEAD = 3
};
#ifdef __cplusplus

251
src/parsers/PFCfgParserTokenTypes.txt
View File

@ -1,7 +1,7 @@
// $ANTLR 2.7.7 (20090306): pf.g -> PFCfgParserTokenTypes.txt$
// $ANTLR 2.7.7 (20100319): pf.g -> PFCfgParserTokenTypes.txt$
PFCfgParser // output token vocab name
NEWLINE=4
LINE_COMMENT=5
COMMENT_START=5
INCLUDE_COMMAND="include"=6
WORD=7
EQUAL=8
@ -134,126 +134,127 @@ FROM="from"=134
URPF_FAILED="urpf-failed"=135
ANY="any"=136
NO_ROUTE="no-route"=137
ROUTE_TO="route-to"=138
REPLY_TO="reply-to"=139
GROUP="group"=140
LITERAL_fragment="fragment"=141
LITERAL_crop="crop"=142
"drop-ovl"=143
"no-df"=144
"min-ttl"=145
"max-mss"=146
"random-id"=147
FLAGS="flags"=148
ICMP_TYPE="icmp-type"=149
ICMP_CODE="code"=150
LITERAL_echorep="echorep"=151
LITERAL_unreach="unreach"=152
LITERAL_squench="squench"=153
LITERAL_redir="redir"=154
LITERAL_althost="althost"=155
LITERAL_echoreq="echoreq"=156
LITERAL_routeradv="routeradv"=157
LITERAL_routersol="routersol"=158
LITERAL_timex="timex"=159
LITERAL_paramprob="paramprob"=160
LITERAL_timereq="timereq"=161
LITERAL_timerep="timerep"=162
LITERAL_inforeq="inforeq"=163
LITERAL_inforep="inforep"=164
LITERAL_maskreq="maskreq"=165
LITERAL_maskrep="maskrep"=166
LITERAL_trace="trace"=167
LITERAL_dataconv="dataconv"=168
LITERAL_mobredir="mobredir"=169
"ipv6-where"=170
"ipv6-here"=171
LITERAL_mobregreq="mobregreq"=172
LITERAL_mobregrep="mobregrep"=173
LITERAL_photuris="photuris"=174
"net-unr"=175
"host-unr"=176
"proto-unr"=177
"port-unr"=178
LITERAL_needfrag="needfrag"=179
LITERAL_srcfail="srcfail"=180
"net-unk"=181
"host-unk"=182
LITERAL_isolate="isolate"=183
"net-prohib"=184
"host-prohib"=185
"net-tos"=186
"host-tos"=187
"filter-prohib"=188
"host-preced"=189
"cutoff-preced"=190
"redir-net"=191
"redir-host"=192
"redir-tos-net"=193
"redir-tos-host"=194
"normal-adv"=195
"common-adv"=196
LITERAL_transit="transit"=197
LITERAL_reassemb="reassemb"=198
LITERAL_badhead="badhead"=199
LITERAL_optmiss="optmiss"=200
LITERAL_badlen="badlen"=201
"unknown-ind"=202
"auth-fail"=203
"decrypt-fail"=204
ICMP6_TYPE="icmp6-type"=205
TAGGED="tagged"=206
TAG="tag"=207
KEEP="keep"=208
MODULATE="modulate"=209
SYNPROXY="synproxy"=210
STATE="state"=211
LABEL="label"=212
EXIT="exit"=213
QUIT="quit"=214
INTRFACE="interface"=215
ICMP6="icmp6"=216
IGRP="igrp"=217
IPSEC="ipsec"=218
NOS="nos"=219
PCP="pcp"=220
PIM="pim"=221
PPTP="pptp"=222
RIP="rip"=223
SNP="snp"=224
HOST="host"=225
RANGE="range"=226
LOG_LEVEL_ALERTS="alerts"=227
LOG_LEVEL_CRITICAL="critical"=228
LOG_LEVEL_DEBUGGING="debugging"=229
LOG_LEVEL_EMERGENCIES="emergencies"=230
LOG_LEVEL_ERRORS="errors"=231
LOG_LEVEL_INFORMATIONAL="informational"=232
LOG_LEVEL_NOTIFICATIONS="notifications"=233
LOG_LEVEL_WARNINGS="warnings"=234
LOG_LEVEL_DISABLE="disable"=235
LOG_LEVEL_INACTIVE="inactive"=236
Whitespace=237
HEX_CONST=238
NEG_INT_CONST=239
HEX_DIGIT=240
DIGIT=241
NUM_3DIGIT=242
NUM_HEX_4DIGIT=243
NUMBER_ADDRESS_OR_WORD=244
PIPE_CHAR=245
NUMBER_SIGN=246
PERCENT=247
AMPERSAND=248
APOSTROPHE=249
PLUS=250
DOT=251
SEMICOLON=252
QUESTION=253
COMMERCIAL_AT=254
OPENING_SQUARE=255
CLOSING_SQUARE=256
CARET=257
UNDERLINE=258
TILDE=259
DOUBLE_QUOTE=260
MACRO=138
ROUTE_TO="route-to"=139
REPLY_TO="reply-to"=140
DUP_TO="dup-to"=141
GROUP="group"=142
LITERAL_fragment="fragment"=143
LITERAL_crop="crop"=144
"drop-ovl"=145
"no-df"=146
"min-ttl"=147
"max-mss"=148
"random-id"=149
FLAGS="flags"=150
ICMP_TYPE="icmp-type"=151
ICMP_CODE="code"=152
LITERAL_echorep="echorep"=153
LITERAL_unreach="unreach"=154
LITERAL_squench="squench"=155
LITERAL_redir="redir"=156
LITERAL_althost="althost"=157
LITERAL_echoreq="echoreq"=158
LITERAL_routeradv="routeradv"=159
LITERAL_routersol="routersol"=160
LITERAL_timex="timex"=161
LITERAL_paramprob="paramprob"=162
LITERAL_timereq="timereq"=163
LITERAL_timerep="timerep"=164
LITERAL_inforeq="inforeq"=165
LITERAL_inforep="inforep"=166
LITERAL_maskreq="maskreq"=167
LITERAL_maskrep="maskrep"=168
LITERAL_trace="trace"=169
LITERAL_dataconv="dataconv"=170
LITERAL_mobredir="mobredir"=171
"ipv6-where"=172
"ipv6-here"=173
LITERAL_mobregreq="mobregreq"=174
LITERAL_mobregrep="mobregrep"=175
LITERAL_photuris="photuris"=176
"net-unr"=177
"host-unr"=178
"proto-unr"=179
"port-unr"=180
LITERAL_needfrag="needfrag"=181
LITERAL_srcfail="srcfail"=182
"net-unk"=183
"host-unk"=184
LITERAL_isolate="isolate"=185
"net-prohib"=186
"host-prohib"=187
"net-tos"=188
"host-tos"=189
"filter-prohib"=190
"host-preced"=191
"cutoff-preced"=192
"redir-net"=193
"redir-host"=194
"redir-tos-net"=195
"redir-tos-host"=196
"normal-adv"=197
"common-adv"=198
LITERAL_transit="transit"=199
LITERAL_reassemb="reassemb"=200
LITERAL_badhead="badhead"=201
LITERAL_optmiss="optmiss"=202
LITERAL_badlen="badlen"=203
"unknown-ind"=204
"auth-fail"=205
"decrypt-fail"=206
ICMP6_TYPE="icmp6-type"=207
TAGGED="tagged"=208
TAG="tag"=209
KEEP="keep"=210
MODULATE="modulate"=211
SYNPROXY="synproxy"=212
STATE="state"=213
LABEL="label"=214
EXIT="exit"=215
QUIT="quit"=216
INTRFACE="interface"=217
ICMP6="icmp6"=218
IGRP="igrp"=219
IPSEC="ipsec"=220
NOS="nos"=221
PCP="pcp"=222
PIM="pim"=223
PPTP="pptp"=224
RIP="rip"=225
SNP="snp"=226
HOST="host"=227
RANGE="range"=228
LOG_LEVEL_ALERTS="alerts"=229
LOG_LEVEL_CRITICAL="critical"=230
LOG_LEVEL_DEBUGGING="debugging"=231
LOG_LEVEL_EMERGENCIES="emergencies"=232
LOG_LEVEL_ERRORS="errors"=233
LOG_LEVEL_INFORMATIONAL="informational"=234
LOG_LEVEL_NOTIFICATIONS="notifications"=235
LOG_LEVEL_WARNINGS="warnings"=236
LOG_LEVEL_DISABLE="disable"=237
LOG_LEVEL_INACTIVE="inactive"=238
Whitespace=239
HEX_CONST=240
NEG_INT_CONST=241
HEX_DIGIT=242
DIGIT=243
NUM_3DIGIT=244
NUM_HEX_4DIGIT=245
NUMBER_ADDRESS_OR_WORD=246
PIPE_CHAR=247
PERCENT=248
AMPERSAND=249
APOSTROPHE=250
PLUS=251
DOT=252
SEMICOLON=253
QUESTION=254
COMMERCIAL_AT=255
OPENING_SQUARE=256
CLOSING_SQUARE=257
CARET=258
UNDERLINE=259
TILDE=260
DOUBLE_QUOTE=261

39
src/parsers/pf.g
View File

@ -151,7 +151,18 @@ cfgfile :
;
//****************************************************************
comment : LINE_COMMENT ;
comment :
COMMENT_START
{
QStringList str;
while (LA(1) != ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE && LA(1) != NEWLINE)
{
str << QString::fromUtf8(LT(1)->getText().c_str());
consume();
}
importer->last_comment << str.join(" ");
}
;
//****************************************************************
include_command : INCLUDE_COMMAND
@ -1182,7 +1193,7 @@ common_hosts_part :
host { AddressSpec as; } :
( EXLAMATION { as.neg = true; } )?
(
WORD
( WORD | MACRO )
{
// interface name or domain/host name
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
@ -1274,7 +1285,7 @@ host_list :
// ************************************************************************
route :
route_to | reply_to
route_to | reply_to | dup_to
;
route_to :
@ -1291,6 +1302,13 @@ reply_to :
}
;
dup_to :
DUP_TO ( routehost | routehost_list )
{
importer->route_type = PFImporter::DUP_TO;
}
;
routehost { RouteSpec rs; } :
OPENING_PAREN
WORD { rs.iface = LT(0)->getText(); }
@ -1942,6 +1960,7 @@ tokens
ROUTE_TO = "route-to";
REPLY_TO = "reply-to";
DUP_TO = "dup-to";
DROP = "drop";
RETURN = "return";
@ -1971,13 +1990,13 @@ tokens
STATIC_PORT = "static-port";
}
LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ;
// LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ;
Whitespace : ( '\003'..'\010' | '\t' | '\013' | '\f' | '\016'.. '\037' | '\177'..'\377' | ' ' )
{ $setType(ANTLR_USE_NAMESPACE(antlr)Token::SKIP); } ;
//COMMENT_START : '!' ;
COMMENT_START : '#' ;
NEWLINE : ( "\r\n" | '\r' | '\n' ) { newline(); } ;
@ -2042,21 +2061,21 @@ options {
| ( DIGIT )+ { $setType(INT_CONST); }
// making sure ',' '(' ')' '=' '<' '>' '+' are not part of WORD do
// not start WORD with '$' since we expand macros in PFImporterRun
// using regex.
// double quote " should be included, without it STRING does not match
// Making sure ',' '(' ')' '=' '<' '>' '+' are not part of WORD.
// Double quote " should be included, without it STRING does not match
| ( 'a'..'z' | 'A'..'Z' )
( '"' | '$' | '%' | '&' | '-' | '.' | '0'..'9' | ';' |
'?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )*
{ $setType(WORD); }
| '$' ( 'a'..'z' | 'A'..'Z' ) ( 'a'..'z' | 'A'..'Z' | '0'..'9' | '_' )*
{ $setType(MACRO); }
;
STRING : '"' (~'"')* '"';
PIPE_CHAR : '|';
NUMBER_SIGN : '#' ;
// DOLLAR : '$' ;
PERCENT : '%' ;
AMPERSAND : '&' ;

3
src/pflib/RoutingCompiler_openbsd.cpp
View File

@ -207,6 +207,9 @@ void RoutingCompiler_openbsd::compile()
add(new addressRangesInDst("process address ranges"));
add( new processMultiAddressObjectsInRDst(
"process MultiAddress objects in RDst") );
//add(new eliminateDuplicatesInDST("Eliminate duplicates in DST"));
add(new FindDefaultRoute("Find rules that install default route"));

8
src/unit_tests/CustomServiceDialogTest/CustomServiceDialogTest.cpp
View File

@ -182,10 +182,10 @@ void CustomServiceDialogTest::testDialog()
selectComboItem(platform, "iptables");
dialog->platformChanged();
QTest::mouseClick(ipv6, Qt::LeftButton, Qt::NoModifier, QPoint(10,10));
QVERIFY(service->getAddressFamily() == 10);
QVERIFY(service->getAddressFamily() == AF_INET6);
selectComboItem(platform, "PF");
dialog->platformChanged();
QVERIFY(service->getAddressFamily() == 10);
QVERIFY(service->getAddressFamily() == AF_INET6);
// testing that changing address family does not change platform code
foreach (QString key, platforms.keys())
@ -193,11 +193,11 @@ void CustomServiceDialogTest::testDialog()
string oldcode = service->getCodeForPlatform(key.toStdString().c_str());
string oldprotocol = service->getProtocol();
QTest::mouseClick(ipv4, Qt::LeftButton, Qt::NoModifier, QPoint(10,10));
QVERIFY(service->getAddressFamily() == 2);
QVERIFY(service->getAddressFamily() == AF_INET);
QVERIFY(oldcode == service->getCodeForPlatform(key.toStdString().c_str()));
QVERIFY(oldprotocol == service->getProtocol());
QTest::mouseClick(ipv6, Qt::LeftButton, Qt::NoModifier, QPoint(10,10));
QVERIFY(service->getAddressFamily() == 10);
QVERIFY(service->getAddressFamily() == AF_INET6);
QVERIFY(oldcode == service->getCodeForPlatform(key.toStdString().c_str()));
QVERIFY(oldprotocol == service->getProtocol());
}

35
src/unit_tests/PFImporterTest/PFImporterTest.cpp
View File

@ -212,6 +212,7 @@ void PFImporterTest::macrosTest()
openTestFile("test_data/pf-macros.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -230,6 +231,7 @@ void PFImporterTest::hostsMatchTest()
openTestFile("test_data/pf-hosts-matches.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -251,6 +253,7 @@ void PFImporterTest::blockReturnTest()
openTestFile("test_data/pf-block-return-actions.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -272,6 +275,7 @@ void PFImporterTest::icmpMatchTest()
openTestFile("test_data/pf-icmp-matches.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -293,6 +297,7 @@ void PFImporterTest::interfaceMatchTest()
openTestFile("test_data/pf-interface-matches.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -314,6 +319,7 @@ void PFImporterTest::portMatchTest()
openTestFile("test_data/pf-port-matches.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -335,6 +341,7 @@ void PFImporterTest::setCommandsTest()
openTestFile("test_data/pf-set-commands.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -356,6 +363,7 @@ void PFImporterTest::stateMatchTest()
openTestFile("test_data/pf-state-matches.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -377,6 +385,7 @@ void PFImporterTest::tcpFlagsMatchTest()
openTestFile("test_data/pf-tcp-flags-matches.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -398,6 +407,7 @@ void PFImporterTest::natCommands()
openTestFile("test_data/pf-nat-rules.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -419,6 +429,7 @@ void PFImporterTest::rdrCommands()
openTestFile("test_data/pf-rdr-rules.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -440,6 +451,7 @@ void PFImporterTest::setTimeoutCommands()
openTestFile("test_data/pf-timeouts.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -459,6 +471,7 @@ void PFImporterTest::scrubCommandsOld()
openTestFile("test_data/pf-scrub-commands-old.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -475,6 +488,7 @@ void PFImporterTest::scrubCommandsNew()
openTestFile("test_data/pf-scrub-commands-new.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -491,6 +505,7 @@ void PFImporterTest::tableDefinitions()
openTestFile("test_data/pf-tables.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -510,6 +525,7 @@ void PFImporterTest::userGroupMatches()
openTestFile("test_data/pf-user-group-matches.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
@ -523,6 +539,25 @@ void PFImporterTest::userGroupMatches()
"pf-user-group-matches.fwb");
}
void PFImporterTest::routeToTest()
{
platform = "pf";
std::istringstream instream(
openTestFile("test_data/pf-route-to.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
imp->setAddStandardCommentsFlag(true);
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
db->setPredictableIds();
db->saveFile("pf-route-to.fwb");
compareResults(logger, "test_data/pf-route-to.output", "pf-route-to.output");
compareFwbFiles("test_data/pf-route-to.fwb", "pf-route-to.fwb");
}

2
src/unit_tests/PFImporterTest/PFImporterTest.h
View File

@ -74,6 +74,7 @@ public:
void scrubCommandsNew();
void tableDefinitions();
void userGroupMatches();
void routeToTest();
CPPUNIT_TEST_SUITE(PFImporterTest);
@ -93,6 +94,7 @@ public:
CPPUNIT_TEST(scrubCommandsNew);
CPPUNIT_TEST(tableDefinitions);
CPPUNIT_TEST(userGroupMatches);
CPPUNIT_TEST(routeToTest);
CPPUNIT_TEST_SUITE_END();

540
src/unit_tests/PFImporterTest/test_data/pf-hosts-matches.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1309897476" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1310079789" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -442,62 +442,68 @@
</ObjectGroup>
<ObjectGroup id="id9" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id10" name="Groups" comment="" ro="False">
<ObjectGroup id="id11" name="dst_addresses_1" comment="Created during import of line 5" ro="False">
<ObjectGroup id="id11" name="addr_list_macro" comment="Created during import of line 2" ro="False">
<ObjectRef ref="id31"/>
<ObjectRef ref="id32"/>
<ObjectRef ref="id33"/>
<ObjectRef ref="id34"/>
</ObjectGroup>
<ObjectGroup id="id16" name="dst_addresses_1" comment="Created during import of line 5" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id4"/>
<ObjectRef ref="id26"/>
<ObjectRef ref="id35"/>
</ObjectGroup>
<ObjectGroup id="id15" name="dst_addresses_2" comment="Created during import of line 6" ro="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id482"/>
<ObjectGroup id="id20" name="dst_addresses_2" comment="Created during import of line 6" ro="False">
<ObjectRef ref="id468"/>
<ObjectRef ref="id469"/>
</ObjectGroup>
<ObjectGroup id="id18" name="dst_addresses_3" comment="Created during import of line 7" ro="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id481"/>
<ObjectGroup id="id23" name="dst_addresses_3" comment="Created during import of line 7" ro="False">
<ObjectRef ref="id468"/>
<ObjectRef ref="id468"/>
</ObjectGroup>
<ObjectGroup id="id21" name="dst_addresses_4" comment="Created during import of line 8" ro="False">
<ObjectGroup id="id26" name="dst_addresses_4" comment="Created during import of line 8" ro="False">
<ObjectRef ref="id6"/>
<ObjectRef ref="id7"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id24" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id25" name="Networks" comment="" ro="False">
<Network id="id26" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 5" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id27" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 17" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id28" name="net-10.123.12.32/255.255.255.224" comment="Created during import of line 26" ro="False" address="10.123.12.32" netmask="255.255.255.224"/>
<Network id="id29" name="net-10.123.14.8/255.255.255.224" comment="Created during import of line 26" ro="False" address="10.123.14.8" netmask="255.255.255.224"/>
<Network id="id30" name="net-10.123.10.16/255.255.255.240" comment="Created during import of line 26" ro="False" address="10.123.10.16" netmask="255.255.255.240"/>
<Network id="id31" name="net-10.123.0.0/255.255.255.0" comment="Created during import of line 26" ro="False" address="10.123.0.0" netmask="255.255.255.0"/>
<ObjectGroup id="id29" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id30" name="Networks" comment="" ro="False">
<Network id="id31" name="net-10.123.12.32/255.255.255.224" comment="Created during import of line 2" ro="False" address="10.123.12.32" netmask="255.255.255.224"/>
<Network id="id32" name="net-10.123.14.8/255.255.255.224" comment="Created during import of line 2" ro="False" address="10.123.14.8" netmask="255.255.255.224"/>
<Network id="id33" name="net-10.123.10.16/255.255.255.240" comment="Created during import of line 2" ro="False" address="10.123.10.16" netmask="255.255.255.240"/>
<Network id="id34" name="net-10.123.0.0/255.255.255.0" comment="Created during import of line 2" ro="False" address="10.123.0.0" netmask="255.255.255.0"/>
<Network id="id35" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 5" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id36" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 17" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id32" name="Address Ranges" comment="" ro="False"/>
<ObjectGroup id="id37" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id33" name="Services" comment="" ro="False">
<ServiceGroup id="id34" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id35" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id36" name="IP" comment="" ro="False"/>
<ServiceGroup id="id37" name="TCP" comment="" ro="False">
<TCPService id="id38" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 18" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id39" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 21" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id40" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 35" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id41" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 22:22 / 0:0" comment="Created during import of line 38" ro="False" src_range_start="22" src_range_end="22" dst_range_start="0" dst_range_end="0"/>
<ServiceGroup id="id38" name="Services" comment="" ro="False">
<ServiceGroup id="id39" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id40" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id41" name="IP" comment="" ro="False"/>
<ServiceGroup id="id42" name="TCP" comment="" ro="False">
<TCPService id="id43" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 18" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id44" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 21" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id45" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 35" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id46" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 22:22 / 0:0" comment="Created during import of line 38" ro="False" src_range_start="22" src_range_end="22" dst_range_start="0" dst_range_end="0"/>
</ServiceGroup>
<ServiceGroup id="id42" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id43" name="Users" comment="" ro="False"/>
<ServiceGroup id="id44" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id45" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id47" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id48" name="Users" comment="" ro="False"/>
<ServiceGroup id="id49" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id50" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id46" name="Firewalls" comment="" ro="False">
<Firewall id="id47" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 6" ro="False">
<NAT id="id477" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<ObjectGroup id="id51" name="Firewalls" comment="" ro="False">
<Firewall id="id52" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 6" ro="False">
<NAT id="id464" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id49" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id51" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 11">
<Policy id="id54" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id56" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 11">
<Src neg="False">
<ObjectRef ref="id482"/>
<ObjectRef ref="id469"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -512,12 +518,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id63" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 12&#10;import of 'interface:broadcast' is not supported.">
<PolicyRule id="id68" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 12&#10;import of 'interface:broadcast' is not supported.">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -533,12 +539,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id75" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 13&#10;import of 'interface:peer' is not supported.">
<PolicyRule id="id80" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 13&#10;import of 'interface:peer' is not supported.">
<Src neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -554,12 +560,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id87" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 14&#10;import of 'interface:0' is not supported.">
<PolicyRule id="id92" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 14&#10;import of 'interface:0' is not supported.">
<Src neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -575,7 +581,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id99" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 16">
<PolicyRule id="id104" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 16">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -595,12 +601,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id111" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 17">
<PolicyRule id="id116" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 17">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id27"/>
<ObjectRef ref="id36"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -615,15 +621,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id123" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 18">
<PolicyRule id="id128" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 18">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id38"/>
<ServiceRef ref="id43"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -635,15 +641,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id135" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 19">
<PolicyRule id="id140" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 19">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id38"/>
<ServiceRef ref="id43"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -655,7 +661,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id147" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 20">
<PolicyRule id="id152" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 20">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -663,7 +669,7 @@
<ObjectRef ref="id6"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id38"/>
<ServiceRef ref="id43"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -675,15 +681,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id159" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 21">
<PolicyRule id="id164" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 21">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id39"/>
<ServiceRef ref="id44"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -695,7 +701,87 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id171" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 22">
<PolicyRule id="id176" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 22">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id16"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id188" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 23">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id20"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id200" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Created during import of line 24">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id23"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id212" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Created during import of line 25">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id26"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id224" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Created during import of line 26">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -715,15 +801,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id183" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 23">
<PolicyRule id="id236" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Created during import of line 27">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id11"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
<ServiceRef ref="id44"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -735,104 +821,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id195" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Created during import of line 24">
<PolicyRule id="id248" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Created during import of line 28">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id18"/>
<ObjectRef ref="id11"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id207" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Created during import of line 25">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id21"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id219" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Created during import of line 26">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id234" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Created during import of line 27">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id39"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id249" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Created during import of line 28">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id39"/>
<ServiceRef ref="id44"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -844,7 +841,7 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id264" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Created during import of line 30&#10;IPv6 import is not supported. ">
<PolicyRule id="id260" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Created during import of line 30&#10;IPv6 import is not supported. ">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -865,7 +862,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id276" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Created during import of line 31">
<PolicyRule id="id272" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Created during import of line 31">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -885,7 +882,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id288" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Created during import of line 33">
<PolicyRule id="id284" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Created during import of line 33">
<Src neg="False">
<ObjectRef ref="id3"/>
</Src>
@ -905,9 +902,9 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id300" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Created during import of line 34">
<PolicyRule id="id296" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Created during import of line 34">
<Src neg="False">
<ObjectRef ref="id27"/>
<ObjectRef ref="id36"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
@ -925,15 +922,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id312" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="Created during import of line 35">
<PolicyRule id="id308" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="Created during import of line 35">
<Src neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id40"/>
<ServiceRef ref="id45"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -945,15 +942,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id324" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="Created during import of line 36">
<PolicyRule id="id320" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="Created during import of line 36">
<Src neg="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id468"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id40"/>
<ServiceRef ref="id45"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -965,7 +962,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id336" disabled="False" group="" log="False" position="23" action="Accept" direction="Inbound" comment="Created during import of line 37">
<PolicyRule id="id332" disabled="False" group="" log="False" position="23" action="Accept" direction="Inbound" comment="Created during import of line 37">
<Src neg="False">
<ObjectRef ref="id6"/>
</Src>
@ -973,7 +970,7 @@
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id40"/>
<ServiceRef ref="id45"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -985,15 +982,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id348" disabled="False" group="" log="False" position="24" action="Accept" direction="Inbound" comment="Created during import of line 38">
<PolicyRule id="id344" disabled="False" group="" log="False" position="24" action="Accept" direction="Inbound" comment="Created during import of line 38">
<Src neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id52"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id41"/>
<ServiceRef ref="id46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -1005,7 +1002,87 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id360" disabled="False" group="" log="False" position="25" action="Accept" direction="Inbound" comment="Created during import of line 39">
<PolicyRule id="id356" disabled="False" group="" log="False" position="25" action="Accept" direction="Inbound" comment="Created during import of line 39">
<Src neg="False">
<ObjectRef ref="id16"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id368" disabled="False" group="" log="False" position="26" action="Accept" direction="Inbound" comment="Created during import of line 40">
<Src neg="False">
<ObjectRef ref="id20"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id380" disabled="False" group="" log="False" position="27" action="Accept" direction="Inbound" comment="Created during import of line 41">
<Src neg="False">
<ObjectRef ref="id23"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id392" disabled="False" group="" log="False" position="28" action="Accept" direction="Inbound" comment="Created during import of line 42">
<Src neg="False">
<ObjectRef ref="id26"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id404" disabled="False" group="" log="False" position="29" action="Accept" direction="Inbound" comment="Created during import of line 43">
<Src neg="False">
<ObjectRef ref="id11"/>
</Src>
@ -1025,15 +1102,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id372" disabled="False" group="" log="False" position="26" action="Accept" direction="Inbound" comment="Created during import of line 40">
<PolicyRule id="id416" disabled="False" group="" log="False" position="30" action="Accept" direction="Inbound" comment="Created during import of line 44">
<Src neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id11"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
<ServiceRef ref="id46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -1045,104 +1122,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id384" disabled="False" group="" log="False" position="27" action="Accept" direction="Inbound" comment="Created during import of line 41">
<PolicyRule id="id428" disabled="False" group="" log="False" position="31" action="Accept" direction="Inbound" comment="Created during import of line 45">
<Src neg="False">
<ObjectRef ref="id18"/>
<ObjectRef ref="id11"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id396" disabled="False" group="" log="False" position="28" action="Accept" direction="Inbound" comment="Created during import of line 42">
<Src neg="False">
<ObjectRef ref="id21"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id408" disabled="False" group="" log="False" position="29" action="Accept" direction="Inbound" comment="Created during import of line 43">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id423" disabled="False" group="" log="False" position="30" action="Accept" direction="Inbound" comment="Created during import of line 44">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id41"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id438" disabled="False" group="" log="False" position="31" action="Accept" direction="Inbound" comment="Created during import of line 45">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id41"/>
<ServiceRef ref="id46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -1154,7 +1142,7 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id453" disabled="False" group="" log="False" position="32" action="Accept" direction="Inbound" comment="Created during import of line 47&#10;IPv6 import is not supported. ">
<PolicyRule id="id440" disabled="False" group="" log="False" position="32" action="Accept" direction="Inbound" comment="Created during import of line 47&#10;IPv6 import is not supported. ">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -1175,7 +1163,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id465" disabled="False" group="" log="False" position="33" action="Accept" direction="Inbound" comment="Created during import of line 48">
<PolicyRule id="id452" disabled="False" group="" log="False" position="33" action="Accept" direction="Inbound" comment="Created during import of line 48">
<Src neg="False">
<ObjectRef ref="id8"/>
</Src>
@ -1197,12 +1185,12 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id479" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<Routing id="id466" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id481" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="pcn0" comment="Created during import of line 6" ro="False">
<Interface id="id468" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="pcn0" comment="Created during import of line 6" ro="False">
<InterfaceOptions/>
<AttachedNetworks id="id482" name="pcn0-net" comment="" ro="False"/>
<AttachedNetworks id="id469" name="pcn0-net" comment="" ro="False"/>
</Interface>
<FirewallOptions>
<Option name="check_shading">true</Option>
@ -1222,7 +1210,7 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id484" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id485" name="Time" comment="" ro="False"/>
<ObjectGroup id="id471" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id472" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

9
src/unit_tests/PFImporterTest/test_data/pf-hosts-matches.output
View File

@ -1,8 +1,9 @@
5: Address Table: <dst_addresses_1>: 192.168.1.1/, 192.168.1.2/, 192.168.2.0/24
2: Address Table: <addr_list_macro>: 10.123.12.32/27, 10.123.14.8/27, 10.123.10.16/28, 10.123.0.0/24
5: Address Table: <dst_addresses_1>: 192.168.1.1, 192.168.1.2, 192.168.2.0/24
6: Address Table: <dst_addresses_2>: pcn0, pcn0
6: New interface: pcn0
6: Address Table: <dst_addresses_2>: pcn0/, pcn0/
7: Address Table: <dst_addresses_3>: pcn0/, pcn0/
8: Address Table: <dst_addresses_4>: www.fwbuilder.org/, www.netcitadel.com/
7: Address Table: <dst_addresses_3>: pcn0, pcn0
8: Address Table: <dst_addresses_4>: www.fwbuilder.org, www.netcitadel.com
11: filtering rule: action pass; interfaces:
12: filtering rule: action pass; interfaces:
12: Error: import of 'interface:broadcast' is not supported.

32
src/unit_tests/PFImporterTest/test_data/pf-macros.conf
View File

@ -1,11 +1,20 @@
one_address = 10.1.1.1 # comment is allowed here
addr_list_1 = "{ 10.123.12.32/27 10.123.14.8/27 10.123.10.16/28 10.123.0.0/24 }"
# another macro is used inside this one recursively
# another macro is used inside this one recursively and only {} are in quotes
addr_list_2 = "{" $one_address 10.123.12.32/27 10.123.14.8/27 10.123.10.16/28 10.123.0.0/24 "}"
# now use comma as a separator
addr_list_3 = "{" $one_address, 10.123.12.33/27, 10.123.14.9/27 "}"
# spaces are mixed with tabs and messed up
addr_list_4 = "{$one_address, 10.123.12.34/27, 10.123.14.10/27}"
# multi-line
addr_list_5 = "{$one_address, \
10.123.12.35/27,\
10.123.14.11/27}"
# another macro name is a substring of this one's name
addr_list_1_foo = "{ 10.1.2.3 10.4.5.6 10.7.8.9 }"
baddies = "{" 192.168.1.1 192.168.1.2 "}" # this works, too
host1 = "192.168.1.1"
host2 = "192.168.1.2"
@ -13,6 +22,14 @@ recursive_macro = "{" $host1 $host2 "}"
tcp_services = "{ ssh, smtp }"
ext_if = "em1"
mixed_macro_1 = "{ $host1 192.168.2.1 www.fwbuilder.org }"
mixed_macro_2 = "{ $host1 192.168.2.1 em1 }"
mixed_macro_3 = "{ $host1 192.168.2.1 em1:network }"
mixed_macro_4 = "{ em1:network www.fwbuilder.org }"
# test for an undefined macro
# undefined_macro = 192.168.23.45
pass in quick from any to $one_address
pass in quick from any to { 10.11.11.11 $one_address }
@ -26,8 +43,17 @@ pass in quick from any to {$one_address , 10.18.18.18 }
pass in quick from any to $addr_list_1
pass in quick from any to $addr_list_2
pass in quick from any to $addr_list_3
pass in quick from any to $addr_list_4
pass in quick from any to $addr_list_5
pass in quick from any to $addr_list_1_foo
block in from $baddies to any
# test for undefined macro
pass in quick from any to $undefined_macro
pass out quick on $ext_if proto tcp to $recursive_macro port $tcp_services
pass in quick on $ext_if proto tcp from any to $mixed_macro_1 port 80
pass in quick on $ext_if proto tcp from any to $mixed_macro_2 port 80
pass in quick on $ext_if proto tcp from any to $mixed_macro_3 port 80
pass in quick on $ext_if proto tcp from any to $mixed_macro_4 port 80

658
src/unit_tests/PFImporterTest/test_data/pf-macros.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1309979482" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1310084677" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -432,53 +432,117 @@
<Library id="id0" name="User" comment="" ro="False">
<ObjectGroup id="id1" name="Objects" comment="" ro="False">
<ObjectGroup id="id2" name="Addresses" comment="" ro="False">
<IPv4 id="id3" name="h-10.1.1.1" comment="Created during import of line 16" ro="False" address="10.1.1.1" netmask="255.255.255.255"/>
<IPv4 id="id4" name="h-10.11.11.11" comment="Created during import of line 18" ro="False" address="10.11.11.11" netmask="255.255.255.255"/>
<IPv4 id="id5" name="h-10.12.12.12" comment="Created during import of line 19" ro="False" address="10.12.12.12" netmask="255.255.255.255"/>
<IPv4 id="id6" name="h-10.13.13.13" comment="Created during import of line 20" ro="False" address="10.13.13.13" netmask="255.255.255.255"/>
<IPv4 id="id7" name="h-10.14.14.14" comment="Created during import of line 21" ro="False" address="10.14.14.14" netmask="255.255.255.255"/>
<IPv4 id="id8" name="h-10.15.15.15" comment="Created during import of line 22" ro="False" address="10.15.15.15" netmask="255.255.255.255"/>
<IPv4 id="id9" name="h-10.16.16.16" comment="Created during import of line 23" ro="False" address="10.16.16.16" netmask="255.255.255.255"/>
<IPv4 id="id10" name="h-10.17.17.17" comment="Created during import of line 24" ro="False" address="10.17.17.17" netmask="255.255.255.255"/>
<IPv4 id="id11" name="h-10.18.18.18" comment="Created during import of line 25" ro="False" address="10.18.18.18" netmask="255.255.255.255"/>
<IPv4 id="id12" name="h-10.1.2.3" comment="Created during import of line 29" ro="False" address="10.1.2.3" netmask="255.255.255.255"/>
<IPv4 id="id13" name="h-10.4.5.6" comment="Created during import of line 29" ro="False" address="10.4.5.6" netmask="255.255.255.255"/>
<IPv4 id="id14" name="h-10.7.8.9" comment="Created during import of line 29" ro="False" address="10.7.8.9" netmask="255.255.255.255"/>
<IPv4 id="id15" name="h-192.168.1.1" comment="Created during import of line 31" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-192.168.1.2" comment="Created during import of line 31" ro="False" address="192.168.1.2" netmask="255.255.255.255"/>
<IPv4 id="id3" name="h-10.1.1.1" comment="Created during import of line 5" ro="False" address="10.1.1.1" netmask="255.255.255.255"/>
<IPv4 id="id4" name="h-10.1.2.3" comment="Created during import of line 15" ro="False" address="10.1.2.3" netmask="255.255.255.255"/>
<IPv4 id="id5" name="h-10.4.5.6" comment="Created during import of line 15" ro="False" address="10.4.5.6" netmask="255.255.255.255"/>
<IPv4 id="id6" name="h-10.7.8.9" comment="Created during import of line 15" ro="False" address="10.7.8.9" netmask="255.255.255.255"/>
<IPv4 id="id7" name="h-192.168.1.1" comment="Created during import of line 19" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
<IPv4 id="id8" name="h-192.168.1.2" comment="Created during import of line 19" ro="False" address="192.168.1.2" netmask="255.255.255.255"/>
<IPv4 id="id9" name="h-192.168.2.1" comment="Created during import of line 23" ro="False" address="192.168.2.1" netmask="255.255.255.255"/>
<IPv4 id="id10" name="h-10.11.11.11" comment="Created during import of line 33" ro="False" address="10.11.11.11" netmask="255.255.255.255"/>
<IPv4 id="id11" name="h-10.12.12.12" comment="Created during import of line 34" ro="False" address="10.12.12.12" netmask="255.255.255.255"/>
<IPv4 id="id12" name="h-10.13.13.13" comment="Created during import of line 35" ro="False" address="10.13.13.13" netmask="255.255.255.255"/>
<IPv4 id="id13" name="h-10.14.14.14" comment="Created during import of line 36" ro="False" address="10.14.14.14" netmask="255.255.255.255"/>
<IPv4 id="id14" name="h-10.15.15.15" comment="Created during import of line 37" ro="False" address="10.15.15.15" netmask="255.255.255.255"/>
<IPv4 id="id15" name="h-10.16.16.16" comment="Created during import of line 38" ro="False" address="10.16.16.16" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-10.17.17.17" comment="Created during import of line 39" ro="False" address="10.17.17.17" netmask="255.255.255.255"/>
<IPv4 id="id17" name="h-10.18.18.18" comment="Created during import of line 40" ro="False" address="10.18.18.18" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id17" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id18" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id19" name="Groups" comment="" ro="False"/>
<ObjectGroup id="id20" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id21" name="Networks" comment="" ro="False">
<Network id="id22" name="net-10.123.12.32/255.255.255.224" comment="Created during import of line 27" ro="False" address="10.123.12.32" netmask="255.255.255.224"/>
<Network id="id23" name="net-10.123.14.8/255.255.255.224" comment="Created during import of line 27" ro="False" address="10.123.14.8" netmask="255.255.255.224"/>
<Network id="id24" name="net-10.123.10.16/255.255.255.240" comment="Created during import of line 27" ro="False" address="10.123.10.16" netmask="255.255.255.240"/>
<Network id="id25" name="net-10.123.0.0/255.255.255.0" comment="Created during import of line 27" ro="False" address="10.123.0.0" netmask="255.255.255.0"/>
<ObjectGroup id="id18" name="DNS Names" comment="" ro="False">
<DNSName id="id19" dnsrec="www.fwbuilder.org" dnsrectype="A" run_time="True" name="www.fwbuilder.org" comment="" ro="False"/>
<DNSName id="id20" dnsrec="$undefined_macro" dnsrectype="A" run_time="True" name="$undefined_macro" comment="" ro="False"/>
</ObjectGroup>
<ObjectGroup id="id26" name="Address Ranges" comment="" ro="False"/>
<ObjectGroup id="id21" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id22" name="Groups" comment="" ro="False">
<ObjectGroup id="id23" name="addr_list_1" comment="Created during import of line 3" ro="False">
<ObjectRef ref="id67"/>
<ObjectRef ref="id68"/>
<ObjectRef ref="id69"/>
<ObjectRef ref="id70"/>
</ObjectGroup>
<ObjectGroup id="id28" name="addr_list_2" comment="Created during import of line 5" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id67"/>
<ObjectRef ref="id68"/>
<ObjectRef ref="id69"/>
<ObjectRef ref="id70"/>
</ObjectGroup>
<ObjectGroup id="id34" name="addr_list_3" comment="Created during import of line 7" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id71"/>
<ObjectRef ref="id72"/>
</ObjectGroup>
<ObjectGroup id="id38" name="addr_list_4" comment="Created during import of line 9" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id73"/>
<ObjectRef ref="id74"/>
</ObjectGroup>
<ObjectGroup id="id42" name="addr_list_5" comment="Created during import of line 12" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id75"/>
<ObjectRef ref="id76"/>
</ObjectGroup>
<ObjectGroup id="id46" name="addr_list_1_foo" comment="Created during import of line 15" ro="False">
<ObjectRef ref="id4"/>
<ObjectRef ref="id5"/>
<ObjectRef ref="id6"/>
</ObjectGroup>
<ObjectGroup id="id50" name="recursive_macro" comment="Created during import of line 19" ro="False">
<ObjectRef ref="id7"/>
<ObjectRef ref="id8"/>
</ObjectGroup>
<ObjectGroup id="id53" name="mixed_macro_1" comment="Created during import of line 23" ro="False">
<ObjectRef ref="id7"/>
<ObjectRef ref="id9"/>
<ObjectRef ref="id19"/>
</ObjectGroup>
<ObjectGroup id="id57" name="mixed_macro_2" comment="Created during import of line 24" ro="False">
<ObjectRef ref="id7"/>
<ObjectRef ref="id9"/>
<ObjectRef ref="id361"/>
</ObjectGroup>
<ObjectGroup id="id61" name="mixed_macro_3" comment="Created during import of line 25" ro="False">
<ObjectRef ref="id7"/>
<ObjectRef ref="id9"/>
<ObjectRef ref="id362"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id65" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id66" name="Networks" comment="" ro="False">
<Network id="id67" name="net-10.123.12.32/255.255.255.224" comment="Created during import of line 3" ro="False" address="10.123.12.32" netmask="255.255.255.224"/>
<Network id="id68" name="net-10.123.14.8/255.255.255.224" comment="Created during import of line 3" ro="False" address="10.123.14.8" netmask="255.255.255.224"/>
<Network id="id69" name="net-10.123.10.16/255.255.255.240" comment="Created during import of line 3" ro="False" address="10.123.10.16" netmask="255.255.255.240"/>
<Network id="id70" name="net-10.123.0.0/255.255.255.0" comment="Created during import of line 3" ro="False" address="10.123.0.0" netmask="255.255.255.0"/>
<Network id="id71" name="net-10.123.12.33/255.255.255.224" comment="Created during import of line 7" ro="False" address="10.123.12.33" netmask="255.255.255.224"/>
<Network id="id72" name="net-10.123.14.9/255.255.255.224" comment="Created during import of line 7" ro="False" address="10.123.14.9" netmask="255.255.255.224"/>
<Network id="id73" name="net-10.123.12.34/255.255.255.224" comment="Created during import of line 9" ro="False" address="10.123.12.34" netmask="255.255.255.224"/>
<Network id="id74" name="net-10.123.14.10/255.255.255.224" comment="Created during import of line 9" ro="False" address="10.123.14.10" netmask="255.255.255.224"/>
<Network id="id75" name="net-10.123.12.35/255.255.255.224" comment="Created during import of line 12" ro="False" address="10.123.12.35" netmask="255.255.255.224"/>
<Network id="id76" name="net-10.123.14.11/255.255.255.224" comment="Created during import of line 12" ro="False" address="10.123.14.11" netmask="255.255.255.224"/>
</ObjectGroup>
<ObjectGroup id="id77" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id27" name="Services" comment="" ro="False">
<ServiceGroup id="id28" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id29" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id30" name="IP" comment="" ro="False"/>
<ServiceGroup id="id31" name="TCP" comment="" ro="False">
<TCPService id="id32" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 33" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id33" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:25" comment="Created during import of line 33" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<ServiceGroup id="id78" name="Services" comment="" ro="False">
<ServiceGroup id="id79" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id80" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id81" name="IP" comment="" ro="False"/>
<ServiceGroup id="id82" name="TCP" comment="" ro="False">
<TCPService id="id83" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 52" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id84" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:25" comment="Created during import of line 52" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="id85" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 54" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
</ServiceGroup>
<ServiceGroup id="id34" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id35" name="Users" comment="" ro="False"/>
<ServiceGroup id="id36" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id37" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id86" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id87" name="Users" comment="" ro="False"/>
<ServiceGroup id="id88" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id89" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id38" name="Firewalls" comment="" ro="False">
<Firewall id="id39" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 16" ro="False">
<NAT id="id231" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<ObjectGroup id="id90" name="Firewalls" comment="" ro="False">
<Firewall id="id91" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 24" ro="False">
<NAT id="id357" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id41" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id43" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 16">
<Policy id="id93" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id95" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 31">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -498,139 +562,13 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id55" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 18">
<PolicyRule id="id107" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 33">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id68" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 19">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id5"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id81" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 20">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id6"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id94" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 21">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id7"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id107" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 22">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id8"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id120" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 23">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id133" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 24">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id10"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -645,60 +583,13 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id146" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 25">
<PolicyRule id="id120" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 34">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id11"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id159" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 27">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id22"/>
<ObjectRef ref="id23"/>
<ObjectRef ref="id24"/>
<ObjectRef ref="id25"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id174" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 28">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id22"/>
<ObjectRef ref="id23"/>
<ObjectRef ref="id24"/>
<ObjectRef ref="id25"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -713,13 +604,54 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id190" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 29">
<PolicyRule id="id133" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 35">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id12"/>
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id146" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 36">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id13"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id159" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 37">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id14"/>
</Dst>
<Srv neg="False">
@ -735,13 +667,13 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id204" disabled="False" group="" log="False" position="12" action="Deny" direction="Inbound" comment="Created during import of line 31">
<PolicyRule id="id172" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 38">
<Src neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id16"/>
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
<ObjectRef ref="id3"/>
<ObjectRef ref="id15"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -756,20 +688,283 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id217" disabled="False" group="" log="False" position="13" action="Accept" direction="Outbound" comment="Created during import of line 33">
<PolicyRule id="id185" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 39">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id15"/>
<ObjectRef ref="id3"/>
<ObjectRef ref="id16"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id32"/>
<ServiceRef ref="id33"/>
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id235"/>
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id198" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 40">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id17"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id211" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 42">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id23"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id223" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 43">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id235" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 44">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id34"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id247" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Created during import of line 45">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id38"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id259" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Created during import of line 46">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id42"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id271" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Created during import of line 47">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id46"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id283" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Created during import of line 50&#10;Macro '$undefined_macro' was undefined, rule may be broken">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id20"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id295" disabled="False" group="" log="False" position="16" action="Accept" direction="Outbound" comment="Created during import of line 52">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id50"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id83"/>
<ServiceRef ref="id84"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id361"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id308" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Created during import of line 54">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id53"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id85"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id361"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id320" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Created during import of line 55">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id57"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id85"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id361"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id332" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Created during import of line 56">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id61"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id85"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id361"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id344" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Created during import of line 57">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id362"/>
<ObjectRef ref="id19"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id85"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id361"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -780,11 +975,12 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id233" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<Routing id="id359" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id235" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="em1" comment="Created during import of line 33" ro="False">
<Interface id="id361" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="em1" comment="Created during import of line 24" ro="False">
<InterfaceOptions/>
<AttachedNetworks id="id362" name="em1-net" comment="" ro="False"/>
</Interface>
<FirewallOptions>
<Option name="check_shading">true</Option>
@ -804,7 +1000,7 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id237" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id238" name="Time" comment="" ro="False"/>
<ObjectGroup id="id364" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id365" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

48
src/unit_tests/PFImporterTest/test_data/pf-macros.output
View File

@ -1,15 +1,33 @@
16: filtering rule: action pass; interfaces:
18: filtering rule: action pass; interfaces:
19: filtering rule: action pass; interfaces:
20: filtering rule: action pass; interfaces:
21: filtering rule: action pass; interfaces:
22: filtering rule: action pass; interfaces:
23: filtering rule: action pass; interfaces:
24: filtering rule: action pass; interfaces:
25: filtering rule: action pass; interfaces:
27: filtering rule: action pass; interfaces:
28: filtering rule: action pass; interfaces:
29: filtering rule: action pass; interfaces:
31: filtering rule: action block; interfaces:
33: New interface: em1
33: filtering rule: action pass; interfaces: em1
Warning: Macro undefined_macro is undefined3: Address Table: <addr_list_1>: 10.123.12.32/27, 10.123.14.8/27, 10.123.10.16/28, 10.123.0.0/24
5: Address Table: <addr_list_2>: 10.1.1.1, 10.123.12.32/27, 10.123.14.8/27, 10.123.10.16/28, 10.123.0.0/24
7: Address Table: <addr_list_3>: 10.1.1.1, 10.123.12.33/27, 10.123.14.9/27
9: Address Table: <addr_list_4>: 10.1.1.1, 10.123.12.34/27, 10.123.14.10/27
12: Address Table: <addr_list_5>: 10.1.1.1, 10.123.12.35/27, 10.123.14.11/27
15: Address Table: <addr_list_1_foo>: 10.1.2.3, 10.4.5.6, 10.7.8.9
19: Address Table: <recursive_macro>: 192.168.1.1, 192.168.1.2
23: Address Table: <mixed_macro_1>: 192.168.1.1, 192.168.2.1, www.fwbuilder.org
24: Address Table: <mixed_macro_2>: 192.168.1.1, 192.168.2.1, em1
24: New interface: em1
25: Address Table: <mixed_macro_3>: 192.168.1.1, 192.168.2.1, em1
31: filtering rule: action pass; interfaces:
33: filtering rule: action pass; interfaces:
34: filtering rule: action pass; interfaces:
35: filtering rule: action pass; interfaces:
36: filtering rule: action pass; interfaces:
37: filtering rule: action pass; interfaces:
38: filtering rule: action pass; interfaces:
39: filtering rule: action pass; interfaces:
40: filtering rule: action pass; interfaces:
42: filtering rule: action pass; interfaces:
43: filtering rule: action pass; interfaces:
44: filtering rule: action pass; interfaces:
45: filtering rule: action pass; interfaces:
46: filtering rule: action pass; interfaces:
47: filtering rule: action pass; interfaces:
50: filtering rule: action pass; interfaces:
50: Warning: Macro '$undefined_macro' was undefined, rule may be broken
52: filtering rule: action pass; interfaces: em1
54: filtering rule: action pass; interfaces: em1
55: filtering rule: action pass; interfaces: em1
56: filtering rule: action pass; interfaces: em1
57: filtering rule: action pass; interfaces: em1

7
src/unit_tests/PFImporterTest/test_data/pf-route-to.conf Normal file
View File

@ -0,0 +1,7 @@
pass in log quick route-to { ( em0 10.1.2.3 ) } inet from 192.168.1.0/24 to any
pass in quick on bce0 reply-to ( bce0 10.3.4.5 ) inet from 192.168.1.0/24 to any
pass out quick on bce0 dup-to (em0 10.1.2.3) proto tcp from any port 80 to any

566
src/unit_tests/PFImporterTest/test_data/pf-route-to.fwb Normal file
View File

@ -0,0 +1,566 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1310062508" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
<ObjectGroup id="stdid01" name="Objects" comment="" ro="False">
<ObjectGroup id="stdid16" name="Addresses" comment="" ro="False">
<IPv4 id="id2001X88798" name="all-hosts" comment="" ro="False" address="224.0.0.1" netmask="0.0.0.0"/>
<IPv4 id="id2002X88798" name="all-routers" comment="" ro="False" address="224.0.0.2" netmask="0.0.0.0"/>
<IPv4 id="id2003X88798" name="all DVMRP" comment="" ro="False" address="224.0.0.4" netmask="0.0.0.0"/>
<IPv4 id="id2117X88798" name="OSPF (all routers)" comment="RFC2328" ro="False" address="224.0.0.5" netmask="0.0.0.0"/>
<IPv4 id="id2128X88798" name="OSPF (designated routers)" comment="RFC2328" ro="False" address="224.0.0.6" netmask="0.0.0.0"/>
<IPv4 id="id2430X88798" name="RIP" comment="RFC1723" ro="False" address="224.0.0.9" netmask="0.0.0.0"/>
<IPv4 id="id2439X88798" name="EIGRP" comment="" ro="False" address="224.0.0.10" netmask="0.0.0.0"/>
<IPv4 id="id2446X88798" name="DHCP server, relay agent" comment="RFC 1884" ro="False" address="224.0.0.12" netmask="0.0.0.0"/>
<IPv4 id="id2455X88798" name="PIM" comment="" ro="False" address="224.0.0.13" netmask="0.0.0.0"/>
<IPv4 id="id2462X88798" name="RSVP" comment="" ro="False" address="224.0.0.14" netmask="0.0.0.0"/>
<IPv4 id="id2469X88798" name="VRRP" comment="RFC3768" ro="False" address="224.0.0.18" netmask="0.0.0.0"/>
<IPv4 id="id2777X88798" name="IGMP" comment="" ro="False" address="224.0.0.22" netmask="0.0.0.0"/>
<IPv4 id="id2784X88798" name="OSPFIGP-TE" comment="RFC4973" ro="False" address="224.0.0.24" netmask="0.0.0.0"/>
<IPv4 id="id3094X88798" name="HSRP" comment="" ro="False" address="224.0.0.102" netmask="0.0.0.0"/>
<IPv4 id="id3403X88798" name="mDNS" comment="" ro="False" address="224.0.0.251" netmask="0.0.0.0"/>
<IPv4 id="id3410X88798" name="LLMNR" comment="Link-Local Multicast Name Resolution, RFC4795" ro="False" address="224.0.0.252" netmask="0.0.0.0"/>
<IPv4 id="id3411X88798" name="Teredo" comment="" ro="False" address="224.0.0.253" netmask="0.0.0.0"/>
</ObjectGroup>
<ObjectGroup id="stdid17" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="stdid18" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="stdid04" name="Groups" comment="" ro="False">
<ObjectGroup id="id3DC75CE8" name="rfc1918-nets" comment="" ro="False">
<ObjectRef ref="id3DC75CE5"/>
<ObjectRef ref="id3DC75CE6"/>
<ObjectRef ref="id3DC75CE7"/>
</ObjectGroup>
<ObjectGroup id="id3292X75851" name="ipv6 private" comment="These are various ipv6 networks that should not be routed on the Internet&#10;" ro="False">
<ObjectRef ref="id2088X75851"/>
<ObjectRef ref="id2986X75851"/>
<ObjectRef ref="id2383X75851"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="stdid02" name="Hosts" comment="" ro="False">
<Host id="id3D84EECE" name="internal server" comment="This host is used in examples and template objects" ro="False">
<Interface id="id3D84EED2" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D84EED3" name="ip" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D84EECF" name="server on dmz" comment="This host is used in examples and template objects" ro="False">
<Interface id="id3D84EEE3" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D84EEE4" name="ip" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.2.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
</ObjectGroup>
<ObjectGroup id="stdid03" name="Networks" comment="" ro="False">
<Network id="id3DC75CEC" name="all multicasts" comment="224.0.0.0/4 - This block, formerly known as the Class D address&#10;space, is allocated for use in IPv4 multicast address assignments.&#10;The IANA guidelines for assignments from this space are described in&#10;[RFC3171].&#10;" ro="False" address="224.0.0.0" netmask="240.0.0.0"/>
<Network id="id3F4ECE3E" name="link-local" comment="169.254.0.0/16 - This is the &quot;link local&quot; block. It is allocated for&#10;communication between hosts on a single link. Hosts obtain these&#10;addresses by auto-configuration, such as when a DHCP server may not&#10;be found.&#10;" ro="False" address="169.254.0.0" netmask="255.255.0.0"/>
<Network id="id3F4ECE3D" name="loopback-net" comment="127.0.0.0/8 - This block is assigned for use as the Internet host&#10;loopback address. A datagram sent by a higher level protocol to an&#10;address anywhere within this block should loop back inside the host.&#10;This is ordinarily implemented using only 127.0.0.1/32 for loopback,&#10;but no addresses within this block should ever appear on any network&#10;anywhere [RFC1700, page 5].&#10;" ro="False" address="127.0.0.0" netmask="255.0.0.0"/>
<Network id="id3DC75CE5" name="net-10.0.0.0" comment="10.0.0.0/8 - This block is set aside for use in private networks.&#10;Its intended use is documented in [RFC1918]. Addresses within this&#10;block should not appear on the public Internet." ro="False" address="10.0.0.0" netmask="255.0.0.0"/>
<Network id="id3DC75CE7" name="net-172.16.0.0" comment="172.16.0.0/12 - This block is set aside for use in private networks.&#10;Its intended use is documented in [RFC1918]. Addresses within this&#10;block should not appear on the public Internet.&#10;" ro="False" address="172.16.0.0" netmask="255.240.0.0"/>
<Network id="id3DC75CE6" name="net-192.168.0.0" comment="192.168.0.0/16 - This block is set aside for use in private networks.&#10;Its intended use is documented in [RFC1918]. Addresses within this&#10;block should not appear on the public Internet.&#10;" ro="False" address="192.168.0.0" netmask="255.255.0.0"/>
<Network id="id3F4ECE3F" name="test-net" comment="192.0.2.0/24 - This block is assigned as &quot;TEST-NET&quot; for use in&#10;documentation and example code. It is often used in conjunction with&#10;domain names example.com or example.net in vendor and protocol&#10;documentation. Addresses within this block should not appear on the&#10;public Internet.&#10;" ro="False" address="192.0.2.0" netmask="255.255.255.0"/>
<Network id="id3F4ECE40" name="this-net" comment="0.0.0.0/8 - Addresses in this block refer to source hosts on &quot;this&quot;&#10;network. Address 0.0.0.0/32 may be used as a source address for this&#10;host on this network; other addresses within 0.0.0.0/8 may be used to&#10;refer to specified hosts on this network [RFC1700, page 4]." ro="False" address="0.0.0.0" netmask="255.0.0.0"/>
<Network id="id3DC75CE7-1" name="net-192.168.1.0" comment="192.168.1.0/24 - Address often used for home and small office networks.&#10;" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id3DC75CE7-2" name="net-192.168.2.0" comment="192.168.2.0/24 - Address often used for home and small office networks.&#10;" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<NetworkIPv6 id="id2088X75851" name="documentation net" comment="RFC3849" ro="False" address="2001:db8::" netmask="32"/>
<NetworkIPv6 id="id2383X75851" name="link-local ipv6" comment="RFC4291 Link-local unicast net" ro="False" address="fe80::" netmask="10"/>
<NetworkIPv6 id="id2685X75851" name="multicast ipv6" comment="RFC4291 ipv6 multicast addresses" ro="False" address="ff00::" netmask="8"/>
<NetworkIPv6 id="id2986X75851" name="experimental ipv6" comment="RFC2928, RFC4773 &#10;&#10;&quot;The block of Sub-TLA IDs assigned to the IANA&#10;(i.e., 2001:0000::/29 - 2001:01F8::/29) is for&#10;assignment for testing and experimental usage to&#10;support activities such as the 6bone, and&#10;for new approaches like exchanges.&quot; [RFC2928]&#10;&#10;" ro="False" address="2001::" netmask="23"/>
</ObjectGroup>
<ObjectGroup id="stdid15" name="Address Ranges" comment="" ro="False">
<AddressRange id="id3F6D115C" name="broadcast" comment="" ro="False" start_address="255.255.255.255" end_address="255.255.255.255"/>
<AddressRange id="id3F6D115D" name="old-broadcast" comment="" ro="False" start_address="0.0.0.0" end_address="0.0.0.0"/>
</ObjectGroup>
</ObjectGroup>
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
</CustomService>
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
</CustomService>
<ServiceGroup id="stdid10" name="Groups" comment="" ro="False">
<ServiceGroup id="sg-DHCP" name="DHCP" comment="" ro="False">
<ServiceRef ref="udp-bootpc"/>
<ServiceRef ref="udp-bootps"/>
</ServiceGroup>
<ServiceGroup id="id3F530CC8" name="DNS" comment="" ro="False">
<ServiceRef ref="udp-DNS"/>
<ServiceRef ref="tcp-DNS"/>
</ServiceGroup>
<ServiceGroup id="id3CB1279B" name="IPSEC" comment="" ro="False">
<ServiceRef ref="id3CB12797"/>
<ServiceRef ref="ip-IPSEC"/>
</ServiceGroup>
<ServiceGroup id="sg-NETBIOS" name="NETBIOS" comment="" ro="False">
<ServiceRef ref="udp-netbios-dgm"/>
<ServiceRef ref="udp-netbios-ns"/>
<ServiceRef ref="id3E755609"/>
</ServiceGroup>
<ServiceGroup id="id3CB131CC" name="PCAnywhere" comment="" ro="False">
<ServiceRef ref="id3CB131CA"/>
<ServiceRef ref="id3CB131C8"/>
</ServiceGroup>
<ServiceGroup id="sg-Useful_ICMP" name="Useful_ICMP" comment="" ro="False">
<ServiceRef ref="icmp-Time_exceeded"/>
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
<ServiceRef ref="icmp-ping_reply"/>
<ServiceRef ref="icmp-Unreachables"/>
</ServiceGroup>
<ServiceGroup id="id1569X4889" name="Ipv6 unreachable messages" comment="" ro="False">
<ServiceRef ref="idE0D27650"/>
<ServiceRef ref="idCFE27650"/>
<ServiceRef ref="idE0B27650"/>
<ServiceRef ref="id1519Z388"/>
</ServiceGroup>
<ServiceGroup id="id3B4FEDD9" name="kerberos" comment="" ro="False">
<ServiceRef ref="id3B4FEDA5"/>
<ServiceRef ref="id3B4FEDA9"/>
<ServiceRef ref="id3B4FEDA7"/>
<ServiceRef ref="id3B4FEDAB"/>
<ServiceRef ref="id3B4FEDA3"/>
<ServiceRef ref="id3B4FEE21"/>
<ServiceRef ref="id3B4FEE23"/>
<ServiceRef ref="id3E7E3EA2"/>
</ServiceGroup>
<ServiceGroup id="id3B4FF35E" name="nfs" comment="" ro="False">
<ServiceRef ref="id3B4FEE7A"/>
<ServiceRef ref="id3B4FEE78"/>
</ServiceGroup>
<ServiceGroup id="id3B4FEFFA" name="quake" comment="" ro="False">
<ServiceRef ref="id3B4FEF7C"/>
<ServiceRef ref="id3B4FEF7E"/>
</ServiceGroup>
<ServiceGroup id="id3D703C9A" name="Real Player" comment="" ro="False">
<ServiceRef ref="id3D703C99"/>
<ServiceRef ref="id3D703C8B"/>
</ServiceGroup>
<ServiceGroup id="id3E7E3E95" name="WinNT" comment="" ro="False">
<ServiceRef ref="sg-NETBIOS"/>
<ServiceRef ref="id3DC8C8BB"/>
<ServiceRef ref="id3E7E3D58"/>
</ServiceGroup>
<ServiceGroup id="id3E7E3E9A" name="Win2000" comment="" ro="False">
<ServiceRef ref="id3E7E3E95"/>
<ServiceRef ref="udp-DNS"/>
<ServiceRef ref="id3DC8C8BC"/>
<ServiceRef ref="id3E7E3EA2"/>
<ServiceRef ref="id3AECF778"/>
<ServiceRef ref="id3D703C90"/>
<ServiceRef ref="id3E7E4039"/>
<ServiceRef ref="id3E7E403A"/>
<ServiceRef ref="id3B4FEDA5"/>
<ServiceRef ref="tcp-DNS"/>
</ServiceGroup>
<ServiceGroup id="id41291786" name="UPnP" comment="" ro="False">
<ServiceRef ref="id41291784"/>
<ServiceRef ref="id41291785"/>
<ServiceRef ref="id41291783"/>
<ServiceRef ref="id412Z18A9"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="stdid07" name="ICMP" comment="" ro="False">
<ICMPService id="icmp-Unreachables" code="-1" type="3" name="all ICMP unreachables" comment="" ro="False"/>
<ICMPService id="id3C20EEB5" code="-1" type="-1" name="any ICMP" comment="" ro="False"/>
<ICMPService id="icmp-Host_unreach" code="1" type="3" name="host_unreach" comment="" ro="False"/>
<ICMPService id="icmp-ping_reply" code="0" type="0" name="ping reply" comment="" ro="False"/>
<ICMPService id="icmp-ping_request" code="0" type="8" name="ping request" comment="" ro="False"/>
<ICMPService id="icmp-Port_unreach" code="3" type="3" name="port unreach" comment="Port unreachable" ro="False"/>
<ICMPService id="icmp-Time_exceeded" code="0" type="11" name="time exceeded" comment="ICMP messages of this type are needed for traceroute" ro="False"/>
<ICMPService id="icmp-Time_exceeded_in_transit" code="1" type="11" name="time exceeded in transit" comment="" ro="False"/>
<ICMP6Service id="ipv6-icmp-ping_request" code="0" type="128" name="ipv6 ping request" comment="IPv6 ping request" ro="False"/>
<ICMP6Service id="ipv6-icmp-ping_reply" code="0" type="129" name="ipv6 ping reply" comment="IPv6 ping reply" ro="False"/>
<ICMP6Service id="ipv6-icmp-routersol" code="0" type="133" name="ipv6 routersol" comment="IPv6 router solicitation" ro="False"/>
<ICMP6Service id="ipv6-icmp-routeradv" code="0" type="134" name="ipv6 routeradv" comment="IPv6 router advertisement" ro="False"/>
<ICMP6Service id="ipv6-icmp-neighbrsol" code="0" type="135" name="ipv6 neighbrsol" comment="IPv6 neighbor solicitation" ro="False"/>
<ICMP6Service id="ipv6-icmp-neighbradv" code="0" type="136" name="ipv6 neighbradv" comment="IPv6 neighbor advertisement" ro="False"/>
<ICMP6Service id="ipv6-icmp-redir" code="0" type="137" name="ipv6 redir" comment="IPv6 redirect: shorter route exists" ro="False"/>
<ICMP6Service id="id1519Z388" code="-1" type="4" name="ipv6 parameter problem" comment="IPv6 Parameter Problem: RFC4443" ro="False"/>
<ICMP6Service id="idCFE27650" code="0" type="3" name="ipv6 time exceeded" comment="Time exceeded in transit" ro="False"/>
<ICMP6Service id="idCFF27650" code="1" type="3" name="ipv6 time exceeded in reassembly" comment="Time exceeded in reassembly" ro="False"/>
<ICMP6Service id="idE0B27650" code="-1" type="2" name="ipv6 packet too big" comment="" ro="False"/>
<ICMP6Service id="idE0D27650" code="-1" type="1" name="ipv6 all dest unreachable" comment="All icmpv6 codes for type &quot;destination unreachable&quot;&#10;" ro="False"/>
<ICMP6Service id="idCFE27660" code="-1" type="-1" name="ipv6 any ICMP6" comment="any ICMPv6" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid06" name="IP" comment="" ro="False">
<IPService id="id3CB12797" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False" name="AH" comment="IPSEC Authentication Header Protocol" ro="False"/>
<IPService id="ip-IPSEC" fragm="False" lsrr="False" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False" name="ESP" comment="IPSEC Encapsulating Security Payload Protocol" ro="False"/>
<IPService id="ip-RR" fragm="False" lsrr="False" protocol_num="0" rr="True" short_fragm="False" ssrr="False" ts="False" name="RR" comment="Route recording packets" ro="False"/>
<IPService id="ip-SRR" fragm="False" lsrr="True" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False" name="SRR" comment="All sorts of Source Routing Packets" ro="False"/>
<IPService id="ip-IP_Fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False" name="ip_fragments" comment="'Short' fragments" ro="False"/>
<IPService id="id3D703C8E" fragm="False" lsrr="False" protocol_num="57" rr="False" short_fragm="False" ssrr="False" ts="False" name="SKIP" comment="IPSEC Simple Key Management for Internet Protocols" ro="False"/>
<IPService id="id3D703C8F" fragm="False" lsrr="False" protocol_num="47" rr="False" short_fragm="False" ssrr="False" ts="False" name="GRE" comment="Generic Routing Encapsulation&#10;" ro="False"/>
<IPService id="id3D703C95" fragm="False" lsrr="False" protocol_num="112" rr="False" short_fragm="False" ssrr="False" ts="False" name="vrrp" comment="Virtual Router Redundancy Protocol" ro="False"/>
<IPService id="ip-IGMP" fragm="False" lsrr="False" protocol_num="2" rr="False" rtralt="True" rtralt_value="0" short_fragm="False" ssrr="False" ts="False" name="IGMP" comment="Internet Group Management Protocol, Version 3, RFC 3376" ro="False"/>
<IPService id="ip-PIM" fragm="False" lsrr="False" protocol_num="103" rr="False" rtralt="False" rtralt_value="0" short_fragm="False" ssrr="False" ts="False" name="PIM" comment="Protocol Independent Multicast - Dense Mode (PIM-DM), RFC 3973, or Protocol Independent Multicast-Sparse Mode (PIM-SM) RFC 2362" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid09" name="TCP" comment="" ro="False">
<TCPService id="tcp-ALL_TCP_Masqueraded" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ALL TCP Masqueraded" comment="ipchains used to use this range of port numbers for masquerading. " ro="False" src_range_start="61000" src_range_end="65095" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id3D703C94" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="AOL" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5190" dst_range_end="5190"/>
<TCPService id="tcp-All_TCP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id3CB131C4" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Citrix-ICA" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1494" dst_range_end="1494"/>
<TCPService id="id3D703C91" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-Admin" comment="Entrust CA Administration Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="709" dst_range_end="709"/>
<TCPService id="id3D703C92" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-KeyMgmt" comment="Entrust CA Key Management Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="710" dst_range_end="710"/>
<TCPService id="id3AEDBEAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="H323" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1720" dst_range_end="1720"/>
<TCPService id="id412Z18A9" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="icslap" comment="Sometimes this protocol is called icslap, but Microsoft does not call it that and just says that DSPP uses port 2869 in Windows XP SP2" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2869" dst_range_end="2869"/>
<TCPService id="id3E7E4039" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3268" dst_range_end="3268"/>
<TCPService id="id3E7E403A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC SSL" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3269" dst_range_end="3269"/>
<TCPService id="id3D703C83" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="OpenWindows" comment="Open Windows" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2000" dst_range_end="2000"/>
<TCPService id="id3CB131C8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="PCAnywhere-data" comment="data channel for PCAnywhere v7.52 and later " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5631" dst_range_end="5631"/>
<TCPService id="id3D703C8B" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Real-Audio" comment="RealNetworks PNA Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7070" dst_range_end="7070"/>
<TCPService id="id3D703C93" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="RealSecure" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2998" dst_range_end="2998"/>
<TCPService id="id3DC8C8BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="SMB" comment="SMB over TCP (without NETBIOS)&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="445" dst_range_end="445"/>
<TCPService id="id3D703C8D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TACACSplus" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="49" dst_range_end="49"/>
<TCPService id="id3D703C84" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TCP high ports" comment="TCP high ports" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
<TCPService id="id3E7E3D58" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="WINS replication" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="42" dst_range_end="42"/>
<TCPService id="id3D703C82" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="X11" comment="X Window System" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6000" dst_range_end="6063"/>
<TCPService id="tcp-Auth" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="auth" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
<TCPService id="id3AEDBE6E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<TCPService id="tcp-DNS" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<TCPService id="id3B4FEDA3" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="eklogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
<TCPService id="id3AECF774" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="finger" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="79" dst_range_end="79"/>
<TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
<TCPService id="tcp-FTP_data" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data" comment="FTP data channel.&#10; Note: FTP protocol does not really require server to use source port 20 for the data channel, &#10; but many ftp server implementations do so." ro="False" src_range_start="20" src_range_end="20" dst_range_start="1024" dst_range_end="65535"/>
<TCPService id="id3E7553BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data passive" comment="FTP data channel for passive mode transfers&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="20" dst_range_end="20"/>
<TCPService id="tcp-HTTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id3B4FED69" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="https" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="443" dst_range_end="443"/>
<TCPService id="id3AECF776" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="143" dst_range_end="143"/>
<TCPService id="id3B4FED9F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imaps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
<TCPService id="id3B4FF13C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id3E7E3EA2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
<TCPService id="id3B4FEE21" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="klogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="543" dst_range_end="543"/>
<TCPService id="id3B4FEE23" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ksh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="544" dst_range_end="544"/>
<TCPService id="id3AECF778" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="389" dst_range_end="389"/>
<TCPService id="id3D703C90" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldaps" comment="Lightweight Directory Access Protocol over TLS/SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="636" dst_range_end="636"/>
<TCPService id="id3B4FF000" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="linuxconf" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="98" dst_range_end="98"/>
<TCPService id="id3D703C97" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="lpr" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3DC8C8BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
<TCPService id="id3D703C98" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ms-sql" comment="Microsoft SQL Server" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1433" dst_range_end="1433"/>
<TCPService id="id3B4FEEEE" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="mysql" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3306" dst_range_end="3306"/>
<TCPService id="id3E755609" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
<TCPService id="id3B4FEE7A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<TCPService id="tcp-NNTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
<TCPService id="id3E7553BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntps" comment="NNTP over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="563" dst_range_end="563"/>
<TCPService id="id3B4FEE1D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="110" dst_range_end="110"/>
<TCPService id="id3E7553BA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3s" comment="POP-3 over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="995" dst_range_end="995"/>
<TCPService id="id3B4FF0EA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="postgres" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5432" dst_range_end="5432"/>
<TCPService id="id3AECF782" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="printer" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3B4FEF7C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<TCPService id="id3AECF77A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rexec" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="512" dst_range_end="512"/>
<TCPService id="id3AECF77C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rlogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<TCPService id="id3AECF77E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rshell" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<TCPService id="id3D703C99" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtsp" comment="Real Time Streaming Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="554" dst_range_end="554"/>
<TCPService id="id3B4FEF34" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rwhois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4321" dst_range_end="4321"/>
<TCPService id="id3D703C89" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="securidprop" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5510" dst_range_end="5510"/>
<TCPService id="tcp-SMTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="id3B4FF04C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="465" dst_range_end="465"/>
<TCPService id="id3B4FEE76" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="socks" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1080" dst_range_end="1080"/>
<TCPService id="id3D703C87" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sqlnet1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1521" dst_range_end="1521"/>
<TCPService id="id3B4FF09A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="tcp-SSH" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id3AEDBE00" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<TCPService id="tcp-TCP-SYN" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp-syn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="tcp-Telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="telnet" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
<TCPService id="tcp-uucp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="uucp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
<TCPService id="id3CB131C6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="winterm" comment="Windows Terminal Services" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3389" dst_range_end="3389"/>
<TCPService id="id3B4FF1B8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7100" dst_range_end="7100"/>
<TCPService id="id3C685B2B" ack_flag="True" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan - full" comment="This service object matches TCP packet with all six flags set." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id4127E949" ack_flag="False" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="False" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan" comment="This service object matches TCP packet with flags FIN, PSH and URG set and other flags cleared. This is a &quot;christmas scan&quot; as defined in snort rules. Nmap can generate this scan, too." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id4127EA72" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
<TCPService id="id4127EBAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="distcc" comment="distributed compiler" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3632" dst_range_end="3632"/>
<TCPService id="id4127ECF1" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvspserver" comment="CVS client/server operations" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2401" dst_range_end="2401"/>
<TCPService id="id4127ECF2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvsup" comment="CVSup file transfer/John Polstra/FreeBSD" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5999" dst_range_end="5999"/>
<TCPService id="id4127ED5E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="afp" comment="AFP (Apple file sharing) over TCP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="548" dst_range_end="548"/>
<TCPService id="id4127EDF6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="whois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="43" dst_range_end="43"/>
<TCPService id="id4127F04F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="bgp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="179" dst_range_end="179"/>
<TCPService id="id4127F146" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius" comment="Radius protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1812" dst_range_end="1812"/>
<TCPService id="id4127F147" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius acct" comment="Radius Accounting" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1813" dst_range_end="1813"/>
<TCPService id="id41291784" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5000" dst_range_end="5000"/>
<TCPService id="id41291785" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp-5431" comment="Although UPnP specification say it should use TCP port 5000, Linksys running Sveasoft firmware listens on port 5431" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5431" dst_range_end="5431"/>
<TCPService id="id41291787" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-0" comment="Java VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5800" dst_range_end="5800"/>
<TCPService id="id41291788" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-0" comment="Regular VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5900" dst_range_end="5900"/>
<TCPService id="id41291887" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-1" comment="Java VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5801" dst_range_end="5801"/>
<TCPService id="id41291888" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-1" comment="Regular VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5901" dst_range_end="5901"/>
<TCPService id="id463FE5FE11008" ack_flag="False" ack_flag_mask="False" established="True" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP established" comment="Some firewall platforms can match TCP packets with flags ACK or RST set; the option is usually called &quot;established&quot;.&#10;&#10;Note that you can use this object only in the policy rules of the firewall that supports this option.&#10;&#10;If you need to match reply packets for a specific TCP service and wish to use option &quot;established&quot;, make a copy of this object and set source port range to match the service.&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id1577X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtmp" comment="Real Time Messaging Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1935" dst_range_end="1935"/>
<TCPService id="id1590X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5222" dst_range_end="5222"/>
<TCPService id="id1609X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5269" dst_range_end="5269"/>
<TCPService id="id1622X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client-ssl" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5223" dst_range_end="5223"/>
<TCPService id="id1631X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server-ssl" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5270" dst_range_end="5270"/>
<TCPService id="id1644X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nrpe" comment="NRPE add-on for Nagios http://www.nagios.org/&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5666" dst_range_end="5666"/>
</ServiceGroup>
<ServiceGroup id="stdid08" name="UDP" comment="" ro="False">
<UDPService id="udp-ALL_UDP_Masqueraded" name="ALL UDP Masqueraded" comment="ipchains used to use this port range for masqueraded packets" ro="False" src_range_start="61000" src_range_end="65095" dst_range_start="0" dst_range_end="0"/>
<UDPService id="udp-All_UDP" name="All UDP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<UDPService id="id3D703C96" name="ICQ" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4000"/>
<UDPService id="id3CB129D2" name="IKE" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="500" dst_range_end="500"/>
<UDPService id="id3CB131CA" name="PCAnywhere-status" comment="status channel for PCAnywhere v7.52 and later" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5632" dst_range_end="5632"/>
<UDPService id="id3AED0D6B" name="RIP" comment="routing protocol RIP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="520" dst_range_end="520"/>
<UDPService id="id3D703C8C" name="Radius" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1645" dst_range_end="1645"/>
<UDPService id="id3D703C85" name="UDP high ports" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
<UDPService id="id3D703C86" name="Who" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<UDPService id="id3B4FEDA1" name="afs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7000" dst_range_end="7009"/>
<UDPService id="udp-bootpc" name="bootpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
<UDPService id="udp-bootps" name="bootps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="67" dst_range_end="67"/>
<UDPService id="id3AEDBE70" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<UDPService id="udp-DNS" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<UDPService id="id3D703C8A" name="interphone" comment="VocalTec Internet Phone" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22555" dst_range_end="22555"/>
<UDPService id="id3B4FEDA5" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
<UDPService id="id3B4FEDA9" name="kerberos-adm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="749" dst_range_end="750"/>
<UDPService id="id3B4FEDA7" name="kpasswd" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="464" dst_range_end="464"/>
<UDPService id="id3B4FEDAB" name="krb524" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4444" dst_range_end="4444"/>
<UDPService id="id3F865B0D" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
<UDPService id="udp-netbios-dgm" name="netbios-dgm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="138" dst_range_end="138"/>
<UDPService id="udp-netbios-ns" name="netbios-ns" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="137" dst_range_end="137"/>
<UDPService id="udp-netbios-ssn" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
<UDPService id="id3B4FEE78" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<UDPService id="udp-ntp" name="ntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="123" dst_range_end="123"/>
<UDPService id="id3B4FEF7E" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<UDPService id="id3D703C88" name="secureid-udp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="1024"/>
<UDPService id="udp-SNMP" name="snmp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
<UDPService id="id3AED0D69" name="snmp-trap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="162" dst_range_end="162"/>
<UDPService id="id3AEDBE19" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<UDPService id="id3AECF780" name="syslog" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<UDPService id="id3AED0D67" name="tftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="69" dst_range_end="69"/>
<UDPService id="id3AED0D8C" name="traceroute" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="33434" dst_range_end="33524"/>
<UDPService id="id4127EA73" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
<UDPService id="id41291783" name="SSDP" comment="Simple Service Discovery Protocol (used for UPnP)" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1900" dst_range_end="1900"/>
<UDPService id="id41291883" name="OpenVPN" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1194" dst_range_end="1194"/>
</ServiceGroup>
<ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
<CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC.&#10;Works on iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/&#10;" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and requires patch-o-matic &#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="stdid20" name="UserServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="stdid12" name="Firewalls" comment="" ro="False"/>
<ObjectGroup id="stdid21" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="stdid11" name="Time" comment="" ro="False">
<Interval id="int-workhours" days_of_week="1,2,3,4,5" from_day="-1" from_hour="9" from_minute="0" from_month="-1" from_weekday="1" from_year="-1" to_day="-1" to_hour="17" to_minute="0" to_month="-1" to_weekday="5" to_year="-1" name="workhours" comment="any day, 9:00am through 5:00pm" ro="False"/>
<Interval id="int-weekends" days_of_week="6,0" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1" name="weekends" comment="weekends: Saturday 0:00 through Sunday 23:59 " ro="False"/>
<Interval id="int-afterhours" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="18" from_minute="0" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="-1" to_year="-1" name="afterhours" comment="any day 6:00pm - 12:00am" ro="False"/>
<Interval id="id3C63479C" days_of_week="6" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="6" to_year="-1" name="Sat" comment="" ro="False"/>
<Interval id="id3C63479E" days_of_week="0" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="0" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1" name="Sun" comment="" ro="False"/>
</IntervalGroup>
</Library>
<Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
<Library id="id0" name="User" comment="" ro="False">
<ObjectGroup id="id1" name="Objects" comment="" ro="False">
<ObjectGroup id="id2" name="Addresses" comment="" ro="False"/>
<ObjectGroup id="id3" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id4" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id5" name="Groups" comment="" ro="False"/>
<ObjectGroup id="id6" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id7" name="Networks" comment="" ro="False">
<Network id="id8" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 2" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id9" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id10" name="Services" comment="" ro="False">
<ServiceGroup id="id11" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id12" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id13" name="IP" comment="" ro="False"/>
<ServiceGroup id="id14" name="TCP" comment="" ro="False">
<TCPService id="id15" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 6" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
</ServiceGroup>
<ServiceGroup id="id16" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id17" name="Users" comment="" ro="False"/>
<ServiceGroup id="id18" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id19" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id20" name="Firewalls" comment="" ro="False">
<Firewall id="id21" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 2" ro="False">
<NAT id="id61" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id23" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id25" disabled="False" group="" log="True" position="0" action="Accept" direction="Inbound" comment="Created during import of line 2">
<Src neg="False">
<ObjectRef ref="id8"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="pf_route_opt_addr">10.1.2.3</Option>
<Option name="pf_route_opt_if">em0</Option>
<Option name="pf_route_option">route_through</Option>
<Option name="routing">True</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id37" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 4">
<Src neg="False">
<ObjectRef ref="id8"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id67"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="pf_route_opt_addr">10.3.4.5</Option>
<Option name="pf_route_opt_if">bce0</Option>
<Option name="pf_route_option">route_reply_through</Option>
<Option name="routing">True</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id49" disabled="False" group="" log="False" position="2" action="Accept" direction="Outbound" comment="Created during import of line 6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id15"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id67"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="pf_route_opt_addr">10.1.2.3</Option>
<Option name="pf_route_opt_if">em0</Option>
<Option name="pf_route_option">route_copy_through</Option>
<Option name="routing">True</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id63" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id65" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="em0" comment="Created during import of line 2" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id67" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="bce0" comment="Created during import of line 4" ro="False">
<InterfaceOptions/>
</Interface>
<FirewallOptions>
<Option name="check_shading">true</Option>
<Option name="configure_interfaces">true</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="in_out_code">true</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id69" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id70" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

5
src/unit_tests/PFImporterTest/test_data/pf-route-to.output Normal file
View File

@ -0,0 +1,5 @@
2: New interface: em0
2: filtering rule: action pass; interfaces:
4: New interface: bce0
4: filtering rule: action pass; interfaces: bce0
6: filtering rule: action pass; interfaces: bce0

6
src/unit_tests/PFImporterTest/test_data/pf-tables.conf
View File

@ -10,3 +10,9 @@ table <dst_addresses_1> { 192.168.1.1, 192.168.1.2, 192.168.2.0/24 }
table <dst_addresses_2> { pcn0, pcn0:network }
table <dst_addresses_3> { pcn0:peer, pcn0:0 }
table <dst_addresses_4> { www.fwbuilder.org, www.netcitadel.com }
# unsupported: this table has a mix of negated and non-negated addresses
table <dst_addresses_5> { 192.168.10.1, !192.168.10.2, 192.168.20.0/24 }
# the rule should be marked as "broken"
pass in quick on em1 from <dst_addresses_5> to any

132
src/unit_tests/PFImporterTest/test_data/pf-tables.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1307340472" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1310086930" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -434,75 +434,107 @@
<ObjectGroup id="id2" name="Addresses" comment="" ro="False">
<IPv4 id="id3" name="h-192.168.1.1" comment="Created during import of line 9" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
<IPv4 id="id4" name="h-192.168.1.2" comment="Created during import of line 9" ro="False" address="192.168.1.2" netmask="255.255.255.255"/>
<IPv4 id="id5" name="h-192.168.10.1" comment="Created during import of line 15" ro="False" address="192.168.10.1" netmask="255.255.255.255"/>
<IPv4 id="id6" name="h-192.168.10.2" comment="Created during import of line 15" ro="False" address="192.168.10.2" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id5" name="DNS Names" comment="" ro="False">
<DNSName id="id6" dnsrec="www.fwbuilder.org" dnsrectype="A" run_time="True" name="www.fwbuilder.org" comment="" ro="False"/>
<DNSName id="id7" dnsrec="www.netcitadel.com" dnsrectype="A" run_time="True" name="www.netcitadel.com" comment="" ro="False"/>
<ObjectGroup id="id7" name="DNS Names" comment="" ro="False">
<DNSName id="id8" dnsrec="www.fwbuilder.org" dnsrectype="A" run_time="True" name="www.fwbuilder.org" comment="" ro="False"/>
<DNSName id="id9" dnsrec="www.netcitadel.com" dnsrectype="A" run_time="True" name="www.netcitadel.com" comment="" ro="False"/>
</ObjectGroup>
<ObjectGroup id="id8" name="Address Tables" comment="" ro="False">
<AddressTable id="id9" filename="" run_time="True" name="mike" comment="" ro="False"/>
<AddressTable id="id10" filename="" run_time="True" name="BLOCKTEMP" comment="" ro="False"/>
<AddressTable id="id11" filename="./pf_block_permanent" run_time="True" name="BLOCKPERM" comment="" ro="False"/>
<AddressTable id="id12" filename="./pf_table" run_time="True" name="BLOCK" comment="" ro="False"/>
<AddressTable id="id13" filename="" run_time="True" name="spamd-white" comment="" ro="False"/>
<ObjectGroup id="id10" name="Address Tables" comment="" ro="False">
<AddressTable id="id11" filename="" run_time="True" name="mike" comment="" ro="False"/>
<AddressTable id="id12" filename="" run_time="True" name="BLOCKTEMP" comment="" ro="False"/>
<AddressTable id="id13" filename="./pf_block_permanent" run_time="True" name="BLOCKPERM" comment="" ro="False"/>
<AddressTable id="id14" filename="./pf_table" run_time="True" name="BLOCK" comment="" ro="False"/>
<AddressTable id="id15" filename="" run_time="True" name="spamd-white" comment="" ro="False"/>
</ObjectGroup>
<ObjectGroup id="id14" name="Groups" comment="" ro="False">
<ObjectGroup id="id15" name="private" comment="Created during import of line 7" ro="False">
<ObjectRef ref="id34"/>
<ObjectRef ref="id35"/>
<ObjectRef ref="id36"/>
<ObjectGroup id="id16" name="Groups" comment="" ro="False">
<ObjectGroup id="id17" name="private" comment="Created during import of line 7" ro="False">
<ObjectRef ref="id40"/>
<ObjectRef ref="id41"/>
<ObjectRef ref="id42"/>
</ObjectGroup>
<ObjectGroup id="id19" name="dst_addresses_1" comment="Created during import of line 9" ro="False">
<ObjectGroup id="id21" name="dst_addresses_1" comment="Created during import of line 9" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id4"/>
<ObjectRef ref="id37"/>
<ObjectRef ref="id43"/>
</ObjectGroup>
<ObjectGroup id="id23" name="dst_addresses_2" comment="Created during import of line 10" ro="False">
<ObjectRef ref="id57"/>
<ObjectRef ref="id58"/>
<ObjectGroup id="id25" name="dst_addresses_2" comment="Created during import of line 10" ro="False">
<ObjectRef ref="id76"/>
<ObjectRef ref="id77"/>
</ObjectGroup>
<ObjectGroup id="id26" name="dst_addresses_3" comment="Created during import of line 11" ro="False">
<ObjectRef ref="id57"/>
<ObjectRef ref="id57"/>
<ObjectGroup id="id28" name="dst_addresses_3" comment="Created during import of line 11" ro="False">
<ObjectRef ref="id76"/>
<ObjectRef ref="id76"/>
</ObjectGroup>
<ObjectGroup id="id29" name="dst_addresses_4" comment="Created during import of line 12" ro="False">
<ObjectGroup id="id31" name="dst_addresses_4" comment="Created during import of line 12" ro="False">
<ObjectRef ref="id8"/>
<ObjectRef ref="id9"/>
</ObjectGroup>
<ObjectGroup id="id34" name="dst_addresses_5" comment="Created during import of line 15" ro="False">
<ObjectRef ref="id5"/>
<ObjectRef ref="id6"/>
<ObjectRef ref="id7"/>
<ObjectRef ref="id44"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id32" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id33" name="Networks" comment="" ro="False">
<Network id="id34" name="net-10/255.0.0.0" comment="Created during import of line 7" ro="False" address="255.192.0.0" netmask="255.0.0.0"/>
<Network id="id35" name="net-172.16/255.240.0.0" comment="Created during import of line 7" ro="False" address="172.16.0.0" netmask="255.240.0.0"/>
<Network id="id36" name="net-192.168/255.255.0.0" comment="Created during import of line 7" ro="False" address="192.168.0.0" netmask="255.255.0.0"/>
<Network id="id37" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 9" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<ObjectGroup id="id38" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id39" name="Networks" comment="" ro="False">
<Network id="id40" name="net-10/255.0.0.0" comment="Created during import of line 7" ro="False" address="255.192.0.0" netmask="255.0.0.0"/>
<Network id="id41" name="net-172.16/255.240.0.0" comment="Created during import of line 7" ro="False" address="172.16.0.0" netmask="255.240.0.0"/>
<Network id="id42" name="net-192.168/255.255.0.0" comment="Created during import of line 7" ro="False" address="192.168.0.0" netmask="255.255.0.0"/>
<Network id="id43" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 9" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id44" name="net-192.168.20.0/255.255.255.0" comment="Created during import of line 15" ro="False" address="192.168.20.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id38" name="Address Ranges" comment="" ro="False"/>
<ObjectGroup id="id45" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id39" name="Services" comment="" ro="False">
<ServiceGroup id="id40" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id41" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id42" name="IP" comment="" ro="False"/>
<ServiceGroup id="id43" name="TCP" comment="" ro="False"/>
<ServiceGroup id="id44" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id45" name="Users" comment="" ro="False"/>
<ServiceGroup id="id46" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id47" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id46" name="Services" comment="" ro="False">
<ServiceGroup id="id47" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id48" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id49" name="IP" comment="" ro="False"/>
<ServiceGroup id="id50" name="TCP" comment="" ro="False"/>
<ServiceGroup id="id51" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id52" name="Users" comment="" ro="False"/>
<ServiceGroup id="id53" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id54" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id48" name="Firewalls" comment="" ro="False">
<Firewall id="id49" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 10" ro="False">
<NAT id="id53" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<ObjectGroup id="id55" name="Firewalls" comment="" ro="False">
<Firewall id="id56" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 10" ro="False">
<NAT id="id72" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id51" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<Policy id="id58" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id60" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 18&#10;Address table 'dst_addresses_5' has a mix of negated and non-negated addresses in the original file.">
<Src neg="False">
<ObjectRef ref="id34"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id79"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id55" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<Routing id="id74" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id57" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="pcn0" comment="Created during import of line 10" ro="False">
<Interface id="id76" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="pcn0" comment="Created during import of line 10" ro="False">
<InterfaceOptions/>
<AttachedNetworks id="id77" name="pcn0-net" comment="" ro="False"/>
</Interface>
<Interface id="id79" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="em1" comment="Created during import of line 18" ro="False">
<InterfaceOptions/>
<AttachedNetworks id="id58" name="pcn0-net" comment="" ro="False"/>
</Interface>
<FirewallOptions>
<Option name="check_shading">true</Option>
@ -522,7 +554,7 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id60" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id61" name="Time" comment="" ro="False"/>
<ObjectGroup id="id81" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id82" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

15
src/unit_tests/PFImporterTest/test_data/pf-tables.output
View File

@ -7,10 +7,13 @@
6: Address Table: <spamd-white> file
7: Warning: attribute "const" will be dropped from table configuration since this attribute is not supported at this time
7: Address Table: <private>: 10/8, 172.16/12, 192.168/16
9: Address Table: <dst_addresses_1>: 192.168.1.1/, 192.168.1.2/, 192.168.2.0/24
9: Address Table: <dst_addresses_1>: 192.168.1.1, 192.168.1.2, 192.168.2.0/24
10: Address Table: <dst_addresses_2>: pcn0, pcn0
10: New interface: pcn0
10: Address Table: <dst_addresses_2>: pcn0/, pcn0/
11: Address Table: <dst_addresses_3>: pcn0/, pcn0/
12: Address Table: <dst_addresses_4>: www.fwbuilder.org/, www.netcitadel.com/
Could not find enough information in the data file to create any firewall rules.
11: Address Table: <dst_addresses_3>: pcn0, pcn0
12: Address Table: <dst_addresses_4>: www.fwbuilder.org, www.netcitadel.com
15: Address Table: <dst_addresses_5>: 192.168.10.1, !192.168.10.2, 192.168.20.0/24
15: Error: import of table definition with negated addresses is not supported.
18: New interface: em1
18: filtering rule: action pass; interfaces: em1
18: Error: Address table 'dst_addresses_5' has a mix of negated and non-negated addresses in the original file.

2
src/unit_tests/RuleSetViewContextMenuTest/RuleSetViewContextMenuTest.cpp
View File

@ -52,6 +52,7 @@ using namespace libfwbuilder;
void RuleSetViewContextMenuTest::initTestCase()
{
new FWObjectClipboard();
mw = new FWWindow();
mw->show();
mw->move(0,0);
@ -60,7 +61,6 @@ void RuleSetViewContextMenuTest::initTestCase()
else
mw->resize(1024, 768);
mw->startupLoad();
new FWObjectClipboard();
StartTipDialog *d = mw->findChild<StartTipDialog*>();
if (d!=NULL) d->close();
om = dynamic_cast<ObjectManipulator*>(mw->getCurrentObjectTree()->parent()->parent());

2
src/unit_tests/RuleSetViewTest/RuleSetViewTest.cpp
View File

@ -49,11 +49,11 @@ using namespace libfwbuilder;
void RuleSetViewTest::initTestCase()
{
new FWObjectClipboard();
mw = new FWWindow();
mw->show();
mw->resize(QSize(800,600));
mw->startupLoad();
new FWObjectClipboard();
StartTipDialog *d = mw->findChild<StartTipDialog*>();
if (d) if (d!=NULL) d->close();
om = dynamic_cast<ObjectManipulator*>(mw->getCurrentObjectTree()->parent()->parent());

27
src/unit_tests/commandLinePrintingTest/commandLinePrintingTest
View File

@ -1,47 +1,46 @@
#!/bin/bash
#!/bin/sh
rm -f print.pdf >/dev/null 2>/dev/null
QTVERSION=`qmake --version | tail -n1| cut -d' ' -f4`
TESTNAME=$(basename `pwd`)
QTVERSION=$(${QMAKE:-qmake} --version 2>&1 | tail -n1| cut -d' ' -f4)
TESTNAME=${0##/}
PASSED=0
FAILED=0
SKIPPED=0
function pass # test_name
pass() # test_name
{
echo "PASS : ${TESTNAME}::$1()"
PASSED=$((PASSED+1))
}
function fail # test_name
fail() # test_name
{
echo "FAIL! : ${TESTNAME}::$1()"
FAILED=$((FAILED+1))
}
function output # test_name text
output() # test_name text
{
echo -n "QDEBUG : ${TESTNAME}::$1() "
shift
echo $@
}
function run_command # test_name command
run_command() # test_name command
{
test=$1
shift
command=$@
output=$($command 2>&1)
output=$("$@" 2>&1)
returned=$?
ORIGIFS=$IFS
IFS=`echo -en "\n\b"`
IFS=`printf "\n\b"`
for line in $output
do
output $test $line
done
IFS=$ORIGIFS
[ $returned -eq 0 ] && pass $test || fail $test
[ "$returned" -eq 0 ] && pass "$test" || fail "$test"
}
@ -51,8 +50,8 @@ pass "initTestCase"
# -------- actual testing goes here --------
run_command "runPrinting" "../../gui/fwbuilder -f test.fwb -P test"
run_command "fileExists" "ls print.pdf"
run_command "runPrinting" ../../gui/fwbuilder -f test.fwb -P test
run_command "fileExists" ls print.pdf
# --------- end of actual testing ---------
@ -61,4 +60,4 @@ rm -f print.pdf >/dev/null 2>&1
pass "cleanupTestCase"
echo "Totals: ${PASSED} passed, ${FAILED} failed, ${SKIPPED} skipped"
echo "********* Finished testing of ${TESTNAME} *********"
[ ${FAILED} -eq 0 ] && exit 0 || exit 1
[ "${FAILED}" -eq 0 ] && exit 0 || exit 1

2
src/unit_tests/instDialogClusterTest/instDialogClusterTest.cpp
View File

@ -77,11 +77,11 @@ using namespace libfwbuilder;
void instDialogClusterTest::initTestCase()
{
new FWObjectClipboard();
mw = new FWWindow();
wfl = new UserWorkflow();
mw->show();
mw->loadFile("test_work.fwb", false);
new FWObjectClipboard();
}
void instDialogClusterTest::openPolicy(QString fwname)

2
src/unit_tests/instDialogCompileTest/instDialogCompileTest.cpp
View File

@ -54,10 +54,10 @@ using namespace libfwbuilder;
void instDialogCompileTest::initTestCase()
{
new FWObjectClipboard();
mw = new FWWindow();
mw->show();
mw->loadFile("test_work.fwb", false);
new FWObjectClipboard();
}
bool checkProgress(QTreeWidget *list)

2
src/unit_tests/instDialogInspectTest/instDialogInspectTest.cpp
View File

@ -57,10 +57,10 @@ bool checkProgress(QTreeWidget *list)
void instDialogInspectTest::initTestCase()
{
new FWObjectClipboard();
mw = new FWWindow();
mw->show();
mw->loadFile("test_work.fwb", false);
new FWObjectClipboard();
dialogClosed = false;
om = mw->findChild<ObjectManipulator*>("om");
tree = mw->activeProject()->getCurrentObjectTree();

2
src/unit_tests/instDialogInstallTest/instDialogInstallTest.cpp
View File

@ -128,10 +128,10 @@ bool checkProgress(QTreeWidget *list)
void instDialogInstallTest::initTestCase()
{
new FWObjectClipboard();
mw = new FWWindow();
mw->show();
mw->loadFile("test_work.fwb", false);
new FWObjectClipboard();
ssh_auth_sock = getenv("SSH_AUTH_SOCK");
}

2
src/unit_tests/instDialogObjectListTest/instDialogObjectListTest.cpp
View File

@ -105,10 +105,10 @@ using namespace libfwbuilder;
void instDialogObjectListTest::initTestCase()
{
new FWObjectClipboard();
mw = new FWWindow();
mw->show();
mw->loadFile("test_work.fwb", false);
new FWObjectClipboard();
}
void instDialogObjectListTest::openPolicy(QString fwname)

1
src/unit_tests/main/main.cpp
View File

@ -25,6 +25,7 @@
#include "FWBSettings.h"
#include "FWBApplication.h"
#include "UserWorkflow.h"
#include "FWObjectClipboard.h"
#include "common/commoninit.h"

4
test/ipt/rc.firewall.local
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v5.0.0.3556
# Firewall Builder fwb_ipt v5.0.0.3557
#
# Generated Tue Jul 5 18:03:29 2011 PDT by vadim
# Generated Wed Jul 6 17:48:03 2011 PDT by vadim
#
# files: * rc.firewall.local /etc/rc.d//rc.firewall.local
#

4
test/pf/pf_cluster_4_rc.conf.local
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v5.0.0.3556
# Firewall Builder fwb_pf v5.0.0.3557
#
# Generated Tue Jul 5 18:05:39 2011 PDT by vadim
# Generated Wed Jul 6 17:49:01 2011 PDT by vadim
#
# files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
# files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf