onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-01 14:47:27 +02:00
Code Issues Releases Wiki Activity

see #1941 ASA NAT - compiler complains about range in original destination

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-16 20:19:43 -08:00
parent 5c01a0ec13
commit e2c2725e6b
38 changed files with 184 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/ChangeLog
View File

@ -1,5 +1,10 @@
2011-01-16 vadim <vadim@netcitadel.com>
* NATCompiler_pix.cpp (processNext): see #1941 "ASA NAT - compiler
complains about range in original destination". NAT rules
translating destination allow Address Range objects in ODst or TDst
for ASA 8.3
* NamedObject.cpp (NamedObject): see #1940 "ASA NAT - fwbuilder
host objects interface ip is reserved keyword". Added list of
reserved words used in IOS and ASA software to make sure generated

20
src/cisco_lib/NATCompiler_pix.cpp
View File

@ -316,7 +316,7 @@ bool NATCompiler_pix::storeProcessedRules::processNext()
bool NATCompiler_pix::VerifyRules::processNext()
{
NATRule *rule=getNext(); if (rule==NULL) return false;
string vers=compiler->fw->getStr("version");
string version = compiler->fw->getStr("version");
if (rule->getRuleType()==NATRule::SDNAT)
{
@ -326,9 +326,9 @@ bool NATCompiler_pix::VerifyRules::processNext()
return true;
}
bool version_lt_63= ( compiler->fw->getStr("platform")=="pix" &&
libfwbuilder::XMLTools::version_compare(compiler->fw->getStr("version"),"6.3")<0); // fwsm is always above 6.3 - its OS is based on 6.3
bool version_lt_63= (
compiler->fw->getStr("platform")=="pix" &&
libfwbuilder::XMLTools::version_compare(version, "6.3")<0); // fwsm is always above 6.3 - its OS is based on 6.3
RuleElementOSrc *osrc=rule->getOSrc(); assert(osrc);
RuleElementODst *odst=rule->getODst(); assert(odst);
@ -536,12 +536,12 @@ bool NATCompiler_pix::verifyRuleElements::processNext()
Address *tdst=compiler->getFirstTDst(rule); assert(tdst);
Service *tsrv=compiler->getFirstTSrv(rule); assert(tsrv);
bool version_lt_63 = libfwbuilder::XMLTools::version_compare(
compiler->fw->getStr("version"),"6.3")<0;
string version = compiler->fw->getStr("version");
if (rule->getRuleType()==NATRule::SNAT)
{
if ((! osrv->isAny() || ! tsrv->isAny()) && version_lt_63)
if ((! osrv->isAny() || ! tsrv->isAny()) &&
libfwbuilder::XMLTools::version_compare(version, "6.3")<0)
{
compiler->abort(
rule,
@ -552,7 +552,8 @@ bool NATCompiler_pix::verifyRuleElements::processNext()
if (rule->getRuleType()==NATRule::DNAT)
{
if (AddressRange::cast(odst) || AddressRange::cast(tdst))
if ((AddressRange::cast(odst) || AddressRange::cast(tdst)) &&
libfwbuilder::XMLTools::version_compare(version, "8.3")<0)
{
compiler->abort(
rule,
@ -925,6 +926,7 @@ bool NATCompiler_pix::createNATCmd::processNext()
// Helper helper(compiler);
NATCompiler_pix *pix_comp = dynamic_cast<NATCompiler_pix*>(compiler);
NATRule *rule = getNext(); if (rule==NULL) return false;
string version = compiler->fw->getStr("version");
bool cluster_member = compiler->fw->getOptionsObject()->getBool("cluster_member");
Cluster *cluster = NULL;
@ -981,7 +983,7 @@ bool NATCompiler_pix::createNATCmd::processNext()
( natcmd->o_iface->getSecurityLevel() < natcmd->t_iface->getSecurityLevel());
if (natcmd->outside && compiler->fw->getStr("platform")=="pix" &&
libfwbuilder::XMLTools::version_compare(compiler->fw->getStr("version"),"6.2")<0 )
libfwbuilder::XMLTools::version_compare(version, "6.2")<0 )
{
compiler->abort(
rule,

4
test/pix/cluster1-1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:36 2011 PST by vadim
! Generated Sun Jan 16 20:18:12 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1-1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:36 2011 PST by vadim
! Generated Sun Jan 16 20:18:12 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:36 2011 PST by vadim
! Generated Sun Jan 16 20:18:12 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:36 2011 PST by vadim
! Generated Sun Jan 16 20:18:12 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:11 2011 PST by vadim
! Generated Sun Jan 16 20:17:47 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:12 2011 PST by vadim
! Generated Sun Jan 16 20:17:48 2011 PST by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported

4
test/pix/firewall10.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:13 2011 PST by vadim
! Generated Sun Jan 16 20:17:49 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall11.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:13 2011 PST by vadim
! Generated Sun Jan 16 20:17:50 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall12.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:14 2011 PST by vadim
! Generated Sun Jan 16 20:17:50 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall13.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:15 2011 PST by vadim
! Generated Sun Jan 16 20:17:51 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall14.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:15 2011 PST by vadim
! Generated Sun Jan 16 20:17:52 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:16 2011 PST by vadim
! Generated Sun Jan 16 20:17:52 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall20.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:17 2011 PST by vadim
! Generated Sun Jan 16 20:17:53 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:18 2011 PST by vadim
! Generated Sun Jan 16 20:17:54 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:18 2011 PST by vadim
! Generated Sun Jan 16 20:17:54 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall22.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:19 2011 PST by vadim
! Generated Sun Jan 16 20:17:55 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:20 2011 PST by vadim
! Generated Sun Jan 16 20:17:56 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall33.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:21 2011 PST by vadim
! Generated Sun Jan 16 20:17:57 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall34.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:22 2011 PST by vadim
! Generated Sun Jan 16 20:17:58 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:22 2011 PST by vadim
! Generated Sun Jan 16 20:17:58 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall50.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:23 2011 PST by vadim
! Generated Sun Jan 16 20:17:59 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall6.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:24 2011 PST by vadim
! Generated Sun Jan 16 20:18:00 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall8.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:25 2011 PST by vadim
! Generated Sun Jan 16 20:18:01 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall80.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:25 2011 PST by vadim
! Generated Sun Jan 16 20:18:02 2011 PST by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported

4
test/pix/firewall81.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:26 2011 PST by vadim
! Generated Sun Jan 16 20:18:02 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall82.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:27 2011 PST by vadim
! Generated Sun Jan 16 20:18:03 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall83.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:27 2011 PST by vadim
! Generated Sun Jan 16 20:18:04 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall9.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:28 2011 PST by vadim
! Generated Sun Jan 16 20:18:04 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall90.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:29 2011 PST by vadim
! Generated Sun Jan 16 20:18:05 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

31
test/pix/firewall91.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:30 2011 PST by vadim
! Generated Sun Jan 16 20:18:06 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -18,10 +18,10 @@
! N firewall91:NAT:8: error: Can not translate multiple services into one service in one rule.
! N firewall91:NAT:9: error: Translated service should be 'Original' or should contain single object.
! N firewall91:NAT:10: error: Oiginal destination can not be "any" in rules that translate destination
! N firewall91:NAT:11: error: Oiginal destination can not be "any" in rules that translate destination
! N firewall91:NAT:12: error: Oiginal destination can not be "any" in rules that translate destination
! N firewall91:NAT:13: error: Oiginal destination can not be "any" in rules that translate destination
! N firewall91:NAT:14: error: Oiginal destination can not be "any" in rules that translate destination
! N firewall91:NAT:15: error: Oiginal destination can not be "any" in rules that translate destination
! N firewall91:NAT:16: error: Oiginal destination can not be "any" in rules that translate destination
!
! Prolog script:
@ -125,6 +125,15 @@ quit
object service https
service tcp destination eq 443
quit
object network outside_range
range 22.22.22.21 22.22.22.25
quit
object network internal_subnet_1
subnet 192.168.1.0 255.255.255.192
quit
object network test_range_1
range 192.168.1.11 192.168.1.15
quit
!
! Rule 0 (NAT)
nat (outside,inside) source static any any destination static interface hostA:eth0 description "0 (NAT)"
@ -149,6 +158,18 @@ nat (outside,inside) source static any any destination static interface hostA:et
!
! Rule 7 (NAT)
nat (outside,inside) source static any any destination static interface hostA:eth0 service http http description "7 (NAT)"
!
! Rule 10 (NAT)
! for #1941
nat (outside,inside) source static any any destination static outside_range hostA:eth0 description "10 (NAT)"
!
! Rule 11 (NAT)
! for #1941
nat (inside,outside) source dynamic internal_subnet_1 interface destination static outside_range hostA:eth0 description "11 (NAT)"
!
! Rule 12 (NAT)
! translating one range into another.
nat (outside,inside) source static any any destination static outside_range test_range_1 description "12 (NAT)"

4
test/pix/firewall92.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:30 2011 PST by vadim
! Generated Sun Jan 16 20:18:06 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/fwsm1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:31 2011 PST by vadim
! Generated Sun Jan 16 20:18:07 2011 PST by vadim
!
! Compiled for fwsm 2.3
! Outbound ACLs: supported

4
test/pix/fwsm2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:32 2011 PST by vadim
! Generated Sun Jan 16 20:18:08 2011 PST by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported

79
test/pix/objects-for-regression-tests.fwb
View File

@ -19110,7 +19110,7 @@ no sysopt nodnsalias outbound
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id20098X3981" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1295219041" platform="pix" version="8.3" name="firewall91" comment="testing new style ASA 8.3 nat commands&#10;DNAT rules&#10;" ro="False">
<Firewall id="id20098X3981" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1295237857" platform="pix" version="8.3" name="firewall91" comment="testing new style ASA 8.3 nat commands&#10;DNAT rules&#10;" ro="False">
<NAT id="id20132X3981" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id20285X3981" disabled="False" group="" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -19324,7 +19324,76 @@ no sysopt nodnsalias outbound
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id21329X8588" disabled="False" group="" position="10" action="Translate" comment="for #1927">
<NATRule id="id28199X32583" disabled="False" group="" position="10" action="Translate" comment="for #1941&#10;">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D196750"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id66679X32583" disabled="False" group="" position="11" action="Translate" comment="for #1941&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D196750"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id20111X3981"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id136500X1964" disabled="False" group="" position="12" action="Translate" comment="translating one range into another.&#10;">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D196750"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3CD8769F"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id21329X8588" disabled="False" group="" position="13" action="Translate" comment="for #1927">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -19347,7 +19416,7 @@ no sysopt nodnsalias outbound
<Option name="color">#C86E6E</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id21378X8588" disabled="False" group="" position="11" action="Translate" comment="for #1927">
<NATRule id="id21378X8588" disabled="False" group="" position="14" action="Translate" comment="for #1927">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -19370,7 +19439,7 @@ no sysopt nodnsalias outbound
<Option name="color">#C86E6E</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id97464X8588" disabled="False" group="" position="12" action="Translate" comment="for #1927">
<NATRule id="id97464X8588" disabled="False" group="" position="15" action="Translate" comment="for #1927">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
</OSrc>
@ -19393,7 +19462,7 @@ no sysopt nodnsalias outbound
<Option name="color">#C86E6E</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id97410X8588" disabled="False" group="" position="13" action="Translate" comment="for #1927">
<NATRule id="id97410X8588" disabled="False" group="" position="16" action="Translate" comment="for #1927">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
<ObjectRef ref="id178250X29963"/>

4
test/pix/pix515.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:33 2011 PST by vadim
! Generated Sun Jan 16 20:18:09 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/real.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3434
! Firewall Builder fwb_pix v4.2.0.3435
!
! Generated Sun Jan 16 16:41:34 2011 PST by vadim
! Generated Sun Jan 16 20:18:10 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported