onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity

* pf.g: fixed bug in PF import: address lists such as "{ addr1,

Browse Source 
addr2, ... }" defined as macros or inside the rule could not be
imported correctly.

* pf.g: we should be able to import both "block quick log" and
"block log quick".
This commit is contained in:
Vadim Kurland 2011-07-05 13:27:14 -07:00
parent 93e1664516
commit eb67ae82ff
11 changed files with 1050 additions and 707 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/ChangeLog
View File

@ -1,3 +1,12 @@
2011-07-05 vadim <vadim@netcitadel.com>
* pf.g: fixed bug in PF import: address lists such as "{ addr1,
addr2, ... }" defined as macros or inside the rule could not be
imported correctly.
* pf.g: we should be able to import both "block quick log" and
"block log quick".
2011-06-29 theron <theron@netcitadel.com>
* Fixed #2547, made keyword add/remove buttons same size.

198
src/parsers/PFCfgLexer.cpp
View File

@ -1,4 +1,4 @@
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.cpp"$ */
/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.cpp"$ */
#line 43 "pf.g"
// gets inserted before the antlr generated includes in the cpp
@ -77,7 +77,7 @@ void PFCfgLexer::initLiterals()
literals["debugging"] = 229;
literals["host-tos"] = 187;
literals["paramprob"] = 160;
literals["user"] = 112;
literals["user"] = 113;
literals["interface"] = 215;
literals["adaptive.end"] = 58;
literals["limit"] = 21;
@ -108,7 +108,7 @@ void PFCfgLexer::initLiterals()
literals["synproxy"] = 210;
literals["debug"] = 37;
literals["alerts"] = 227;
literals["all"] = 111;
literals["all"] = 112;
literals["state"] = 211;
literals["tag"] = 207;
literals["in"] = 108;
@ -135,7 +135,7 @@ void PFCfgLexer::initLiterals()
literals["frag"] = 54;
literals["port"] = 92;
literals["icmp"] = 119;
literals["to"] = 113;
literals["to"] = 114;
literals["return-rst"] = 104;
literals["normal-adv"] = 195;
literals["optimization"] = 15;
@ -238,7 +238,7 @@ void PFCfgLexer::initLiterals()
literals["needfrag"] = 179;
literals["tcp.opening"] = 41;
literals["igrp"] = 217;
literals["quick"] = 114;
literals["quick"] = 111;
literals["timex"] = 159;
literals["host-unk"] = 182;
literals["route-to"] = 138;
@ -561,11 +561,11 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) {
}
}
else {
goto _loop270;
goto _loop275;
}
}
_loop270:;
_loop275:;
} // ( ... )*
mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -597,7 +597,7 @@ void PFCfgLexer::mNEWLINE(bool _createToken) {
}
if ( inputState->guessing==0 ) {
#line 1981 "pf.g"
#line 1982 "pf.g"
newline();
#line 603 "PFCfgLexer.cpp"
}
@ -678,7 +678,7 @@ void PFCfgLexer::mWhitespace(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 1976 "pf.g"
#line 1977 "pf.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 684 "PFCfgLexer.cpp"
}
@ -905,10 +905,10 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
_ttype = NUMBER_ADDRESS_OR_WORD;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
bool synPredMatched323 = false;
bool synPredMatched328 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
int _m323 = mark();
synPredMatched323 = true;
int _m328 = mark();
synPredMatched328 = true;
inputState->guessing++;
try {
{
@ -919,12 +919,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched323 = false;
synPredMatched328 = false;
}
rewind(_m323);
rewind(_m328);
inputState->guessing--;
}
if ( synPredMatched323 ) {
if ( synPredMatched328 ) {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
@ -935,144 +935,144 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mNUM_3DIGIT(false);
}
if ( inputState->guessing==0 ) {
#line 2036 "pf.g"
#line 2037 "pf.g"
_ttype = IPV4;
#line 941 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched330 = false;
bool synPredMatched335 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
int _m330 = mark();
synPredMatched330 = true;
int _m335 = mark();
synPredMatched335 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt327=0;
int _cnt332=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt327>=1 ) { goto _loop327; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt332>=1 ) { goto _loop332; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt327++;
_cnt332++;
}
_loop327:;
_loop332:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt329=0;
int _cnt334=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt329>=1 ) { goto _loop329; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt334>=1 ) { goto _loop334; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt329++;
_cnt334++;
}
_loop329:;
_loop334:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched330 = false;
synPredMatched335 = false;
}
rewind(_m330);
rewind(_m335);
inputState->guessing--;
}
if ( synPredMatched330 ) {
if ( synPredMatched335 ) {
{
{ // ( ... )+
int _cnt333=0;
int _cnt338=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt333>=1 ) { goto _loop333; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt338>=1 ) { goto _loop338; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt333++;
_cnt338++;
}
_loop333:;
_loop338:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt335=0;
int _cnt340=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt335>=1 ) { goto _loop335; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt340>=1 ) { goto _loop340; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt335++;
_cnt340++;
}
_loop335:;
_loop340:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 2039 "pf.g"
#line 2040 "pf.g"
_ttype = NUMBER;
#line 1024 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched298 = false;
bool synPredMatched303 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_4.member(LA(2))) && (true))) {
int _m298 = mark();
synPredMatched298 = true;
int _m303 = mark();
synPredMatched303 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt297=0;
int _cnt302=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt297>=1 ) { goto _loop297; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt302>=1 ) { goto _loop302; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt297++;
_cnt302++;
}
_loop297:;
_loop302:;
} // ( ... )+
match(':' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched298 = false;
synPredMatched303 = false;
}
rewind(_m298);
rewind(_m303);
inputState->guessing--;
}
if ( synPredMatched298 ) {
if ( synPredMatched303 ) {
{
{
{ // ( ... )+
int _cnt302=0;
int _cnt307=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt302>=1 ) { goto _loop302; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt307>=1 ) { goto _loop307; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt302++;
_cnt307++;
}
_loop302:;
_loop307:;
} // ( ... )+
{ // ( ... )+
int _cnt306=0;
int _cnt311=0;
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
@ -1082,34 +1082,34 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mHEX_DIGIT(false);
}
else {
goto _loop305;
goto _loop310;
}
}
_loop305:;
_loop310:;
} // ( ... )*
}
else {
if ( _cnt306>=1 ) { goto _loop306; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt311>=1 ) { goto _loop311; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt306++;
_cnt311++;
}
_loop306:;
_loop311:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 2021 "pf.g"
#line 2022 "pf.g"
_ttype = IPV6;
#line 1105 "PFCfgLexer.cpp"
}
}
}
else {
bool synPredMatched308 = false;
bool synPredMatched313 = false;
if (((LA(1) == 0x3a /* ':' */ ))) {
int _m308 = mark();
synPredMatched308 = true;
int _m313 = mark();
synPredMatched313 = true;
inputState->guessing++;
try {
{
@ -1117,91 +1117,91 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched308 = false;
synPredMatched313 = false;
}
rewind(_m308);
rewind(_m313);
inputState->guessing--;
}
if ( synPredMatched308 ) {
if ( synPredMatched313 ) {
{
bool synPredMatched313 = false;
bool synPredMatched318 = false;
if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (_tokenSet_2.member(LA(3))))) {
int _m313 = mark();
synPredMatched313 = true;
int _m318 = mark();
synPredMatched318 = true;
inputState->guessing++;
try {
{
match(':' /* charlit */ );
match(':' /* charlit */ );
{ // ( ... )+
int _cnt312=0;
int _cnt317=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt312>=1 ) { goto _loop312; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt317>=1 ) { goto _loop317; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt312++;
_cnt317++;
}
_loop312:;
_loop317:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched313 = false;
synPredMatched318 = false;
}
rewind(_m313);
rewind(_m318);
inputState->guessing--;
}
if ( synPredMatched313 ) {
if ( synPredMatched318 ) {
{
match(':' /* charlit */ );
match(':' /* charlit */ );
{ // ( ... )+
int _cnt316=0;
int _cnt321=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt316>=1 ) { goto _loop316; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt321>=1 ) { goto _loop321; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt316++;
_cnt321++;
}
_loop316:;
_loop321:;
} // ( ... )+
{ // ( ... )*
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
{ // ( ... )+
int _cnt319=0;
int _cnt324=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt319>=1 ) { goto _loop319; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt324>=1 ) { goto _loop324; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt319++;
_cnt324++;
}
_loop319:;
_loop324:;
} // ( ... )+
}
else {
goto _loop320;
goto _loop325;
}
}
_loop320:;
_loop325:;
} // ( ... )*
}
if ( inputState->guessing==0 ) {
#line 2027 "pf.g"
#line 2028 "pf.g"
_ttype = IPV6;
#line 1207 "PFCfgLexer.cpp"
}
@ -1212,7 +1212,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
match(':' /* charlit */ );
}
if ( inputState->guessing==0 ) {
#line 2029 "pf.g"
#line 2030 "pf.g"
_ttype = IPV6;
#line 1218 "PFCfgLexer.cpp"
}
@ -1220,7 +1220,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
else if ((LA(1) == 0x3a /* ':' */ ) && (true)) {
match(':' /* charlit */ );
if ( inputState->guessing==0 ) {
#line 2031 "pf.g"
#line 2032 "pf.g"
_ttype = COLON;
#line 1226 "PFCfgLexer.cpp"
}
@ -1233,21 +1233,21 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
{ // ( ... )+
int _cnt337=0;
int _cnt342=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt337>=1 ) { goto _loop337; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt342>=1 ) { goto _loop342; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt337++;
_cnt342++;
}
_loop337:;
_loop342:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 2041 "pf.g"
#line 2042 "pf.g"
_ttype = INT_CONST;
#line 1253 "PFCfgLexer.cpp"
}
@ -1465,14 +1465,14 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
default:
{
goto _loop340;
goto _loop345;
}
}
}
_loop340:;
_loop345:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 2052 "pf.g"
#line 2053 "pf.g"
_ttype = WORD;
#line 1478 "PFCfgLexer.cpp"
}
@ -1502,11 +1502,11 @@ void PFCfgLexer::mSTRING(bool _createToken) {
matchNot('\"' /* charlit */ );
}
else {
goto _loop343;
goto _loop348;
}
}
_loop343:;
_loop348:;
} // ( ... )*
match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {

2
src/parsers/PFCfgLexer.hpp
View File

@ -9,7 +9,7 @@
#line 11 "PFCfgLexer.hpp"
#include <antlr/config.hpp>
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.hpp"$ */
/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.hpp"$ */
#include <antlr/CommonToken.hpp>
#include <antlr/InputBuffer.hpp>
#include <antlr/BitSet.hpp>

1128
src/parsers/PFCfgParser.cpp
View File

File diff suppressed because it is too large Load Diff

12
src/parsers/PFCfgParser.hpp
View File

@ -9,7 +9,7 @@
#line 11 "PFCfgParser.hpp"
#include <antlr/config.hpp>
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.hpp"$ */
/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.hpp"$ */
#include <antlr/TokenStream.hpp>
#include <antlr/TokenBuffer.hpp>
#include "PFCfgParserTokenTypes.hpp"
@ -143,7 +143,7 @@ public:
public: void block_return();
public: void icmp_code_by_name();
public: void direction();
public: void quick();
public: void quick_or_log();
public: void route();
public: void filteropts();
public: void logopts();
@ -321,6 +321,14 @@ private:
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_55;
static const unsigned long _tokenSet_56_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_56;
static const unsigned long _tokenSet_57_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_57;
static const unsigned long _tokenSet_58_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_58;
static const unsigned long _tokenSet_59_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_59;
static const unsigned long _tokenSet_60_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_60;
};
#endif /*INC_PFCfgParser_hpp_*/

10
src/parsers/PFCfgParserTokenTypes.hpp
View File

@ -1,7 +1,7 @@
#ifndef INC_PFCfgParserTokenTypes_hpp_
#define INC_PFCfgParserTokenTypes_hpp_
/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */
/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */
#ifndef CUSTOM_API
# define CUSTOM_API
@ -119,10 +119,10 @@ struct CUSTOM_API PFCfgParserTokenTypes {
IN_WORD = 108,
OUT_WORD = 109,
LOG = 110,
ALL = 111,
USER = 112,
TO = 113,
QUICK = 114,
QUICK = 111,
ALL = 112,
USER = 113,
TO = 114,
INET = 115,
INET6 = 116,
PROTO = 117,

10
src/parsers/PFCfgParserTokenTypes.txt
View File

@ -1,4 +1,4 @@
// $ANTLR 2.7.7 (20100319): pf.g -> PFCfgParserTokenTypes.txt$
// $ANTLR 2.7.7 (20090306): pf.g -> PFCfgParserTokenTypes.txt$
PFCfgParser // output token vocab name
NEWLINE=4
LINE_COMMENT=5
@ -107,10 +107,10 @@ RETURN_ICMP6=107
IN_WORD="in"=108
OUT_WORD="out"=109
LOG="log"=110
ALL="all"=111
USER="user"=112
TO="to"=113
QUICK="quick"=114
QUICK="quick"=111
ALL="all"=112
USER="user"=113
TO="to"=114
INET="inet"=115
INET6="inet6"=116
PROTO="proto"=117

29
src/parsers/pf.g
View File

@ -1002,8 +1002,7 @@ block_return :
rule_extended :
( direction )?
( logging )?
( quick )?
( quick_or_log )?
( intrface )?
( route )?
( address_family )?
@ -1018,11 +1017,19 @@ direction : ( IN_WORD | OUT_WORD )
}
;
logging :
LOG (logopts)?
{
importer->logging = true;
}
// looks like both "block log quick" and "block quick log" are legitimate
quick_or_log :
(
LOG (logopts)? { importer->logging = true; }
( QUICK { importer->quick = true; } )?
|
QUICK { importer->quick = true; }
( LOG (logopts)? { importer->logging = true; } )?
)
;
logging :
LOG (logopts)? { importer->logging = true; }
;
logopts :
@ -1041,12 +1048,6 @@ logopt : ALL | USER | TO WORD
}
;
quick : QUICK
{
importer->quick = true;
}
;
intrface : ON ( ifspec | interface_list )
;
@ -1265,7 +1266,7 @@ host_list :
OPENING_BRACE
host
(
COMMA
( COMMA )?
host
)*
CLOSING_BRACE

9
src/unit_tests/PFImporterTest/test_data/pf-hosts-matches.conf
View File

@ -1,4 +1,7 @@
addr_list_macro = "{ 10.123.12.32/27 10.123.14.8/27 10.123.10.16/28 10.123.0.0/24 }"
table <dst_addresses_1> { 192.168.1.1, 192.168.1.2, 192.168.2.0/24 }
table <dst_addresses_2> { pcn0, pcn0:network }
table <dst_addresses_3> { pcn0:peer, pcn0:0 }
@ -20,6 +23,9 @@ pass in quick from any to <dst_addresses_1>
pass in quick from any to <dst_addresses_2>
pass in quick from any to <dst_addresses_3>
pass in quick from any to <dst_addresses_4>
pass in quick from any to $addr_list_macro
pass in quick proto tcp from any to $addr_list_macro port 22
pass in quick proto tcp from any to $addr_list_macro port 22 keep state
pass in quick inet6 from any to 2001:470:1f0e:162::2
pass in quick inet6 from any to ipv6.fwbuilder.org
@ -34,6 +40,9 @@ pass in quick from <dst_addresses_1> to any
pass in quick from <dst_addresses_2> to any
pass in quick from <dst_addresses_3> to any
pass in quick from <dst_addresses_4> to any
pass in quick from $addr_list_macro to any
pass in quick proto tcp from $addr_list_macro port 22 to any
pass in quick proto tcp from $addr_list_macro port 22 to any keep state
pass in quick inet6 from 2001:470:1f0e:162::2 to any
pass in quick inet6 from ipv6.fwbuilder.org to any

312
src/unit_tests/PFImporterTest/test_data/pf-hosts-matches.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1307217609" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1309897476" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -432,8 +432,8 @@
<Library id="id0" name="User" comment="" ro="False">
<ObjectGroup id="id1" name="Objects" comment="" ro="False">
<ObjectGroup id="id2" name="Addresses" comment="" ro="False">
<IPv4 id="id3" name="h-192.168.1.1" comment="Created during import of line 2" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
<IPv4 id="id4" name="h-192.168.1.2" comment="Created during import of line 2" ro="False" address="192.168.1.2" netmask="255.255.255.255"/>
<IPv4 id="id3" name="h-192.168.1.1" comment="Created during import of line 5" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
<IPv4 id="id4" name="h-192.168.1.2" comment="Created during import of line 5" ro="False" address="192.168.1.2" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id5" name="DNS Names" comment="" ro="False">
<DNSName id="id6" dnsrec="www.fwbuilder.org" dnsrectype="A" run_time="True" name="www.fwbuilder.org" comment="" ro="False"/>
@ -442,58 +442,62 @@
</ObjectGroup>
<ObjectGroup id="id9" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id10" name="Groups" comment="" ro="False">
<ObjectGroup id="id11" name="dst_addresses_1" comment="Created during import of line 2" ro="False">
<ObjectGroup id="id11" name="dst_addresses_1" comment="Created during import of line 5" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id4"/>
<ObjectRef ref="id26"/>
</ObjectGroup>
<ObjectGroup id="id15" name="dst_addresses_2" comment="Created during import of line 3" ro="False">
<ObjectRef ref="id387"/>
<ObjectRef ref="id388"/>
<ObjectGroup id="id15" name="dst_addresses_2" comment="Created during import of line 6" ro="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id482"/>
</ObjectGroup>
<ObjectGroup id="id18" name="dst_addresses_3" comment="Created during import of line 4" ro="False">
<ObjectRef ref="id387"/>
<ObjectRef ref="id387"/>
<ObjectGroup id="id18" name="dst_addresses_3" comment="Created during import of line 7" ro="False">
<ObjectRef ref="id481"/>
<ObjectRef ref="id481"/>
</ObjectGroup>
<ObjectGroup id="id21" name="dst_addresses_4" comment="Created during import of line 5" ro="False">
<ObjectGroup id="id21" name="dst_addresses_4" comment="Created during import of line 8" ro="False">
<ObjectRef ref="id6"/>
<ObjectRef ref="id7"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id24" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id25" name="Networks" comment="" ro="False">
<Network id="id26" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 2" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id27" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 14" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id26" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 5" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id27" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 17" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id28" name="net-10.123.12.32/255.255.255.224" comment="Created during import of line 26" ro="False" address="10.123.12.32" netmask="255.255.255.224"/>
<Network id="id29" name="net-10.123.14.8/255.255.255.224" comment="Created during import of line 26" ro="False" address="10.123.14.8" netmask="255.255.255.224"/>
<Network id="id30" name="net-10.123.10.16/255.255.255.240" comment="Created during import of line 26" ro="False" address="10.123.10.16" netmask="255.255.255.240"/>
<Network id="id31" name="net-10.123.0.0/255.255.255.0" comment="Created during import of line 26" ro="False" address="10.123.0.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id28" name="Address Ranges" comment="" ro="False"/>
<ObjectGroup id="id32" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id29" name="Services" comment="" ro="False">
<ServiceGroup id="id30" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id31" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id32" name="IP" comment="" ro="False"/>
<ServiceGroup id="id33" name="TCP" comment="" ro="False">
<TCPService id="id34" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 15" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id35" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 18" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id36" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 29" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id37" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 22:22 / 0:0" comment="Created during import of line 32" ro="False" src_range_start="22" src_range_end="22" dst_range_start="0" dst_range_end="0"/>
<ServiceGroup id="id33" name="Services" comment="" ro="False">
<ServiceGroup id="id34" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id35" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id36" name="IP" comment="" ro="False"/>
<ServiceGroup id="id37" name="TCP" comment="" ro="False">
<TCPService id="id38" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 18" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id39" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 21" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id40" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 35" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id41" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 22:22 / 0:0" comment="Created during import of line 38" ro="False" src_range_start="22" src_range_end="22" dst_range_start="0" dst_range_end="0"/>
</ServiceGroup>
<ServiceGroup id="id38" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id39" name="Users" comment="" ro="False"/>
<ServiceGroup id="id40" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id41" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id42" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id43" name="Users" comment="" ro="False"/>
<ServiceGroup id="id44" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id45" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id42" name="Firewalls" comment="" ro="False">
<Firewall id="id43" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 3" ro="False">
<NAT id="id383" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<ObjectGroup id="id46" name="Firewalls" comment="" ro="False">
<Firewall id="id47" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 6" ro="False">
<NAT id="id477" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id45" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id47" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 8">
<Policy id="id49" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id51" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 11">
<Src neg="False">
<ObjectRef ref="id388"/>
<ObjectRef ref="id482"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id43"/>
<ObjectRef ref="id47"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -508,12 +512,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id59" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 9&#10;import of 'interface:broadcast' is not supported.">
<PolicyRule id="id63" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 12&#10;import of 'interface:broadcast' is not supported.">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id43"/>
<ObjectRef ref="id47"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -529,12 +533,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id71" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 10&#10;import of 'interface:peer' is not supported.">
<PolicyRule id="id75" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 13&#10;import of 'interface:peer' is not supported.">
<Src neg="False">
<ObjectRef ref="id387"/>
<ObjectRef ref="id481"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id43"/>
<ObjectRef ref="id47"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -550,12 +554,12 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id83" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 11&#10;import of 'interface:0' is not supported.">
<PolicyRule id="id87" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 14&#10;import of 'interface:0' is not supported.">
<Src neg="False">
<ObjectRef ref="id387"/>
<ObjectRef ref="id481"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id43"/>
<ObjectRef ref="id47"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
@ -571,7 +575,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id95" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 13">
<PolicyRule id="id99" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 16">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -591,7 +595,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id107" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 14">
<PolicyRule id="id111" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 17">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -611,15 +615,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id119" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 15">
<PolicyRule id="id123" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 18">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id387"/>
<ObjectRef ref="id481"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id34"/>
<ServiceRef ref="id38"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -631,15 +635,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id131" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 16">
<PolicyRule id="id135" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 19">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id387"/>
<ObjectRef ref="id481"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id34"/>
<ServiceRef ref="id38"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -651,7 +655,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id143" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 17">
<PolicyRule id="id147" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 20">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -659,7 +663,7 @@
<ObjectRef ref="id6"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id34"/>
<ServiceRef ref="id38"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -671,15 +675,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id155" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 18">
<PolicyRule id="id159" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 21">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id43"/>
<ObjectRef ref="id47"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id35"/>
<ServiceRef ref="id39"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -691,7 +695,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id167" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 19">
<PolicyRule id="id171" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 22">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -711,7 +715,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id179" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 20">
<PolicyRule id="id183" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 23">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -731,7 +735,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id191" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Created during import of line 21">
<PolicyRule id="id195" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Created during import of line 24">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -751,7 +755,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id203" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Created during import of line 22">
<PolicyRule id="id207" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Created during import of line 25">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -771,7 +775,76 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id215" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Created during import of line 24&#10;IPv6 import is not supported. ">
<PolicyRule id="id219" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Created during import of line 26">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id234" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Created during import of line 27">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id39"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id249" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Created during import of line 28">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id39"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id264" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Created during import of line 30&#10;IPv6 import is not supported. ">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -792,7 +865,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id227" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Created during import of line 25">
<PolicyRule id="id276" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Created during import of line 31">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -812,7 +885,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id239" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Created during import of line 27">
<PolicyRule id="id288" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Created during import of line 33">
<Src neg="False">
<ObjectRef ref="id3"/>
</Src>
@ -832,7 +905,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id251" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Created during import of line 28">
<PolicyRule id="id300" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Created during import of line 34">
<Src neg="False">
<ObjectRef ref="id27"/>
</Src>
@ -852,15 +925,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id263" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Created during import of line 29">
<PolicyRule id="id312" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="Created during import of line 35">
<Src neg="False">
<ObjectRef ref="id387"/>
<ObjectRef ref="id481"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id36"/>
<ServiceRef ref="id40"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -872,15 +945,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id275" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Created during import of line 30">
<PolicyRule id="id324" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="Created during import of line 36">
<Src neg="False">
<ObjectRef ref="id387"/>
<ObjectRef ref="id481"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id36"/>
<ServiceRef ref="id40"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -892,7 +965,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id287" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Created during import of line 31">
<PolicyRule id="id336" disabled="False" group="" log="False" position="23" action="Accept" direction="Inbound" comment="Created during import of line 37">
<Src neg="False">
<ObjectRef ref="id6"/>
</Src>
@ -900,7 +973,7 @@
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id36"/>
<ServiceRef ref="id40"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -912,15 +985,15 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id299" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="Created during import of line 32">
<PolicyRule id="id348" disabled="False" group="" log="False" position="24" action="Accept" direction="Inbound" comment="Created during import of line 38">
<Src neg="False">
<ObjectRef ref="id43"/>
<ObjectRef ref="id47"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id37"/>
<ServiceRef ref="id41"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
@ -932,7 +1005,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id311" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="Created during import of line 33">
<PolicyRule id="id360" disabled="False" group="" log="False" position="25" action="Accept" direction="Inbound" comment="Created during import of line 39">
<Src neg="False">
<ObjectRef ref="id11"/>
</Src>
@ -952,7 +1025,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id323" disabled="False" group="" log="False" position="23" action="Accept" direction="Inbound" comment="Created during import of line 34">
<PolicyRule id="id372" disabled="False" group="" log="False" position="26" action="Accept" direction="Inbound" comment="Created during import of line 40">
<Src neg="False">
<ObjectRef ref="id15"/>
</Src>
@ -972,7 +1045,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id335" disabled="False" group="" log="False" position="24" action="Accept" direction="Inbound" comment="Created during import of line 35">
<PolicyRule id="id384" disabled="False" group="" log="False" position="27" action="Accept" direction="Inbound" comment="Created during import of line 41">
<Src neg="False">
<ObjectRef ref="id18"/>
</Src>
@ -992,7 +1065,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id347" disabled="False" group="" log="False" position="25" action="Accept" direction="Inbound" comment="Created during import of line 36">
<PolicyRule id="id396" disabled="False" group="" log="False" position="28" action="Accept" direction="Inbound" comment="Created during import of line 42">
<Src neg="False">
<ObjectRef ref="id21"/>
</Src>
@ -1012,7 +1085,76 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id359" disabled="False" group="" log="False" position="26" action="Accept" direction="Inbound" comment="Created during import of line 38&#10;IPv6 import is not supported. ">
<PolicyRule id="id408" disabled="False" group="" log="False" position="29" action="Accept" direction="Inbound" comment="Created during import of line 43">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id423" disabled="False" group="" log="False" position="30" action="Accept" direction="Inbound" comment="Created during import of line 44">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id41"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id438" disabled="False" group="" log="False" position="31" action="Accept" direction="Inbound" comment="Created during import of line 45">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
<ObjectRef ref="id30"/>
<ObjectRef ref="id31"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id41"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id453" disabled="False" group="" log="False" position="32" action="Accept" direction="Inbound" comment="Created during import of line 47&#10;IPv6 import is not supported. ">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -1033,7 +1175,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id371" disabled="False" group="" log="False" position="27" action="Accept" direction="Inbound" comment="Created during import of line 39">
<PolicyRule id="id465" disabled="False" group="" log="False" position="33" action="Accept" direction="Inbound" comment="Created during import of line 48">
<Src neg="False">
<ObjectRef ref="id8"/>
</Src>
@ -1055,12 +1197,12 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id385" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<Routing id="id479" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id387" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="pcn0" comment="Created during import of line 3" ro="False">
<Interface id="id481" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="pcn0" comment="Created during import of line 6" ro="False">
<InterfaceOptions/>
<AttachedNetworks id="id388" name="pcn0-net" comment="" ro="False"/>
<AttachedNetworks id="id482" name="pcn0-net" comment="" ro="False"/>
</Interface>
<FirewallOptions>
<Option name="check_shading">true</Option>
@ -1080,7 +1222,7 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id390" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id391" name="Time" comment="" ro="False"/>
<ObjectGroup id="id484" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id485" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

38
src/unit_tests/PFImporterTest/test_data/pf-hosts-matches.output
View File

@ -1,18 +1,15 @@
2: Address Table: <dst_addresses_1>: 192.168.1.1/, 192.168.1.2/, 192.168.2.0/24
3: New interface: pcn0
3: Address Table: <dst_addresses_2>: pcn0/, pcn0/
4: Address Table: <dst_addresses_3>: pcn0/, pcn0/
5: Address Table: <dst_addresses_4>: www.fwbuilder.org/, www.netcitadel.com/
8: filtering rule: action pass; interfaces:
9: filtering rule: action pass; interfaces:
9: Error: import of 'interface:broadcast' is not supported.
10: filtering rule: action pass; interfaces:
10: Error: import of 'interface:peer' is not supported.
5: Address Table: <dst_addresses_1>: 192.168.1.1/, 192.168.1.2/, 192.168.2.0/24
6: New interface: pcn0
6: Address Table: <dst_addresses_2>: pcn0/, pcn0/
7: Address Table: <dst_addresses_3>: pcn0/, pcn0/
8: Address Table: <dst_addresses_4>: www.fwbuilder.org/, www.netcitadel.com/
11: filtering rule: action pass; interfaces:
11: Error: import of 'interface:0' is not supported.
12: filtering rule: action pass; interfaces:
12: Error: import of 'interface:broadcast' is not supported.
13: filtering rule: action pass; interfaces:
13: Error: import of 'interface:peer' is not supported.
14: filtering rule: action pass; interfaces:
15: filtering rule: action pass; interfaces:
14: Error: import of 'interface:0' is not supported.
16: filtering rule: action pass; interfaces:
17: filtering rule: action pass; interfaces:
18: filtering rule: action pass; interfaces:
@ -20,19 +17,28 @@
20: filtering rule: action pass; interfaces:
21: filtering rule: action pass; interfaces:
22: filtering rule: action pass; interfaces:
23: filtering rule: action pass; interfaces:
24: filtering rule: action pass; interfaces:
24: Error: IPv6 import is not supported.
25: filtering rule: action pass; interfaces:
26: filtering rule: action pass; interfaces:
27: filtering rule: action pass; interfaces:
28: filtering rule: action pass; interfaces:
29: filtering rule: action pass; interfaces:
30: filtering rule: action pass; interfaces:
30: Error: IPv6 import is not supported.
31: filtering rule: action pass; interfaces:
32: filtering rule: action pass; interfaces:
33: filtering rule: action pass; interfaces:
34: filtering rule: action pass; interfaces:
35: filtering rule: action pass; interfaces:
36: filtering rule: action pass; interfaces:
37: filtering rule: action pass; interfaces:
38: filtering rule: action pass; interfaces:
38: Error: IPv6 import is not supported.
39: filtering rule: action pass; interfaces:
40: filtering rule: action pass; interfaces:
41: filtering rule: action pass; interfaces:
42: filtering rule: action pass; interfaces:
43: filtering rule: action pass; interfaces:
44: filtering rule: action pass; interfaces:
45: filtering rule: action pass; interfaces:
47: filtering rule: action pass; interfaces:
47: Error: IPv6 import is not supported.
48: filtering rule: action pass; interfaces: