Release 5.2.0.3600

2026-05-01 14:47:27 +02:00 · 2013-06-26 15:41:53 +02:00 · 2013-06-26 15:41:53 +02:00 · f2edc242f1
commit f2edc242f1
parent ce8584e847
14 changed files with 222 additions and 5889 deletions
--- a/4
+++ b/4
@ -1,13 +1,13 @@
 #-*- mode: shell-script; tab-width: 4; -*-

 FWB_MAJOR_VERSION=5
-FWB_MINOR_VERSION=1
+FWB_MINOR_VERSION=2
 FWB_MICRO_VERSION=0

 # build number is like "nano" version number. I am incrementing build
 # number during development cycle
 #
-BUILD_NUM="3599"
+BUILD_NUM="3600"

 VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

--- a/VERSION.h
+++ b/VERSION.h
@ -1,2 +1,2 @@
-#define VERSION      "5.1.0.3599"
-#define GENERATION   "5.1"
+#define VERSION      "5.2.0.3600"
+#define GENERATION   "5.2"
--- a/doc/AUTHORS
+++ b/doc/AUTHORS
@ -7,7 +7,13 @@ Vadim Zaliva <lord@crocodile.org>          libfwbuilder API design;
 					   XML data storage implementation;
 					   implementation of printing 

-
-
-
-
+UNINETT AS, Sirius Bakke <sirius.bakke@uninett.no>
+		Search for objects by port number or ip address
+		Graphical diff viewer
+		Diff on generated output, autocompiling firewall when loading file
+		Support for Cisco NXOS Access lists
+		Support for dummy objects in rules
+		Port to Qt5
+		New buildscript and instructions for OSX
+		Added build instructions for Windows
+<
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,13 @@
+2013-08-10  Sirius Bakke <sirius.bakke@uninett.no>
+	* Version 5.2.0
+	* Search for objects by port number or ip addres
+	* View graphical diff and autocompile firewall when loading file
+	* Support for Cisco NXOS Access lists
+	* Added support for dummy objects in rules
+	* Port to Qt5
+	* New buildscript for OSX
+	* Added build instructions for Windows
+
 2012-03-21  Vadim Kurland  <vadim@netcitadel.com>

 	* running autoconf, configure as part of windows build. Merged
--- a/packaging/fwbuilder-static-qt.spec
+++ b/packaging/fwbuilder-static-qt.spec
@ -1,103 +0,0 @@
-
-# .spec file for statically linked fwbuilder rpm for CentOS 5.2
-
-
-%define name    fwbuilder
-%define version 5.1.0.3599
-%define release 1
-
-%if "%_vendor" == "MandrakeSoft"
-%define guigroup  System/Configuration/Networking
-%define compgroup System/Configuration/Networking
-%else
-%define guigroup  Applications/System
-%define compgroup Applications/System
-%endif
-
-Summary:        Firewall Builder
-Name:           %{name}
-Version:        %{version}
-Release:        %{release}%{?dist}
-License:        GPL2
-Vendor:         NetCitadel LLC., http://sourceforge.net/project/showfiles.php?group_id=5314
-Group:          %{guigroup}
-Url:            http://www.fwbuilder.org/
-Source:         http://prdownloads.sourceforge.net/fwbuilder/%{name}-%{version}.tar.gz
-Packager:       Vadim Kurland <vadim@fwbuilder.org>
-
-Buildroot:      %{_tmppath}/%{name}-%{version}-root
-
-BuildRequires: libxml2-devel, libxslt-devel, openssl-devel
-
-Obsoletes:     fwbuilder-ipt, fwbuilder-pf, fwbuilder-ipf, fwbuilder-ipfw, fwbuilder-pix, fwbuilder-iosacl, fwbuilder-cisco, libfwbuilder, libfwbuilder-devel
-
-Docdir:         /usr/share/doc
-
-%description
-Firewall Builder consists of a GUI and set of policy compilers for
-various firewall platforms. It helps users maintain a database of
-objects and allows policy editing using simple drag-and-drop
-operations. GUI generates firewall description in the form of XML
-file, which compilers then interpret and generate platform-specific
-code. Several algorithms are provided for automated network objects
-discovery and bulk import of data. The GUI and policy compilers are
-completely independent, this provides for a consistent abstract model
-and the same GUI for different firewall platforms. 
-
-%prep
-%setup
-./autogen.sh
-
-%build
-%configure --with-qtdir=/opt/qt44
-make -j5 all
-
-%install
-[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT
-make INSTALL_ROOT="${RPM_BUILD_ROOT}/" install
-rm -fr $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}
-
-%clean
-[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root)
-%dir /usr/share/fwbuilder-%version
-/usr/share/fwbuilder-%version
-/usr/bin/fwbuilder
-/usr/bin/fwbedit
-/usr/bin/fwb_iosacl
-/usr/bin/fwb_ipf
-/usr/bin/fwb_ipfw
-/usr/bin/fwb_ipt
-/usr/bin/fwb_pf
-/usr/bin/fwb_pix
-/usr/bin/fwb_procurve_acl
-%doc doc/AUTHORS
-%doc doc/COPYING
-%doc doc/Credits
-%doc doc/ChangeLog
-%doc doc/PatchAcceptancePolicy.txt
-%doc doc/README.floppyfw
-%doc doc/README.iosacl
-%doc doc/README.ipf
-%doc doc/README.ipfw
-%doc doc/README.ipt
-%doc doc/README.pf
-%doc doc/README.pix
-%doc doc/README.pix_routing
-%doc doc/README.routing
-%doc doc/README.policy_import
-%doc doc/README.iosacl
-%doc doc/FWBuilder-Routing-LICENSE.txt
-%{_mandir}/man1/fwbuilder.1*
-%{_mandir}/man1/fwbedit.1*
-%{_mandir}/man1/fwb_iosacl.1*
-%{_mandir}/man1/fwb_ipf.1*
-%{_mandir}/man1/fwb_ipfw.1*
-%{_mandir}/man1/fwb_ipt.1*
-%{_mandir}/man1/fwb_pf.1*
-%{_mandir}/man1/fwb_pix.1*
-%{_datadir}/applications/*.desktop
-%{_datadir}/icons/hicolor/*/apps/%name.png
-
--- a/packaging/fwbuilder.control
+++ b/packaging/fwbuilder.control
@ -1,9 +0,0 @@
-Package: fwbuilder
-Conflicts: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linux, fwbuilder-doc, libfwbuilder
-Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linux, fwbuilder-doc, libfwbuilder
-Priority: extra
-Section: checkinstall
-Maintainer: vadim@fwbuilder.org
-Version: 5.1.0.3599-1
-Depends: libqt4-gui (>= 4.4.0), libqt4-network (>= 4.4.0), libxml2, libxslt1.1, libsnmp | libsnmp15
-Description: Firewall Builder GUI and policy compilers
--- a/packaging/fwbuilder.nsi
+++ b/packaging/fwbuilder.nsi
@ -1,407 +0,0 @@
-; fwbuilder.nsi
-;
-;
-!verbose 1
-;--------------------------------
-;Variables
-
-Var MUI_TEMP
-Var STARTMENU_FOLDER
-
-; GENERATION is used to build the path in the registry, it should be coordinated
-; with the path defined in FWBSettings class
-;
-!define GENERATION "5.1"
-!define GENERATION_SHORT "51"
-!define VERSION "5.1.0.3599"
-
-
-
-!define APPNAME "FirewallBuilder${GENERATION}"
-
-;------------------------------------------------------------------------------
-; GetWindowsVersion
-;
-; Based on Yazno's function, http://yazno.tripod.com/powerpimpit/
-; Returns on top of stack
-;
-; Windows Version (95, 98, ME, NT x.x, 2000)
-; or
-; '' (Unknown Windows Version)
-;
-; Usage:
-;   Call GetWindowsVersion
-;   Pop $0
-;   ; at this point $0 is "NT 4.0" or whatnot
-
-Function GetWindowsVersion
-  Push $0
-  Push $9
-  ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" CurrentVersion
-  StrCmp $0 "" 0 lbl_winnt
-  ; we are not NT.
-  ReadRegStr $0 HKLM SOFTWARE\Microsoft\Windows\CurrentVersion VersionNumber
- 
-  StrCpy $9 $0 1
-  StrCmp $9 '4' 0 lbl_error
-
-  StrCpy $9 $0 3
-
-  StrCmp $9 '4.0' lbl_win32_95
-  StrCmp $9 '4.9' lbl_win32_ME lbl_win32_98
-
-  lbl_win32_95:
-    StrCpy $0 '95'
-  Goto lbl_done
-
-  lbl_win32_98:
-    StrCpy $0 '98'
-  Goto lbl_done
-
-  lbl_win32_ME:
-    StrCpy $0 'ME'
-  Goto lbl_done
-
-  lbl_winnt: 
-
-    StrCpy $9 $0 1
-    StrCmp $9 '3' lbl_winnt_x
-    StrCmp $9 '4' lbl_winnt_x
-    StrCmp $9 '5' lbl_winnt_5
-    StrCmp $9 '6' lbl_winnt_6 lbl_error
-
-    lbl_winnt_x:
-      StrCpy $0 "NT $0" 6
-    Goto lbl_done
-
-    lbl_winnt_5:
-      Strcpy $0 '2000'
-    Goto lbl_done
-
-    lbl_winnt_6:
-      Strcpy $0 'Vista'
-    Goto lbl_done
-
-  lbl_error:
-    Strcpy $0 ''
-  lbl_done:
-  Pop $9
-  Exch $0
-FunctionEnd
-
-
-Function .onInit
-
-  Call GetWindowsVersion
-  Pop $0
-
-  StrCmp $0 "NT 4.0" lbl_done check_2000
-  check_2000:
-      StrCmp $0 "2000" lbl_done check_vista
-  check_vista:
-      StrCmp $0 "Vista" lbl_done lbl_error
-  lbl_error:
-      MessageBox MB_OK  "Firewall Builder supports only Windows 2000, Windows XP and Vista platform."
-      Abort
-
-lbl_done:
-
-FunctionEnd
-
-
-Function un.UninstallSurveyPageText
-
-  IfFileExists $PROFILE\fwb4*license* +4 0
-  IfFileExists $PROFILE\Documents\fwb4*license* +3 0
-
-  MessageBox MB_YESNO "Help us improve Firewall Builder!  If you are \
-uninstalling because you don't plan to use the software please fill out \
-a short survey to tell us why you are leaving and what we can do better.\
-$\n\
-$\n\
-Click Yes to open the survey in your web browser, click No to exit the \
-uninstaller." IDNO +2
-
-  ExecShell open "http://www.fwbuilder.org/uninstall_survey.html" 
-
-;  MessageBox MB_ICONSTOP "Continuing uninstaller"
-
-FunctionEnd
-
-
-;****************************************************************************
-;Include Modern UI
-
-  !include "MUI2.nsh"
-
-;****************************************************************************
-
-  setCompressor lzma
-
-  Name "Firewall Builder ${GENERATION}"
-  Caption "Firewall Builder installation"
-  OutFile "fwbuilder-${VERSION}.exe"
-
-;  Default installation folder
-  InstallDir "C:\FWBuilder${GENERATION_SHORT}"
-
-;****************************************************************************
-; We need to keep installation data and program settings in
-; registry folders with different names. QSettings always looks into
-; Current User registry first, so if the folders have the same names,
-; then we store evaluation key in Current User, while it is better
-; to put it in the Local Machine branch.
-;
-; So, installation data goes to HKLM Software\NetCitadel\FirewallBuilder\2.1
-; and settings to HKCU Software\NetCitadel\FirewallBuilder2_1
-;
-; fwbuilder-lm determines folder path for the license file by
-; reading key Install_Dir under HKLM Software\NetCitadel\FirewallBuilder\2.1
-;
-;****************************************************************************
-;
-;  Get installation folder from registry if available
-
-  InstallDirRegKey HKLM Software\NetCitadel\${APPNAME} "Install_Dir"
-
-;****************************************************************************
-;Interface Settings
-
-  !define MUI_ABORTWARNING
-
-  ;Start Menu Folder Page Configuration
-  !define MUI_STARTMENUPAGE_REGISTRY_ROOT "HKLM"
-  !define MUI_STARTMENUPAGE_REGISTRY_KEY "Software\NetCitadel\${APPNAME}" 
-  !define MUI_STARTMENUPAGE_REGISTRY_VALUENAME "Start Menu Folder"
-
-  LicenseText "GNU GENERAL PUBLIC LICENSE"
-  LicenseData "doc\COPYING"
-
-  !define MUI_HEADERIMAGE
-  !define MUI_HEADERIMAGE_BITMAP       packaging\fwbuilder-160x60.bmp
-  !define MUI_WELCOMEFINISHPAGE_BITMAP packaging\fwbuilder-164x314.bmp
-
-;****************************************************************************
-; The following macros add PageEx statements
-
-  !insertmacro MUI_PAGE_LICENSE  "doc\COPYING"
-;  !insertmacro MUI_PAGE_COMPONENTS
-  !insertmacro MUI_PAGE_DIRECTORY
-  !insertmacro MUI_PAGE_STARTMENU Application $STARTMENU_FOLDER
-  !insertmacro MUI_PAGE_INSTFILES
-
-; Uninstaller starts with a custom page that asks the user to fill survey
-
-  !insertmacro MUI_UNPAGE_CONFIRM
-  !insertmacro MUI_UNPAGE_INSTFILES
-  UninstPage custom un.UninstallSurveyPageText
-
-; Set language
-  !insertmacro MUI_LANGUAGE "English"
-
-;****************************************************************************
-; Request elevated priviliges
-
-  RequestExecutionLevel admin
-
-;****************************************************************************
-; The stuff to install
-Section "FWBuilder (required)"
-
-; Set output path to the installation directory.
-;  SetOutPath $INSTDIR
-
-  SetOutPath $INSTDIR\resources
-
-  File src\res\resources.xml
-  File src\res\templates.xml
-  File src\res\objects_init.xml
-  File src\libfwbuilder\etc\fwbuilder.dtd
-
-  File /r src\res\configlets
-  File /r src\res\help
-  File /r src\res\os
-  File /r src\res\platform
-  File /r src\libfwbuilder\migration
-
-  SetOutPath $INSTDIR\resources\locale
-
-; we have no working translations for v4 and v5
-;  File src\libgui\*.qm
-
-  SetOutPath $INSTDIR
-
-  File /oname=COPYING.doc doc\COPYING
-  File "doc\FWBuilder-Routing-LICENSE.txt"
-  File "doc\README.iosacl"
-  File "doc\README.ipt"
-  File "doc\README.ipf"
-  File "doc\README.ipfw"
-  File "doc\README.pf"
-  File "doc\README.pix"
-  File "doc\README.pix_routing"
-  File "doc\README.routing"
-
-  File /oname=fwbuilder.ico "src\gui\fwbuilder-windows.ico"
-
-  File /a "src\gui\release\fwbuilder.exe"
-  File /a "src\fwbedit\release\fwbedit.exe"
-  File /a "src\iosacl\release\fwb_iosacl.exe"
-  File /a "src\ipt\release\fwb_ipt.exe"
-  File /a "src\ipf\release\fwb_ipf.exe"
-  File /a "src\ipfw\release\fwb_ipfw.exe"
-  File /a "src\pf\release\fwb_pf.exe"
-  File /a "src\pix\release\fwb_pix.exe"
-  File /a "src\procurve_acl\release\fwb_procurve_acl.exe"
-
-  File "c:\MinGW\bin\libiconv-2.dll"
-  File "c:\MinGW\bin\libpthread-2.dll"
-  File "c:\MinGW\bin\libgcc_s_dw2-1.dll"
-  File "c:\MinGW\bin\libstdc++-6.dll"
-
-  File "c:\local\bin\libxml2-2.dll"
-  File "c:\local\bin\libxslt-1.dll"
-
-; Install RCS for these files
-;
-  File "c:\local\bin\ci.exe"
-  File "c:\local\bin\co.exe"
-  File "c:\local\bin\rcs.exe"
-  File "c:\local\bin\rcsdiff.exe"
-  File "c:\local\bin\rlog.exe"
-  File "c:\local\bin\diff.exe"
-  File "c:\local\bin\rcslib.dll"
-
-;  File "c:\local\bin\netsnmp.dll"
-
-  File "c:\local\qt-everywhere-commercial-src-4.7.3\bin\QtCore4.dll"
-  File "c:\local\qt-everywhere-commercial-src-4.7.3\bin\QtGui4.dll"
-  File "c:\local\qt-everywhere-commercial-src-4.7.3\bin\QtNetwork4.dll"
-  File "c:\local\qt-everywhere-commercial-src-4.7.3\bin\QtTest4.dll"
-
-  File /nonfatal /oname=resources\locale\qt_de.qm "c:\local\qt-everywhere-commercial-src-4.7.3\translations\qt_de.qm"
-  File /nonfatal /oname=resources\locale\qt_fr.qm "c:\local\qt-everywhere-commercial-src-4.7.3\translations\qt_fr.qm"
-  File /nonfatal /oname=resources\locale\qt_ru.qm "c:\local\qt-everywhere-commercial-src-4.7.3\translations\qt_ru.qm"
-
-
-;; Starting with 4.0.2, we now package putty tools with fwbuilder
-  File "c:\PuTTY\plink.exe"
-  File "c:\PuTTY\pscp.exe"
-
-
-; Write the installation path into the registry
-  WriteRegStr HKLM Software\NetCitadel\${APPNAME} "Install_Dir" "$INSTDIR"
-
-; Write the uninstall keys for Windows
-  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\FWBuilder ${GENERATION}" "DisplayName"     "Firewall Builder ${GENERATION}"
-  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\FWBuilder ${GENERATION}" "UninstallString" '"$INSTDIR\uninstall.exe"'
-  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\FWBuilder ${GENERATION}" "Publisher"       "NetCitadel LLC"
-  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\FWBuilder ${GENERATION}" "DisplayVersion"  "${VERSION}"
-
-
-; Write file associations and icons
-
-  WriteRegStr HKLM "Software\Classes\.fwb" "" "fwbfile"
-  WriteRegStr HKLM "Software\Classes\fwbfile\shell\open\command" "" "$INSTDIR\fwbuilder.exe -noexec %1"
-  WriteRegStr HKLM "Software\Classes\fwbfile\DefaultIcon"        "" "$INSTDIR\fwbuilder.exe,0"
-
-  WriteRegStr HKLM "Software\Classes\.fwl" "" "fwlfile"
-  WriteRegStr HKLM "Software\Classes\fwlfile\shell\open\command" "" "$INSTDIR\fwbuilder.exe -noexec %1"
-  WriteRegStr HKLM "Software\Classes\fwlfile\DefaultIcon"        "" "$INSTDIR\fwbuilder.exe,0"
-
-
-; Create registry entry for putty session with ssh keepalive
-  WriteRegDWORD HKCU "Software\SimonTatham\PuTTY\Sessions\fwb_session_with_keepalive" "PingInterval" "0"
-  WriteRegDWORD HKCU "Software\SimonTatham\PuTTY\Sessions\fwb_session_with_keepalive" "PingIntervalSecs" "10"
-
-; ========================================================================
-; Configure installer to use our prepackaged plink.exe and pscp.exe but only if it was not configured before
-;
-; ******** THESE KEYS MUST MATCH THOSE USED BY the class FWBSettings 
-;
-  ReadRegStr $0 HKCU "Software\netcitadel.com\${APPNAME}\${GENERATION}\SSH" "SSHPath"
-  StrCmp $0 "" 0 +3
-    WriteRegStr HKCU "Software\netcitadel.com\${APPNAME}\${GENERATION}\SSH" "SSHPath" "$INSTDIR\plink.exe"
-    WriteRegStr HKCU "Software\netcitadel.com\${APPNAME}\${GENERATION}\SSH" "SCPPath" "$INSTDIR\pscp.exe"
-; ========================================================================
-
-  !insertmacro MUI_STARTMENU_WRITE_BEGIN Application
-
-; Setting var context to "all" makes Start menu shortcuts appear for all
-; users
-
-;  SetShellVarContext all
-
-  CreateDirectory "$SMPROGRAMS\$STARTMENU_FOLDER"
-  CreateShortCut "$SMPROGRAMS\$STARTMENU_FOLDER\FWBuilder on the Web.lnk" "http://www.fwbuilder.org/" "" "$INSTDIR\fwbuilder.ico"
-  CreateShortCut "$SMPROGRAMS\$STARTMENU_FOLDER\FWBuilder.lnk" "$INSTDIR\fwbuilder.exe" "" "$INSTDIR\fwbuilder.ico"
-  CreateShortCut "$SMPROGRAMS\$STARTMENU_FOLDER\Uninstall.lnk" "$INSTDIR\uninstall.exe" "" "$INSTDIR\uninstall.exe" 0
-
-  !insertmacro MUI_STARTMENU_WRITE_END
-
-  WriteUninstaller "uninstall.exe"
-
-SectionEnd
-
-;=============================================================================
-; uninstall stuff
-
-UninstallText "This will uninstall FWBuilder. Hit next to continue."
-
-;=============================================================================
-
-Section "Uninstall"
-
-  ; remove registry keys
-  DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\FWBuilder ${GENERATION}"
-  DeleteRegKey HKLM "Software\NetCitadel\${APPNAME}"
-
-  ; delete obsolete registry folder, not used in v3.x but could be left over from older versions
-  DeleteRegKey HKCU "Software\NetCitadel LLC\Firewall Builder"
-
-  DeleteRegKey HKCU "Software\netcitadel.com\${APPNAME}"
-  DeleteRegKey /ifempty HKCU "Software\netcitadel.com\${APPNAME}"
-  DeleteRegKey /ifempty HKCU "Software\netcitadel.com"
-
-  DeleteRegKey HKCR ".fwb"
-  DeleteRegKey HKCR ".fwl"
-  DeleteRegKey HKCR "fwbfile"
-  DeleteRegKey HKCR "fwlfile"
-  DeleteRegKey HKCR "FirewallBuilder.AssocFile.FWB"
-  DeleteRegKey HKCR "FirewallBuilder.AssocFile.FWL"
-
-; remove files
-; MUST REMOVE UNINSTALLER, too
-  Delete  $INSTDIR\uninstall.exe
-  Delete "$INSTDIR\*.*"
-  Delete "$INSTDIR\migration\*.*"
-  Delete "$INSTDIR\resources\os\*.*"
-  Delete "$INSTDIR\resources\platform\*.*"
-  Delete "$INSTDIR\resources\help\*.*"
-  Delete "$INSTDIR\resources\configlets\*.*"
-  Delete  $INSTDIR\COPYING.doc
-
-  RMDir /r "$INSTDIR"
-
-;  !insertmacro MUI_STARTMENU_GETFOLDER Application $MUI_TEMP
-;  Delete  "$SMPROGRAMS\$MUI_TEMP\*.*"
-;  StrCpy $MUI_TEMP "$SMPROGRAMS\$MUI_TEMP"
-
-;  Remove Start menu shortcuts
-
-  !insertmacro MUI_STARTMENU_GETFOLDER Application $STARTMENU_FOLDER
-
-;  SetShellVarContext all
-
-  Delete "$SMPROGRAMS\$STARTMENU_FOLDER\FWBuilder on the Web.lnk"
-  Delete "$SMPROGRAMS\$STARTMENU_FOLDER\FWBuilder.lnk"
-  Delete "$SMPROGRAMS\$STARTMENU_FOLDER\Uninstall.lnk"
-  RMDir  "$SMPROGRAMS\$STARTMENU_FOLDER"
-
-  ; delete only if empty because there could be registry folders
-  ; for our other products
-  DeleteRegKey /ifempty HKLM "Software\NetCitadel"
-
-SectionEnd
-
-; eof
--- a/packaging/fwbuilder.spec
+++ b/packaging/fwbuilder.spec
@ -1,105 +0,0 @@
-
-%define name    fwbuilder
-%define version 5.1.0.3599
-%define release 1
-
-%if "%_vendor" == "MandrakeSoft"
-%define guigroup  System/Configuration/Networking
-%define compgroup System/Configuration/Networking
-%else
-%define guigroup  Applications/System
-%define compgroup Applications/System
-%endif
-
-Summary:        Firewall Builder
-Name:           %{name}
-Version:        %{version}
-Release:        %{release}%{?dist}
-License:        GPL2
-Vendor:         NetCitadel LLC., http://sourceforge.net/project/showfiles.php?group_id=5314
-Group:          %{guigroup}
-Url:            http://www.fwbuilder.org/
-Source:         http://prdownloads.sourceforge.net/fwbuilder/%{name}-%{version}.tar.gz
-Packager:       Vadim Kurland <vadim@fwbuilder.org>
-
-Buildroot:      %{_tmppath}/%{name}-%{version}-root
-
-BuildRequires: libxml2-devel, libxslt-devel, openssl-devel
-%if "%_vendor" == "suse"
-BuildRequires: qt-devel
-%else
-BuildRequires: qt4-devel
-%endif
-
-Obsoletes:     fwbuilder-ipt, fwbuilder-pf, fwbuilder-ipf, fwbuilder-ipfw, fwbuilder-pix, fwbuilder-iosacl, fwbuilder-cisco, libfwbuilder, libfwbuilder-devel
-
-Docdir:         /usr/share/doc
-
-%description
-Firewall Builder consists of a GUI and set of policy compilers for
-various firewall platforms. It helps users maintain a database of
-objects and allows policy editing using simple drag-and-drop
-operations. GUI generates firewall description in the form of XML
-file, which compilers then interpret and generate platform-specific
-code. Several algorithms are provided for automated network objects
-discovery and bulk import of data. The GUI and policy compilers are
-completely independent, this provides for a consistent abstract model
-and the same GUI for different firewall platforms. 
-
-%prep
-%setup 
-./autogen.sh
-
-%build
-%configure
-make -j5 all
-
-%install
-[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT
-make INSTALL_ROOT="${RPM_BUILD_ROOT}/" install
-rm -fr $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}
-
-%clean
-[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root)
-%dir /usr/share/fwbuilder-%version
-/usr/share/fwbuilder-%version
-/usr/bin/fwbuilder
-/usr/bin/fwbedit
-/usr/bin/fwb_iosacl
-/usr/bin/fwb_ipf
-/usr/bin/fwb_ipfw
-/usr/bin/fwb_ipt
-/usr/bin/fwb_pf
-/usr/bin/fwb_pix
-/usr/bin/fwb_procurve_acl
-%doc doc/AUTHORS
-%doc doc/COPYING
-%doc doc/Credits
-%doc doc/ChangeLog
-%doc doc/PatchAcceptancePolicy.txt
-%doc doc/README.floppyfw
-%doc doc/README.iosacl
-%doc doc/README.ipf
-%doc doc/README.ipfw
-%doc doc/README.ipt
-%doc doc/README.pf
-%doc doc/README.pix
-%doc doc/README.pix_routing
-%doc doc/README.routing
-%doc doc/README.policy_import
-%doc doc/README.iosacl
-%doc doc/FWBuilder-Routing-LICENSE.txt
-%{_mandir}/man1/fwbuilder.1*
-%{_mandir}/man1/fwbedit.1*
-%{_mandir}/man1/fwb_iosacl.1*
-%{_mandir}/man1/fwb_ipf.1*
-%{_mandir}/man1/fwb_ipfw.1*
-%{_mandir}/man1/fwb_ipt.1*
-%{_mandir}/man1/fwb_pf.1*
-%{_mandir}/man1/fwb_pix.1*
-%{_datadir}/applications/*.desktop
-%{_datadir}/icons/hicolor/*/apps/%name.png
-
--- a/src/libfwbuilder/etc/etc.pro
+++ b/src/libfwbuilder/etc/etc.pro
@ -3,7 +3,7 @@

 include(../qmake.inc)

-TEMPLATE = lib
+TEMPLATE = app

 win32 {
 	CONFIG -= embed_manifest_exe
--- a/src/libfwbuilder/etc/fwbuilder.dtd
+++ b/src/libfwbuilder/etc/fwbuilder.dtd
@ -1,679 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-     Firewall Builder Document Type Definition
-     http://www.fwbuilder.org/
-     Authors:  Friedhelm Duesterhoeft, Vadim Zaliva, Vadim Kurland, Tidei Maurizio
-
-->
-
-<!ENTITY % BOOLEAN   "(False|True)">
-<!ENTITY % STRING    "CDATA">
-<!ENTITY % NUMBER    "CDATA">
-
-<!--
- * Supported policy rule actions:
- *
- *        Accept - accept the packet, analysis terminates
- *
- *        Reject - reject the packet and send ICMP 'unreachable' or
- *                 TCP RST back to sender, analysis terminates
- *
- *        Deny   - drop the packet, nothing is sent back to sender,
- *                 analysis terminates
- *
- *        Scrub  - run the packet through normalizer (see 'scrub' in
- *                 PF), continue analysis
- *
- *        Return - action used internally, meaning may depend on
- *                 implementation of the policy compiler but generally 
- *                 means return from the block of rules
- *
- *        Skip   - skip N rules down and continue analysis. Used
- *                 internally.
- *
- *        Continue - do nothing, continue analysis. Used internally.
- *
- *        Accounting - generate target firewall platform rule to count
- *                 the packet and continue analysis.
- *
- *        Modify - edit the packet (change some header values, like
- *                 TOS bits) or mark it somehow if the kernel supports 
- *                 that (e.g. target MARK in iptables)
- *
- *        Tag    - put a tag on the packet or mark it somehow
- *        
- *        Pipe   - send the packet to the userland process for inspection
- *        
- *        Classify - classify the packet for QoS or traffic shaping
- * 
- *        Custom - platform-depended custom action
- *
- *        Branch - branch to a subset of rules for inspection
- *
-->
-
-<!ENTITY % ACTION "(Accept|Reject|Deny|Scrub|Return|Skip|Continue|Accounting|Modify|Pipe|Custom|Branch)">
-<!ENTITY % NAT_ACTION "(Translate|NATBranch)">
-<!ENTITY % DIRECTION "(Inbound|Outbound|Both)">
-<!ENTITY % IPADDRESS "CDATA">
-<!ENTITY % NETMASK "CDATA">
-<!ENTITY % IP6ADDRESS "CDATA">
-<!ENTITY % IP6NETMASK "CDATA">
-
-<!-- Standard attributes presented in all nodes -->
-<!ENTITY  % STD_ATTRIBUTES '
- name     %STRING;  #REQUIRED
- keywords %STRING;  #IMPLIED
- comment  %STRING;  #IMPLIED
- id       ID        #REQUIRED
- ro       %BOOLEAN; #IMPLIED
- folder   %STRING;  #IMPLIED
-'>
-
-<!-- Standard attributes for all system nodes -->
-<!ENTITY % SYS_ATTRIBUTES '
-'>
-
-<!-- 
-      **** Document structure, main groups. ****
-->
-
-<!ELEMENT FWObjectDatabase (Library*)>
-<!ATTLIST FWObjectDatabase
- xmlns        CDATA     #FIXED "http://www.fwbuilder.org/1.0/"
- version      %STRING;  #FIXED "22"
- lastModified %NUMBER;  #IMPLIED
- id           ID        #REQUIRED
->
-
-<!ELEMENT Library
-((AnyNetwork|AnyIPService|AnyInterval|ObjectGroup|DynamicGroup|StateSyncClusterGroup|FailoverClusterGroup|Host|Firewall|Cluster|Network|NetworkIPv6|AttachedNetworks|IPv4|IPv6|DNSName|AddressTable|physAddress|AddressRange|ObjectRef|ServiceGroup|IPService|ICMPService|ICMP6Service|TCPService|UDPService|CustomService|ServiceRef|IntervalGroup|Interval|IntervalRef|Interface|Policy|NAT|PolicyRule|NATRule|Library|TagService|UserService)*)>
-<!ATTLIST Library
- %STD_ATTRIBUTES;
- color   %STRING;  #IMPLIED
->
-
-
-<!-- 
-      **** Document structure, Services. ****
-->
-
-<!ELEMENT AnyIPService EMPTY>
-<!ATTLIST AnyIPService
- %SYS_ATTRIBUTES;
- %STD_ATTRIBUTES;
- protocol_num %NUMBER;  #FIXED     "0"
->
-
-<!-- Reference to Services child -->
-<!ELEMENT ServiceRef EMPTY>
-<!ATTLIST ServiceRef 
-       ref IDREF #REQUIRED
->
-
-<!ELEMENT ServiceGroup (( ServiceGroup | IPService | ICMPService  | ICMP6Service  | TCPService | UDPService | CustomService | ServiceRef | TagService | UserService)*)>
-<!ATTLIST ServiceGroup
-        %STD_ATTRIBUTES;
-        subfolders %STRING; #IMPLIED
->
-
-<!-- 
-      **** Document structure, Objects. ****
-->
-
-<!-- Reference to Objects child -->
-<!ELEMENT ObjectRef EMPTY>
-<!ATTLIST ObjectRef 
-       ref IDREF #REQUIRED
->
-
-<!ELEMENT ObjectGroup ((ObjectGroup|DynamicGroup|Host|Firewall|Cluster|Network|NetworkIPv6|IPv4|IPv6|DNSName|AddressTable|AddressRange|ObjectRef)*)>
-<!ATTLIST ObjectGroup
-        %STD_ATTRIBUTES;
-        subfolders %STRING; #IMPLIED
->
-
-<!ELEMENT SelectionCriteria EMPTY>
-<!ATTLIST SelectionCriteria
-        type %STRING; #REQUIRED
-        keyword %STRING; #REQUIRED
->
-
-<!ELEMENT DynamicGroup (SelectionCriteria*)>
-<!ATTLIST DynamicGroup
- %STD_ATTRIBUTES;
->
-
-<!--
-      **** Document structure, Cluster members. ****
-->
-
-<!ELEMENT StateSyncClusterGroup (ObjectRef*, ClusterGroupOptions?)>
-<!ATTLIST StateSyncClusterGroup
- %STD_ATTRIBUTES;
- type         %STRING; #REQUIRED
- master_iface IDREF    #IMPLIED
->
-
-<!ELEMENT FailoverClusterGroup (ObjectRef*, ClusterGroupOptions?)>
-<!ATTLIST FailoverClusterGroup
- %STD_ATTRIBUTES;
- type         %STRING; #REQUIRED
- master_iface IDREF    #IMPLIED
->
-
-
-<!-- 
-
-This element will contain elements with platform  specific
-options.
-
-<Options>
-    <Option name="option1_name">Value1</Option>
-    <Option name="option2_name">Value2</Option>
-</Options>
-
-Since list of compilers is open (everybody could write his
-own compiler) we do not define content model for this element.
-
-->
-
-<!ELEMENT Option ANY>
-<!ATTLIST Option
- name %STRING; #REQUIRED
->
-
-
-<!ELEMENT PolicyRuleOptions (Option*)>
-<!ELEMENT NATRuleOptions    (Option*)>
-<!ELEMENT RoutingRuleOptions (Option*)>
-<!ELEMENT FirewallOptions   (Option*)>
-<!ELEMENT InterfaceOptions  (Option*)>
-<!ELEMENT HostOptions       (Option*)>
-<!ELEMENT GatewayOptions    (Option*)>
-<!ELEMENT ClusterGroupOptions (Option*)>
-<!ELEMENT RuleSetOptions    (Option*)>
-
-<!-- 
-      **** Document structure, rest ****
-->
-
-<!ELEMENT NATRule (OSrc,ODst,OSrv,TSrc,TDst,TSrv,ItfInb,ItfOutb,When?, NATRuleOptions?)>
-<!ATTLIST NATRule
- id      ID       #REQUIRED
- action    %NAT_ACTION; #REQUIRED
- disabled  %BOOLEAN;   "False"
- position  %NUMBER;    #REQUIRED
- comment   %STRING;    #IMPLIED
- group     %STRING;    #IMPLIED
->
-
-<!ELEMENT When (IntervalRef*)>
-<!ATTLIST When
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT OSrc (ObjectRef*)>
-<!ATTLIST OSrc
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT ODst (ObjectRef*)>
-<!ATTLIST ODst
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT OSrv (ServiceRef*)>
-<!ATTLIST OSrv
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT TSrc (ObjectRef*)>
-<!ATTLIST TSrc
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT TDst (ObjectRef*)>
-<!ATTLIST TDst
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT TSrv (ServiceRef*)>
-<!ATTLIST TSrv
- neg %BOOLEAN; #REQUIRED
->
-
-
-<!ELEMENT RoutingRule (RDst,RGtw,RItf, RoutingRuleOptions?, Routing?)>
-<!ATTLIST RoutingRule
- id      ID       #REQUIRED
- disabled  %BOOLEAN;   "False"
- position  %NUMBER;    #REQUIRED
- metric    %NUMBER;    "0"
- comment   %STRING;    #IMPLIED
- group     %STRING;    #IMPLIED
->
-
-<!ELEMENT RDst (ObjectRef*)>
-<!ATTLIST RDst
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT RGtw (ObjectRef*)>
-<!ATTLIST RGtw
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT RItf (ObjectRef*)>
-<!ATTLIST RItf
- neg %BOOLEAN; #REQUIRED
->
-
-
-<!ELEMENT PolicyRule (Src,Dst,Srv,Itf,When?,PolicyRuleOptions?)>
-<!ATTLIST PolicyRule
- id       ID       #REQUIRED
- disabled  %BOOLEAN;   "False"
- position  %NUMBER;    #REQUIRED
- direction %DIRECTION; #IMPLIED
- action    %ACTION;    #REQUIRED
- log       %BOOLEAN;   #REQUIRED
- comment   %STRING;    #IMPLIED
- group     %STRING;    #IMPLIED
->
-
-<!ELEMENT Src (ObjectRef*)>
-<!ATTLIST Src
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT Dst (ObjectRef*)>
-<!ATTLIST Dst
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT Srv (ServiceRef*)>
-<!ATTLIST Srv
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT Itf (ObjectRef*)>
-<!ATTLIST Itf
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT ItfInb (ObjectRef*)>
-<!ATTLIST ItfInb
- neg %BOOLEAN; #REQUIRED
->
-
-<!ELEMENT ItfOutb (ObjectRef*)>
-<!ATTLIST ItfOutb
- neg %BOOLEAN; #REQUIRED
->
-
-
-<!--
-   hardware or physical address (MAC, DLCI etc.)
-->
-<!ELEMENT physAddress EMPTY>
-<!ATTLIST physAddress
- %STD_ATTRIBUTES;
- address %STRING; #REQUIRED
->
-
-<!ELEMENT IPv4 EMPTY>
-<!ATTLIST IPv4
- %STD_ATTRIBUTES;
- address %IPADDRESS; #REQUIRED
- netmask %NETMASK;   #REQUIRED
->
-
-<!ELEMENT IPv6 EMPTY>
-<!ATTLIST IPv6
- %STD_ATTRIBUTES;
- address %IP6ADDRESS; #REQUIRED
- netmask %IP6NETMASK; #REQUIRED
->
-
-<!ELEMENT DNSName EMPTY>
-<!ATTLIST DNSName
- %STD_ATTRIBUTES;
- dnsrec         %STRING;    #REQUIRED
- dnsrectype     %STRING;    #IMPLIED
- run_time       %BOOLEAN;   #REQUIRED
->
-
-<!ELEMENT AddressTable ((IPv4|IPv6|ObjectRef)*)>
-<!ATTLIST AddressTable
- %STD_ATTRIBUTES;
- filename       %STRING;    #REQUIRED
- run_time       %BOOLEAN;   #REQUIRED
->
-<!--
-Interface can have the following attributes:
-
-   - dyn            interface has dynamically assigned address
-   - unnum          interface is unnumbered (does not have IP address, but 
-                    may still have MAC address)
-   - bridgeport     interface serves as a bridge port on bridging firewall.
-                    The difference between bridge port and unnumbered interface
-                    is that compilers may use special modules or commands for
-                    bridge ports on platforms that support them, such as 
-                    module physdev for iptables.
-   - mgmt           this is management interface
-   - physAddress    MAC address of this interface
-   - security_level
-   - network_zone   ID of the object representing network zone
-   - unprotected    Skip this interface while assigning access lists or policy rules
-   - dedicated_failover Specialized version of "unprotected"
-   - label          human-readable label of this interface
-
-->
-<!ELEMENT Interface (IPv4*, IPv6*, physAddress?, InterfaceOptions?, Interface*, FailoverClusterGroup?, AttachedNetworks?)>
-<!ATTLIST Interface
- %STD_ATTRIBUTES;
- dyn            %BOOLEAN;   #REQUIRED
- unnum          %BOOLEAN;   #IMPLIED
- mgmt           %BOOLEAN;   #IMPLIED
- bridgeport     %BOOLEAN;   #IMPLIED
- security_level %NUMBER;    #REQUIRED
- network_zone   IDREF       #IMPLIED
- unprotected    %BOOLEAN;   #IMPLIED
- dedicated_failover %BOOLEAN; #IMPLIED
- label          %STRING;    #IMPLIED
->
-
-<!-- Remote management information for Firewall, Host, Gateway  -->
-<!ELEMENT Management (SNMPManagement? , FWBDManagement?, PolicyInstallScript?)>
-<!ATTLIST Management
- address              %IPADDRESS; #REQUIRED
->
-
-<!-- User-defined custom policy installation script for Firewall  -->
-<!ELEMENT PolicyInstallScript EMPTY>
-<!ATTLIST PolicyInstallScript
- enabled   %BOOLEAN;  "False"
- command   %STRING;    #IMPLIED
- arguments %STRING;    #IMPLIED
->
-
-<!-- SNMP management information for Firewall, Host, Gateway  -->
-<!ELEMENT SNMPManagement EMPTY>
-<!ATTLIST SNMPManagement
- enabled  %BOOLEAN;  "False"
- snmp_read_community  %STRING;    #IMPLIED
- snmp_write_community %STRING;    #IMPLIED
->
-
-<!-- FWBD management information for Firewall, Host, Gateway  -->
-<!ELEMENT FWBDManagement (PublicKey?)>
-<!ATTLIST FWBDManagement
- enabled  %BOOLEAN;  "False"
- port                 %NUMBER;    #REQUIRED
- identity             %STRING;    #REQUIRED
->
-
-<!-- Remote FWBD public key for Firewall, Host, Gateway  -->
-<!ELEMENT PublicKey (#PCDATA)>
-
-<!ELEMENT Host (Interface*, Management?, HostOptions?)>
-<!ATTLIST Host
- %STD_ATTRIBUTES;
- host_OS              %STRING;    #IMPLIED
->
-
-<!ELEMENT AnyNetwork EMPTY>
-<!ATTLIST AnyNetwork
- %SYS_ATTRIBUTES;
- %STD_ATTRIBUTES;
- address              %IPADDRESS; #FIXED    "0.0.0.0"
- netmask              %NETMASK;   #FIXED    "0.0.0.0"
->
-
-<!ELEMENT Network EMPTY>
-<!ATTLIST Network
- %STD_ATTRIBUTES;
- address %IPADDRESS; #REQUIRED
- netmask %NETMASK;   #REQUIRED
->
-
-<!ELEMENT NetworkIPv6 EMPTY>
-<!ATTLIST NetworkIPv6
- %STD_ATTRIBUTES;
- address %IPADDRESS; #REQUIRED
- netmask %NETMASK;   #REQUIRED
->
-
-<!ELEMENT AttachedNetworks EMPTY>
-<!ATTLIST AttachedNetworks
- %STD_ATTRIBUTES;
->
-
-<!ELEMENT AddressRange EMPTY>
-<!ATTLIST AddressRange
- %STD_ATTRIBUTES;
- start_address %IPADDRESS; #REQUIRED
- end_address   %IPADDRESS; #REQUIRED
->
-
-<!ELEMENT ICMPService EMPTY>
-<!ATTLIST ICMPService
- %STD_ATTRIBUTES;
- code %NUMBER; #REQUIRED
- type %NUMBER; #REQUIRED
->
-
-<!ELEMENT ICMP6Service EMPTY>
-<!ATTLIST ICMP6Service
- %STD_ATTRIBUTES;
- code %NUMBER; #REQUIRED
- type %NUMBER; #REQUIRED
->
-
-
-<!ELEMENT TagService EMPTY>
-<!ATTLIST TagService
- %STD_ATTRIBUTES;
- tagcode %STRING;  #REQUIRED
->
-
-<!--     
-See definition of IP options here: http://www.iana.org/assignments/ip-parameters
-
-router-alert option is defined in RFC2113. This option carries 16 bit value
-although only value "0" is defined at this time, all other values are
-reserved. Used in RSVP and IGMP2 protocols.
-
-attribute "any_opt" is used to create IPService object to match IP packets
-with any options present. Some firewall platforms can do this (pf, iptables),
-some can't (ipfilter, IOS, PIX)
-->
-<!ELEMENT IPService EMPTY>
-<!ATTLIST IPService
- %STD_ATTRIBUTES;
- protocol_num %NUMBER;  #REQUIRED
- fragm        %BOOLEAN; #IMPLIED
- any_opt      %BOOLEAN; #IMPLIED
- lsrr         %BOOLEAN; #IMPLIED
- rr           %BOOLEAN; #IMPLIED
- short_fragm  %BOOLEAN; #IMPLIED
- ssrr         %BOOLEAN; #IMPLIED
- ts           %BOOLEAN; #IMPLIED
- tos          %STRING;  #IMPLIED
- dscp         %STRING;  #IMPLIED
- rtralt       %BOOLEAN; #IMPLIED
- rtralt_value %NUMBER;  #IMPLIED
->
-
-<!ELEMENT TCPService EMPTY>
-<!ATTLIST TCPService
- %STD_ATTRIBUTES;
- dst_range_end   %NUMBER;  #REQUIRED
- dst_range_start %NUMBER;  #REQUIRED
- urg_flag        %BOOLEAN; #REQUIRED
- ack_flag        %BOOLEAN; #REQUIRED
- psh_flag        %BOOLEAN; #REQUIRED
- rst_flag        %BOOLEAN; #REQUIRED
- syn_flag        %BOOLEAN; #REQUIRED
- fin_flag        %BOOLEAN; #REQUIRED
- urg_flag_mask   %BOOLEAN; #REQUIRED
- ack_flag_mask   %BOOLEAN; #REQUIRED
- psh_flag_mask   %BOOLEAN; #REQUIRED
- rst_flag_mask   %BOOLEAN; #REQUIRED
- syn_flag_mask   %BOOLEAN; #REQUIRED
- fin_flag_mask   %BOOLEAN; #REQUIRED
- src_range_end   %NUMBER;  #REQUIRED
- src_range_start %NUMBER;  #REQUIRED
- established     %BOOLEAN; #IMPLIED
->
-
-<!ELEMENT UDPService EMPTY>
-<!ATTLIST UDPService
- %STD_ATTRIBUTES;
- dst_range_end   %NUMBER; #REQUIRED
- dst_range_start %NUMBER; #REQUIRED
- src_range_end   %NUMBER; #REQUIRED
- src_range_start %NUMBER; #REQUIRED
->
-
-<!ELEMENT CustomServiceCommand (#PCDATA)>
-<!ATTLIST CustomServiceCommand
- platform %STRING; #REQUIRED
->
-
-<!ELEMENT CustomService  (CustomServiceCommand*)>
-<!ATTLIST CustomService
- %STD_ATTRIBUTES;
- protocol       %STRING;    #IMPLIED
- address_family %STRING;    #IMPLIED
->
-
-<!ELEMENT UserService EMPTY>
-<!ATTLIST UserService
- %STD_ATTRIBUTES;
- userid       %STRING;    #REQUIRED
->
-
-<!ELEMENT Gateway (Interface* , Management?, GatewayOptions?)>
-<!ATTLIST Gateway
- %STD_ATTRIBUTES;
- address              %IPADDRESS; #REQUIRED
- host_OS              %STRING;    #IMPLIED
->
-
-<!ELEMENT Firewall (NAT* , Policy* , Routing , Interface* , Management?, FirewallOptions?)>
-<!ATTLIST Firewall
- %STD_ATTRIBUTES;
- platform             %STRING;    #REQUIRED
- version              %STRING;    #IMPLIED
- host_OS              %STRING;    #IMPLIED
- lastModified         %NUMBER;    #IMPLIED
- lastInstalled        %NUMBER;    #IMPLIED
- lastCompiled         %NUMBER;    #IMPLIED
- inactive             %BOOLEAN;   #IMPLIED
->
-
-<!ELEMENT Cluster (NAT*, Policy*, Routing, Interface*, Management?, FirewallOptions?, StateSyncClusterGroup*)>
-<!ATTLIST Cluster
- %STD_ATTRIBUTES;
- platform             %STRING;    #REQUIRED
- host_OS              %STRING;    #IMPLIED
- lastModified         %NUMBER;    #IMPLIED
- lastInstalled        %NUMBER;    #IMPLIED
- lastCompiled         %NUMBER;    #IMPLIED
- inactive             %BOOLEAN;   #IMPLIED
->
-
-<!ELEMENT NAT (NATRule*, RuleSetOptions)>
-<!ATTLIST NAT
- %STD_ATTRIBUTES;
- ipv4_rule_set       %BOOLEAN; #IMPLIED
- ipv6_rule_set       %BOOLEAN; #IMPLIED
- top_rule_set        %BOOLEAN; #IMPLIED
->
-
-<!ELEMENT Policy (PolicyRule*, RuleSetOptions)>
-<!ATTLIST Policy
- %STD_ATTRIBUTES;
- ipv4_rule_set       %BOOLEAN; #IMPLIED
- ipv6_rule_set       %BOOLEAN; #IMPLIED
- top_rule_set        %BOOLEAN; #IMPLIED
->
-
-<!ELEMENT Routing (RoutingRule*, RuleSetOptions)>
-<!ATTLIST Routing
- %STD_ATTRIBUTES;
- ipv4_rule_set       %BOOLEAN; #IMPLIED
- ipv6_rule_set       %BOOLEAN; #IMPLIED
- top_rule_set        %BOOLEAN; #IMPLIED
->
-
-
-<!-- Time -->
-
-<!ELEMENT IntervalGroup ((IntervalGroup|Interval|IntervalRef)*)>
-<!ATTLIST IntervalGroup
-        %STD_ATTRIBUTES;
-        subfolders %STRING; #IMPLIED
->
-
-<!-- Reference to time interval -->
-<!ELEMENT IntervalRef EMPTY>
-<!ATTLIST IntervalRef 
-       ref IDREF #REQUIRED
->
-
-<!-- up until fwbuilder3 this element used two separate attributes
- to deal with days of week, one for the start day of week and another
- for the end day of week. Starting with fwbuilder3 we support iptables 1.4.0
- module "time" which allows for random day of week spec. Fwbuilder3 
- provides support for that in object Interval, which uses attrbute
- days_of_week in this element. Need to phase out attributes from_weekday
- and to_weekday some time in the future.
-->
-<!ELEMENT Interval EMPTY>
-<!ATTLIST Interval
- %STD_ATTRIBUTES;
- from_second  %NUMBER; "-1"
- from_minute  %NUMBER; "-1"
- from_hour    %NUMBER; "-1"
- from_day     %NUMBER; "-1"
- from_month   %NUMBER; "-1"
- from_year    %NUMBER; "-1"
- from_weekday %NUMBER; "-1"
-
- to_second    %NUMBER; "-1"
- to_minute    %NUMBER; "-1"
- to_hour      %NUMBER; "-1"
- to_day       %NUMBER; "-1"
- to_month     %NUMBER; "-1"
- to_year      %NUMBER; "-1"
- to_weekday   %NUMBER; "-1"
-
- days_of_week %STRING; #IMPLIED
->
-
-<!ELEMENT AnyInterval EMPTY>
-<!ATTLIST AnyInterval
- %SYS_ATTRIBUTES;
- %STD_ATTRIBUTES;
- from_second  %NUMBER; #FIXED "-1"
- from_minute  %NUMBER; #FIXED "-1"
- from_hour    %NUMBER; #FIXED "-1"
- from_day     %NUMBER; #FIXED "-1"
- from_month   %NUMBER; #FIXED "-1"
- from_year    %NUMBER; #FIXED "-1"
- from_weekday %NUMBER; #FIXED "-1"
-
- to_second    %NUMBER; #FIXED "-1"
- to_minute    %NUMBER; #FIXED "-1"
- to_hour      %NUMBER; #FIXED "-1"
- to_day       %NUMBER; #FIXED "-1"
- to_month     %NUMBER; #FIXED "-1"
- to_year      %NUMBER; #FIXED "-1"
- to_weekday   %NUMBER; #FIXED "-1"
-
- days_of_week %STRING; #IMPLIED
->
-
--- a/src/libfwbuilder/migration/migration.pro
+++ b/src/libfwbuilder/migration/migration.pro
@ -3,7 +3,7 @@

 include(../qmake.inc)

-TEMPLATE = lib
+TEMPLATE = app

 TARGET = migration

--- a/src/res/help/en_US/release_notes_5.2.0.html
+++ b/src/res/help/en_US/release_notes_5.2.0.html
@ -0,0 +1,196 @@
+<h1>Firewall Builder 5.2.0 Release Notes</h1>
+
+
+<p>
+  <a href="https://sourceforge.net/tracker/?atid=1129518&group_id=5314">SourceForge: Tickets</a>
+</p>
+
+<!-- Highlights for this release -->
+
+<a name="summary"></a>
+<h2>Summary</h2>
+
+<p>
+  In addition to bug fixes and minor enhancements, v 5.2 includes the
+  following new features:
+</p>
+
+<ul>
+  <li>Search for objects by port number or ip address</li>
+  <li>Graphical diff viewer</li>
+  <li>Diff on generated output, autocompiling firewall when loading file</li>
+  <li>Support for Cisco NXOS Access lists</li>
+  <li>Support for dummy objects in rules</li>
+  <li>Port to Qt5</li>
+  <li>New buildscript and instructions for OSX</li>
+  <li>Added build instructions for Windows</li>
+</ul>
+
+<h3>Search for objects by port number or ip address</h3>
+
+<p>
+  In the library tree viewer it is possible to search for objects by
+  port number or ip address. To search by port number you prefix with
+  keyword 'port:', and to search by ip address, 'ip:'. This will display
+  all matching objects, including groups. Some examples:
+  <pre>
+  Find single service
+port: 80
+
+  Find several services
+port: 110,995
+
+  Range based search
+port: 25-143
+
+  Search with limits
+port: &lt;443
+port: &gt;5900
+
+  Composed search
+port: &lt;24, 53, 80-110
+
+
+  Find a single IPv4 address, and networks it belongs to
+ip: 192.0.2.1
+
+  Search using netmask
+ip: 198.51.100.0/255.255.255.0
+  CIDR notation
+ip: 198.51.100.0/24
+
+  Find a single IPv6 address, and networks it belongs to
+ip: 2001:db8::1
+
+  Search using netmask
+ip: 2001:db8::/64
+
+  Composed search
+ip: 203.0.113.0/24,2001:db8::/32
+  </pre>
+</p>
+
+
+<h3>Graphical diff viewer</h3>
+<p>
+  A new graphical diff viewer will show all the changes done since loading of file.
+  Selection of rules are synced in the side-by-side view and double clicking a rule
+  will center the rule in both the original and curent view. The diff viewer is
+  activated by a new button in the upper right corner of the rule set view.
+</p>
+
+<h3>Diff on generated output, autocompiling firewall when loading file</h3>
+<p>
+  The user may choose an external diff utility to compare generated firewall output
+  with a previously stored version. Optionally Firewall Builder can compile all
+  firewalls in a project when the file is loaded. When modifying and compiling
+  the user may compare newly generated firewall output with output generated from
+  when the file was loaded. This feature is added to the "Inspect generated files"
+  window.
+</p>
+
+<h3>Support for Cisco NXOS Access lists</h3>
+<p>
+  Firewall Builder now supports generating output for the Cisco NXOS platform.
+  This is based on the Cisco IOS code with only minor adjustments and more
+  testing is needed.
+</p>
+
+<h3>Support for dummy objects in rules</h3>
+<p>
+  The dummy object-feature enables the user to choose if newly inserted rules
+  are added with <em>any</em> as the default target for source, destination,
+  service or interface; or now: <em>dummy</em>. A rule with a dummy target will
+  let the firewall compile but will not be evaluated. The user is shown a warning
+  when compiling a firewall that contains one or more <em>dummy rules</em>.
+  The default target is set both when you create a rule and when you delete the
+  last remaining target. A <em>dummy</em> target may be "converted" to an <em>any</em>
+  target. This option becomes available when right clicking on a <em>dummy</em> target.
+</p>
+
+<h3>Port to Qt5</h3>
+<p>
+  Firewall Builder may now be compiled with Qt4 or Qt5, with the same codebase.
+  This is tested on Linux and on OSX. Note: <em>macdeployqt</em> 5.0 and 5.1 is
+   broken on OSX, please see <a href="https://bugreports.qt-project.org/browse/QTBUG-32379">QTBUG-32379</a>.
+</p>
+
+<h3>New buildscript and instructions for OSX</h3>
+<p>
+  A new build script and instructions are added for OSX.
+  See doc/README.osx in the source code.
+</p>
+
+<h3>Added build instructions for Windows</h3>
+<p>
+  Build instructions for Windows are added.
+  See doc/README.windows in the source code.
+</p>
+
+<hr style="display: block">
+
+
+<!-- ######################################################################### -->
+<a name="gui"></a>
+<h2>GUI Updates</h2>
+
+<ul>
+
+  <li>
+    <p>
+      Fixed bug in the undo stack system when adding a new rule, undoing and redoing.
+      The rule is now placed back in the correct group, if any, and is not corrupting
+      the undo stack.
+    </p>
+  </li>
+
+
+</ul>
+
+
+<!-- ######################################################################### -->
+<a name="compilers"></a>
+<h2>Common changes that affect policy compilers for all platforms</h2>
+
+<ul>
+
+  <li>
+    <p>
+      There are now two valid return values for the compilers. In addition to the
+      success return code, the compilers now return a fixed value when compiling
+      a firewall with one or more <em>dummy rules</em>. This value signalizes the
+      result "success with warning".
+    </p>
+
+    <p>
+      The libcommon static library, and all the compiler executables, are not using
+      QApplication but QCoreApplication. This removes their dependency on QtGui and 
+      gives faster startup on some platforms.
+    </p>
+  </li>
+
+</ul>
+
+
+<!-- ######################################################################### -->
+<a name="other"></a>
+<h2>Other changes</h2>
+
+<ul>
+
+  <li>
+    <p>
+      Fixed compile warning on 64 bit arch and some compile errors.
+    </p>
+  </li>
+
+  <li>
+    <p>
+      Fixed libpng warnings: "iCCP: known incorrect sRGB profile".
+    </p>
+  </li>
+
+</ul>
+
+
+
--- a/src/res/objects_init.xml
+++ b/src/res/objects_init.xml
@ -1,441 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="22" lastModified="1265059184" id="root">
-  <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
-    <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
-    <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
-    <AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
-    <ObjectGroup id="stdid01" name="Objects" comment="" ro="False">
-      <ObjectGroup id="stdid16" name="Addresses" comment="" ro="False">
-        <IPv4 id="id2001X88798" name="all-hosts" comment="" ro="False" address="224.0.0.1" netmask="0.0.0.0"/>
-        <IPv4 id="id2002X88798" name="all-routers" comment="" ro="False" address="224.0.0.2" netmask="0.0.0.0"/>
-        <IPv4 id="id2003X88798" name="all DVMRP" comment="" ro="False" address="224.0.0.4" netmask="0.0.0.0"/>
-        <IPv4 id="id2117X88798" name="OSPF (all routers)" comment="RFC2328" ro="False" address="224.0.0.5" netmask="0.0.0.0"/>
-        <IPv4 id="id2128X88798" name="OSPF (designated routers)" comment="RFC2328" ro="False" address="224.0.0.6" netmask="0.0.0.0"/>
-        <IPv4 id="id2430X88798" name="RIP" comment="RFC1723" ro="False" address="224.0.0.9" netmask="0.0.0.0"/>
-        <IPv4 id="id2439X88798" name="EIGRP" comment="" ro="False" address="224.0.0.10" netmask="0.0.0.0"/>
-        <IPv4 id="id2446X88798" name="DHCP server, relay agent" comment="RFC 1884" ro="False" address="224.0.0.12" netmask="0.0.0.0"/>
-        <IPv4 id="id2455X88798" name="PIM" comment="" ro="False" address="224.0.0.13" netmask="0.0.0.0"/>
-        <IPv4 id="id2462X88798" name="RSVP" comment="" ro="False" address="224.0.0.14" netmask="0.0.0.0"/>
-        <IPv4 id="id2469X88798" name="VRRP" comment="RFC3768" ro="False" address="224.0.0.18" netmask="0.0.0.0"/>
-        <IPv4 id="id2777X88798" name="IGMP" comment="" ro="False" address="224.0.0.22" netmask="0.0.0.0"/>
-        <IPv4 id="id2784X88798" name="OSPFIGP-TE" comment="RFC4973" ro="False" address="224.0.0.24" netmask="0.0.0.0"/>
-        <IPv4 id="id3094X88798" name="HSRP" comment="" ro="False" address="224.0.0.102" netmask="0.0.0.0"/>
-        <IPv4 id="id3403X88798" name="mDNS" comment="" ro="False" address="224.0.0.251" netmask="0.0.0.0"/>
-        <IPv4 id="id3410X88798" name="LLMNR" comment="Link-Local Multicast Name Resolution, RFC4795" ro="False" address="224.0.0.252" netmask="0.0.0.0"/>
-        <IPv4 id="id3411X88798" name="Teredo" comment="" ro="False" address="224.0.0.253" netmask="0.0.0.0"/>
-      </ObjectGroup>
-      <ObjectGroup id="stdid17" name="DNS Names" comment="" ro="False"/>
-      <ObjectGroup id="stdid18" name="Address Tables" comment="" ro="False"/>
-      <ObjectGroup id="stdid04" name="Groups" comment="" ro="False">
-        <ObjectGroup id="id3DC75CE8" name="rfc1918-nets" comment="" ro="False">
-          <ObjectRef ref="id3DC75CE5"/>
-          <ObjectRef ref="id3DC75CE6"/>
-          <ObjectRef ref="id3DC75CE7"/>
-        </ObjectGroup>
-        <ObjectGroup id="id3292X75851" name="ipv6 private" comment="These are various ipv6 networks that should not be routed on the Internet&#10;" ro="False">
-          <ObjectRef ref="id2088X75851"/>
-          <ObjectRef ref="id2986X75851"/>
-          <ObjectRef ref="id2383X75851"/>
-        </ObjectGroup>
-      </ObjectGroup>
-      <ObjectGroup id="stdid02" name="Hosts" comment="" ro="False">
-        <Host id="id3D84EECE" name="internal server" comment="This host is used in examples and template objects" ro="False">
-          <Interface id="id3D84EED2" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
-            <IPv4 id="id3D84EED3" name="ip" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.0"/>
-            <InterfaceOptions/>
-          </Interface>
-          <Management address="192.168.1.10">
-            <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
-            <FWBDManagement enabled="False" identity="" port="-1"/>
-            <PolicyInstallScript arguments="" command="" enabled="False"/>
-          </Management>
-          <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
-            <Option name="use_mac_addr">false</Option>
-            <Option name="use_mac_addr_filter">False</Option>
-          </HostOptions>
-        </Host>
-        <Host id="id3D84EECF" name="server on dmz" comment="This host is used in examples and template objects" ro="False">
-          <Interface id="id3D84EEE3" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
-            <IPv4 id="id3D84EEE4" name="ip" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.0"/>
-            <InterfaceOptions/>
-          </Interface>
-          <Management address="192.168.2.10">
-            <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
-            <FWBDManagement enabled="False" identity="" port="-1"/>
-            <PolicyInstallScript arguments="" command="" enabled="False"/>
-          </Management>
-          <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
-            <Option name="use_mac_addr">false</Option>
-            <Option name="use_mac_addr_filter">False</Option>
-          </HostOptions>
-        </Host>
-      </ObjectGroup>
-      <ObjectGroup id="stdid03" name="Networks" comment="" ro="False">
-        <Network id="id3DC75CEC" name="all multicasts" comment="224.0.0.0/4 - This block, formerly known as the Class D address&#10;space, is allocated for use in IPv4 multicast address assignments.&#10;The IANA guidelines for assignments from this space are described in&#10;[RFC3171].&#10;" ro="False" address="224.0.0.0" netmask="240.0.0.0"/>
-        <Network id="id3F4ECE3E" name="link-local" comment="169.254.0.0/16 - This is the &quot;link local&quot; block.  It is allocated for&#10;communication between hosts on a single link.  Hosts obtain these&#10;addresses by auto-configuration, such as when a DHCP server may not&#10;be found.&#10;" ro="False" address="169.254.0.0" netmask="255.255.0.0"/>
-        <Network id="id3F4ECE3D" name="loopback-net" comment="127.0.0.0/8 - This block is assigned for use as the Internet host&#10;loopback address.  A datagram sent by a higher level protocol to an&#10;address anywhere within this block should loop back inside the host.&#10;This is ordinarily implemented using only 127.0.0.1/32 for loopback,&#10;but no addresses within this block should ever appear on any network&#10;anywhere [RFC1700, page 5].&#10;" ro="False" address="127.0.0.0" netmask="255.0.0.0"/>
-        <Network id="id3DC75CE5" name="net-10.0.0.0" comment="10.0.0.0/8 - This block is set aside for use in private networks.&#10;Its intended use is documented in [RFC1918].  Addresses within this&#10;block should not appear on the public Internet." ro="False" address="10.0.0.0" netmask="255.0.0.0"/>
-        <Network id="id3DC75CE7" name="net-172.16.0.0" comment="172.16.0.0/12 - This block is set aside for use in private networks.&#10;Its intended use is documented in [RFC1918].  Addresses within this&#10;block should not appear on the public Internet.&#10;" ro="False" address="172.16.0.0" netmask="255.240.0.0"/>
-        <Network id="id3DC75CE6" name="net-192.168.0.0" comment="192.168.0.0/16 - This block is set aside for use in private networks.&#10;Its intended use is documented in [RFC1918].  Addresses within this&#10;block should not appear on the public Internet.&#10;" ro="False" address="192.168.0.0" netmask="255.255.0.0"/>
-        <Network id="id3F4ECE3F" name="test-net" comment="192.0.2.0/24 - This block is assigned as &quot;TEST-NET&quot; for use in&#10;documentation and example code.  It is often used in conjunction with&#10;domain names example.com or example.net in vendor and protocol&#10;documentation.  Addresses within this block should not appear on the&#10;public Internet.&#10;" ro="False" address="192.0.2.0" netmask="255.255.255.0"/>
-        <Network id="id3F4ECE40" name="this-net" comment="0.0.0.0/8 - Addresses in this block refer to source hosts on &quot;this&quot;&#10;network.  Address 0.0.0.0/32 may be used as a source address for this&#10;host on this network; other addresses within 0.0.0.0/8 may be used to&#10;refer to specified hosts on this network [RFC1700, page 4]." ro="False" address="0.0.0.0" netmask="255.0.0.0"/>
-        <Network id="id3DC75CE7-1" name="net-192.168.1.0" comment="192.168.1.0/24 - Address often used for home and small office networks.&#10;" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
-        <Network id="id3DC75CE7-2" name="net-192.168.2.0" comment="192.168.2.0/24 - Address often used for home and small office networks.&#10;" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
-        <NetworkIPv6 id="id2088X75851" name="documentation net" comment="RFC3849" ro="False" address="2001:db8::" netmask="32"/>
-        <NetworkIPv6 id="id2383X75851" name="link-local ipv6" comment="RFC4291   Link-local unicast net" ro="False" address="fe80::" netmask="10"/>
-        <NetworkIPv6 id="id2685X75851" name="multicast ipv6" comment="RFC4291  ipv6 multicast addresses" ro="False" address="ff00::" netmask="8"/>
-        <NetworkIPv6 id="id2986X75851" name="experimental ipv6" comment="RFC2928, RFC4773 &#10;&#10;&quot;The block of Sub-TLA IDs assigned to the IANA&#10;(i.e., 2001:0000::/29 - 2001:01F8::/29) is for&#10;assignment for testing and experimental usage to&#10;support activities such as the 6bone, and&#10;for new approaches like exchanges.&quot;  [RFC2928]&#10;&#10;" ro="False" address="2001::" netmask="23"/>
-        <Network id="id3289X12564" name="TEST-NET-2" comment="RFC 5735&#10;RFC 5737&#10;" ro="False" address="198.51.100.0" netmask="255.255.255.0"/>
-        <Network id="id3300X12564" name="TEST-NET-3" comment="RFC 5735&#10;RFC 5737" ro="False" address="203.0.113.0" netmask="255.255.255.0"/>
-        <Network id="id3311X12564" name="Benchmark tests network" comment="RFC 5735" ro="False" address="198.18.0.0" netmask="255.254.0.0"/>
-        <NetworkIPv6 id="id3326X12564" name="mapped-ipv4" comment="" ro="False" address="::ffff:0.0.0.0" netmask="96"/>
-        <NetworkIPv6 id="id3341X12564" name="translated-ipv4" comment="" ro="False" address="::ffff:0:0:0" netmask="96"/>
-        <NetworkIPv6 id="id3350X12564" name="Teredo" comment="" ro="False" address="2001::" netmask="32"/>
-        <NetworkIPv6 id="id3359X12564" name="unique-local" comment="" ro="False" address="fc00::" netmask="7"/>
-      </ObjectGroup>
-      <ObjectGroup id="stdid15" name="Address Ranges" comment="" ro="False">
-        <AddressRange id="id3F6D115C" name="broadcast" comment="" ro="False" start_address="255.255.255.255" end_address="255.255.255.255"/>
-        <AddressRange id="id3F6D115D" name="old-broadcast" comment="" ro="False" start_address="0.0.0.0" end_address="0.0.0.0"/>
-      </ObjectGroup>
-    </ObjectGroup>
-    <ServiceGroup id="stdid05" name="Services" comment="" ro="False">
-      <CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
-        <CustomServiceCommand platform="Undefined"></CustomServiceCommand>
-        <CustomServiceCommand platform="nxosacl">established</CustomServiceCommand>
-        <CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
-        <CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
-        <CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
-        <CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
-        <CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
-      </CustomService>
-      <CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
-        <CustomServiceCommand platform="Undefined"></CustomServiceCommand>
-        <CustomServiceCommand platform="nxosacl">established</CustomServiceCommand>
-        <CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
-        <CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
-        <CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
-        <CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
-        <CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
-      </CustomService>
-      <ServiceGroup id="stdid10" name="Groups" comment="" ro="False">
-        <ServiceGroup id="sg-DHCP" name="DHCP" comment="" ro="False">
-          <ServiceRef ref="udp-bootpc"/>
-          <ServiceRef ref="udp-bootps"/>
-        </ServiceGroup>
-        <ServiceGroup id="id3F530CC8" name="DNS" comment="" ro="False">
-          <ServiceRef ref="udp-DNS"/>
-          <ServiceRef ref="tcp-DNS"/>
-        </ServiceGroup>
-        <ServiceGroup id="id3CB1279B" name="IPSEC" comment="" ro="False">
-          <ServiceRef ref="id3CB12797"/>
-          <ServiceRef ref="ip-IPSEC"/>
-        </ServiceGroup>
-        <ServiceGroup id="sg-NETBIOS" name="NETBIOS" comment="" ro="False">
-          <ServiceRef ref="udp-netbios-dgm"/>
-          <ServiceRef ref="udp-netbios-ns"/>
-          <ServiceRef ref="id3E755609"/>
-        </ServiceGroup>
-        <ServiceGroup id="id3CB131CC" name="PCAnywhere" comment="" ro="False">
-          <ServiceRef ref="id3CB131CA"/>
-          <ServiceRef ref="id3CB131C8"/>
-        </ServiceGroup>
-        <ServiceGroup id="sg-Useful_ICMP" name="Useful_ICMP" comment="" ro="False">
-          <ServiceRef ref="icmp-Time_exceeded"/>
-          <ServiceRef ref="icmp-Time_exceeded_in_transit"/>
-          <ServiceRef ref="icmp-ping_reply"/>
-          <ServiceRef ref="icmp-Unreachables"/>
-        </ServiceGroup>
-        <ServiceGroup id="id1569X4889" name="Ipv6 unreachable messages" comment="" ro="False">
-          <ServiceRef ref="idE0D27650"/>
-          <ServiceRef ref="idCFE27650"/>
-          <ServiceRef ref="idE0B27650"/>
-          <ServiceRef ref="id1519Z388"/>
-        </ServiceGroup>
-        <ServiceGroup id="id3B4FEDD9" name="kerberos" comment="" ro="False">
-          <ServiceRef ref="id3B4FEDA5"/>
-          <ServiceRef ref="id3B4FEDA9"/>
-          <ServiceRef ref="id3B4FEDA7"/>
-          <ServiceRef ref="id3B4FEDAB"/>
-          <ServiceRef ref="id3B4FEDA3"/>
-          <ServiceRef ref="id3B4FEE21"/>
-          <ServiceRef ref="id3B4FEE23"/>
-          <ServiceRef ref="id3E7E3EA2"/>
-        </ServiceGroup>
-        <ServiceGroup id="id3B4FF35E" name="nfs" comment="" ro="False">
-          <ServiceRef ref="id3B4FEE7A"/>
-          <ServiceRef ref="id3B4FEE78"/>
-        </ServiceGroup>
-        <ServiceGroup id="id3B4FEFFA" name="quake" comment="" ro="False">
-          <ServiceRef ref="id3B4FEF7C"/>
-          <ServiceRef ref="id3B4FEF7E"/>
-        </ServiceGroup>
-        <ServiceGroup id="id3D703C9A" name="Real Player" comment="" ro="False">
-          <ServiceRef ref="id3D703C99"/>
-          <ServiceRef ref="id3D703C8B"/>
-        </ServiceGroup>
-        <ServiceGroup id="id3E7E3E95" name="WinNT" comment="" ro="False">
-          <ServiceRef ref="sg-NETBIOS"/>
-          <ServiceRef ref="id3DC8C8BB"/>
-          <ServiceRef ref="id3E7E3D58"/>
-        </ServiceGroup>
-        <ServiceGroup id="id3E7E3E9A" name="Win2000" comment="" ro="False">
-          <ServiceRef ref="id3E7E3E95"/>
-          <ServiceRef ref="udp-DNS"/>
-          <ServiceRef ref="id3DC8C8BC"/>
-          <ServiceRef ref="id3E7E3EA2"/>
-          <ServiceRef ref="id3AECF778"/>
-          <ServiceRef ref="id3D703C90"/>
-          <ServiceRef ref="id3E7E4039"/>
-          <ServiceRef ref="id3E7E403A"/>
-          <ServiceRef ref="id3B4FEDA5"/>
-          <ServiceRef ref="tcp-DNS"/>
-        </ServiceGroup>
-        <ServiceGroup id="id41291786" name="UPnP" comment="" ro="False">
-          <ServiceRef ref="id41291784"/>
-          <ServiceRef ref="id41291785"/>
-          <ServiceRef ref="id41291783"/>
-          <ServiceRef ref="id412Z18A9"/>
-        </ServiceGroup>
-      </ServiceGroup>
-      <ServiceGroup id="stdid07" name="ICMP" comment="" ro="False">
-        <ICMPService id="icmp-Unreachables" code="-1" type="3" name="all ICMP unreachables" comment="" ro="False"/>
-        <ICMPService id="id3C20EEB5" code="-1" type="-1" name="any ICMP" comment="" ro="False"/>
-        <ICMPService id="icmp-Host_unreach" code="1" type="3" name="host_unreach" comment="" ro="False"/>
-        <ICMPService id="icmp-ping_reply" code="0" type="0" name="ping reply" comment="" ro="False"/>
-        <ICMPService id="icmp-ping_request" code="0" type="8" name="ping request" comment="" ro="False"/>
-        <ICMPService id="icmp-Port_unreach" code="3" type="3" name="port unreach" comment="Port unreachable" ro="False"/>
-        <ICMPService id="icmp-Time_exceeded" code="0" type="11" name="time exceeded" comment="ICMP messages of this type are needed for traceroute" ro="False"/>
-        <ICMPService id="icmp-Time_exceeded_in_transit" code="1" type="11" name="time exceeded in transit" comment="" ro="False"/>
-        <ICMP6Service id="ipv6-icmp-ping_request" code="0" type="128" name="ipv6 ping request" comment="IPv6 ping request" ro="False"/>
-        <ICMP6Service id="ipv6-icmp-ping_reply" code="0" type="129" name="ipv6 ping reply" comment="IPv6 ping reply" ro="False"/>
-        <ICMP6Service id="ipv6-icmp-routersol" code="0" type="133" name="ipv6 routersol" comment="IPv6 router solicitation" ro="False"/>
-        <ICMP6Service id="ipv6-icmp-routeradv" code="0" type="134" name="ipv6 routeradv" comment="IPv6 router advertisement" ro="False"/>
-        <ICMP6Service id="ipv6-icmp-neighbrsol" code="0" type="135" name="ipv6 neighbrsol" comment="IPv6 neighbor solicitation" ro="False"/>
-        <ICMP6Service id="ipv6-icmp-neighbradv" code="0" type="136" name="ipv6 neighbradv" comment="IPv6 neighbor advertisement" ro="False"/>
-        <ICMP6Service id="ipv6-icmp-redir" code="0" type="137" name="ipv6 redir" comment="IPv6 redirect: shorter route exists" ro="False"/>
-        <ICMP6Service id="id1519Z388" code="-1" type="4" name="ipv6 parameter problem" comment="IPv6 Parameter Problem: RFC4443" ro="False"/>
-        <ICMP6Service id="idCFE27650" code="0" type="3" name="ipv6 time exceeded" comment="Time exceeded in transit" ro="False"/>
-        <ICMP6Service id="idCFF27650" code="1" type="3" name="ipv6 time exceeded in reassembly" comment="Time exceeded in reassembly" ro="False"/>
-        <ICMP6Service id="idE0B27650" code="-1" type="2" name="ipv6 packet too big" comment="" ro="False"/>
-        <ICMP6Service id="idE0D27650" code="-1" type="1" name="ipv6 all dest unreachable" comment="All icmpv6 codes for type &quot;destination unreachable&quot;&#10;" ro="False"/>
-        <ICMP6Service id="idCFE27660" code="-1" type="-1" name="ipv6 any ICMP6" comment="any ICMPv6" ro="False"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid06" name="IP" comment="" ro="False">
-        <IPService id="id3CB12797" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False" name="AH" comment="IPSEC Authentication Header Protocol" ro="False"/>
-        <IPService id="ip-IPSEC" fragm="False" lsrr="False" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False" name="ESP" comment="IPSEC Encapsulating Security Payload Protocol" ro="False"/>
-        <IPService id="ip-RR" fragm="False" lsrr="False" protocol_num="0" rr="True" short_fragm="False" ssrr="False" ts="False" name="RR" comment="Route recording packets" ro="False"/>
-        <IPService id="ip-SRR" fragm="False" lsrr="True" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False" name="SRR" comment="All sorts of Source Routing Packets" ro="False"/>
-        <IPService id="ip-IP_Fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False" name="ip_fragments" comment="'Short' fragments" ro="False"/>
-        <IPService id="id3D703C8E" fragm="False" lsrr="False" protocol_num="57" rr="False" short_fragm="False" ssrr="False" ts="False" name="SKIP" comment="IPSEC Simple Key Management for Internet Protocols" ro="False"/>
-        <IPService id="id3D703C8F" fragm="False" lsrr="False" protocol_num="47" rr="False" short_fragm="False" ssrr="False" ts="False" name="GRE" comment="Generic Routing Encapsulation&#10;" ro="False"/>
-        <IPService id="id3D703C95" fragm="False" lsrr="False" protocol_num="112" rr="False" short_fragm="False" ssrr="False" ts="False" name="vrrp" comment="Virtual Router Redundancy Protocol" ro="False"/>
-        <IPService id="ip-IGMP" fragm="False" lsrr="False" protocol_num="2" rr="False" rtralt="True" rtralt_value="0" short_fragm="False" ssrr="False" ts="False" name="IGMP" comment="Internet Group Management Protocol, Version 3, RFC 3376" ro="False"/>
-        <IPService id="ip-PIM" fragm="False" lsrr="False" protocol_num="103" rr="False" rtralt="False" rtralt_value="0" short_fragm="False" ssrr="False" ts="False" name="PIM" comment="Protocol Independent Multicast - Dense Mode (PIM-DM), RFC 3973, or Protocol Independent Multicast-Sparse Mode (PIM-SM) RFC 2362" ro="False"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid09" name="TCP" comment="" ro="False">
-        <TCPService id="tcp-ALL_TCP_Masqueraded" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ALL TCP Masqueraded" comment="ipchains used to use this range of port numbers for masquerading. " ro="False" src_range_start="61000" src_range_end="65095" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id3D703C94" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="AOL" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5190" dst_range_end="5190"/>
-        <TCPService id="tcp-All_TCP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id3CB131C4" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Citrix-ICA" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1494" dst_range_end="1494"/>
-        <TCPService id="id3D703C91" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-Admin" comment="Entrust CA Administration Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="709" dst_range_end="709"/>
-        <TCPService id="id3D703C92" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-KeyMgmt" comment="Entrust CA Key Management Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="710" dst_range_end="710"/>
-        <TCPService id="id3AEDBEAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="H323" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1720" dst_range_end="1720"/>
-        <TCPService id="id412Z18A9" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="icslap" comment="Sometimes this protocol is called icslap, but Microsoft does not call it that and just says that DSPP uses port 2869 in Windows XP SP2" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2869" dst_range_end="2869"/>
-        <TCPService id="id3E7E4039" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3268" dst_range_end="3268"/>
-        <TCPService id="id3E7E403A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC SSL" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3269" dst_range_end="3269"/>
-        <TCPService id="id3D703C83" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="OpenWindows" comment="Open Windows" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2000" dst_range_end="2000"/>
-        <TCPService id="id3CB131C8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="PCAnywhere-data" comment="data channel for PCAnywhere v7.52 and later " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5631" dst_range_end="5631"/>
-        <TCPService id="id3D703C8B" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Real-Audio" comment="RealNetworks PNA Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7070" dst_range_end="7070"/>
-        <TCPService id="id3D703C93" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="RealSecure" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2998" dst_range_end="2998"/>
-        <TCPService id="id3DC8C8BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="SMB" comment="SMB over TCP (without NETBIOS)&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="445" dst_range_end="445"/>
-        <TCPService id="id3D703C8D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TACACSplus" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="49" dst_range_end="49"/>
-        <TCPService id="id3D703C84" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TCP high ports" comment="TCP high ports" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
-        <TCPService id="id3E7E3D58" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="WINS replication" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="42" dst_range_end="42"/>
-        <TCPService id="id3D703C82" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="X11" comment="X Window System" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6000" dst_range_end="6063"/>
-        <TCPService id="tcp-Auth" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="auth" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
-        <TCPService id="id3AEDBE6E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
-        <TCPService id="tcp-DNS" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
-        <TCPService id="id3B4FEDA3" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="eklogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
-        <TCPService id="id3AECF774" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="finger" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="79" dst_range_end="79"/>
-        <TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
-        <TCPService id="tcp-FTP_data" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data" comment="FTP data channel.&#10;  Note: FTP protocol does not really require server to use source port 20 for the data channel, &#10;  but many ftp server implementations do so." ro="False" src_range_start="20" src_range_end="20" dst_range_start="1024" dst_range_end="65535"/>
-        <TCPService id="id3E7553BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data passive" comment="FTP data channel for passive mode transfers&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="20" dst_range_end="20"/>
-        <TCPService id="tcp-HTTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
-        <TCPService id="id3B4FED69" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="https" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="443" dst_range_end="443"/>
-        <TCPService id="id3AECF776" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="143" dst_range_end="143"/>
-        <TCPService id="id3B4FED9F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imaps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
-        <TCPService id="id3B4FF13C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
-        <TCPService id="id3E7E3EA2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
-        <TCPService id="id3B4FEE21" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="klogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="543" dst_range_end="543"/>
-        <TCPService id="id3B4FEE23" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ksh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="544" dst_range_end="544"/>
-        <TCPService id="id3AECF778" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="389" dst_range_end="389"/>
-        <TCPService id="id3D703C90" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldaps" comment="Lightweight Directory Access Protocol over TLS/SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="636" dst_range_end="636"/>
-        <TCPService id="id3B4FF000" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="linuxconf" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="98" dst_range_end="98"/>
-        <TCPService id="id3D703C97" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="lpr" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
-        <TCPService id="id3DC8C8BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
-        <TCPService id="id3D703C98" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ms-sql" comment="Microsoft SQL Server" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1433" dst_range_end="1433"/>
-        <TCPService id="id3B4FEEEE" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="mysql" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3306" dst_range_end="3306"/>
-        <TCPService id="id3E755609" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
-        <TCPService id="id3B4FEE7A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
-        <TCPService id="tcp-NNTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
-        <TCPService id="id3E7553BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntps" comment="NNTP over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="563" dst_range_end="563"/>
-        <TCPService id="id3B4FEE1D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="110" dst_range_end="110"/>
-        <TCPService id="id3E7553BA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3s" comment="POP-3 over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="995" dst_range_end="995"/>
-        <TCPService id="id3B4FF0EA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="postgres" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5432" dst_range_end="5432"/>
-        <TCPService id="id3AECF782" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="printer" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
-        <TCPService id="id3B4FEF7C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
-        <TCPService id="id3AECF77A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rexec" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="512" dst_range_end="512"/>
-        <TCPService id="id3AECF77C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rlogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
-        <TCPService id="id3AECF77E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rshell" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
-        <TCPService id="id3D703C99" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtsp" comment="Real Time Streaming Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="554" dst_range_end="554"/>
-        <TCPService id="id3B4FEF34" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rwhois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4321" dst_range_end="4321"/>
-        <TCPService id="id3D703C89" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="securidprop" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5510" dst_range_end="5510"/>
-        <TCPService id="tcp-SMTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
-        <TCPService id="id3B4FF04C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="465" dst_range_end="465"/>
-        <TCPService id="id3B4FEE76" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="socks" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1080" dst_range_end="1080"/>
-        <TCPService id="id3D703C87" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sqlnet1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1521" dst_range_end="1521"/>
-        <TCPService id="id3B4FF09A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
-        <TCPService id="tcp-SSH" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
-        <TCPService id="id3AEDBE00" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
-        <TCPService id="tcp-TCP-SYN" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp-syn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="tcp-Telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="telnet" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
-        <TCPService id="tcp-uucp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="uucp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
-        <TCPService id="id3CB131C6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="winterm" comment="Windows Terminal Services" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3389" dst_range_end="3389"/>
-        <TCPService id="id3B4FF1B8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7100" dst_range_end="7100"/>
-        <TCPService id="id3C685B2B" ack_flag="True" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan - full" comment="This service object matches TCP packet with all six flags set." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id4127E949" ack_flag="False" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="False" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan" comment="This service object matches TCP packet with flags FIN, PSH and URG set and other flags cleared. This is a  &quot;christmas scan&quot; as defined in snort rules. Nmap can generate this scan, too." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id4127EA72" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
-        <TCPService id="id4127EBAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="distcc" comment="distributed compiler" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3632" dst_range_end="3632"/>
-        <TCPService id="id4127ECF1" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvspserver" comment="CVS client/server operations" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2401" dst_range_end="2401"/>
-        <TCPService id="id4127ECF2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvsup" comment="CVSup file transfer/John Polstra/FreeBSD" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5999" dst_range_end="5999"/>
-        <TCPService id="id4127ED5E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="afp" comment="AFP (Apple file sharing) over TCP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="548" dst_range_end="548"/>
-        <TCPService id="id4127EDF6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="whois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="43" dst_range_end="43"/>
-        <TCPService id="id4127F04F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="bgp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="179" dst_range_end="179"/>
-        <TCPService id="id4127F146" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius" comment="Radius protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1812" dst_range_end="1812"/>
-        <TCPService id="id4127F147" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius acct" comment="Radius Accounting" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1813" dst_range_end="1813"/>
-        <TCPService id="id41291784" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5000" dst_range_end="5000"/>
-        <TCPService id="id41291785" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp-5431" comment="Although UPnP specification say it should use TCP port 5000, Linksys running Sveasoft firmware listens on port 5431" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5431" dst_range_end="5431"/>
-        <TCPService id="id41291787" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-0" comment="Java VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5800" dst_range_end="5800"/>
-        <TCPService id="id41291788" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-0" comment="Regular VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5900" dst_range_end="5900"/>
-        <TCPService id="id41291887" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-1" comment="Java VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5801" dst_range_end="5801"/>
-        <TCPService id="id41291888" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-1" comment="Regular VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5901" dst_range_end="5901"/>
-        <TCPService id="id463FE5FE11008" ack_flag="False" ack_flag_mask="False" established="True" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP established" comment="Some firewall platforms can match TCP packets with flags ACK or RST set; the option is usually called &quot;established&quot;.&#10;&#10;Note that you can use this object only in the policy rules of the firewall that supports this option.&#10;&#10;If you need to match reply packets for a specific TCP service and wish to use option &quot;established&quot;, make a copy of this object and set source port range to match the service.&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id1577X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtmp" comment="Real Time Messaging Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1935" dst_range_end="1935"/>
-        <TCPService id="id1590X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client" comment="Extensible Messaging and Presence Protocol (XMPP)   RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5222" dst_range_end="5222"/>
-        <TCPService id="id1609X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server" comment="Extensible Messaging and Presence Protocol (XMPP)   RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5269" dst_range_end="5269"/>
-        <TCPService id="id1622X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client-ssl" comment="Extensible Messaging and Presence Protocol (XMPP)   RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5223" dst_range_end="5223"/>
-        <TCPService id="id1631X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server-ssl" comment="Extensible Messaging and Presence Protocol (XMPP)   RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5270" dst_range_end="5270"/>
-        <TCPService id="id1644X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nrpe" comment="NRPE add-on for Nagios  http://www.nagios.org/&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5666" dst_range_end="5666"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid08" name="UDP" comment="" ro="False">
-        <UDPService id="udp-ALL_UDP_Masqueraded" name="ALL UDP Masqueraded" comment="ipchains used to use this port range for masqueraded packets" ro="False" src_range_start="61000" src_range_end="65095" dst_range_start="0" dst_range_end="0"/>
-        <UDPService id="udp-All_UDP" name="All UDP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
-        <UDPService id="id3D703C96" name="ICQ" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4000"/>
-        <UDPService id="id3CB129D2" name="IKE" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="500" dst_range_end="500"/>
-        <UDPService id="id3CB131CA" name="PCAnywhere-status" comment="status channel for PCAnywhere v7.52 and later" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5632" dst_range_end="5632"/>
-        <UDPService id="id3AED0D6B" name="RIP" comment="routing protocol RIP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="520" dst_range_end="520"/>
-        <UDPService id="id3D703C8C" name="Radius" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1645" dst_range_end="1645"/>
-        <UDPService id="id3D703C85" name="UDP high ports" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
-        <UDPService id="id3D703C86" name="Who" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
-        <UDPService id="id3B4FEDA1" name="afs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7000" dst_range_end="7009"/>
-        <UDPService id="udp-bootpc" name="bootpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
-        <UDPService id="udp-bootps" name="bootps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="67" dst_range_end="67"/>
-        <UDPService id="id3AEDBE70" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
-        <UDPService id="udp-DNS" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
-        <UDPService id="id3D703C8A" name="interphone" comment="VocalTec Internet Phone" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22555" dst_range_end="22555"/>
-        <UDPService id="id3B4FEDA5" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
-        <UDPService id="id3B4FEDA9" name="kerberos-adm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="749" dst_range_end="750"/>
-        <UDPService id="id3B4FEDA7" name="kpasswd" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="464" dst_range_end="464"/>
-        <UDPService id="id3B4FEDAB" name="krb524" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4444" dst_range_end="4444"/>
-        <UDPService id="id3F865B0D" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
-        <UDPService id="udp-netbios-dgm" name="netbios-dgm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="138" dst_range_end="138"/>
-        <UDPService id="udp-netbios-ns" name="netbios-ns" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="137" dst_range_end="137"/>
-        <UDPService id="udp-netbios-ssn" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
-        <UDPService id="id3B4FEE78" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
-        <UDPService id="udp-ntp" name="ntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="123" dst_range_end="123"/>
-        <UDPService id="id3B4FEF7E" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
-        <UDPService id="id3D703C88" name="secureid-udp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="1024"/>
-        <UDPService id="udp-SNMP" name="snmp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
-        <UDPService id="id3AED0D69" name="snmp-trap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="162" dst_range_end="162"/>
-        <UDPService id="id3AEDBE19" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
-        <UDPService id="id3AECF780" name="syslog" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
-        <UDPService id="id3AED0D67" name="tftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="69" dst_range_end="69"/>
-        <UDPService id="id3AED0D8C" name="traceroute" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="33434" dst_range_end="33524"/>
-        <UDPService id="id4127EA73" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
-        <UDPService id="id41291783" name="SSDP" comment="Simple Service Discovery Protocol (used for UPnP)" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1900" dst_range_end="1900"/>
-        <UDPService id="id41291883" name="OpenVPN" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1194" dst_range_end="1194"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
-        <CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
-          <CustomServiceCommand platform="Undefined"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipf"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfw"></CustomServiceCommand>
-          <CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
-          <CustomServiceCommand platform="pf"></CustomServiceCommand>
-          <CustomServiceCommand platform="pix"></CustomServiceCommand>
-          <CustomServiceCommand platform="unknown"></CustomServiceCommand>
-        </CustomService>
-        <CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC.&#10;Works on iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/&#10;" ro="False" protocol="any" address_family="ipv4">
-          <CustomServiceCommand platform="Undefined"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipf"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfw"></CustomServiceCommand>
-          <CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
-          <CustomServiceCommand platform="pf"></CustomServiceCommand>
-          <CustomServiceCommand platform="pix"></CustomServiceCommand>
-          <CustomServiceCommand platform="unknown"></CustomServiceCommand>
-        </CustomService>
-        <CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and  requires patch-o-matic &#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
-          <CustomServiceCommand platform="Undefined"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipf"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfw"></CustomServiceCommand>
-          <CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
-          <CustomServiceCommand platform="pf"></CustomServiceCommand>
-          <CustomServiceCommand platform="pix"></CustomServiceCommand>
-          <CustomServiceCommand platform="unknown"></CustomServiceCommand>
-        </CustomService>
-        <CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
-          <CustomServiceCommand platform="Undefined"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipf"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfw"></CustomServiceCommand>
-          <CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
-          <CustomServiceCommand platform="pf"></CustomServiceCommand>
-          <CustomServiceCommand platform="pix"></CustomServiceCommand>
-          <CustomServiceCommand platform="unknown"></CustomServiceCommand>
-        </CustomService>
-        <CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
-          <CustomServiceCommand platform="Undefined"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipf"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfw"></CustomServiceCommand>
-          <CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
-          <CustomServiceCommand platform="pf"></CustomServiceCommand>
-          <CustomServiceCommand platform="pix"></CustomServiceCommand>
-          <CustomServiceCommand platform="unknown"></CustomServiceCommand>
-        </CustomService>
-      </ServiceGroup>
-      <ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
-      <ServiceGroup id="stdid20" name="UserServices" comment="" ro="False"/>
-    </ServiceGroup>
-    <ObjectGroup id="stdid12" name="Firewalls" comment="" ro="False"/>
-    <ObjectGroup id="stdid21" name="Clusters" comment="" ro="False"/>
-    <IntervalGroup id="stdid11" name="Time" comment="" ro="False">
-      <Interval id="int-workhours" days_of_week="1,2,3,4,5" from_day="-1" from_hour="9" from_minute="0" from_month="-1" from_weekday="1" from_year="-1" to_day="-1" to_hour="17" to_minute="0" to_month="-1" to_weekday="5" to_year="-1" name="workhours" comment="any day, 9:00am through 5:00pm" ro="False"/>
-      <Interval id="int-weekends" days_of_week="6,0" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1" name="weekends" comment="weekends: Saturday 0:00 through Sunday 23:59 " ro="False"/>
-      <Interval id="int-afterhours" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="18" from_minute="0" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="-1" to_year="-1" name="afterhours" comment="any day 6:00pm - 12:00am" ro="False"/>
-      <Interval id="id3C63479C" days_of_week="6" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="6" to_year="-1" name="Sat" comment="" ro="False"/>
-      <Interval id="id3C63479E" days_of_week="0" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="0" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1" name="Sun" comment="" ro="False"/>
-    </IntervalGroup>
-  </Library>
-  <Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
-</FWObjectDatabase>
--- a/src/res/templates.xml
+++ b/src/res/templates.xml