onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 02:37:16 +01:00
Code Issues Releases Wiki Activity

merge -r62:HEAD from branch inet-addr-changes

Browse Source
This commit is contained in:
Vadim Kurland 2008-04-26 19:13:45 +00:00
parent 907e272926
commit f5cebe98e2
44 changed files with 754 additions and 647 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/cisco_lib/Helper.cpp
View File

@ -167,7 +167,9 @@ string Helper::findInterfaceByNetzone(const InetAddr &addr) throw(string)
res_id=findInterfaceByAddress( addr ); res_id=findInterfaceByAddress( addr );
if (res_id.empty()) if (res_id.empty())
throw( string("Can not find interface with network zone that includes address ") + addr.toString()); throw(
string("Can not find interface with network zone that includes "
"address ") + addr.toString());
return res_id; return res_id;
} }
@ -201,7 +203,11 @@ list<string> Helper::findInterfaceByNetzoneOrAll(RuleElement *re)
if (a==NULL) if (a==NULL)
{ {
Rule *rule = Rule::cast(re->getParent()); Rule *rule = Rule::cast(re->getParent());
compiler->abort(string("findInterfaceByNetzoneOrAll failed to retrieve first object from the rule element; is argument not of the type RuleElementSrc or RuleElementDst ? Rule ") + rule->getLabel()); compiler->abort(
string("findInterfaceByNetzoneOrAll failed to retrieve first "
"object from the rule element; is argument not of "
"the type RuleElementSrc or RuleElementDst ? Rule ") +
rule->getLabel());
} }
try try
{ {
@ -220,7 +226,8 @@ list<string> Helper::findInterfaceByNetzoneOrAll(RuleElement *re)
if (supports_network_zones) compiler->warning(err); if (supports_network_zones) compiler->warning(err);
FWObjectTypedChildIterator i = compiler->fw->findByType(Interface::TYPENAME); FWObjectTypedChildIterator i = compiler->fw->findByType(
Interface::TYPENAME);
for ( ; i!=i.end(); ++i) for ( ; i!=i.end(); ++i)
{ {
Interface *ifs = Interface::cast(*i); Interface *ifs = Interface::cast(*i);

9
src/cisco_lib/PolicyCompiler_cisco.cpp
View File

@ -112,9 +112,12 @@ void PolicyCompiler_cisco::addDefaultPolicyRule()
dbcopy->add(ssh,false); dbcopy->add(ssh,false);
cacheObj(ssh); // to keep cache consistent cacheObj(ssh); // to keep cache consistent
Network *mgmt_workstation = Network::cast(dbcopy->create(Network::TYPENAME)); Network *mgmt_workstation = Network::cast(
*mgmt_workstation = getCachedFwOpt()->getStr("mgmt_addr"); dbcopy->create(Network::TYPENAME));
dbcopy->add(mgmt_workstation,false); mgmt_workstation->setAddressNetmask(
getCachedFwOpt()->getStr("mgmt_addr"));
dbcopy->add(mgmt_workstation, false);
cacheObj(mgmt_workstation); // to keep cache consistent cacheObj(mgmt_workstation); // to keep cache consistent
r= PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) ); r= PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) );

2
src/fwbedit/fwbedit.cpp
View File

@ -724,7 +724,7 @@ int main(int argc, char * const *argv)
Network *o=Network::cast(nobj); Network *o=Network::cast(nobj);
o->setName(name); o->setName(name);
o->setAddress(InetAddr(addr1)); o->setAddress(InetAddr(addr1));
o->setNetmask(InetNetmask(addr2)); o->setNetmask(InetAddr(addr2));
} }
else if (objtype==Firewall::TYPENAME) else if (objtype==Firewall::TYPENAME)
{ {

426
src/gui/DiscoveryDruid.cpp
View File

@ -1,4 +1,4 @@
/* /*
Firewall Builder Firewall Builder
@ -18,14 +18,12 @@
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
#include "fwbuilder_ph.h"
#include "config.h" #include "config.h"
#include "global.h" #include "global.h"
#include "utils.h" #include "utils.h"
@ -51,7 +49,7 @@
#include <qhostaddress.h> #include <qhostaddress.h>
#include <qhostinfo.h> #include <qhostinfo.h>
#include <qgroupbox.h> #include <qgroupbox.h>
#include <qmessagebox.h> #include <qmessagebox.h>
#include "DiscoveryDruid.h" #include "DiscoveryDruid.h"
@ -86,14 +84,14 @@ DiscoveryDruid::DiscoveryDruid(QWidget *parent, bool start_with_import) :
{ {
m_dialog = new Ui::DiscoveryDruid_q; m_dialog = new Ui::DiscoveryDruid_q;
m_dialog->setupUi(this); m_dialog->setupUi(this);
setControlWidgets(this, m_dialog->stackedWidget, setControlWidgets(this, m_dialog->stackedWidget,
m_dialog->nextButton, m_dialog->nextButton,
m_dialog->finishButton, m_dialog->finishButton,
m_dialog->backButton, m_dialog->backButton,
m_dialog->cancelButton, m_dialog->cancelButton,
m_dialog->titleLabel); m_dialog->titleLabel);
dm_method = new QButtonGroup; dm_method = new QButtonGroup;
dm_method->addButton(m_dialog->dm_fromfile,0); dm_method->addButton(m_dialog->dm_fromfile,0);
dm_method->addButton(m_dialog->dm_importdns,1); dm_method->addButton(m_dialog->dm_importdns,1);
@ -105,26 +103,26 @@ DiscoveryDruid::DiscoveryDruid(QWidget *parent, bool start_with_import) :
connect(m_dialog->dnscustom, SIGNAL( clicked(bool) ), this, SLOT( changedNameServer() ) ); connect(m_dialog->dnscustom, SIGNAL( clicked(bool) ), this, SLOT( changedNameServer() ) );
connect(m_dialog->nameserverlist, SIGNAL( editTextChanged(QString) ), this, SLOT( changedNameServer() ) ); connect(m_dialog->nameserverlist, SIGNAL( editTextChanged(QString) ), this, SLOT( changedNameServer() ) );
connect(m_dialog->nameserverline, SIGNAL( textChanged(QString) ), this, SLOT( changedNameServer() ) ); connect(m_dialog->nameserverline, SIGNAL( textChanged(QString) ), this, SLOT( changedNameServer() ) );
thread=NULL; thread=NULL;
timer=new QTimer(this); timer=new QTimer(this);
prg_timer=new QTimer(this); prg_timer=new QTimer(this);
unBar=NULL; unBar=NULL;
unProg=0; unProg=0;
connect(prg_timer,SIGNAL(timeout()),this,SLOT(updatePrg())); connect(prg_timer,SIGNAL(timeout()),this,SLOT(updatePrg()));
setDiscoveryMethod_file(); setDiscoveryMethod_file();
flt_obj = new Filter(); flt_obj = new Filter();
flt_obj_d = new FilterDialog(this); flt_obj_d = new FilterDialog(this);
flt_obj_d->setFilter(flt_obj); flt_obj_d->setFilter(flt_obj);
flt_last = new Filter(); flt_last = new Filter();
flt_last_d = new FilterDialog(this); flt_last_d = new FilterDialog(this);
flt_last_d->setFilter(flt_last); flt_last_d->setFilter(flt_last);
flt_net = new Filter(); flt_net = new Filter();
flt_net_d = new FilterDialog(this); flt_net_d = new FilterDialog(this);
flt_net_d->setFilter(flt_net); flt_net_d->setFilter(flt_net);
@ -140,7 +138,7 @@ DiscoveryDruid::DiscoveryDruid(QWidget *parent, bool start_with_import) :
m_dialog->dm_importdns->hide(); m_dialog->dm_importdns->hide();
m_dialog->snmpdnsparameters->hide(); m_dialog->snmpdnsparameters->hide();
#endif #endif
#ifndef HAVE_LIBSNMP #ifndef HAVE_LIBSNMP
m_dialog->dm_usesnmp->setEnabled(false); m_dialog->dm_usesnmp->setEnabled(false);
#endif #endif
@ -195,14 +193,14 @@ void DiscoveryDruid::cancelClicked()
DiscoveryDruid::~DiscoveryDruid() DiscoveryDruid::~DiscoveryDruid()
{ {
save(); save();
delete flt_obj; delete flt_obj;
delete flt_last; delete flt_last;
delete flt_net; delete flt_net;
delete flt_obj_d; delete flt_obj_d;
delete flt_last_d; delete flt_last_d;
delete flt_net_d; delete flt_net_d;
delete m_dialog; delete m_dialog;
delete dm_method; delete dm_method;
} }
@ -355,7 +353,7 @@ void DiscoveryDruid::dnsFinish(QHostInfo host)
QList<QHostAddress> list = host.addresses(); QList<QHostAddress> list = host.addresses();
unBar->hide(); unBar->hide();
if (userIsTyping) if (userIsTyping)
{ {
//abandon the test result //abandon the test result
@ -376,7 +374,7 @@ void DiscoveryDruid::dnsFinish(QHostInfo host)
QPalette palette = errMessage->palette(); QPalette palette = errMessage->palette();
palette.setColor(errMessage->foregroundRole(), Qt::darkRed); palette.setColor(errMessage->foregroundRole(), Qt::darkRed);
errMessage->setPalette(palette); errMessage->setPalette(palette);
errMessage->setText( "host name not found"); errMessage->setText( "host name not found");
isSeedHostOK=false; isSeedHostOK=false;
} }
@ -385,22 +383,22 @@ void DiscoveryDruid::dnsFinish(QHostInfo host)
QPalette palette = errMessage->palette(); QPalette palette = errMessage->palette();
palette.setColor(errMessage->foregroundRole(), Qt::darkGreen); palette.setColor(errMessage->foregroundRole(), Qt::darkGreen);
errMessage->setPalette(palette); errMessage->setPalette(palette);
errMessage->setText( "host name verified"); errMessage->setText( "host name verified");
isSeedHostOK=true; isSeedHostOK=true;
} }
nextButton->setEnabled(isSNMPInclNetOK && isSeedHostOK); nextButton->setEnabled(isSNMPInclNetOK && isSeedHostOK);
} }
} }
void DiscoveryDruid::changedSelected( const int &page ) void DiscoveryDruid::changedSelected( const int &page )
{ {
switch (page) switch (page)
{ {
case 1: // Reading file in hosts format case 1: // Reading file in hosts format
{ {
setNextEnabled(page,false); setNextEnabled(page,false);
changedHostsFileName(); changedHostsFileName();
@ -444,7 +442,7 @@ void DiscoveryDruid::changedSelected( const int &page )
isSeedHostOK=false; isSeedHostOK=false;
isSNMPInclNetOK=false; isSNMPInclNetOK=false;
changedSeedHost(); changedSeedHost();
changedInclNet(); changedInclNet();
m_dialog->seedhostname->setFocus(); m_dialog->seedhostname->setFocus();
@ -499,7 +497,7 @@ void DiscoveryDruid::changedSelected( const int &page )
{ {
if (Networks.size()==0) if (Networks.size()==0)
setBackEnabled(page,false); setBackEnabled(page,false);
fillListOfObjects(); fillListOfObjects();
fillObjects(); fillObjects();
nextButton->setEnabled(m_dialog->objectlist->count ()>0 || m_dialog->networklist->count()>0); nextButton->setEnabled(m_dialog->objectlist->count ()>0 || m_dialog->networklist->count()>0);
@ -527,9 +525,9 @@ void DiscoveryDruid::changedSelected( const int &page )
finishButton->setFocus(); finishButton->setFocus();
break; break;
} }
default : {} default : {}
} }
FromPage=page; FromPage=page;
} }
@ -576,18 +574,18 @@ void DiscoveryDruid::browseHostsFile()
dir=st->getWDir(); dir=st->getWDir();
if (dir.isEmpty()) dir=st->getOpenFileDir(); if (dir.isEmpty()) dir=st->getOpenFileDir();
if (dir.isEmpty()) dir="~"; if (dir.isEmpty()) dir="~";
QString s = QFileDialog::getOpenFileName( QString s = QFileDialog::getOpenFileName(
this, this,
"Choose a file", "Choose a file",
dir, dir,
"All files (*.*)"); "All files (*.*)");
if (!s.isEmpty()) if (!s.isEmpty())
{ {
m_dialog->filename->setText(s); m_dialog->filename->setText(s);
} }
} }
void DiscoveryDruid::browseForImport() void DiscoveryDruid::browseForImport()
@ -596,18 +594,18 @@ void DiscoveryDruid::browseForImport()
dir=st->getWDir(); dir=st->getWDir();
if (dir.isEmpty()) dir=st->getOpenFileDir(); if (dir.isEmpty()) dir=st->getOpenFileDir();
if (dir.isEmpty()) dir="~"; if (dir.isEmpty()) dir="~";
QString s = QFileDialog::getOpenFileName( QString s = QFileDialog::getOpenFileName(
this, this,
"Choose a file", "Choose a file",
dir, dir,
"All files (*.*)"); "All files (*.*)");
if (!s.isEmpty()) if (!s.isEmpty())
{ {
m_dialog->import_filename->setText(s); m_dialog->import_filename->setText(s);
} }
} }
void DiscoveryDruid::updatePrg() void DiscoveryDruid::updatePrg()
@ -616,7 +614,7 @@ void DiscoveryDruid::updatePrg()
{ {
unBar->setValue(unProg++); unBar->setValue(unProg++);
} }
} }
void DiscoveryDruid::getNameServers() void DiscoveryDruid::getNameServers()
@ -626,14 +624,14 @@ void DiscoveryDruid::getNameServers()
string domain_name=m_dialog->domainname->text().toLatin1().constData(); string domain_name=m_dialog->domainname->text().toLatin1().constData();
DNS_getNS_query *dns=new DNS_getNS_query(domain_name); DNS_getNS_query *dns=new DNS_getNS_query(domain_name);
int n; int n;
try try
{ {
NullLogger nl; NullLogger nl;
SyncFlag stop_program(false); SyncFlag stop_program(false);
ns_records=dns->getNS(domain_name, &nl, &stop_program); ns_records=dns->getNS(domain_name, &nl, &stop_program);
m_dialog->dnsfromlist->setChecked(true); m_dialog->dnsfromlist->setChecked(true);
} catch (FWException &ex) } catch (FWException &ex)
{ {
//string(_("Could not find name servers for the domain: '"))+ //string(_("Could not find name servers for the domain: '"))+
//domain_name+"' ", ex.toString(), this); //domain_name+"' ", ex.toString(), this);
@ -646,14 +644,14 @@ void DiscoveryDruid::getNameServers()
multimap<string,InetAddr>::iterator i; multimap<string,InetAddr>::iterator i;
m_dialog->nameserverlist->clear(); m_dialog->nameserverlist->clear();
NameServers.clear(); NameServers.clear();
for (n=0,i=ns_records.begin(); i!=ns_records.end(); ++n,++i) for (n=0,i=ns_records.begin(); i!=ns_records.end(); ++n,++i)
{ {
string s = (*i).first + " (" + ((*i).second).toString() + ")"; string s = (*i).first + " (" + ((*i).second).toString() + ")";
QString qs = s.c_str(); QString qs = s.c_str();
m_dialog->nameserverlist->addItem(qs); m_dialog->nameserverlist->addItem(qs);
InetAddr *na=new InetAddr( (*i).second ); InetAddr *na=new InetAddr( (*i).second );
NameServers[qs] = *na; NameServers[qs] = *na;
} }
@ -686,7 +684,7 @@ void DiscoveryDruid::setDiscoveryMethod_SNMP()
for (int i=0;i<WIZARD_PAGES;i++) for (int i=0;i<WIZARD_PAGES;i++)
{ {
setAppropriate( i, WIZARD_SNMP_PAGES[i]); setAppropriate( i, WIZARD_SNMP_PAGES[i]);
} }
} }
void DiscoveryDruid::setDiscoveryMethod_Import() void DiscoveryDruid::setDiscoveryMethod_Import()
@ -696,7 +694,7 @@ void DiscoveryDruid::setDiscoveryMethod_Import()
for (int i=0;i<WIZARD_PAGES;i++) for (int i=0;i<WIZARD_PAGES;i++)
{ {
setAppropriate( i, WIZARD_IMPORT_PAGES[i]); setAppropriate( i, WIZARD_IMPORT_PAGES[i]);
} }
} }
@ -707,17 +705,17 @@ void DiscoveryDruid::changedDiscoveryMethod(int c)
switch (c) switch (c)
{ {
case 0: case 0:
{ {
setDiscoveryMethod_file(); setDiscoveryMethod_file();
break; break;
} }
case 1: case 1:
{ {
setDiscoveryMethod_DNS(); setDiscoveryMethod_DNS();
break; break;
} }
case 2: case 2:
{ {
setDiscoveryMethod_SNMP(); setDiscoveryMethod_SNMP();
break; break;
@ -738,14 +736,14 @@ void DiscoveryDruid::saveScanLog()
dir=st->getWDir(); dir=st->getWDir();
if (dir.isEmpty()) dir=st->getOpenFileDir(); if (dir.isEmpty()) dir=st->getOpenFileDir();
if (dir.isEmpty()) dir="~"; if (dir.isEmpty()) dir="~";
QString s = QFileDialog::getSaveFileName( QString s = QFileDialog::getSaveFileName(
this, this,
"Choose a file", "Choose a file",
dir, dir,
"Text file (*.txt)"); "Text file (*.txt)");
if (!s.isEmpty()) if (!s.isEmpty())
{ {
if (s.endsWith(".txt")) if (s.endsWith(".txt"))
@ -769,16 +767,16 @@ void DiscoveryDruid::saveScanLog()
qDebug("--------------------------------"); qDebug("--------------------------------");
f.close(); f.close();
} }
} }
} }
void DiscoveryDruid::startHostsScan() void DiscoveryDruid::startHostsScan()
{ {
if (thread!=NULL) if (thread!=NULL)
{ {
delete thread; delete thread;
} }
thread = new HostsFileImport(m_dialog->filename->text()); thread = new HostsFileImport(m_dialog->filename->text());
thread->setTargetWidget(this); thread->setTargetWidget(this);
thread->start(); thread->start();
@ -813,7 +811,7 @@ void DiscoveryDruid::startConfigImport()
m_dialog->discoveryprogress->setMaximum(line_count); m_dialog->discoveryprogress->setMaximum(line_count);
// need to pick right platform string based on // need to pick right platform string based on
// m_dialog->import_platform->currentItem() // m_dialog->import_platform->currentItem()
string platform = ""; string platform = "";
switch (m_dialog->import_platform->currentIndex()) switch (m_dialog->import_platform->currentIndex())
{ {
@ -839,21 +837,21 @@ void DiscoveryDruid::startConfigImport()
InetAddr DiscoveryDruid::getNS() InetAddr DiscoveryDruid::getNS()
{ {
string ns; string ns;
if (m_dialog->dnscustom->isChecked()) if (m_dialog->dnscustom->isChecked())
{ {
ns=m_dialog->nameserverline->text().toLatin1().constData(); ns=m_dialog->nameserverline->text().toLatin1().constData();
try try
{ {
return InetAddr(ns); return InetAddr(ns);
} catch (FWException &ex) } catch (FWException &ex)
{ {
/* perhaps not address but host name */ /* perhaps not address but host name */
list<InetAddr> addr; list<InetAddr> addr;
try try
{ {
addr=DNS::getHostByName(ns); addr=DNS::getHostByName(ns);
} catch (FWException &ex) } catch (FWException &ex)
{ {
return InetAddr(); return InetAddr();
} }
@ -869,7 +867,7 @@ void DiscoveryDruid::startDNSScan()
{ {
InetAddr ns=getNS(); InetAddr ns=getNS();
string domain_name=m_dialog->domainname->text().toLatin1().constData(); string domain_name=m_dialog->domainname->text().toLatin1().constData();
DNS_findA_query *q=new DNS_findA_query(); DNS_findA_query *q=new DNS_findA_query();
q->init( q->init(
domain_name, ns, domain_name, ns,
@ -877,13 +875,13 @@ void DiscoveryDruid::startDNSScan()
m_dialog->dnstimeout->value() m_dialog->dnstimeout->value()
); );
bop=q; bop=q;
m_dialog->discoveryprogress->setMaximum(0); m_dialog->discoveryprogress->setMaximum(0);
unBar=m_dialog->discoveryprogress; unBar=m_dialog->discoveryprogress;
try try
{ {
logger=bop->start_operation(); logger=bop->start_operation();
m_dialog->discoverylog->append("Reading DNS zone ..."); m_dialog->discoverylog->append("Reading DNS zone ...");
} catch(const FWException &ex) } catch(const FWException &ex)
@ -903,11 +901,11 @@ InetAddr DiscoveryDruid::getSeedHostAddress()
{ {
seed_host_addr=InetAddr(m_dialog->seedhostname->text().toLatin1().constData()); seed_host_addr=InetAddr(m_dialog->seedhostname->text().toLatin1().constData());
return seed_host_addr; return seed_host_addr;
} catch(const FWException &ex) } catch(const FWException &ex)
{ {
} }
try try
{ {
QString a = getAddrByName( m_dialog->seedhostname->text() ); QString a = getAddrByName( m_dialog->seedhostname->text() );
return InetAddr( a.toLatin1().constData() ); return InetAddr( a.toLatin1().constData() );
@ -916,16 +914,16 @@ InetAddr DiscoveryDruid::getSeedHostAddress()
seed_host_addr = v.front(); seed_host_addr = v.front();
return seed_host_addr; return seed_host_addr;
#endif #endif
} catch(const FWException &ex) } catch(const FWException &ex)
{ {
} }
} }
return seed_host_addr; return seed_host_addr;
} }
void DiscoveryDruid::startSNMPScan() void DiscoveryDruid::startSNMPScan()
{ {
#ifdef HAVE_LIBSNMP #ifdef HAVE_LIBSNMP
bool use_incl=!m_dialog->snmpinaddr->text().isEmpty() && !m_dialog->snmpinmask->text().isEmpty(); bool use_incl=!m_dialog->snmpinaddr->text().isEmpty() && !m_dialog->snmpinmask->text().isEmpty();
@ -934,9 +932,9 @@ void DiscoveryDruid::startSNMPScan()
try try
{ {
InetAddrMask in( InetAddrMask in(
InetAddr(m_dialog->snmpinaddr->text().toLatin1().constData()), InetAddr(m_dialog->snmpinaddr->text().toLatin1().constData()),
InetNetmask(m_dialog->snmpinmask->text().toLatin1().constData()) InetAddr(m_dialog->snmpinmask->text().toLatin1().constData())
); );
include_networks.push_back(in); include_networks.push_back(in);
} }
catch (const FWException &ex) catch (const FWException &ex)
@ -957,26 +955,26 @@ void DiscoveryDruid::startSNMPScan()
0, 0,
0, 0,
(use_incl) ? &include_networks : NULL); (use_incl) ? &include_networks : NULL);
m_dialog->discoveryprogress->setMaximum(0); m_dialog->discoveryprogress->setMaximum(0);
unBar=m_dialog->discoveryprogress; unBar=m_dialog->discoveryprogress;
bop=q; bop=q;
try try
{ {
logger=bop->start_operation(); logger=bop->start_operation();
m_dialog->discoverylog->append("Collecting data ..."); m_dialog->discoverylog->append("Collecting data ...");
} catch(const FWException &ex) } catch(const FWException &ex)
{ {
delete q; delete q;
q=NULL; q=NULL;
} }
#endif #endif
} }
void DiscoveryDruid::changedDomainName() void DiscoveryDruid::changedDomainName()
{ {
if (m_dialog->domainname->text().isEmpty()) if (m_dialog->domainname->text().isEmpty())
@ -999,26 +997,26 @@ void DiscoveryDruid::changedNameServer()
nextButton->setEnabled(false); nextButton->setEnabled(false);
QString s=m_dialog->nameserverline->text(); QString s=m_dialog->nameserverline->text();
HostName=s; HostName=s;
if (s.isEmpty()) if (s.isEmpty())
{ {
timer->stop(); timer->stop();
m_dialog->DNSprogress_2->hide(); m_dialog->DNSprogress_2->hide();
QPalette palette = m_dialog->nameserver_error->palette(); QPalette palette = m_dialog->nameserver_error->palette();
palette.setColor(m_dialog->nameserver_error->foregroundRole(), Qt::darkRed); palette.setColor(m_dialog->nameserver_error->foregroundRole(), Qt::darkRed);
m_dialog->nameserver_error->setPalette(palette); m_dialog->nameserver_error->setPalette(palette);
m_dialog->nameserver_error->setText("Enter valid host name or address."); m_dialog->nameserver_error->setText("Enter valid host name or address.");
nextButton->setEnabled(false); nextButton->setEnabled(false);
return; return;
} }
if(isInetAddr(s)) if(isInetAddr(s))
{ {
timer->stop(); timer->stop();
m_dialog->DNSprogress_2->hide(); m_dialog->DNSprogress_2->hide();
QString rs=testInetAddr(s); QString rs=testInetAddr(s);
if (rs.isEmpty()) if (rs.isEmpty())
{ {
@ -1044,13 +1042,13 @@ void DiscoveryDruid::changedNameServer()
timer->start(1000); timer->start(1000);
errMessage=m_dialog->nameserver_error; errMessage=m_dialog->nameserver_error;
userIsTyping=false; userIsTyping=false;
QPalette palette = errMessage->palette(); QPalette palette = errMessage->palette();
palette.setColor(errMessage->foregroundRole(), Qt::black); palette.setColor(errMessage->foregroundRole(), Qt::black);
errMessage->setPalette(palette); errMessage->setPalette(palette);
errMessage->setText("DNS resolution in progress..."); errMessage->setText("DNS resolution in progress...");
unProg = 0; unProg = 0;
} }
} }
@ -1086,7 +1084,7 @@ QString DiscoveryDruid::testInetAddr(const QString s)
try try
{ {
InetAddr(s.toLatin1().constData()); InetAddr(s.toLatin1().constData());
} catch(const FWException &ex) } catch(const FWException &ex)
{ {
res=ex.toString().c_str(); res=ex.toString().c_str();
} }
@ -1111,12 +1109,12 @@ void DiscoveryDruid::changedHostsFileName()
setNextEnabled(currentPage(),false); setNextEnabled(currentPage(),false);
} }
} }
void DiscoveryDruid::changedSNMPOptions() void DiscoveryDruid::changedSNMPOptions()
{ {
} }
void DiscoveryDruid::stopBackgroundProcess() void DiscoveryDruid::stopBackgroundProcess()
{ {
if (fwbdebug) if (fwbdebug)
@ -1126,16 +1124,16 @@ void DiscoveryDruid::stopBackgroundProcess()
if (bop!=NULL && bop->isRunning()) if (bop!=NULL && bop->isRunning())
{ {
m_dialog->discoverylog->append("Terminating task. Please wait..."); m_dialog->discoverylog->append("Terminating task. Please wait...");
bop->stop_operation(); bop->stop_operation();
m_dialog->discoveryStopButton->setEnabled(false); m_dialog->discoveryStopButton->setEnabled(false);
} }
} }
void DiscoveryDruid::addNetwork() void DiscoveryDruid::addNetwork()
{ {
int count = m_dialog->networkresultlist->count(); int count = m_dialog->networkresultlist->count();
int upd_max=(count > 10)?count/10:1; int upd_max=(count > 10)?count/10:1;
int updc=upd_max; int updc=upd_max;
@ -1144,23 +1142,23 @@ void DiscoveryDruid::addNetwork()
QListWidgetItem* item=(QListWidgetItem*)m_dialog->networkresultlist->item(0); QListWidgetItem* item=(QListWidgetItem*)m_dialog->networkresultlist->item(0);
int i = 0; int i = 0;
while (item) while (item)
{ {
if (item->isSelected()) if (item->isSelected())
{ {
QString k=item->text(); QString k=item->text();
if (!Networks[k].isSelected) if (!Networks[k].isSelected)
{ {
Networks[k].isSelected=true; Networks[k].isSelected=true;
m_dialog->networklist->addItem(item->text()); m_dialog->networklist->addItem(item->text());
} }
} }
i++; i++;
item=(QListWidgetItem*)m_dialog->networkresultlist->item(i); item=(QListWidgetItem*)m_dialog->networkresultlist->item(i);
if (updc--<=0) if (updc--<=0)
{ {
pd.setValue(t); pd.setValue(t);
@ -1168,7 +1166,7 @@ void DiscoveryDruid::addNetwork()
if (pd.wasCanceled()) if (pd.wasCanceled())
{ {
break; break;
} }
updc=upd_max; updc=upd_max;
} }
@ -1177,12 +1175,12 @@ void DiscoveryDruid::addNetwork()
nextButton->setEnabled(m_dialog->networklist->count ()>0 || Objects.size()>0); nextButton->setEnabled(m_dialog->networklist->count ()>0 || Objects.size()>0);
} }
void DiscoveryDruid::removeNetwork() void DiscoveryDruid::removeNetwork()
{ {
QListWidgetItem* item1=m_dialog->networklist->item(0); QListWidgetItem* item1=m_dialog->networklist->item(0);
QListWidgetItem* item2; QListWidgetItem* item2;
while (item1!=0) while (item1!=0)
{ {
item2=m_dialog->networklist->item( item2=m_dialog->networklist->item(
@ -1196,19 +1194,19 @@ void DiscoveryDruid::removeNetwork()
} }
nextButton->setEnabled(m_dialog->networklist->count ()>0 || Objects.size()>0); nextButton->setEnabled(m_dialog->networklist->count ()>0 || Objects.size()>0);
} }
void DiscoveryDruid::setNetworkFilter() void DiscoveryDruid::setNetworkFilter()
{ {
flt_net_d->exec(); flt_net_d->exec();
fillListOfNetworks(); fillListOfNetworks();
} }
void DiscoveryDruid::removeNetworkFilter() void DiscoveryDruid::removeNetworkFilter()
{ {
flt_net->clear(); flt_net->clear();
fillListOfNetworks(); fillListOfNetworks();
} }
void DiscoveryDruid::addObject() void DiscoveryDruid::addObject()
{ {
int count = m_dialog->objectresultlist->count(); int count = m_dialog->objectresultlist->count();
@ -1220,7 +1218,7 @@ void DiscoveryDruid::addObject()
QListWidgetItem* item=(QListWidgetItem*)m_dialog->objectresultlist->item(0); QListWidgetItem* item=(QListWidgetItem*)m_dialog->objectresultlist->item(0);
int i = 0; int i = 0;
while (item) while (item)
{ {
if (item->isSelected()) if (item->isSelected())
@ -1232,7 +1230,7 @@ void DiscoveryDruid::addObject()
m_dialog->objectlist->addItem(item->text()); m_dialog->objectlist->addItem(item->text());
} }
} }
i++; i++;
item=(QListWidgetItem*)m_dialog->objectresultlist->item(i); item=(QListWidgetItem*)m_dialog->objectresultlist->item(i);
@ -1243,7 +1241,7 @@ void DiscoveryDruid::addObject()
if (pd.wasCanceled()) if (pd.wasCanceled())
{ {
break; break;
} }
updc=upd_max; updc=upd_max;
} }
@ -1251,7 +1249,7 @@ void DiscoveryDruid::addObject()
} }
nextButton->setEnabled(m_dialog->objectlist->count ()>0 || m_dialog->networklist->count()>0); nextButton->setEnabled(m_dialog->objectlist->count ()>0 || m_dialog->networklist->count()>0);
} }
void DiscoveryDruid::removeObject() void DiscoveryDruid::removeObject()
{ {
QListWidgetItem* item1=m_dialog->objectlist->item(0); QListWidgetItem* item1=m_dialog->objectlist->item(0);
@ -1270,19 +1268,19 @@ void DiscoveryDruid::removeObject()
} }
nextButton->setEnabled(m_dialog->objectlist->count ()>0 || m_dialog->networklist->count()>0); nextButton->setEnabled(m_dialog->objectlist->count ()>0 || m_dialog->networklist->count()>0);
} }
void DiscoveryDruid::setLastFilter() void DiscoveryDruid::setLastFilter()
{ {
flt_last_d->exec(); flt_last_d->exec();
fillTypeChangingList(); fillTypeChangingList();
} }
void DiscoveryDruid::setObjectFilter() void DiscoveryDruid::setObjectFilter()
{ {
flt_obj_d->exec(); flt_obj_d->exec();
fillListOfObjects(); fillListOfObjects();
} }
void DiscoveryDruid::removeLastFilter() void DiscoveryDruid::removeLastFilter()
{ {
flt_last->clear(); flt_last->clear();
@ -1291,7 +1289,7 @@ void DiscoveryDruid::removeLastFilter()
void DiscoveryDruid::removeObjectFilter() void DiscoveryDruid::removeObjectFilter()
{ {
flt_obj->clear(); flt_obj->clear();
fillListOfObjects(); fillListOfObjects();
} }
@ -1341,7 +1339,7 @@ void DiscoveryDruid::fillObjects()
ObjectDescriptor buf; ObjectDescriptor buf;
m_dialog->objectlist->clear(); m_dialog->objectlist->clear();
bool f=false; bool f=false;
QMap<QString,ObjectDescriptor >::iterator i; QMap<QString,ObjectDescriptor >::iterator i;
for(i=Objects.begin(); i!=Objects.end(); ++i) for(i=Objects.begin(); i!=Objects.end(); ++i)
{ {
@ -1357,11 +1355,11 @@ void DiscoveryDruid::fillObjects()
void DiscoveryDruid::fillTypeChangingList() void DiscoveryDruid::fillTypeChangingList()
{ {
ObjectDescriptor buf; ObjectDescriptor buf;
m_dialog->typeChangingList->clear(); m_dialog->typeChangingList->clear();
QMap<QString,ObjectDescriptor >::iterator i; QMap<QString,ObjectDescriptor >::iterator i;
for(i=Objects.begin(); i!=Objects.end(); ++i) for(i=Objects.begin(); i!=Objects.end(); ++i)
{ {
@ -1390,7 +1388,7 @@ void DiscoveryDruid::loadDataFromDNS()
Objects.clear(); Objects.clear();
map<string,set<InetAddr> > t = q->getResult(); map<string,set<InetAddr> > t = q->getResult();
for(map<string,set<InetAddr> >::iterator j = t.begin(); j!=t.end(); ++j) for(map<string,set<InetAddr> >::iterator j = t.begin(); j!=t.end(); ++j)
{ {
ObjectDescriptor od; ObjectDescriptor od;
@ -1406,12 +1404,12 @@ void DiscoveryDruid::loadDataFromDNS()
} }
od.type =IPv4::TYPENAME; od.type =IPv4::TYPENAME;
od.isSelected=false; od.isSelected=false;
if (od.sysname.empty()) if (od.sysname.empty())
{ {
od.sysname=string("h-") + od.addr.toString(); od.sysname=string("h-") + od.addr.toString();
} }
Objects[od.toString().c_str()]=od; Objects[od.toString().c_str()]=od;
} }
} }
@ -1426,11 +1424,11 @@ void DiscoveryDruid::loadDataFromFile()
if (count > 0) if (count > 0)
{ {
int upd_max=(count > 10)?count/10:1; int upd_max=(count > 10)?count/10:1;
int updc=upd_max; int updc=upd_max;
QProgressDialog pd(tr("Prepare objects ..."), tr("Cancel"), 0, count,this); QProgressDialog pd(tr("Prepare objects ..."), tr("Cancel"), 0, count,this);
vector<ObjectDescriptor>::iterator i; vector<ObjectDescriptor>::iterator i;
for(i = himport->hosts.begin(); i != himport->hosts.end(); ++i) for(i = himport->hosts.begin(); i != himport->hosts.end(); ++i)
{ {
@ -1439,7 +1437,7 @@ void DiscoveryDruid::loadDataFromFile()
i->type=IPv4::TYPENAME; i->type=IPv4::TYPENAME;
} }
i->isSelected=false; i->isSelected=false;
Objects[i->toString().c_str()] = *i; Objects[i->toString().c_str()] = *i;
if (updc--<=0) if (updc--<=0)
{ {
@ -1448,7 +1446,7 @@ void DiscoveryDruid::loadDataFromFile()
if (pd.wasCanceled()) if (pd.wasCanceled())
{ {
break; break;
} }
updc=upd_max; updc=upd_max;
} }
@ -1476,7 +1474,7 @@ void DiscoveryDruid::loadDataFromCrawler()
SNMPCrawler *q=(SNMPCrawler*)bop; SNMPCrawler *q=(SNMPCrawler*)bop;
Objects.clear(); Objects.clear();
Networks.clear(); Networks.clear();
set<InetAddrMask>::iterator m; set<InetAddrMask>::iterator m;
set<InetAddrMask> s = q->getNetworks(); set<InetAddrMask> s = q->getNetworks();
@ -1486,13 +1484,13 @@ void DiscoveryDruid::loadDataFromCrawler()
for (m=s.begin(); m!=s.end(); ++m) for (m=s.begin(); m!=s.end(); ++m)
{ {
ObjectDescriptor od; ObjectDescriptor od;
od.sysname = m->toString(); od.sysname = m->toString();
od.addr = m->getAddress(); od.addr = m->getAddress();
od.netmask = m->getNetmask(); od.netmask = m->getNetmask();
od.type = Network::TYPENAME; od.type = Network::TYPENAME;
od.isSelected = false; od.isSelected = false;
Networks[od.sysname.c_str()]= od ; Networks[od.sysname.c_str()]= od ;
} }
@ -1506,7 +1504,7 @@ void DiscoveryDruid::loadDataFromCrawler()
int cntr = 0; int cntr = 0;
map<InetAddr, CrawlerFind>::iterator j; map<InetAddr, CrawlerFind>::iterator j;
for(j = t.begin(); j!=t.end(); ++j,++cntr) for(j = t.begin(); j!=t.end(); ++j,++cntr)
{ {
m_dialog->discoveryprogress->setValue( cntr ); m_dialog->discoveryprogress->setValue( cntr );
@ -1535,7 +1533,7 @@ void DiscoveryDruid::loadDataFromCrawler()
} }
Objects[od.toString().c_str()]=od; Objects[od.toString().c_str()]=od;
set<string>::iterator si; set<string>::iterator si;
for(si=od.dns_info.aliases.begin(); for(si=od.dns_info.aliases.begin();
si!=od.dns_info.aliases.end(); si!=od.dns_info.aliases.end();
@ -1547,9 +1545,9 @@ void DiscoveryDruid::loadDataFromCrawler()
} }
#endif #endif
/* /*
(arg==0) ? (arg==0) ?
_("Network scan completed, click 'Next' to continue") : _("Network scan completed, click 'Next' to continue") :
_("There has been an error running the network scan. You can continue but data gathered by the scanner may be incomplete") _("There has been an error running the network scan. You can continue but data gathered by the scanner may be incomplete")
*/ */
} }
@ -1563,29 +1561,29 @@ void DiscoveryDruid::fillListOfNetworks()
if (count > 0) if (count > 0)
{ {
int upd_max=(count > 10)?count/10:1; int upd_max=(count > 10)?count/10:1;
int updc=upd_max; int updc=upd_max;
QProgressDialog pd(tr("Copying results ..."), tr("Cancel"), 0, count,this); QProgressDialog pd(tr("Copying results ..."), tr("Cancel"), 0, count,this);
QMap<QString, ObjectDescriptor>::iterator i; QMap<QString, ObjectDescriptor>::iterator i;
for(i=Networks.begin(); for(i=Networks.begin();
i!=Networks.end(); i!=Networks.end();
++i) ++i)
{ {
if ( flt_net->test(i.value()) ) if ( flt_net->test(i.value()) )
{ {
m_dialog->networkresultlist->addItem(new QListWidgetItem(i.key())); m_dialog->networkresultlist->addItem(new QListWidgetItem(i.key()));
if (updc--<=0) if (updc--<=0)
{ {
pd.setValue(t); pd.setValue(t);
qApp->processEvents(); qApp->processEvents();
if (pd.wasCanceled()) if (pd.wasCanceled())
{ {
break; break;
} }
updc=upd_max; updc=upd_max;
} }
@ -1597,34 +1595,34 @@ void DiscoveryDruid::fillListOfNetworks()
void DiscoveryDruid::fillListOfObjects() void DiscoveryDruid::fillListOfObjects()
{ {
m_dialog->objectresultlist->clear(); m_dialog->objectresultlist->clear();
int t=0; int t=0;
int count = Objects.size(); int count = Objects.size();
if (count > 0) if (count > 0)
{ {
int upd_max=(count > 10)?count/10:1; int upd_max=(count > 10)?count/10:1;
int updc=upd_max; int updc=upd_max;
QProgressDialog pd(tr("Copying results ..."), QProgressDialog pd(tr("Copying results ..."),
tr("Cancel"), 0,count,this); tr("Cancel"), 0,count,this);
QMap<QString,ObjectDescriptor >::iterator i; QMap<QString,ObjectDescriptor >::iterator i;
for(i=Objects.begin(); i!=Objects.end(); ++i) for(i=Objects.begin(); i!=Objects.end(); ++i)
{ {
if ( flt_obj->test(i.value()) ) if ( flt_obj->test(i.value()) )
{ {
m_dialog->objectresultlist->addItem(new QListWidgetItem(i.key())); m_dialog->objectresultlist->addItem(new QListWidgetItem(i.key()));
if (updc--<=0) if (updc--<=0)
{ {
pd.setValue(t); pd.setValue(t);
qApp->processEvents(); qApp->processEvents();
if (pd.wasCanceled()) if (pd.wasCanceled())
{ {
break; break;
} }
updc=upd_max; updc=upd_max;
} }
@ -1633,7 +1631,7 @@ void DiscoveryDruid::fillListOfObjects()
} }
} }
} }
void DiscoveryDruid::customEvent(QEvent *event) void DiscoveryDruid::customEvent(QEvent *event)
{ {
int evtype=(int)event->type(); int evtype=(int)event->type();
@ -1644,10 +1642,10 @@ void DiscoveryDruid::customEvent(QEvent *event)
} else if (evtype == DoneEv) } else if (evtype == DoneEv)
{ {
cancelButton->show(); cancelButton->show();
timer->stop(); timer->stop();
disconnect(timer,SIGNAL(timeout()),0,0); disconnect(timer,SIGNAL(timeout()),0,0);
updateLog(); updateLog();
m_dialog->logSaveButton->setEnabled(true); m_dialog->logSaveButton->setEnabled(true);
@ -1668,7 +1666,7 @@ void DiscoveryDruid::customEvent(QEvent *event)
QString er = thread->getError(); QString er = thread->getError();
delete thread; delete thread;
thread=NULL; thread=NULL;
switch (current_task) switch (current_task)
{ {
case BT_HOSTS: case BT_HOSTS:
@ -1682,7 +1680,7 @@ void DiscoveryDruid::customEvent(QEvent *event)
else else
{ {
backButton->setEnabled(true); backButton->setEnabled(true);
nextButton->setEnabled(false); nextButton->setEnabled(false);
} }
break; break;
case BT_IMPORT: case BT_IMPORT:
@ -1714,7 +1712,7 @@ void DiscoveryDruid::updateLog()
{ {
if (monitorOperation() > 0) if (monitorOperation() > 0)
{ {
//m_dialog->discoveryprogress->setValue(prg++); //m_dialog->discoveryprogress->setValue(prg++);
} }
else else
@ -1725,18 +1723,18 @@ void DiscoveryDruid::updateLog()
if (fwbdebug) qDebug("Crawler finished"); if (fwbdebug) qDebug("Crawler finished");
loadDataFromCrawler(); loadDataFromCrawler();
cancelButton->show(); cancelButton->show();
FWException * ex=bop->get_latest_error(); FWException * ex=bop->get_latest_error();
if (ex!=NULL) if (ex!=NULL)
{ {
QMessageBox::critical(this,tr("Discovery error"), ex->toString().c_str()); QMessageBox::critical(this,tr("Discovery error"), ex->toString().c_str());
//m_dialog->discoverylog->append(QString("\nLast exception: ")+ex->toString().c_str()+"\n"); //m_dialog->discoverylog->append(QString("\nLast exception: ")+ex->toString().c_str()+"\n");
} }
if (Objects.size()>0 || Networks.size()>0) if (Objects.size()>0 || Networks.size()>0)
{ {
if (Networks.size()==0) if (Networks.size()==0)
setAppropriate( 8,0); setAppropriate( 8,0);
nextButton->setEnabled(true); nextButton->setEnabled(true);
nextButton->setDefault(true); nextButton->setDefault(true);
@ -1748,7 +1746,7 @@ void DiscoveryDruid::updateLog()
nextButton->setEnabled(false); nextButton->setEnabled(false);
backButton->setEnabled(true); backButton->setEnabled(true);
} }
m_dialog->logSaveButton->setEnabled(true); m_dialog->logSaveButton->setEnabled(true);
delete bop; delete bop;
@ -1771,15 +1769,15 @@ void DiscoveryDruid::updateLog()
{ {
timer->stop(); timer->stop();
disconnect(timer,SIGNAL(timeout()),0,0); disconnect(timer,SIGNAL(timeout()),0,0);
loadDataFromDNS(); loadDataFromDNS();
cancelButton->show(); cancelButton->show();
FWException * ex=bop->get_latest_error(); FWException * ex=bop->get_latest_error();
if (ex!=NULL) if (ex!=NULL)
{ {
QMessageBox::critical(this,tr("Discovery error"), ex->toString().c_str()); QMessageBox::critical(this,tr("Discovery error"), ex->toString().c_str());
//m_dialog->discoverylog->append(QString("\nLast exception: ")+ex->toString().c_str()+"\n"); //m_dialog->discoverylog->append(QString("\nLast exception: ")+ex->toString().c_str()+"\n");
} }
if (Objects.size()>0) if (Objects.size()>0)
{ {
@ -1810,7 +1808,7 @@ void DiscoveryDruid::changedSeedHost()
userIsTyping=true; userIsTyping=true;
errMessage=m_dialog->seedhosterror_message; errMessage=m_dialog->seedhosterror_message;
HostName=m_dialog->seedhostname->text(); HostName=m_dialog->seedhostname->text();
if (HostName.isEmpty()) if (HostName.isEmpty())
{ {
timer->stop(); timer->stop();
@ -1834,19 +1832,19 @@ void DiscoveryDruid::changedSeedHost()
try try
{ {
InetAddr(HostName.toLatin1().constData()); InetAddr(HostName.toLatin1().constData());
QPalette palette = m_dialog->seedhosterror_message->palette(); QPalette palette = m_dialog->seedhosterror_message->palette();
palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkGreen); palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkGreen);
m_dialog->seedhosterror_message->setPalette(palette); m_dialog->seedhosterror_message->setPalette(palette);
m_dialog->seedhosterror_message->setText("Address verified"); m_dialog->seedhosterror_message->setText("Address verified");
isSeedHostOK=true; isSeedHostOK=true;
} catch(const FWException &ex) } catch(const FWException &ex)
{ {
QPalette palette = m_dialog->seedhosterror_message->palette(); QPalette palette = m_dialog->seedhosterror_message->palette();
palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkRed); palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkRed);
m_dialog->seedhosterror_message->setPalette(palette); m_dialog->seedhosterror_message->setPalette(palette);
m_dialog->seedhosterror_message->setText(ex.toString().c_str()); m_dialog->seedhosterror_message->setText(ex.toString().c_str());
// need to return focus to the input field in case of error // need to return focus to the input field in case of error
//m_dialog->seedhostname->setFocus(); //m_dialog->seedhostname->setFocus();
@ -1858,10 +1856,10 @@ void DiscoveryDruid::changedSeedHost()
QPalette palette = m_dialog->seedhosterror_message->palette(); QPalette palette = m_dialog->seedhosterror_message->palette();
palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkRed); palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkRed);
m_dialog->seedhosterror_message->setPalette(palette); m_dialog->seedhosterror_message->setPalette(palette);
m_dialog->seedhosterror_message->setText("Wrong IPv4 format"); m_dialog->seedhosterror_message->setText("Wrong IPv4 format");
isSeedHostOK=false; isSeedHostOK=false;
} }
} }
else else
@ -1882,7 +1880,7 @@ void DiscoveryDruid::changedSeedHost()
timer->start(1000); timer->start(1000);
} }
} }
nextButton->setEnabled(isSNMPInclNetOK && isSeedHostOK); nextButton->setEnabled(isSNMPInclNetOK && isSeedHostOK);
} }
void DiscoveryDruid::changedInclNet() void DiscoveryDruid::changedInclNet()
@ -1894,9 +1892,9 @@ void DiscoveryDruid::changedInclNet()
{ {
try try
{ {
InetAddr a(m_dialog->snmpinaddr->text().toLatin1().constData()); InetAddr a(m_dialog->snmpinaddr->text().toLatin1().constData());
InetNetmask n(m_dialog->snmpinmask->text().toLatin1().constData()); InetAddr n(m_dialog->snmpinmask->text().toLatin1().constData());
InetAddrMask(a,n); InetAddrMask(a,n);
m_dialog->confineerror_message->setText(" "); m_dialog->confineerror_message->setText(" ");
@ -1906,7 +1904,7 @@ void DiscoveryDruid::changedInclNet()
isSNMPInclNetOK=false; isSNMPInclNetOK=false;
m_dialog->confineerror_message->setText(ex.toString().c_str()); m_dialog->confineerror_message->setText(ex.toString().c_str());
} }
} }
else else
{ {
@ -1918,23 +1916,23 @@ void DiscoveryDruid::changedInclNet()
else else
{ {
m_dialog->confineerror_message->setText(" "); m_dialog->confineerror_message->setText(" ");
isSNMPInclNetOK=true; isSNMPInclNetOK=true;
} }
} }
nextButton->setEnabled(isSNMPInclNetOK && isSeedHostOK); nextButton->setEnabled(isSNMPInclNetOK && isSeedHostOK);
} }
int DiscoveryDruid::monitorOperation() int DiscoveryDruid::monitorOperation()
{ {
QString buf; QString buf;
bool fl; bool fl;
if (fwbdebug) qDebug("monitorOperation bop=%p isRunning=%d", if (fwbdebug) qDebug("monitorOperation bop=%p isRunning=%d",
bop,(bop!=NULL)?bop->isRunning():-1); bop,(bop!=NULL)?bop->isRunning():-1);
fl=false; fl=false;
while( logger->ready() ) while( logger->ready() )
{ {
buf= logger->getLine().c_str(); buf= logger->getLine().c_str();
if (buf.endsWith('\n')) if (buf.endsWith('\n'))
@ -1958,15 +1956,15 @@ int DiscoveryDruid::monitorOperation()
return 0; // BackgroundOp has been disconnected return 0; // BackgroundOp has been disconnected
} }
if (bop->isRunning()) if (bop->isRunning())
{ {
return 1; return 1;
} }
// send signal "completed", argument is 0 if ok and -1 if error // send signal "completed", argument is 0 if ok and -1 if error
FWException *ex=bop->get_latest_error(); FWException *ex=bop->get_latest_error();
if (ex) if (ex)
{ {
buf= ex->toString().c_str(); buf= ex->toString().c_str();
if (buf.endsWith('\n')) if (buf.endsWith('\n'))
@ -2013,7 +2011,7 @@ void DiscoveryDruid::checkSNMPCommunity()
void DiscoveryDruid::changeTargetObject(const QString &buf) void DiscoveryDruid::changeTargetObject(const QString &buf)
{ {
QTreeWidgetItem* item=m_dialog->typeChangingList->topLevelItem(0); QTreeWidgetItem* item=m_dialog->typeChangingList->topLevelItem(0);
while (item!=0) while (item!=0)
@ -2055,14 +2053,14 @@ void DiscoveryDruid::typeFirewall()
void DiscoveryDruid::createRealObjects() void DiscoveryDruid::createRealObjects()
{ {
ObjectDescriptor od; ObjectDescriptor od;
string type,name,a; string type,name,a;
int t=0; int t=0;
m_dialog->lastprogress->setValue(0); m_dialog->lastprogress->setValue(0);
m_dialog->lastprogress->setMaximum( Objects.size()); m_dialog->lastprogress->setMaximum( Objects.size());
QMap<QString,ObjectDescriptor >::iterator i; QMap<QString,ObjectDescriptor >::iterator i;
for(i=Networks.begin(); for(i=Networks.begin();
i!=Networks.end(); i!=Networks.end();
@ -2074,38 +2072,38 @@ void DiscoveryDruid::createRealObjects()
type = od.type; type = od.type;
name=od.sysname; name=od.sysname;
a = od.addr.toString().c_str(); a = od.addr.toString().c_str();
Network *net=dynamic_cast<Network*>( Network *net=dynamic_cast<Network*>(
mw->createObject(type.c_str(),name.c_str()) mw->createObject(type.c_str(),name.c_str())
); );
assert(net!=NULL); assert(net!=NULL);
net->setName(name); net->setName(name);
net->setAddress(InetAddr(a)); net->setAddress(InetAddr(a));
net->setNetmask(InetNetmask(InetAddr(a))); net->setNetmask(InetAddr(InetAddr(a)));
mw->moveObject(m_dialog->libs->currentText(), net); mw->moveObject(m_dialog->libs->currentText(), net);
} }
} }
for(i=Objects.begin(); for(i=Objects.begin();
i!=Objects.end(); i!=Objects.end();
++i) ++i)
{ {
od=i.value(); od=i.value();
type=od.type; type=od.type;
name=od.sysname; name=od.sysname;
a=od.addr.toString(); a=od.addr.toString();
if(od.isSelected) if(od.isSelected)
{ {
if (type==Host::TYPENAME || type==Firewall::TYPENAME) if (type==Host::TYPENAME || type==Firewall::TYPENAME)
{ {
FWObject *o=NULL; FWObject *o=NULL;
o=mw->createObject(type.c_str(),name.c_str()); o=mw->createObject(type.c_str(),name.c_str());
o->setName(name); o->setName(name);
if (od.interfaces.size()==0) if (od.interfaces.size()==0)
{ {
Interface *itf= Interface::cast( Interface *itf= Interface::cast(
mw->createObject(o,Interface::TYPENAME,"nic1") mw->createObject(o,Interface::TYPENAME,"nic1")
@ -2113,10 +2111,10 @@ void DiscoveryDruid::createRealObjects()
IPv4 *ipv4= IPv4::cast( IPv4 *ipv4= IPv4::cast(
mw->createObject(itf,IPv4::TYPENAME,a.c_str()) mw->createObject(itf,IPv4::TYPENAME,a.c_str())
); );
ipv4->setAddress(InetAddr(a)); ipv4->setAddress(InetAddr(a));
ipv4->setNetmask(InetNetmask()); ipv4->setNetmask(InetAddr());
} else } else
{ {
map<int,Interface>::const_iterator i; map<int,Interface>::const_iterator i;
@ -2164,7 +2162,7 @@ void DiscoveryDruid::createRealObjects()
assert(net!=NULL); assert(net!=NULL);
net->setName(name); net->setName(name);
net->setAddress(InetAddr(a)); net->setAddress(InetAddr(a));
net->setNetmask(InetNetmask(InetAddr(a))); net->setNetmask(InetAddr(InetAddr(a)));
mw->moveObject(m_dialog->libs->currentText(), net); mw->moveObject(m_dialog->libs->currentText(), net);
}else if (type==IPv4::TYPENAME) }else if (type==IPv4::TYPENAME)
{ {
@ -2174,7 +2172,7 @@ void DiscoveryDruid::createRealObjects()
assert(obj!=NULL); assert(obj!=NULL);
obj->setName(name); obj->setName(name);
obj->setAddress(InetAddr(a)); obj->setAddress(InetAddr(a));
obj->setNetmask(InetNetmask(InetAddr::getAllOnes())); obj->setNetmask(InetAddr(InetAddr::getAllOnes()));
mw->moveObject(m_dialog->libs->currentText(), obj); mw->moveObject(m_dialog->libs->currentText(), obj);
} }
} }
@ -2290,7 +2288,7 @@ ObjectDescriptor& ObjectDescriptor::operator=(const ObjectDescriptor& od) {
type = od.type; type = od.type;
isSelected = od.isSelected; isSelected = od.isSelected;
netmask = od.netmask; netmask = od.netmask;
return *this; return *this;
} }
@ -2310,14 +2308,14 @@ void WorkerThread::setProgress(int p)
{ {
ProgressEvent *event=new ProgressEvent(); ProgressEvent *event=new ProgressEvent();
event->value=p; event->value=p;
QApplication::postEvent(Widget,event); QApplication::postEvent(Widget,event);
} }
void WorkerThread::done() void WorkerThread::done()
{ {
DoneEvent *event=new DoneEvent(); DoneEvent *event=new DoneEvent();
QApplication::postEvent(Widget,event); QApplication::postEvent(Widget,event);
} }
@ -2333,7 +2331,7 @@ void WorkerThread::run()
// ================================================================ // ================================================================
HostsFileImport::HostsFileImport(const QString &f) : HostsFileImport::HostsFileImport(const QString &f) :
WorkerThread() WorkerThread()
{ {
file_name = f; file_name = f;
@ -2343,53 +2341,53 @@ void HostsFileImport::run()
{ {
*Log << "Discovery method:" *Log << "Discovery method:"
<< "Read file in hosts format. \n"; << "Read file in hosts format. \n";
map<InetAddr, vector<string> > reverse_hosts; map<InetAddr, vector<string> > reverse_hosts;
HostsFile *hf; HostsFile *hf;
/* /*
* read hosts file here * read hosts file here
*/ */
hf=new HostsFile(); hf=new HostsFile();
last_error=""; last_error="";
setProgress(10); setProgress(10);
*Log << "Parsing file: " << file_name.toLatin1().constData() << "\n"; *Log << "Parsing file: " << file_name.toLatin1().constData() << "\n";
if (!file_name.isEmpty()) if (!file_name.isEmpty())
{ {
try try
{ {
hf->parse( file_name.toAscii().constData() ); hf->parse( file_name.toAscii().constData() );
} catch ( FWException &ex ) } catch ( FWException &ex )
{ {
last_error = ex.toString().c_str(); last_error = ex.toString().c_str();
*Log << "Exception: " << last_error.toAscii().constData() << "\n"; *Log << "Exception: " << last_error.toAscii().constData() << "\n";
delete hf; delete hf;
done(); done();
return; return;
} }
reverse_hosts=hf->getAll(); reverse_hosts=hf->getAll();
delete hf; delete hf;
setProgress(50); setProgress(50);
*Log << "Loading the list ...\n"; *Log << "Loading the list ...\n";
/* /*
* convert map format * convert map format
*/ */
hosts.clear(); hosts.clear();
map<InetAddr,vector<string> >::iterator i; map<InetAddr,vector<string> >::iterator i;
int count=reverse_hosts.size(); int count=reverse_hosts.size();
int t=0; int t=0;
for (i=reverse_hosts.begin(); i!=reverse_hosts.end(); ++i) for (i=reverse_hosts.begin(); i!=reverse_hosts.end(); ++i)
{ {
ObjectDescriptor od; ObjectDescriptor od;
od.addr = (*i).first; od.addr = (*i).first;
od.sysname = ((*i).second).front(); od.sysname = ((*i).second).front();
hosts.push_back( od ); hosts.push_back( od );
setProgress(50+(t++)*50/count); setProgress(50+(t++)*50/count);
} }
} }
@ -2445,6 +2443,6 @@ void ConfigImport::run()
{ {
*Log << "Can not import configuration for choosen platform\n"; *Log << "Can not import configuration for choosen platform\n";
} }
done(); done();
} }

8
src/gui/DiscoveryDruid.h
View File

@ -67,10 +67,10 @@ class ObjectDescriptor
map<int, libfwbuilder::Interface> interfaces ; map<int, libfwbuilder::Interface> interfaces ;
string MAC_addr ; string MAC_addr ;
libfwbuilder::HostEnt dns_info ; libfwbuilder::HostEnt dns_info ;
libfwbuilder::InetAddr addr ; libfwbuilder::InetAddr addr ;
libfwbuilder::InetNetmask netmask ; libfwbuilder::InetAddr netmask ;
ObjectDescriptor(); ObjectDescriptor();

196
src/gui/FWObjectPropertiesFactory.cpp
View File

@ -1,4 +1,4 @@
/* /*
Firewall Builder Firewall Builder
@ -17,14 +17,12 @@
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
#include "fwbuilder_ph.h"
#include "config.h" #include "config.h"
#include "global.h" #include "global.h"
#include "utils_no_qt.h" #include "utils_no_qt.h"
@ -88,13 +86,13 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj)
QString res; QString res;
QTextStream str(&res, QIODevice::WriteOnly); QTextStream str(&res, QIODevice::WriteOnly);
try { try
{
if (IPv4::isA(obj)) if (IPv4::isA(obj))
{ {
str << Address::cast(obj)->getAddress().toString().c_str(); str << IPv4::cast(obj)->getAddress().toString().c_str();
str << "/"; str << "/";
str << Address::cast(obj)->getNetmask().toString().c_str(); str << IPv4::cast(obj)->getNetmask().toString().c_str();
} else if (physAddress::isA(obj)) } else if (physAddress::isA(obj))
{ {
@ -103,7 +101,7 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj)
{ {
str << QObject::tr("DNS record: ") str << QObject::tr("DNS record: ")
<< DNSName::cast(obj)->getSourceName().c_str(); << DNSName::cast(obj)->getSourceName().c_str();
} else if (AddressTable::isA(obj)) } else if (AddressTable::isA(obj))
{ {
str << QObject::tr("Address Table: ") str << QObject::tr("Address Table: ")
<< AddressTable::cast(obj)->getSourceName().c_str(); << AddressTable::cast(obj)->getSourceName().c_str();
@ -122,16 +120,16 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj)
QDateTime dt; QDateTime dt;
time_t t; time_t t;
t=obj->getInt("lastModified");dt.setTime_t(t); t=obj->getInt("lastModified");dt.setTime_t(t);
QString t_modified = (t)? dt.toString():"-"; QString t_modified = (t)? dt.toString():"-";
t=obj->getInt("lastCompiled");dt.setTime_t(t); t=obj->getInt("lastCompiled");dt.setTime_t(t);
QString t_compiled = (t)? dt.toString():"-"; QString t_compiled = (t)? dt.toString():"-";
t=obj->getInt("lastInstalled");dt.setTime_t(t); t=obj->getInt("lastInstalled");dt.setTime_t(t);
QString t_installed = (t)? dt.toString():"-"; QString t_installed = (t)? dt.toString():"-";
str << platform << "(" << readableVersion << ") / " << hostOS; str << platform << "(" << readableVersion << ") / " << hostOS;
} else if (Host::isA(obj)) } else if (Host::isA(obj))
@ -139,10 +137,10 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj)
str << Address::cast(obj)->getAddress().toString().c_str(); str << Address::cast(obj)->getAddress().toString().c_str();
FWObject *co=obj->getFirstByType("Interface"); FWObject *co=obj->getFirstByType("Interface");
if (co!=NULL) if (co!=NULL)
{ {
physAddress *paddr=(Interface::cast(co))->getPhysicalAddress(); physAddress *paddr=(Interface::cast(co))->getPhysicalAddress();
if (paddr!=NULL) if (paddr!=NULL)
str << " " << paddr->getPhysAddress().c_str(); str << " " << paddr->getPhysAddress().c_str();
} }
@ -163,12 +161,18 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj)
} else if (Interface::isA(obj)) } else if (Interface::isA(obj))
{ {
physAddress *paddr=(Interface::cast(obj))->getPhysicalAddress(); Interface *intf = Interface::cast(obj);
if (paddr!=NULL) FWObjectTypedChildIterator j = obj->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j)
{ {
str << " "; IPv4 *intf = IPv4::cast(*j);
str << paddr->getPhysAddress().c_str(); str << getObjectProperties(*j);
str << "<br>";
} }
str << " MAC: ";
physAddress *paddr = intf->getPhysicalAddress();
if (paddr!=NULL)
str << paddr->getPhysAddress().c_str();
} else if (IPService::isA(obj)) } else if (IPService::isA(obj))
{ {
@ -191,7 +195,7 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj)
str << sps << ":" << spe << " / "; str << sps << ":" << spe << " / ";
str << dps << ":" << dpe; str << dps << ":" << dpe;
} else if (TagService::isA(obj)) } else if (TagService::isA(obj))
{ {
str << "Pattern: \"" << obj->getStr("tagcode").c_str() << "\"" ; str << "Pattern: \"" << obj->getStr("tagcode").c_str() << "\"" ;
} else if (Interval::isA(obj)) } else if (Interval::isA(obj))
@ -257,14 +261,14 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
if (accentName) str += "</font>"; if (accentName) str += "</font>";
str += "<br>\n"; str += "<br>\n";
try { try
{
if (IPv4::isA(obj)) if (IPv4::isA(obj))
{ {
if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n"; if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n";
str += Address::cast(obj)->getAddress().toString().c_str(); str += IPv4::cast(obj)->getAddress().toString().c_str();
str += "/"; str += "/";
str += Address::cast(obj)->getNetmask().toString().c_str(); str += IPv4::cast(obj)->getNetmask().toString().c_str();
} else if (physAddress::isA(obj)) } else if (physAddress::isA(obj))
{ {
@ -285,7 +289,7 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
str += MultiAddress::cast(obj)->getSourceName().c_str(); str += MultiAddress::cast(obj)->getSourceName().c_str();
str += "<br>\n"; str += "<br>\n";
str += (MultiAddress::cast(obj)->isRunTime())?QObject::tr("Run-time"):QObject::tr("Compile-time"); str += (MultiAddress::cast(obj)->isRunTime())?QObject::tr("Run-time"):QObject::tr("Compile-time");
} else if (AddressRange::isA(obj)) } else if (AddressRange::isA(obj))
{ {
if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n"; if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n";
@ -297,16 +301,16 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
{ {
if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n"; if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n";
str += Address::cast(obj)->getAddress().toString().c_str() ; FWObjectTypedChildIterator j = obj->findByType(
Interface::TYPENAME);
FWObject *co=obj->getFirstByType("Interface"); for ( ; j!=j.end(); ++j)
if (co!=NULL)
{ {
physAddress *paddr=(Interface::cast(co))->getPhysicalAddress(); Interface *intf = Interface::cast(*j);
if (paddr!=NULL) str += (*j)->getName().c_str();
str += QString(" ") + paddr->getPhysAddress().c_str() ; str += ": ";
str += getObjectProperties(*j);
str += "<br>";
} }
} else if (Network::isA(obj)) } else if (Network::isA(obj))
{ {
if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n"; if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n";
@ -330,7 +334,7 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
{ {
str += "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;.&nbsp;.&nbsp;.&nbsp;"; str += "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;.&nbsp;.&nbsp;.&nbsp;";
break; break;
} else } else
{ {
FWObject *o1=*i; FWObject *o1=*i;
if (FWReference::cast(o1)!=NULL) if (FWReference::cast(o1)!=NULL)
@ -345,25 +349,25 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
QString version = obj->getStr("version").c_str(); QString version = obj->getStr("version").c_str();
QString readableVersion = getVersionString(platform,version); QString readableVersion = getVersionString(platform,version);
QString hostOS = obj->getStr("host_OS").c_str(); QString hostOS = obj->getStr("host_OS").c_str();
QDateTime dt; QDateTime dt;
time_t lm=obj->getInt("lastModified"); time_t lm=obj->getInt("lastModified");
time_t lc=obj->getInt("lastCompiled"); time_t lc=obj->getInt("lastCompiled");
time_t li=obj->getInt("lastInstalled"); time_t li=obj->getInt("lastInstalled");
dt.setTime_t(lm); dt.setTime_t(lm);
QString t_modified = (lm)? dt.toString():"-"; QString t_modified = (lm)? dt.toString():"-";
if (lm>lc && lm>li) t_modified=QString("<b>")+t_modified+"</b>"; if (lm>lc && lm>li) t_modified=QString("<b>")+t_modified+"</b>";
dt.setTime_t(lc); dt.setTime_t(lc);
QString t_compiled = (lc)? dt.toString():"-"; QString t_compiled = (lc)? dt.toString():"-";
if (lc>lm && lc>li) t_compiled=QString("<b>")+t_compiled+"</b>"; if (lc>lm && lc>li) t_compiled=QString("<b>")+t_compiled+"</b>";
dt.setTime_t(li); dt.setTime_t(li);
QString t_installed = (li)? dt.toString():"-"; QString t_installed = (li)? dt.toString():"-";
if (li>lc && li>lm) t_installed=QString("<b>")+t_installed+"</b>"; if (li>lc && li>lm) t_installed=QString("<b>")+t_installed+"</b>";
if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n"; if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n";
str += "<table cellspacing=\"0\" cellpadding=\"0\">"; str += "<table cellspacing=\"0\" cellpadding=\"0\">";
@ -373,23 +377,39 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
readableVersion + "</td></tr>\n"; readableVersion + "</td></tr>\n";
str += QString("<tr><td>Host OS:</td><td>") + str += QString("<tr><td>Host OS:</td><td>") +
hostOS + "</td></tr>\n"; hostOS + "</td></tr>\n";
str += QString("<tr><td>Modified:</td><td>") + str += QString("<tr><td>Modified:</td><td>") +
t_modified + "</td></tr>\n"; t_modified + "</td></tr>\n";
str += QString("<tr><td>Compiled:</td><td>") + str += QString("<tr><td>Compiled:</td><td>") +
t_compiled + "</td></tr>\n"; t_compiled + "</td></tr>\n";
str += QString("<tr><td>Installed:</td><td>") + str += QString("<tr><td>Installed:</td><td>") +
t_installed + "</td></tr>\n"; t_installed + "</td></tr>\n";
str += "</table>"; str += "</table>";
} else if (Interface::isA(obj)) } else if (Interface::isA(obj))
{ {
str+=QObject::tr("<b>Path:</b> ")+ path +"<br>\n"; str += QObject::tr("<b>Path:</b> ")+ path +"<br>\n";
FWObjectTypedChildIterator j = obj->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j)
{
IPv4 *intf = IPv4::cast(*j);
str += getObjectProperties(*j);
str += "<br>";
}
physAddress *paddr=(Interface::cast(obj))->getPhysicalAddress();
if (paddr!=NULL)
{
str += "MAC: ";
str += paddr->getPhysAddress().c_str() ;
str += "<br>";
}
QString q; QString q;
if (Interface::constcast(obj)->isDyn()) q=" dyn"; if (Interface::constcast(obj)->isDyn()) q=" dyn";
if (Interface::constcast(obj)->isUnnumbered()) q=" unnum"; if (Interface::constcast(obj)->isUnnumbered()) q=" unnum";
if (Interface::constcast(obj)->isBridgePort()) q=" bridge port"; if (Interface::constcast(obj)->isBridgePort()) q=" bridge port";
FWObject *p=obj; FWObject *p=obj;
while (p!=NULL && !Firewall::isA(p)) p=p->getParent(); while (p!=NULL && !Firewall::isA(p)) p=p->getParent();
if (p!=NULL && (p->getStr("platform")=="pix" || p->getStr("platform")=="fwsm")) if (p!=NULL && (p->getStr("platform")=="pix" || p->getStr("platform")=="fwsm"))
@ -402,19 +422,11 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
} }
if (Interface::constcast(obj)->isUnprotected()) q=q+" unp"; if (Interface::constcast(obj)->isUnprotected()) q=q+" unp";
if (q!="") str += " (" + q + ")"; if (q!="") str += " (" + q + ")";
str += "<br>\n"; str += "<br>\n";
if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n"; if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n";
physAddress *paddr=(Interface::cast(obj))->getPhysicalAddress();
if (paddr!=NULL)
{
str += " ";
str += paddr->getPhysAddress().c_str() ;
}
} else if (CustomService::isA(obj)) } else if (CustomService::isA(obj))
{ {
@ -468,7 +480,7 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
str += QString("<tr><td>destination port range</td><td>%1:%2</td></tr>\n") str += QString("<tr><td>destination port range</td><td>%1:%2</td></tr>\n")
.arg(dps).arg(dpe); .arg(dps).arg(dpe);
str += "</table>"; str += "</table>";
} else if (TagService::isA(obj)) } else if (TagService::isA(obj))
{ {
str += QObject::tr("Pattern: \"%1\"").arg(obj->getStr("tagcode").c_str()); str += QObject::tr("Pattern: \"%1\"").arg(obj->getStr("tagcode").c_str());
} else if (Interval::isA(obj)) } else if (Interval::isA(obj))
@ -496,13 +508,13 @@ QString FWObjectPropertiesFactory::getRuleActionProperties(PolicyRule *rule)
if (rule!=NULL) if (rule!=NULL)
{ {
string act = rule->getActionAsString(); string act = rule->getActionAsString();
FWObject *o = rule; FWObject *o = rule;
while (o!=NULL && Firewall::cast(o)==NULL) o=o->getParent(); while (o!=NULL && Firewall::cast(o)==NULL) o=o->getParent();
assert(o!=NULL); assert(o!=NULL);
Firewall *f=Firewall::cast(o); Firewall *f=Firewall::cast(o);
string platform=f->getStr("platform"); string platform=f->getStr("platform");
FWOptions *ropt = rule->getOptionsObject(); FWOptions *ropt = rule->getOptionsObject();
string editor=Resources::getActionEditor(platform,act); string editor=Resources::getActionEditor(platform,act);
@ -543,7 +555,7 @@ QString FWObjectPropertiesFactory::getRuleActionProperties(PolicyRule *rule)
case PolicyRule::Pipe : case PolicyRule::Pipe :
if (platform=="ipfw") if (platform=="ipfw")
{ {
par = QString("divert ") + par = QString("divert ") +
ropt->getStr("ipfw_pipe_port_num").c_str(); ropt->getStr("ipfw_pipe_port_num").c_str();
} }
break; break;
@ -564,7 +576,7 @@ QString FWObjectPropertiesFactory::getRuleActionProperties(PolicyRule *rule)
a = ropt->getStr("ipf_route_option"); a = ropt->getStr("ipf_route_option");
if (!a.empty()) if (!a.empty())
{ {
par = par + " "+ par = par + " "+
getScreenName(a.c_str(), getScreenName(a.c_str(),
getRouteOptions_pf_ipf( platform.c_str() )); getRouteOptions_pf_ipf( platform.c_str() ));
} }
@ -589,9 +601,9 @@ QString FWObjectPropertiesFactory::getRuleActionProperties(PolicyRule *rule)
default : {} default : {}
} }
} }
} }
return par; return par;
} }
@ -600,7 +612,7 @@ QString FWObjectPropertiesFactory::getRuleActionPropertiesRich(PolicyRule *rule)
FWObject *p=rule; FWObject *p=rule;
while (p!=NULL && !Firewall::isA(p)) p=p->getParent(); while (p!=NULL && !Firewall::isA(p)) p=p->getParent();
assert(p!=NULL); assert(p!=NULL);
string platform=p->getStr("platform"); string platform=p->getStr("platform");
QString act = getActionNameForPlatform(rule->getAction(),platform.c_str()); QString act = getActionNameForPlatform(rule->getAction(),platform.c_str());
QString par = getRuleActionProperties(rule); QString par = getRuleActionProperties(rule);
@ -615,7 +627,7 @@ QString FWObjectPropertiesFactory::getRuleActionPropertiesRich(PolicyRule *rule)
QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule) QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
{ {
QString res; QString res;
if (rule!=NULL) if (rule!=NULL)
{ {
res=""; res="";
@ -625,7 +637,7 @@ QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
Firewall *f=Firewall::cast(o); Firewall *f=Firewall::cast(o);
string platform=f->getStr("platform"); string platform=f->getStr("platform");
FWOptions *ropt = rule->getOptionsObject(); FWOptions *ropt = rule->getOptionsObject();
if (platform=="iptables") if (platform=="iptables")
{ {
if (!ropt->getStr("log_prefix").empty()) if (!ropt->getStr("log_prefix").empty())
@ -646,26 +658,26 @@ QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
res+=QObject::tr("<b>Netlink group :</b> "); res+=QObject::tr("<b>Netlink group :</b> ");
res+=QString(ropt->getStr("ulog_nlgroup").c_str())+"<br>\n"; res+=QString(ropt->getStr("ulog_nlgroup").c_str())+"<br>\n";
} }
if (ropt->getInt("limit_value")>0) if (ropt->getInt("limit_value")>0)
{ {
res+=QObject::tr("<b>Limit Value :</b> "); res+=QObject::tr("<b>Limit Value :</b> ");
res+=QString(ropt->getStr("limit_value").c_str())+"<br>\n"; res+=QString(ropt->getStr("limit_value").c_str())+"<br>\n";
} }
if (!ropt->getStr("limit_suffix").empty()) if (!ropt->getStr("limit_suffix").empty())
{ {
res+=QObject::tr("<b>Limit suffix :</b> "); res+=QObject::tr("<b>Limit suffix :</b> ");
res+=getScreenName(ropt->getStr("limit_suffix").c_str(), res+=getScreenName(ropt->getStr("limit_suffix").c_str(),
getLimitSuffixes(platform.c_str()))+"<br>\n"; getLimitSuffixes(platform.c_str()))+"<br>\n";
} }
if (ropt->getInt("limit_burst")>0) if (ropt->getInt("limit_burst")>0)
{ {
res+=QObject::tr("<b>Limit burst :</b> "); res+=QObject::tr("<b>Limit burst :</b> ");
res+=QString(ropt->getStr("limit_burst").c_str())+"<br>\n"; res+=QString(ropt->getStr("limit_burst").c_str())+"<br>\n";
} }
res+="<ul>"; res+="<ul>";
if (ropt->getBool("firewall_is_part_of_any_and_networks")) if (ropt->getBool("firewall_is_part_of_any_and_networks"))
{ {
@ -679,8 +691,8 @@ QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
res+="<br>\n"; res+="<br>\n";
} }
res+="</ul>"; res+="</ul>";
}else if (platform=="ipf") }else if (platform=="ipf")
{ {
if (!ropt->getStr("ipf_log_facility").empty()) if (!ropt->getStr("ipf_log_facility").empty())
{ {
@ -688,14 +700,14 @@ QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
res+=getScreenName(ropt->getStr("ipf_log_facility").c_str(), res+=getScreenName(ropt->getStr("ipf_log_facility").c_str(),
getLogFacilities(platform.c_str()))+"<br>\n"; getLogFacilities(platform.c_str()))+"<br>\n";
} }
if (!ropt->getStr("log_level").empty()) if (!ropt->getStr("log_level").empty())
{ {
res+=QObject::tr("<b>Log level :</b> "); res+=QObject::tr("<b>Log level :</b> ");
res+=getScreenName(ropt->getStr("log_level").c_str(), res+=getScreenName(ropt->getStr("log_level").c_str(),
getLogLevels(platform.c_str()))+"<br>\n"; getLogLevels(platform.c_str()))+"<br>\n";
} }
res+="<ul>"; res+="<ul>";
if (ropt->getBool("ipf_return_icmp_as_dest")) if (ropt->getBool("ipf_return_icmp_as_dest"))
{ {
@ -715,43 +727,43 @@ QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
res+="<br>\n"; res+="<br>\n";
} }
res+="</ul>"; res+="</ul>";
}else if (platform=="pf") }else if (platform=="pf")
{ {
if (!ropt->getStr("log_prefix").empty()) if (!ropt->getStr("log_prefix").empty())
{ {
res+=QObject::tr("<b>Log prefix :</b> "); res+=QObject::tr("<b>Log prefix :</b> ");
res+=QString(ropt->getStr("log_prefix").c_str())+"<br>\n"; res+=QString(ropt->getStr("log_prefix").c_str())+"<br>\n";
} }
if (ropt->getInt("pf_rule_max_state")>0) if (ropt->getInt("pf_rule_max_state")>0)
{ {
res+=QObject::tr("<b>Max state :</b> "); res+=QObject::tr("<b>Max state :</b> ");
res+=QString(ropt->getStr("pf_rule_max_state").c_str())+"<br>\n"; res+=QString(ropt->getStr("pf_rule_max_state").c_str())+"<br>\n";
} }
res+="<ul>"; res+="<ul>";
if (ropt->getBool("stateless")) if (ropt->getBool("stateless"))
{ {
res+=QObject::tr("<li><b>Stateless</b></li> "); res+=QObject::tr("<li><b>Stateless</b></li> ");
res+="<br>\n"; res+="<br>\n";
} }
if (ropt->getBool("pf_source_tracking")) if (ropt->getBool("pf_source_tracking"))
{ {
res+=QObject::tr("<li><b>Source tracking</b></li> "); res+=QObject::tr("<li><b>Source tracking</b></li> ");
res+="<br>\n"; res+="<br>\n";
res+=QObject::tr("<b>Max src nodes :</b> "); res+=QObject::tr("<b>Max src nodes :</b> ");
res+=QString(ropt->getStr("pf_max_src_nodes").c_str())+"<br>\n"; res+=QString(ropt->getStr("pf_max_src_nodes").c_str())+"<br>\n";
res+=QObject::tr("<b>Max src states:</b> "); res+=QObject::tr("<b>Max src states:</b> ");
res+=QString(ropt->getStr("pf_max_src_states").c_str())+"<br>\n"; res+=QString(ropt->getStr("pf_max_src_states").c_str())+"<br>\n";
} }
res+="</ul>"; res+="</ul>";
}else if (platform=="ipfw") }else if (platform=="ipfw")
{ {
res+="<ul>"; res+="<ul>";
@ -761,17 +773,17 @@ QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
res+="<br>\n"; res+="<br>\n";
} }
res+="</ul>"; res+="</ul>";
}else if (platform=="pix" || platform=="fwsm") }else if (platform=="pix" || platform=="fwsm")
{ {
string vers="version_"+f->getStr("version"); string vers="version_"+f->getStr("version");
res+=QObject::tr("<u><b>Ver:%1</b></u><br>\n").arg(vers.c_str()); res+=QObject::tr("<u><b>Ver:%1</b></u><br>\n").arg(vers.c_str());
if ( Resources::platform_res[platform]->getResourceBool( if ( Resources::platform_res[platform]->getResourceBool(
"/FWBuilderResources/Target/options/"+vers+"/pix_rule_syslog_settings")) "/FWBuilderResources/Target/options/"+vers+"/pix_rule_syslog_settings"))
{ {
if (!ropt->getStr("log_level").empty()) if (!ropt->getStr("log_level").empty())
{ {
res+=QObject::tr("<b>Log level :</b> "); res+=QObject::tr("<b>Log level :</b> ");
@ -783,7 +795,7 @@ QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
res+=QObject::tr("<b>Log interval :</b> "); res+=QObject::tr("<b>Log interval :</b> ");
res+=QString(ropt->getStr("log_interval").c_str())+"<br>\n"; res+=QString(ropt->getStr("log_interval").c_str())+"<br>\n";
} }
res+="<ul>"; res+="<ul>";
if (ropt->getBool("disable_logging_for_this_rule")) if (ropt->getBool("disable_logging_for_this_rule"))
{ {
@ -791,19 +803,19 @@ QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
res+="<br>\n"; res+="<br>\n";
} }
res+="</ul>"; res+="</ul>";
} }
} }
} }
return res; return res;
} }
QString FWObjectPropertiesFactory::getNATRuleOptions(Rule *rule) QString FWObjectPropertiesFactory::getNATRuleOptions(Rule *rule)
{ {
QString res; QString res;
if (rule!=NULL) if (rule!=NULL)
{ {
res=""; res="";
@ -816,7 +828,7 @@ QString FWObjectPropertiesFactory::getNATRuleOptions(Rule *rule)
if (fwbdebug) if (fwbdebug)
qDebug(QString("getNATRuleOptions: platform: %2").arg(platform.c_str()).toAscii().constData()); qDebug(QString("getNATRuleOptions: platform: %2").arg(platform.c_str()).toAscii().constData());
if (platform=="pf") if (platform=="pf")
{ {
if (ropt->getBool("pf_bitmask")) res+=QObject::tr("bitmask"); if (ropt->getBool("pf_bitmask")) res+=QObject::tr("bitmask");
@ -827,7 +839,7 @@ QString FWObjectPropertiesFactory::getNATRuleOptions(Rule *rule)
if (ropt->getBool("pf_static_port")) res+=QObject::tr("static-port"); if (ropt->getBool("pf_static_port")) res+=QObject::tr("static-port");
} }
} }
return res; return res;
} }

6
src/gui/IPv4Dialog.cpp
View File

@ -169,7 +169,7 @@ void IPv4Dialog::validate(bool *res)
{ {
try try
{ {
InetNetmask( m_dialog->netmask->text().toLatin1().constData() ); InetAddr( m_dialog->netmask->text().toLatin1().constData() );
} catch (FWException &ex) } catch (FWException &ex)
{ {
*res=false; *res=false;
@ -212,10 +212,10 @@ void IPv4Dialog::applyChanges()
try try
{ {
s->setNetmask( s->setNetmask(
InetNetmask(m_dialog->netmask->text().toLatin1().constData()) ); InetAddr(m_dialog->netmask->text().toLatin1().constData()) );
} catch (FWException &ex) { } } catch (FWException &ex) { }
} else } else
s->setNetmask(InetNetmask()); s->setNetmask(InetAddr());
mw->updateObjName(obj,QString::fromUtf8(oldname.c_str())); mw->updateObjName(obj,QString::fromUtf8(oldname.c_str()));

8
src/gui/Importer.cpp
View File

@ -247,7 +247,7 @@ void Importer::addInterfaceAddress(const std::string &a,
aname); aname);
current_interface->setUnnumbered(false); current_interface->setUnnumbered(false);
IPv4::cast(nobj)->setAddress( InetAddr(a) ); IPv4::cast(nobj)->setAddress( InetAddr(a) );
IPv4::cast(nobj)->setNetmask( InetNetmask(nm) ); IPv4::cast(nobj)->setNetmask( InetAddr(nm) );
*logger << "Interface address: " << a << "/" << nm << "\n"; *logger << "Interface address: " << a << "/" << nm << "\n";
} }
@ -826,7 +826,7 @@ FWObject* Importer::createAddress(const std::string &addr,
std::string name = std::string("h-") + addr; std::string name = std::string("h-") + addr;
a = Address::cast(createObject(IPv4::TYPENAME, name)); a = Address::cast(createObject(IPv4::TYPENAME, name));
a->setAddress(InetAddr(addr)); a->setAddress(InetAddr(addr));
a->setNetmask(InetNetmask(InetAddr::getAllOnes())); a->setNetmask(InetAddr(InetAddr::getAllOnes()));
a->setComment(comment); a->setComment(comment);
all_objects[sig] = a; all_objects[sig] = a;
*logger << "Address object: " << name << "\n"; *logger << "Address object: " << name << "\n";
@ -847,7 +847,7 @@ FWObject* Importer::createAddress(const std::string &addr,
try try
{ {
net->setNetmask( InetNetmask(netmask) ); net->setNetmask( InetAddr(netmask) );
} catch (FWException &ex) } catch (FWException &ex)
{ {
if (netmask.find('.')!=std::string::npos) if (netmask.find('.')!=std::string::npos)
@ -866,7 +866,7 @@ FWObject* Importer::createAddress(const std::string &addr,
try try
{ {
str >> nm_len; str >> nm_len;
net->setNetmask( InetNetmask(nm_len) ); net->setNetmask( InetAddr(nm_len) );
} catch (std::exception& e) } catch (std::exception& e)
{ {
// could not convert netmask as simple integer // could not convert netmask as simple integer

6
src/gui/InterfaceData.cpp
View File

@ -62,9 +62,9 @@ void InterfaceData::guessLabel(const string &platform)
void InterfaceData::guessSecurityLevel(const string &platform) void InterfaceData::guessSecurityLevel(const string &platform)
{ {
InetAddrMask n10(InetAddr("10.0.0.0"), InetNetmask("255.0.0.0")); InetAddrMask n10(InetAddr("10.0.0.0"), InetAddr("255.0.0.0"));
InetAddrMask n172(InetAddr("172.16.0.0"), InetNetmask("255.240.0.0")); InetAddrMask n172(InetAddr("172.16.0.0"), InetAddr("255.240.0.0"));
InetAddrMask n192(InetAddr("192.168.0.0"), InetNetmask("255.255.0.0")); InetAddrMask n192(InetAddr("192.168.0.0"), InetAddr("255.255.0.0"));
securityLevel=-1; securityLevel=-1;

4
src/gui/NetworkDialog.cpp
View File

@ -125,7 +125,7 @@ void NetworkDialog::validate(bool *res)
} }
try try
{ {
InetNetmask( m_dialog->netmask->text().toLatin1().constData() ); InetAddr( m_dialog->netmask->text().toLatin1().constData() );
} catch (FWException &ex) } catch (FWException &ex)
{ {
*res=false; *res=false;
@ -159,7 +159,7 @@ void NetworkDialog::applyChanges()
s->setAddress( s->setAddress(
InetAddr(m_dialog->address->text().toLatin1().constData()) ); InetAddr(m_dialog->address->text().toLatin1().constData()) );
s->setNetmask( s->setNetmask(
InetNetmask(m_dialog->netmask->text().toLatin1().constData()) ); InetAddr(m_dialog->netmask->text().toLatin1().constData()) );
} catch (FWException &ex) } catch (FWException &ex)
{ {
/* exception thrown if user types illegal m_dialog->address or m_dialog->netmask */ /* exception thrown if user types illegal m_dialog->address or m_dialog->netmask */

4
src/gui/newFirewallDialog.cpp
View File

@ -595,7 +595,7 @@ void newFirewallDialog::addInterface()
try try
{ {
InetAddr(addr.toLatin1().constData()); InetAddr(addr.toLatin1().constData());
InetNetmask(netm.toLatin1().constData()); InetAddr(netm.toLatin1().constData());
} }
catch (FWException &ex) catch (FWException &ex)
{ {
@ -812,7 +812,7 @@ void newFirewallDialog::finishClicked()
QString addrname=QString("%1:%2:ip").arg(m_dialog->obj_name->text()).arg(name); QString addrname=QString("%1:%2:ip").arg(m_dialog->obj_name->text()).arg(name);
IPv4 *oa = IPv4::cast(mw->createObject(oi, IPv4::TYPENAME,addrname)); IPv4 *oa = IPv4::cast(mw->createObject(oi, IPv4::TYPENAME,addrname));
oa->setAddress( InetAddr(addr.toLatin1().constData()) ); oa->setAddress( InetAddr(addr.toLatin1().constData()) );
oa->setNetmask( InetNetmask(netmask.toLatin1().constData()) ); oa->setNetmask( InetAddr(netmask.toLatin1().constData()) );
} }
// updateObjName has a side effect: it causes redraw of the ruleset // updateObjName has a side effect: it causes redraw of the ruleset
// views in the main window // views in the main window

4
src/gui/newHostDialog.cpp
View File

@ -503,7 +503,7 @@ void newHostDialog::addInterface()
try try
{ {
InetAddr(addr.toLatin1().constData()); InetAddr(addr.toLatin1().constData());
InetNetmask(netm.toLatin1().constData()); InetAddr(netm.toLatin1().constData());
} }
catch (FWException &ex) catch (FWException &ex)
{ {
@ -632,7 +632,7 @@ void newHostDialog::finishClicked()
mw->createObject(oi, IPv4::TYPENAME,addrname) mw->createObject(oi, IPv4::TYPENAME,addrname)
); );
oa->setAddress( InetAddr(addr.toLatin1().constData()) ); oa->setAddress( InetAddr(addr.toLatin1().constData()) );
oa->setNetmask( InetNetmask(netmask.toLatin1().constData()) ); oa->setNetmask( InetAddr(netmask.toLatin1().constData()) );
} }
mw->updateObjName(oi,"","",false); mw->updateObjName(oi,"","",false);

8
src/iosacl/PolicyCompiler_iosacl.cpp
View File

@ -109,14 +109,14 @@ int PolicyCompiler_iosacl::prolog()
{ {
if (netmask.find(".")!=string::npos) if (netmask.find(".")!=string::npos)
{ {
InetNetmask nm(netmask); InetAddr nm(netmask);
nm.getLength(); // to avoid warning abt unused var nm.getLength(); // to avoid warning abt unused var
} else } else
{ {
int nm_length; int nm_length;
istringstream str(netmask); istringstream str(netmask);
str >> nm_length; str >> nm_length;
InetNetmask nm(nm_length); InetAddr nm(nm_length);
netmask = nm.toString(); netmask = nm.toString();
} }
} catch(FWException &ex) } catch(FWException &ex)
@ -143,10 +143,10 @@ int PolicyCompiler_iosacl::prolog()
// cisco uses "wildcards" instead of netmasks // cisco uses "wildcards" instead of netmasks
//long nm = InetNetmask(netmask).to32BitInt(); //long nm = InetAddr(netmask).to32BitInt();
//struct in_addr na; //struct in_addr na;
//na.s_addr = ~nm; //na.s_addr = ~nm;
InetAddr nnm( ~(InetNetmask(netmask)) ); InetAddr nnm( ~(InetAddr(netmask)) );
output << clearACLcmd << " " << temp_acl << endl; output << clearACLcmd << " " << temp_acl << endl;
output << "ip access-list extended " << temp_acl << endl; output << "ip access-list extended " << temp_acl << endl;

6
src/iosacl/PolicyCompiler_iosacl_writers.cpp
View File

@ -372,7 +372,7 @@ string PolicyCompiler_iosacl::PrintRule::_printAddr(libfwbuilder::Address *o)
ostringstream str; ostringstream str;
InetAddr srcaddr=o->getAddress(); InetAddr srcaddr=o->getAddress();
InetNetmask srcmask=o->getNetmask(); InetAddr srcmask=o->getNetmask();
if (Interface::cast(o)!=NULL) if (Interface::cast(o)!=NULL)
{ {
@ -382,11 +382,11 @@ string PolicyCompiler_iosacl::PrintRule::_printAddr(libfwbuilder::Address *o)
return string("interface ") + interface_->getLabel() + " "; return string("interface ") + interface_->getLabel() + " ";
} }
srcmask=InetNetmask(InetAddr::getAllOnes()); srcmask=InetAddr(InetAddr::getAllOnes());
} }
if (IPv4::cast(o)!=NULL) if (IPv4::cast(o)!=NULL)
srcmask=InetNetmask(InetAddr::getAllOnes()); srcmask=InetAddr(InetAddr::getAllOnes());
if (srcaddr.isAny() && srcmask.isAny()) if (srcaddr.isAny() && srcmask.isAny())

30
src/ipt/NATCompiler_PrintRule.cpp
View File

@ -460,30 +460,30 @@ string NATCompiler_ipt::PrintRule::_printAddr(Address *o,bool print_mask,bool p
ostr << a1.toString() << "-" << a2.toString(); ostr << a1.toString() << "-" << a2.toString();
} else } else
{ {
const InetAddr& addr=o->getAddress(); const InetAddr& addr = o->getAddress();
const InetNetmask& mask=o->getNetmask(); const InetAddr& mask = o->getNetmask();
Interface *iface = Interface::cast(o);
if (iface!=NULL)
{
if (iface->isDyn() && iface->getBool("use_var_address"))
{
ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " ";
return ostr.str();
}
ostr << addr.toString();
return ostr.str();
}
if (addr == InetAddr::getAny() && mask == InetAddr::getAny()) if (addr == InetAddr::getAny() && mask == InetAddr::getAny())
{ {
ostr << "0/0"; ostr << "0/0";
} else } else
{ {
Interface *iface;
if ( (iface=Interface::cast(o))!=NULL )
{
if (iface->isDyn() && iface->getBool("use_var_address"))
{
ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " ";
return ostr.str();
}
ostr << addr.toString();
return ostr.str();
}
ostr << addr.toString(); ostr << addr.toString();
if (print_mask && if (print_mask &&
dynamic_cast<InetAddrMask*>(o)->dimension()!=1 && Address::cast(o)->dimension()!=1 &&
!mask.isHostMask()) !mask.isHostMask())
{ {
ostr << "/" << mask.getLength(); ostr << "/" << mask.getLength();

4
src/ipt/NATCompiler_ipt.cpp
View File

@ -189,7 +189,7 @@ void NATCompiler_ipt::_expandInterface(Interface *iface,
{ {
if (physAddress::cast(*j)!=NULL) continue; if (physAddress::cast(*j)!=NULL) continue;
InetAddrMask *ipv4 = dynamic_cast<InetAddrMask*>(*j); const InetAddrMask *ipv4 = Address::cast(*j)->getAddressObjectInetAddrMask();
if (ipv4!=NULL && use_mac && pa!=NULL) if (ipv4!=NULL && use_mac && pa!=NULL)
{ {
combinedAddress *ca=new combinedAddress(dbcopy,true); combinedAddress *ca=new combinedAddress(dbcopy,true);
@ -234,7 +234,7 @@ bool NATCompiler_ipt::ConvertLoadBalancingRules::processNext()
FWObject *obj = NULL; FWObject *obj = NULL;
if (FWReference::cast(o)!=NULL) if (FWReference::cast(o)!=NULL)
obj=FWReference::cast(o)->getPointer(); obj=FWReference::cast(o)->getPointer();
InetAddrMask *a = dynamic_cast<InetAddrMask*>(obj); const InetAddrMask *a = Address::cast(obj)->getAddressObjectInetAddrMask();
al.push_back( a->getAddressPtr() ); al.push_back( a->getAddressPtr() );
} }

5
src/ipt/OSConfigurator_linux24.cpp
View File

@ -261,7 +261,8 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Address *addr)
Interface *iface = Interface::cast(vaddr->getParent()); Interface *iface = Interface::cast(vaddr->getParent());
assert(iface!=NULL); assert(iface!=NULL);
InetAddrMask *vaddr_addr = dynamic_cast<InetAddrMask*>(vaddr); const InetAddrMask *vaddr_addr = Address::cast(
vaddr)->getAddressObjectInetAddrMask();
assert(vaddr_addr!=NULL); assert(vaddr_addr!=NULL);
ostr << "add_addr " << addr->getAddress().toString() << " " ostr << "add_addr " << addr->getAddress().toString() << " "
@ -361,7 +362,7 @@ void OSConfigurator_linux24::configureInterfaces()
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j ) for ( ; j!=j.end(); ++j )
{ {
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j); const InetAddrMask *iaddr = Address::cast(*j)->getAddressObjectInetAddrMask();
output << "add_addr " << iaddr->getAddress().toString() << " " output << "add_addr " << iaddr->getAddress().toString() << " "
<< iaddr->getNetmask().getLength() << " " << iaddr->getNetmask().getLength() << " "

65
src/ipt/PolicyCompiler_PrintRule.cpp
View File

@ -907,7 +907,7 @@ string PolicyCompiler_ipt::PrintRule::_printAddr(Address *o)
} }
const InetAddr& addr = o->getAddress(); const InetAddr& addr = o->getAddress();
const InetNetmask& mask = o->getNetmask(); const InetAddr& mask = o->getNetmask();
if (addr.isAny() && mask.isAny()) if (addr.isAny() && mask.isAny())
{ {
@ -917,7 +917,7 @@ string PolicyCompiler_ipt::PrintRule::_printAddr(Address *o)
ostr << addr.toString(); ostr << addr.toString();
if (Interface::cast(o)==NULL && if (Interface::cast(o)==NULL &&
dynamic_cast<InetAddrMask*>(o)->dimension() > 1 && Address::cast(o)->dimension() > 1 &&
!mask.isHostMask()) !mask.isHostMask())
{ {
ostr << "/" << mask.getLength(); ostr << "/" << mask.getLength();
@ -1108,26 +1108,51 @@ string PolicyCompiler_ipt::PrintRule::PolicyRuleToString(PolicyRule *rule)
if (!src->isAny()) if (!src->isAny())
{ {
string physaddress=""; if (physAddress::isA(src) || combinedAddress::isA(src))
if (physAddress::isA(src))
physaddress= physAddress::cast(src)->getPhysAddress();
if (combinedAddress::isA(src))
physaddress= combinedAddress::cast(src)->getPhysAddress();
if ( ! physaddress.empty())
{ {
command_line << " -m mac --mac-source " << _printSingleObjectNegation(srcrel); string physaddress = "";
command_line << physaddress;
} if (physAddress::isA(src))
/* {
* fool-proof: this is last resort check for situation when user created IPv4 object physaddress = physAddress::cast(src)->getPhysAddress();
* for the interface but left it with empty address ( 0.0.0.0 ). if (physaddress.empty())
{
compiler->warning("Empty MAC address in rule " +
rule->getLabel());
physaddress = "00:00:00:00:00:00";
}
}
if (combinedAddress::isA(src))
physaddress = combinedAddress::cast(src)->getPhysAddress();
/* physAddress component of combinedAddress can be empty. For example
* this happens when an object with both IP and MAC addresses is found
* in "source" and rule is determined to go into OUTPUT chain. On the
* other hand, if physAddress object has no MAC address, it is always
* an error.
*/ */
if ( ! physaddress.empty() && src->getAddress()==InetAddr()) if (!physaddress.empty())
{ {
; command_line << " -m mac --mac-source "
<< _printSingleObjectNegation(srcrel);
command_line << physaddress;
}
/*
* fool-proof: this is last resort check for situation when user
* created IPv4 object for the interface but left it with empty
* address ( 0.0.0.0 ).
*
* note that combinedAddress inherits IPv4 and therefore
* combinedAddress::hasInetAddress returns true;
*
*/
if (src->hasInetAddress() && !src->getAddress().isAny())
{
command_line << " -s " << _printSingleObjectNegation(srcrel);
command_line << _printAddr(src);
}
} else } else
{ {
command_line << " -s " << _printSingleObjectNegation(srcrel); command_line << " -s " << _printSingleObjectNegation(srcrel);

19
src/ipt/PolicyCompiler_ipt.cpp
View File

@ -181,7 +181,7 @@ void PolicyCompiler_ipt::_expandInterface(Interface *iface,
} }
if (physAddress::cast(*j)!=NULL) if (physAddress::cast(*j)!=NULL)
{ {
pa=physAddress::cast(*j); pa = physAddress::cast(*j);
continue; continue;
} }
lother.push_back(*j); lother.push_back(*j);
@ -229,16 +229,17 @@ void PolicyCompiler_ipt::_expandInterface(Interface *iface,
std::list<FWObject*>::iterator j=lipaddr.begin(); std::list<FWObject*>::iterator j=lipaddr.begin();
for ( ; j!=lipaddr.end(); j++) for ( ; j!=lipaddr.end(); j++)
{ {
InetAddrMask *ipv4 = dynamic_cast<InetAddrMask*>(*j); const InetAddrMask *ipv4 = Address::cast(*j)->getAddressObjectInetAddrMask();
if (use_mac) if (use_mac)
{ {
combinedAddress *ca=new combinedAddress(); combinedAddress *ca = new combinedAddress();
dbcopy->add(ca); dbcopy->add(ca);
cacheObj(ca); cacheObj(ca);
ca->setName( "CA("+iface->getName()+")" ); ca->setName( "CA("+iface->getName()+")" );
ca->setAddress( ipv4->getAddress() ); ca->setAddress( ipv4->getAddress() );
ca->setNetmask( ipv4->getNetmask() ); ca->setNetmask( ipv4->getNetmask() );
ca->setPhysAddress( pa->getPhysAddress() ); ca->setPhysAddress( pa->getPhysAddress() );
ol.push_back(ca); ol.push_back(ca);
} else } else
ol.push_back(*j); ol.push_back(*j);
@ -338,7 +339,7 @@ int PolicyCompiler_ipt::prolog()
bcast255->setId(BCAST_255_OBJ_ID); bcast255->setId(BCAST_255_OBJ_ID);
bcast255->setName("Broadcast_addr"); bcast255->setName("Broadcast_addr");
bcast255->setAddress(InetAddr::getAllOnes()); bcast255->setAddress(InetAddr::getAllOnes());
bcast255->setNetmask(InetNetmask(InetAddr::getAllOnes())); bcast255->setNetmask(InetAddr(InetAddr::getAllOnes()));
dbcopy->add(bcast255); dbcopy->add(bcast255);
cacheObj(bcast255); cacheObj(bcast255);
@ -1722,7 +1723,7 @@ bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast(
FWObjectTypedChildIterator k = iface->findByType(IPv4::TYPENAME); FWObjectTypedChildIterator k = iface->findByType(IPv4::TYPENAME);
for ( ; k!=k.end(); ++k ) for ( ; k!=k.end(); ++k )
{ {
InetAddrMask *ipv4 = dynamic_cast<InetAddrMask*>(*k); const InetAddrMask *ipv4 = Address::cast(*k)->getAddressObjectInetAddrMask();
/* /*
* bug #780345: if interface has netmask 255.255.255.255, its own * bug #780345: if interface has netmask 255.255.255.255, its own
@ -2999,10 +3000,16 @@ bool PolicyCompiler_ipt::checkMACinOUTPUTChain::processNext()
Address *src =compiler->getFirstSrc(rule); assert(src); Address *src =compiler->getFirstSrc(rule); assert(src);
if (physAddress::isA(src)) if (physAddress::isA(src))
compiler->abort(_("Can not match on MAC address of the firewall in rule ")+rule->getLabel()); compiler->abort("Can not match on MAC address of the firewall "
"in rule " + rule->getLabel());
if (combinedAddress::isA(src)) if (combinedAddress::isA(src))
{
compiler->warning("Can not match on MAC address of the firewall "
"(chain OUTPUT) "
"in rule " + rule->getLabel());
combinedAddress::cast(src)->setPhysAddress(""); combinedAddress::cast(src)->setPhysAddress("");
}
} }
return true; return true;

4
src/ipt/RoutingCompiler_ipt_writers.cpp
View File

@ -79,7 +79,7 @@ string RoutingCompiler_ipt::PrintRule::_printAddr(Address *o)
} }
InetAddr addr; InetAddr addr;
InetNetmask mask; InetAddr mask;
try { try {
addr=o->getAddress(); addr=o->getAddress();
mask = o->getNetmask(); mask = o->getNetmask();
@ -111,7 +111,7 @@ string RoutingCompiler_ipt::PrintRule::_printAddr(Address *o)
ostr << addr.toString(); ostr << addr.toString();
if (Interface::cast(o)==NULL && if (Interface::cast(o)==NULL &&
dynamic_cast<InetAddrMask*>(o)->dimension() > 1 && Address::cast(o)->dimension() > 1 &&
!mask.isHostMask()) !mask.isHostMask())
{ {
ostr << "/" << mask.getLength(); ostr << "/" << mask.getLength();

12
src/ipt/combinedAddress.cpp
View File

@ -23,6 +23,9 @@
*/ */
#include <assert.h>
#include <iostream>
#include <fwbuilder/libfwbuilder-config.h> #include <fwbuilder/libfwbuilder-config.h>
#include <combinedAddress.h> #include <combinedAddress.h>
@ -46,7 +49,7 @@ std::string combinedAddress::getPhysAddress() const
void combinedAddress::setPhysAddress(const std::string &s) void combinedAddress::setPhysAddress(const std::string &s)
{ {
physAddress=s; physAddress = s;
} }
bool combinedAddress::isAny() const bool combinedAddress::isAny() const
@ -54,3 +57,10 @@ bool combinedAddress::isAny() const
return (IPv4::isAny() && physAddress==""); return (IPv4::isAny() && physAddress=="");
} }
FWObject& combinedAddress::shallowDuplicate(const FWObject *other,
bool preserve_id) throw(FWException)
{
physAddress = dynamic_cast<const combinedAddress*>(other)->physAddress;
return IPv4::shallowDuplicate(other, preserve_id);
}

4
src/ipt/combinedAddress.h
View File

@ -48,6 +48,10 @@ class combinedAddress : public IPv4
combinedAddress(const FWObject *root,bool prepopulate); combinedAddress(const FWObject *root,bool prepopulate);
virtual ~combinedAddress(); virtual ~combinedAddress();
virtual FWObject& shallowDuplicate(const FWObject *obj,
bool preserve_id = true)
throw(FWException);
std::string getPhysAddress() const; std::string getPhysAddress() const;
void setPhysAddress(const std::string &s); void setPhysAddress(const std::string &s);

4
src/ipt/ipt.cpp
View File

@ -349,7 +349,7 @@ _("Dynamic interface %s should not have an IP address object attached to it. Thi
} else } else
{ {
list<FWObject*> la=iface->getByType(IPv4::TYPENAME); list<FWObject*> la = iface->getByType(IPv4::TYPENAME);
if ( iface->isRegular() && la.empty() ) if ( iface->isRegular() && la.empty() )
{ {
char errstr[256]; char errstr[256];
@ -360,7 +360,7 @@ _("Dynamic interface %s should not have an IP address object attached to it. Thi
for (list<FWObject*>::iterator j=la.begin(); j!=la.end(); ++j) for (list<FWObject*>::iterator j=la.begin(); j!=la.end(); ++j)
{ {
InetAddrMask *ipv4 = dynamic_cast<InetAddrMask*>(*j); const InetAddrMask *ipv4 = IPv4::cast(*j)->getAddressObjectInetAddrMask();
if ( ipv4->getAddress().isAny()) if ( ipv4->getAddress().isAny())
{ {

44
src/pf/pf.cpp
View File

@ -313,20 +313,26 @@ int main(int argc, char * const *argv)
if (l3.size()>0) if (l3.size()>0)
{ {
char errstr[256]; char errstr[256];
for (list<FWObject*>::iterator j=l3.begin(); j!=l3.end(); ++j) for (list<FWObject*>::iterator j=l3.begin();
j!=l3.end(); ++j)
{
if ( objdb->findAllReferences(*j).size()!=0 ) if ( objdb->findAllReferences(*j).size()!=0 )
{ {
sprintf(errstr, sprintf(errstr,
_("Dynamic interface %s has an IP address that is used in the firewall policy rule.\n"), "Dynamic interface %s has an IP address that"
"is used in the firewall policy rule.\n",
iface->getName().c_str() ); iface->getName().c_str() );
throw FWException(errstr); throw FWException(errstr);
} }
}
sprintf(errstr, sprintf(errstr,
_("Dynamic interface %s should not have an IP address object attached to it. This IP address object will be ignored.\n"), "Dynamic interface %s should not have an IP address"
" object attached to it. This IP address object "
"will be ignored.\n",
iface->getName().c_str() ); iface->getName().c_str() );
cerr << errstr; cerr << errstr;
for (list<FWObject*>::iterator j=l3.begin(); j!=l3.end(); ++j) for (list<FWObject*>::iterator j=l3.begin();
j!=l3.end(); ++j)
iface->remove(*j); iface->remove(*j);
} }
} else } else
@ -357,47 +363,49 @@ _("Dynamic interface %s should not have an IP address object attached to it. Thi
} }
FWOptions* options = fw->getOptionsObject();
FWOptions* options=fw->getOptionsObject();
string s; string s;
string firewall_dir=options->getStr("firewall_dir"); string firewall_dir = options->getStr("firewall_dir");
if (firewall_dir=="") firewall_dir="/etc/fw"; if (firewall_dir=="") firewall_dir="/etc/fw";
string prolog_place = options->getStr("prolog_place"); string prolog_place = options->getStr("prolog_place");
if (prolog_place.empty()) prolog_place = "fw_file"; // old default if (prolog_place.empty()) prolog_place = "fw_file"; // old default
string pre_hook= fw->getOptionsObject()->getStr("prolog_script"); string pre_hook = fw->getOptionsObject()->getStr("prolog_script");
bool debug=options->getBool("debug"); bool debug = options->getBool("debug");
string shell_dbg=(debug)?"-x":"" ; string shell_dbg = (debug)?"-x":"" ;
string pfctl_dbg=(debug)?"-v ":""; string pfctl_dbg = (debug)?"-v ":"";
string pfctl_f_option="-f "; string pfctl_f_option = "-f ";
// if (fw->getStr("version")=="obsd_3.2") pfctl_f_option="-f "; // if (fw->getStr("version")=="obsd_3.2") pfctl_f_option="-f ";
if (fw->getStr("version")=="obsd_lt_3.2") pfctl_f_option="-R "; if (fw->getStr("version")=="obsd_lt_3.2") pfctl_f_option="-R ";
Preprocessor_pf* prep=new Preprocessor_pf(objdb , fwobjectname); Preprocessor_pf* prep = new Preprocessor_pf(objdb , fwobjectname);
prep->compile(); prep->compile();
/* /*
* Process firewall options, build OS network configuration script * Process firewall options, build OS network configuration script
*/ */
OSConfigurator *oscnf=NULL; OSConfigurator *oscnf=NULL;
string family=Resources::os_res[fw->getStr("host_OS")]->Resources::getResourceStr("/FWBuilderResources/Target/family"); string family = Resources::os_res[fw->getStr("host_OS")
]->Resources::getResourceStr("/FWBuilderResources/Target/family");
if (family=="solaris") if (family=="solaris")
oscnf=new OSConfigurator_solaris(objdb , fwobjectname); oscnf=new OSConfigurator_solaris(objdb , fwobjectname);
if (family=="openbsd") if (family=="openbsd")
{
cerr << "Calling OSConfigurator_openbsd" << endl;
oscnf=new OSConfigurator_openbsd(objdb , fwobjectname); oscnf=new OSConfigurator_openbsd(objdb , fwobjectname);
}
if (family=="freebsd") if (family=="freebsd")
oscnf=new OSConfigurator_freebsd(objdb , fwobjectname); oscnf=new OSConfigurator_freebsd(objdb , fwobjectname);
if (oscnf==NULL) if (oscnf==NULL)
throw FWException(_("Unrecognized host OS ")+fw->getStr("host_OS")+" (family "+family+")"); throw FWException(_("Unrecognized host OS ") +
fw->getStr("host_OS")+" (family "+family+")");
oscnf->prolog(); oscnf->prolog();

33
src/pflib/NATCompiler_ipf_writers.cpp
View File

@ -38,6 +38,7 @@
#include "fwbuilder/Interface.h" #include "fwbuilder/Interface.h"
#include "fwbuilder/IPv4.h" #include "fwbuilder/IPv4.h"
#include "fwbuilder/Firewall.h" #include "fwbuilder/Firewall.h"
#include "fwbuilder/DNSName.h"
#include <iostream> #include <iostream>
@ -73,8 +74,24 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask)
{ {
FWOptions* options=compiler->fw->getOptionsObject(); FWOptions* options=compiler->fw->getOptionsObject();
MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o);
if (atrt!=NULL)
{
if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME)
{
compiler->output << atrt->getSourceName() << " ";
return;
}
// at this time we only support two types of MultiAddress
// objects: AddressTable and DNSName. Both should be converted
// to MultiAddressRunTime at this point. If we get some other
// kind of MultiAddressRunTime object, we do not know what to do
// with it so we stop.
assert(atrt==NULL);
}
InetAddr addr=o->getAddress(); InetAddr addr=o->getAddress();
InetNetmask mask=o->getNetmask(); InetAddr mask=o->getNetmask();
if (Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) if (Interface::cast(o)!=NULL && Interface::cast(o)->isDyn())
{ {
@ -87,10 +104,10 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask)
} }
if (Interface::cast(o)!=NULL && ! Interface::cast(o)->isDyn()) if (Interface::cast(o)!=NULL && ! Interface::cast(o)->isDyn())
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1) if (o->dimension()==1)
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
if (addr.isAny() && mask.isAny()) if (addr.isAny() && mask.isAny())
{ {
@ -109,13 +126,13 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask)
void NATCompiler_ipf::PrintRule::_printAddr_R(Address *o, bool print_netmask) void NATCompiler_ipf::PrintRule::_printAddr_R(Address *o, bool print_netmask)
{ {
InetAddr addr = o->getAddress(); InetAddr addr = o->getAddress();
InetNetmask mask = o->getNetmask(); InetAddr mask = o->getNetmask();
if (Interface::cast(o) != NULL) if (Interface::cast(o) != NULL)
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1) if (o->dimension()==1)
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
if (addr.isAny() && print_netmask && mask.isHostMask()) if (addr.isAny() && print_netmask && mask.isHostMask())
{ {

15
src/pflib/NATCompiler_pf.cpp
View File

@ -97,8 +97,7 @@ int NATCompiler_pf::prolog()
loopback_address->setName("__loopback_address__"); loopback_address->setName("__loopback_address__");
loopback_address->setId("__loopback_address_id__"); loopback_address->setId("__loopback_address_id__");
dynamic_cast<InetAddrMask*>(loopback_address)->setAddress( IPv4::cast(loopback_address)->setAddress(InetAddr::getLoopbackAddr());
InetAddr::getLoopbackAddr());
dbcopy->add(loopback_address,false); dbcopy->add(loopback_address,false);
cacheObj(loopback_address); cacheObj(loopback_address);
@ -390,8 +389,8 @@ bool NATCompiler_pf::addVirtualAddress::processNext()
else return true; else return true;
assert(a!=NULL); assert(a!=NULL);
if ( ! a->isAny() && a->getId()!=compiler->getFwId() ) { if ( ! a->isAny() && a->getId()!=compiler->getFwId() )
{
list<FWObject*> l2=compiler->fw->getByType(Interface::TYPENAME); list<FWObject*> l2=compiler->fw->getByType(Interface::TYPENAME);
for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i) for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i)
{ {
@ -973,11 +972,11 @@ void NATCompiler_pf::compile()
"replace references to the firewall in TSrc" ) ); "replace references to the firewall in TSrc" ) );
add( new ReplaceObjectsTDst( "replace objects in TDst" ) ); add( new ReplaceObjectsTDst( "replace objects in TDst" ) );
if ( manage_virtual_addr ) {
add( new addVirtualAddress("add virtual addresses for NAT rules"));
}
add( new ExpandMultipleAddresses( "expand multiple addresses" ) ); add( new ExpandMultipleAddresses( "expand multiple addresses" ) );
if ( manage_virtual_addr )
add( new addVirtualAddress("add virtual addresses for NAT rules"));
add( new checkForUnnumbered("check for unnumbered interfaces" ) ); add( new checkForUnnumbered("check for unnumbered interfaces" ) );
add( new checkForDynamicInterfacesOfOtherObjects( add( new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls")); "check for dynamic interfaces of other hosts and firewalls"));

8
src/pflib/NATCompiler_pf_writers.cpp
View File

@ -326,7 +326,7 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
Address *a = Address::cast(o); Address *a = Address::cast(o);
InetAddr addr=a->getAddress(); InetAddr addr=a->getAddress();
InetNetmask mask=a->getNetmask(); InetAddr mask=a->getNetmask();
if (Interface::cast(o)!=NULL) if (Interface::cast(o)!=NULL)
{ {
@ -337,12 +337,12 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
return; return;
} }
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
} }
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1) if (Address::cast(o)->dimension()==1)
{ {
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
} }
if (addr.isAny() && mask.isAny()) if (addr.isAny() && mask.isAny())

6
src/pflib/OSConfigurator_freebsd.cpp
View File

@ -90,7 +90,7 @@ void OSConfigurator_freebsd::addVirtualAddressForNAT(const Address *addr)
FWObject *iaddr = findAddressFor(addr, fw ); FWObject *iaddr = findAddressFor(addr, fw );
if (iaddr!=NULL) if (iaddr!=NULL)
{ {
InetAddrMask *iaddr_addr = dynamic_cast<InetAddrMask*>(iaddr); Address *iaddr_addr = Address::cast(iaddr);
assert(iaddr_addr!=NULL); assert(iaddr_addr!=NULL);
Interface *iface = Interface::cast(iaddr->getParent()); Interface *iface = Interface::cast(iaddr->getParent());
assert(iface!=NULL); assert(iface!=NULL);
@ -238,10 +238,10 @@ void OSConfigurator_freebsd::configureInterfaces()
if (!iface->isRegular()) continue; if (!iface->isRegular()) continue;
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); FWObjectTypedChildIterator j = iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j ) for ( ; j!=j.end(); ++j )
{ {
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j); Address *iaddr = Address::cast(*j);
output << "add_addr " << iaddr->getAddress().toString() << " " output << "add_addr " << iaddr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " " << iaddr->getNetmask().toString() << " "
<< iface->getName() << endl; << iface->getName() << endl;

4
src/pflib/OSConfigurator_macosx.cpp
View File

@ -84,7 +84,7 @@ void OSConfigurator_macosx::addVirtualAddressForNAT(const Address *addr)
FWObject *iaddr = findAddressFor(addr, fw ); FWObject *iaddr = findAddressFor(addr, fw );
if (iaddr!=NULL) if (iaddr!=NULL)
{ {
InetAddrMask *iaddr_addr = dynamic_cast<InetAddrMask*>(iaddr); Address *iaddr_addr = Address::cast(iaddr);
assert(iaddr_addr!=NULL); assert(iaddr_addr!=NULL);
Interface *iface = Interface::cast(iaddr->getParent()); Interface *iface = Interface::cast(iaddr->getParent());
assert(iface!=NULL); assert(iface!=NULL);
@ -176,7 +176,7 @@ void OSConfigurator_macosx::configureInterfaces()
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j ) for ( ; j!=j.end(); ++j )
{ {
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j); Address *iaddr = Address::cast(*j);
output << "add_addr " << iaddr->getAddress().toString() << " " output << "add_addr " << iaddr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " " << iaddr->getNetmask().toString() << " "
<< iface->getName() << endl; << iface->getName() << endl;

13
src/pflib/OSConfigurator_openbsd.cpp
View File

@ -87,12 +87,14 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Network *nw)
void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr) void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr)
{ {
if (virtual_addresses.empty() || if (virtual_addresses.empty() ||
find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) find(virtual_addresses.begin(),
virtual_addresses.end(),
addr->getAddress()) == virtual_addresses.end())
{ {
FWObject *iaddr = findAddressFor(addr, fw ); FWObject *iaddr = findAddressFor(addr, fw );
if (iaddr!=NULL) if (iaddr!=NULL)
{ {
InetAddrMask *iaddr_addr = dynamic_cast<InetAddrMask*>(iaddr); Address *iaddr_addr = Address::cast(iaddr);
assert(iaddr_addr!=NULL); assert(iaddr_addr!=NULL);
Interface *iface = Interface::cast(iaddr->getParent()); Interface *iface = Interface::cast(iaddr->getParent());
assert(iface!=NULL); assert(iface!=NULL);
@ -103,7 +105,8 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr)
virtual_addresses.push_back(addr->getAddress()); virtual_addresses.push_back(addr->getAddress());
} else } else
warning(_("Can not add virtual address ") + addr->getAddress().toString() ); warning(_("Can not add virtual address ") +
addr->getAddress().toString() );
} }
} }
@ -119,7 +122,7 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr)
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j ) for ( ; j!=j.end(); ++j )
{ {
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j); Address *iaddr = Address::cast(*j);
if ( ipv4->belongs( addr->getAddress() ) ) if ( ipv4->belongs( addr->getAddress() ) )
{ {
output << "ifconfig " output << "ifconfig "
@ -213,7 +216,7 @@ void OSConfigurator_openbsd::configureInterfaces()
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j ) for ( ; j!=j.end(); ++j )
{ {
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j); Address *iaddr = Address::cast(*j);
output << "add_addr " << iaddr->getAddress().toString() << " " output << "add_addr " << iaddr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " " << iaddr->getNetmask().toString() << " "
<< iface->getName() << endl; << iface->getName() << endl;

4
src/pflib/OSConfigurator_solaris.cpp
View File

@ -101,7 +101,7 @@ void OSConfigurator_solaris::addVirtualAddressForNAT(const Address *addr)
FWObject *iaddr = findAddressFor(addr, fw ); FWObject *iaddr = findAddressFor(addr, fw );
if (iaddr!=NULL) if (iaddr!=NULL)
{ {
InetAddrMask *iaddr_addr = dynamic_cast<InetAddrMask*>(iaddr); Address *iaddr_addr = Address::cast(iaddr);
assert(iaddr_addr!=NULL); assert(iaddr_addr!=NULL);
Interface *iface=Interface::cast(iaddr->getParent()); Interface *iface=Interface::cast(iaddr->getParent());
assert(iface!=NULL); assert(iface!=NULL);
@ -192,7 +192,7 @@ void OSConfigurator_solaris::configureInterfaces()
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j ) for ( ; j!=j.end(); ++j )
{ {
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j); Address *iaddr = Address::cast(*j);
output << "add_addr " << iaddr->getAddress().toString() << " " output << "add_addr " << iaddr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " " << iaddr->getNetmask().toString() << " "
<< iface->getName() << endl; << iface->getName() << endl;

8
src/pflib/PolicyCompiler_ipf_writers.cpp
View File

@ -268,7 +268,7 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address *o,bool neg)
} }
InetAddr addr=o->getAddress(); InetAddr addr=o->getAddress();
InetNetmask mask=o->getNetmask(); InetAddr mask=o->getNetmask();
if (options->getBool("dynAddr") && if (options->getBool("dynAddr") &&
Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) Interface::cast(o)!=NULL && Interface::cast(o)->isDyn())
@ -279,12 +279,12 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address *o,bool neg)
} }
if (Interface::cast(o)!=NULL) { if (Interface::cast(o)!=NULL) {
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
} }
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1) if (o->dimension()==1)
{ {
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
} }
if (addr.isAny() && mask.isAny()) if (addr.isAny() && mask.isAny())

8
src/pflib/PolicyCompiler_ipfw_writers.cpp
View File

@ -291,13 +291,13 @@ void PolicyCompiler_ipfw::PrintRule::_printAddr(Address *o,bool neg)
} }
InetAddr addr=o->getAddress(); InetAddr addr=o->getAddress();
InetNetmask mask=o->getNetmask(); InetAddr mask=o->getNetmask();
if (Interface::cast(o)!=NULL) if (Interface::cast(o)!=NULL)
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1) if (o->dimension()==1)
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
if (addr.isAny() && mask.isAny()) if (addr.isAny() && mask.isAny())
{ {

6
src/pflib/PolicyCompiler_pf.cpp
View File

@ -389,7 +389,7 @@ void PolicyCompiler_pf::addDefaultPolicyRule()
string mgmt_addr = getCachedFwOpt()->getStr("mgmt_addr"); string mgmt_addr = getCachedFwOpt()->getStr("mgmt_addr");
InetAddr addr; InetAddr addr;
InetNetmask netmask(InetAddr::getAllOnes()); InetAddr netmask(InetAddr::getAllOnes());
try try
{ {
addr = InetAddr(mgmt_addr); addr = InetAddr(mgmt_addr);
@ -401,11 +401,11 @@ void PolicyCompiler_pf::addDefaultPolicyRule()
int o1,o2,o3,o4; int o1,o2,o3,o4;
if(sscanf(nm.c_str(), "%3u.%3u.%3u.%3u", &o1, &o2, &o3, &o4)==4) if(sscanf(nm.c_str(), "%3u.%3u.%3u.%3u", &o1, &o2, &o3, &o4)==4)
{ {
netmask = InetNetmask(nm); netmask = InetAddr(nm);
} else } else
{ {
sscanf(nm.c_str(),"%u",&o1); sscanf(nm.c_str(),"%u",&o1);
netmask = InetNetmask(o1); netmask = InetAddr(o1);
} }
} }
} catch(FWException &ex) } catch(FWException &ex)

14
src/pflib/PolicyCompiler_pf_writers.cpp
View File

@ -195,14 +195,14 @@ void PolicyCompiler_pf::PrintRule::_printRouteOptions(PolicyRule *rule)
} }
try try
{ {
InetNetmask roaddr_netmask; InetAddr roaddr_netmask;
string n = roaddr.substr(sp+1); string n = roaddr.substr(sp+1);
if (n.find('.')!=std::string::npos) if (n.find('.')!=std::string::npos)
{ {
roaddr_netmask = InetNetmask(n); roaddr_netmask = InetAddr(n);
} else } else
{ {
roaddr_netmask = InetNetmask( roaddr_netmask = InetAddr(
atoi(n.c_str())); atoi(n.c_str()));
} }
if (roaddr_netmask.getLength()==32) if (roaddr_netmask.getLength()==32)
@ -597,7 +597,7 @@ void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool neg)
} }
InetAddr addr=o->getAddress(); InetAddr addr=o->getAddress();
InetNetmask mask=o->getNetmask(); InetAddr mask=o->getNetmask();
if (Interface::cast(o)!=NULL) if (Interface::cast(o)!=NULL)
{ {
@ -608,12 +608,12 @@ void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool neg)
return; return;
} }
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
} }
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1) if (o->dimension()==1)
{ {
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
} }
if (addr.isAny() && mask.isAny()) if (addr.isAny() && mask.isAny())

6
src/pflib/TableFactory.cpp
View File

@ -213,11 +213,11 @@ string TableFactory::PrintTables()
throw(FWException("table object must be an address: '"+o->getTypeName()+"'")); throw(FWException("table object must be an address: '"+o->getTypeName()+"'"));
InetAddr addr=A->getAddress(); InetAddr addr=A->getAddress();
InetNetmask mask=A->getNetmask(); InetAddr mask=A->getNetmask();
if (dynamic_cast<InetAddrMask*>(A)->dimension()==1) if (A->dimension()==1)
{ {
mask = InetNetmask(InetAddr::getAllOnes()); mask = InetAddr(InetAddr::getAllOnes());
} }
output << addr.toString(); output << addr.toString();

46
src/pix/NATCompiler_pix.cpp
View File

@ -421,8 +421,8 @@ bool NATCompiler_pix::verifyRuleElements::processNext()
if (Network::isA(odst) && Network::isA(tdst)) if (Network::isA(odst) && Network::isA(tdst))
{ {
InetNetmask n1=(Interface::cast(odst))?InetNetmask(InetAddr::getAllOnes()):odst->getNetmask(); InetAddr n1=(Interface::cast(odst))?InetAddr(InetAddr::getAllOnes()):odst->getNetmask();
InetNetmask n2=(Interface::cast(tdst))?InetNetmask(InetAddr::getAllOnes()):tdst->getNetmask(); InetAddr n2=(Interface::cast(tdst))?InetAddr(InetAddr::getAllOnes()):tdst->getNetmask();
if ( !(n1==n2) ) if ( !(n1==n2) )
compiler->abort( compiler->abort(
@ -1269,7 +1269,7 @@ bool NATCompiler_pix::DetectOverlappingGlobalPoolsAndStaticRules::processNext()
if (natcmd->type== INTERFACE) if (natcmd->type== INTERFACE)
{ {
addr.setNetmask(InetNetmask(InetAddr::getAllOnes())); addr.setNetmask(InetAddr(InetAddr::getAllOnes()));
} }
if ( checkOverlapping( addr, outa->getAddress()) || if ( checkOverlapping( addr, outa->getAddress()) ||
@ -1313,8 +1313,8 @@ bool NATCompiler_pix::DetectDuplicateNAT::processNext()
// InetAddr a1=natcmd->o_addr->getAddress(); // InetAddr a1=natcmd->o_addr->getAddress();
// InetAddr a2=nc->o_addr->getAddress(); // InetAddr a2=nc->o_addr->getAddress();
// //
// InetNetmask m1=natcmd->o_addr->getInetNetmask(); // InetAddr m1=natcmd->o_addr->getInetAddr();
// InetNetmask m2=nc->o_addr->getNetmask(); // InetAddr m2=nc->o_addr->getNetmask();
if ( int1->getId()==int2->getId() && if ( int1->getId()==int2->getId() &&
natcmd->o_src==nc->o_src && natcmd->o_src==nc->o_src &&
@ -1379,18 +1379,30 @@ bool NATCompiler_pix::DetectOverlappingStatics::processNext()
{ {
if ( *(sc->osrv) == *(scmd->osrv) && if ( *(sc->osrv) == *(scmd->osrv) &&
*(sc->tsrv) == *(scmd->tsrv) && *(sc->tsrv) == *(scmd->tsrv) &&
*(sc->osrc) == *(scmd->osrc) && *(sc->osrc) == *(scmd->osrc))
( ! getOverlap(*(scmd->iaddr), *(sc->iaddr)).empty() || {
! getOverlap(*(scmd->oaddr), *(sc->oaddr)).empty() ) ) const InetAddrMask *ia1 =
compiler->abort( scmd->iaddr->getAddressObjectInetAddrMask();
"Static NAT rules overlap or are redundant : rules "+ const InetAddrMask *ia2 =
sc->rule+" and "+scmd->rule+" : "+ sc->iaddr->getAddressObjectInetAddrMask();
"outside address: "+
scmd->oaddr->getAddress().toString()+"/"+ const InetAddrMask *oa1 =
scmd->oaddr->getNetmask().toString()+ scmd->oaddr->getAddressObjectInetAddrMask();
" inside address: "+ const InetAddrMask *oa2 =
scmd->iaddr->getAddress().toString()+"/"+ sc->oaddr->getAddressObjectInetAddrMask();
scmd->iaddr->getNetmask().toString());
if ( ! getOverlap(*(ia1), *(ia2)).empty() ||
! getOverlap(*(oa1), *(oa2)).empty() )
compiler->abort(
"Static NAT rules overlap or are redundant: rules "+
sc->rule+" and "+scmd->rule+" : "+
"outside address: "+
scmd->oaddr->getAddress().toString()+"/"+
scmd->oaddr->getNetmask().toString()+
" inside address: "+
scmd->iaddr->getAddress().toString()+"/"+
scmd->iaddr->getNetmask().toString());
}
} }
} }
} }

2
src/pix/NATCompiler_pix.h
View File

@ -420,7 +420,7 @@ namespace fwcompiler {
typedef struct { typedef struct {
std::string iface1, iface2; std::string iface1, iface2;
libfwbuilder::InetAddr addr; libfwbuilder::InetAddr addr;
libfwbuilder::InetNetmask mask; libfwbuilder::InetAddr mask;
} nonat_static_parameters; } nonat_static_parameters;
std::deque<nonat_static_parameters> all_nonat_statics; std::deque<nonat_static_parameters> all_nonat_statics;
public: public:

2
src/pix/NATCompiler_pix_writers.cpp
View File

@ -450,7 +450,7 @@ bool NATCompiler_pix::PrintRule::processNext()
StaticCmd *scmd=pix_comp->static_commands[ rule->getInt("sc_cmd") ]; StaticCmd *scmd=pix_comp->static_commands[ rule->getInt("sc_cmd") ];
InetAddr outa=scmd->oaddr->getAddress(); InetAddr outa=scmd->oaddr->getAddress();
InetNetmask outm=scmd->oaddr->getNetmask(); InetAddr outm=scmd->oaddr->getNetmask();
InetAddr insa=scmd->iaddr->getAddress(); InetAddr insa=scmd->iaddr->getAddress();
/* /*
* we verify that odst and tdst have the same size in verifyRuleElements, * we verify that odst and tdst have the same size in verifyRuleElements,

4
src/pix/PolicyCompiler_pix.cpp
View File

@ -123,14 +123,14 @@ int PolicyCompiler_pix::prolog()
{ {
if (netmask.find(".")!=string::npos) if (netmask.find(".")!=string::npos)
{ {
InetNetmask nm(netmask); InetAddr nm(netmask);
nm.isAny(); // to avoid warning abt unused var nm.isAny(); // to avoid warning abt unused var
} else } else
{ {
int nm_length; int nm_length;
istringstream str(netmask); istringstream str(netmask);
str >> nm_length; str >> nm_length;
InetNetmask nm(nm_length); InetAddr nm(nm_length);
netmask = nm.toString(); netmask = nm.toString();
} }
} catch(FWException &ex) } catch(FWException &ex)

8
src/pix/PolicyCompiler_pix_writers.cpp
View File

@ -164,7 +164,7 @@ bool PolicyCompiler_pix::PrintObjectGroupsAndClearCommands::processNext()
InetAddr addr=a->getAddress(); InetAddr addr=a->getAddress();
pix_comp->output << " network-object "; pix_comp->output << " network-object ";
if (Network::cast(obj)!=NULL) { if (Network::cast(obj)!=NULL) {
InetNetmask mask=a->getNetmask(); InetAddr mask=a->getNetmask();
pix_comp->output << addr.toString() << " "; pix_comp->output << addr.toString() << " ";
pix_comp->output << mask.toString() << " "; pix_comp->output << mask.toString() << " ";
} else { } else {
@ -353,7 +353,7 @@ string PolicyCompiler_pix::PrintRule::_printAddr(libfwbuilder::Address *o)
ostringstream str; ostringstream str;
InetAddr srcaddr=o->getAddress(); InetAddr srcaddr=o->getAddress();
InetNetmask srcmask=o->getNetmask(); InetAddr srcmask=o->getNetmask();
if (Interface::cast(o)!=NULL) if (Interface::cast(o)!=NULL)
{ {
@ -363,11 +363,11 @@ string PolicyCompiler_pix::PrintRule::_printAddr(libfwbuilder::Address *o)
return string("interface ") + interface_->getLabel() + " "; return string("interface ") + interface_->getLabel() + " ";
} }
srcmask=InetNetmask(InetAddr::getAllOnes()); srcmask=InetAddr(InetAddr::getAllOnes());
} }
if (IPv4::cast(o)!=NULL) if (IPv4::cast(o)!=NULL)
srcmask=InetNetmask(InetAddr::getAllOnes()); srcmask=InetAddr(InetAddr::getAllOnes());
if (srcaddr.isAny() && srcmask.isAny()) if (srcaddr.isAny() && srcmask.isAny())

253
test/iosacl/objects.fwb
View File

@ -1,17 +1,17 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd"> <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="4" id="root"> <FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="4" lastModified="1208635848" id="root">
<Library color="#d2ffd0" id="id4511636323682" name="User"> <Library color="#d2ffd0" id="id4511636323682" name="User">
<ObjectGroup id="id4511636423682" name="Objects"> <ObjectGroup id="id4511636423682" name="Objects">
<ObjectGroup id="id4511636523682" name="Addresses"> <ObjectGroup id="id4511636523682" name="Addresses">
<IPv4 address="10.3.14.10" id="id451164E423682" name="baby.vk.crocodile.org" netmask="255.255.255.255"/> <IPv4 id="id451164E423682" name="baby.vk.crocodile.org" address="10.3.14.10" netmask="255.255.255.255"/>
<IPv4 address="10.3.14.102" id="id451164F923682" name="h-10.3.14.102" netmask="255.255.255.255"/> <IPv4 id="id451164F923682" name="h-10.3.14.102" address="10.3.14.102" netmask="255.255.255.255"/>
<IPv4 address="10.3.14.255" id="id451164FA23682" name="h-10.3.14.255" netmask="255.255.255.255"/> <IPv4 id="id451164FA23682" name="h-10.3.14.255" address="10.3.14.255" netmask="255.255.255.255"/>
<IPv4 address="10.3.14.53" id="id451164FB23682" name="h-10.3.14.53" netmask="255.255.255.255"/> <IPv4 id="id451164FB23682" name="h-10.3.14.53" address="10.3.14.53" netmask="255.255.255.255"/>
<IPv4 address="10.3.14.65" id="id451164FC23682" name="h-10.3.14.65" netmask="255.255.255.255"/> <IPv4 id="id451164FC23682" name="h-10.3.14.65" address="10.3.14.65" netmask="255.255.255.255"/>
<IPv4 address="10.3.14.43" id="id451164FD23682" name="neo.vk.crocodile.org" netmask="255.255.255.255"/> <IPv4 id="id451164FD23682" name="neo.vk.crocodile.org" address="10.3.14.43" netmask="255.255.255.255"/>
<IPv4 address="10.3.14.30" id="id4511653423682" name="tower.vk.crocodile.org" netmask="255.255.255.255"/> <IPv4 id="id4511653423682" name="tower.vk.crocodile.org" address="10.3.14.30" netmask="255.255.255.255"/>
<IPv4 address="10.3.14.41" id="id4511653523682" name="x1.vk.crocodile.org" netmask="255.255.255.255"/> <IPv4 id="id4511653523682" name="x1.vk.crocodile.org" address="10.3.14.41" netmask="255.255.255.255"/>
</ObjectGroup> </ObjectGroup>
<ObjectGroup id="id4511636623682" name="DNS Names"/> <ObjectGroup id="id4511636623682" name="DNS Names"/>
<ObjectGroup id="id4511636723682" name="Address Tables"/> <ObjectGroup id="id4511636723682" name="Address Tables"/>
@ -30,11 +30,11 @@
<ObjectGroup id="id4511636923682" name="Hosts"> <ObjectGroup id="id4511636923682" name="Hosts">
<Host id="id451164EB23682" name="beaver"> <Host id="id451164EB23682" name="beaver">
<Interface bridgeport="False" dyn="False" id="id451164EF23682" name="lo" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id451164EF23682" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id451164F023682" name="beaver:lo:ip" netmask="255.0.0.0"/> <IPv4 id="id451164F023682" name="beaver:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface> </Interface>
<Interface bridgeport="False" dyn="False" id="id451164F523682" name="eth0" security_level="0" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id451164F523682" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="10.3.14.40" id="id451164F723682" name="beaver:eth0:ip1" netmask="255.255.255.0"/> <IPv4 id="id451164F723682" name="beaver:eth0:ip1" address="10.3.14.40" netmask="255.255.255.0"/>
<IPv4 address="192.168.123.123" id="id451164F823682" name="beaver:eth0:ip2" netmask="255.255.255.0"/> <IPv4 id="id451164F823682" name="beaver:eth0:ip2" address="192.168.123.123" netmask="255.255.255.0"/>
<physAddress address="00:30:48:20:16:10" id="id451164F623682" name="beaver:eth0:mac"/> <physAddress address="00:30:48:20:16:10" id="id451164F623682" name="beaver:eth0:mac"/>
</Interface> </Interface>
<HostOptions> <HostOptions>
@ -97,7 +97,7 @@
<ServiceGroup id="id4511637323682" name="TagServices"/> <ServiceGroup id="id4511637323682" name="TagServices"/>
</ServiceGroup> </ServiceGroup>
<ObjectGroup id="id4511637423682" name="Firewalls"> <ObjectGroup id="id4511637423682" name="Firewalls">
<Firewall comment="" host_OS="ios" id="id46412B5226577" inactive="False" lastCompiled="1185060662" lastInstalled="0" lastModified="1178760458" name="testios1" platform="iosacl" ro="False" version="12.x"> <Firewall comment="" host_OS="ios" id="id46412B5226577" inactive="False" lastCompiled="1185060662" lastInstalled="0" lastModified="1208635848" name="testios1" platform="iosacl" ro="False" version="12.x">
<NAT id="id46412B5626577"/> <NAT id="id46412B5626577"/>
<Policy id="id46412B5526577"> <Policy id="id46412B5526577">
<PolicyRule action="Deny" comment="anti-spoofing" direction="Inbound" disabled="False" id="id464154BB29061" log="True" position="0"> <PolicyRule action="Deny" comment="anti-spoofing" direction="Inbound" disabled="False" id="id464154BB29061" log="True" position="0">
@ -351,7 +351,7 @@
<Option name="stateless">False</Option> <Option name="stateless">False</Option>
</PolicyRuleOptions> </PolicyRuleOptions>
</PolicyRule> </PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id464147C929061" log="False" position="12"> <PolicyRule action="Accept" comment="interface ethernet1 has address on network 10.10.10.0/24,&#10;therefore net-10.10.10 is behind the router and we do&#10;not need to put rules 12-18 in outbound acl of eth0" direction="Both" disabled="False" id="id464147C929061" log="False" position="12">
<Src neg="False"> <Src neg="False">
<ObjectRef ref="id4641456629061"/> <ObjectRef ref="id4641456629061"/>
</Src> </Src>
@ -521,13 +521,13 @@
</Policy> </Policy>
<Routing id="id46412B5726577"/> <Routing id="id46412B5726577"/>
<Interface bridgeport="False" dyn="False" id="id46412B5826577" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id46412B5826577" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False">
<IPv4 address="1.1.1.1" id="id46412B5926577" name="testios1:ethernet0:ip" netmask="255.255.255.0"/> <IPv4 id="id46412B5926577" name="testios1:ethernet0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id46412B5A26577" label="" mgmt="False" name="ethernet1" security_level="100" unnum="False" unprotected="True"> <Interface bridgeport="False" comment="" dyn="False" id="id46412B5A26577" label="" mgmt="False" name="ethernet1" security_level="100" unnum="False" unprotected="True">
<IPv4 address="10.10.10.1" id="id46412B5B26577" name="testios1:ethernet1:ip" netmask="255.255.255.0"/> <IPv4 id="id46412B5B26577" name="testios1:ethernet1:ip" address="10.10.10.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4642828219184" label="" mgmt="False" name="ethernet2" security_level="100" unnum="False" unprotected="True"> <Interface bridgeport="False" comment="" dyn="False" id="id4642828219184" label="" mgmt="False" name="ethernet2" security_level="100" unnum="False" unprotected="True">
<IPv4 address="3.3.3.3" comment="" id="id4642828319184" name="testios1:ethernet2:ip" netmask="255.255.255.0"/> <IPv4 comment="" id="id4642828319184" name="testios1:ethernet2:ip" address="3.3.3.3" netmask="255.255.255.0"/>
</Interface> </Interface>
<Management address="10.10.10.1"> <Management address="10.10.10.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/> <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -538,9 +538,10 @@
<Option name="accept_established">true</Option> <Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option> <Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option> <Option name="add_check_state_rule">true</Option>
<Option name="admUser"/> <Option name="admUser"></Option>
<Option name="altAddress"/> <Option name="altAddress"></Option>
<Option name="check_shading">False</Option> <Option name="check_shading">False</Option>
<Option name="compiler"></Option>
<Option name="configure_interfaces">true</Option> <Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option> <Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option> <Option name="firewall_dir">/etc</Option>
@ -553,21 +554,21 @@
<Option name="iosacl_acl_basic">True</Option> <Option name="iosacl_acl_basic">True</Option>
<Option name="iosacl_acl_no_clear">False</Option> <Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">False</Option> <Option name="iosacl_acl_substitution">False</Option>
<Option name="iosacl_acl_temp_addr"/> <Option name="iosacl_acl_temp_addr"></Option>
<Option name="iosacl_add_clear_statements">true</Option> <Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option> <Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"/> <Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_include_comments">True</Option> <Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option> <Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"/> <Option name="iosacl_logging_buffered_level"></Option>
<Option name="iosacl_logging_console">False</Option> <Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"/> <Option name="iosacl_logging_console_level"></Option>
<Option name="iosacl_logging_timestamp">False</Option> <Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"/> <Option name="iosacl_logging_trap_level"></Option>
<Option name="iosacl_prolog_script"/> <Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_regroup_commands">False</Option> <Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"/> <Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"/> <Option name="iosacl_syslog_host"></Option>
<Option name="limit_value">0</Option> <Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option> <Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option> <Option name="load_modules">true</Option>
@ -577,10 +578,10 @@
<Option name="loopback_interface">lo0</Option> <Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option> <Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option> <Option name="manage_virtual_addr">true</Option>
<Option name="mgmt_addr"/> <Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option> <Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option> <Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/> <Option name="output_file"></Option>
<Option name="pass_all_out">false</Option> <Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option> <Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option> <Option name="pf_limit_states">10000</Option>
@ -602,7 +603,7 @@
<Option name="prompt1">$ </Option> <Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option> <Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option> <Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/> <Option name="sshArgs"></Option>
<Option name="ulog_nlgroup">1</Option> <Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option> <Option name="verify_interfaces">true</Option>
</FirewallOptions> </FirewallOptions>
@ -759,10 +760,10 @@
</Policy> </Policy>
<Routing id="id4641321026611"/> <Routing id="id4641321026611"/>
<Interface bridgeport="False" dyn="False" id="id4641321126611" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id4641321126611" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False">
<IPv4 address="1.1.1.1" id="id4641321326611" name="testios20:ethernet0:ip" netmask="255.255.255.0"/> <IPv4 id="id4641321326611" name="testios20:ethernet0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4641321426611" label="" mgmt="False" name="ethernet1" network_zone="sysid0" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id4641321426611" label="" mgmt="False" name="ethernet1" network_zone="sysid0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="10.10.10.1" id="id4641321626611" name="testios20:ethernet1:ip" netmask="255.255.255.0"/> <IPv4 id="id4641321626611" name="testios20:ethernet1:ip" address="10.10.10.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Management address="10.10.10.1"> <Management address="10.10.10.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/> <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -773,10 +774,10 @@
<Option name="accept_established">true</Option> <Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option> <Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option> <Option name="add_check_state_rule">true</Option>
<Option name="admUser"/> <Option name="admUser"></Option>
<Option name="altAddress"/> <Option name="altAddress"></Option>
<Option name="check_shading">False</Option> <Option name="check_shading">False</Option>
<Option name="compiler"/> <Option name="compiler"></Option>
<Option name="configure_interfaces">true</Option> <Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option> <Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option> <Option name="firewall_dir">/etc</Option>
@ -789,21 +790,21 @@
<Option name="iosacl_acl_basic">True</Option> <Option name="iosacl_acl_basic">True</Option>
<Option name="iosacl_acl_no_clear">False</Option> <Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">False</Option> <Option name="iosacl_acl_substitution">False</Option>
<Option name="iosacl_acl_temp_addr"/> <Option name="iosacl_acl_temp_addr"></Option>
<Option name="iosacl_add_clear_statements">true</Option> <Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option> <Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"/> <Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_include_comments">True</Option> <Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option> <Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"/> <Option name="iosacl_logging_buffered_level"></Option>
<Option name="iosacl_logging_console">False</Option> <Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"/> <Option name="iosacl_logging_console_level"></Option>
<Option name="iosacl_logging_timestamp">False</Option> <Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"/> <Option name="iosacl_logging_trap_level"></Option>
<Option name="iosacl_prolog_script"/> <Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_regroup_commands">False</Option> <Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"/> <Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"/> <Option name="iosacl_syslog_host"></Option>
<Option name="limit_value">0</Option> <Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option> <Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option> <Option name="load_modules">true</Option>
@ -813,10 +814,10 @@
<Option name="loopback_interface">lo0</Option> <Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option> <Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option> <Option name="manage_virtual_addr">true</Option>
<Option name="mgmt_addr"/> <Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option> <Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option> <Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/> <Option name="output_file"></Option>
<Option name="pass_all_out">false</Option> <Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option> <Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option> <Option name="pf_limit_states">10000</Option>
@ -838,7 +839,7 @@
<Option name="prompt1">$ </Option> <Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option> <Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option> <Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/> <Option name="sshArgs"></Option>
<Option name="ulog_nlgroup">1</Option> <Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option> <Option name="verify_interfaces">true</Option>
</FirewallOptions> </FirewallOptions>
@ -1267,10 +1268,10 @@
</Policy> </Policy>
<Routing id="id464265C512807"/> <Routing id="id464265C512807"/>
<Interface bridgeport="False" dyn="False" id="id464265C612807" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id464265C612807" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False">
<IPv4 address="1.1.1.1" id="id464265C812807" name="testios2:ethernet0:ip" netmask="255.255.255.0"/> <IPv4 id="id464265C812807" name="testios2:ethernet0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id464265C912807" label="" mgmt="True" name="ethernet1" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id464265C912807" label="" mgmt="True" name="ethernet1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="10.10.10.1" id="id464265CB12807" name="testios2:ethernet1:ip" netmask="255.255.255.0"/> <IPv4 id="id464265CB12807" name="testios2:ethernet1:ip" address="10.10.10.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Management address="10.10.10.1"> <Management address="10.10.10.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/> <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -1281,8 +1282,8 @@
<Option name="accept_established">true</Option> <Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option> <Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option> <Option name="add_check_state_rule">true</Option>
<Option name="admUser"/> <Option name="admUser"></Option>
<Option name="altAddress"/> <Option name="altAddress"></Option>
<Option name="check_shading">False</Option> <Option name="check_shading">False</Option>
<Option name="configure_interfaces">true</Option> <Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option> <Option name="eliminate_duplicates">true</Option>
@ -1299,18 +1300,18 @@
<Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option> <Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
<Option name="iosacl_add_clear_statements">true</Option> <Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option> <Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"/> <Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_include_comments">True</Option> <Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option> <Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"/> <Option name="iosacl_logging_buffered_level"></Option>
<Option name="iosacl_logging_console">False</Option> <Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"/> <Option name="iosacl_logging_console_level"></Option>
<Option name="iosacl_logging_timestamp">False</Option> <Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"/> <Option name="iosacl_logging_trap_level"></Option>
<Option name="iosacl_prolog_script"/> <Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_regroup_commands">False</Option> <Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"/> <Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"/> <Option name="iosacl_syslog_host"></Option>
<Option name="limit_value">0</Option> <Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option> <Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option> <Option name="load_modules">true</Option>
@ -1320,10 +1321,10 @@
<Option name="loopback_interface">lo0</Option> <Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option> <Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option> <Option name="manage_virtual_addr">true</Option>
<Option name="mgmt_addr"/> <Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option> <Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option> <Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/> <Option name="output_file"></Option>
<Option name="pass_all_out">false</Option> <Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option> <Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option> <Option name="pf_limit_states">10000</Option>
@ -1345,7 +1346,7 @@
<Option name="prompt1">$ </Option> <Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option> <Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option> <Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/> <Option name="sshArgs"></Option>
<Option name="ulog_nlgroup">1</Option> <Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option> <Option name="verify_interfaces">true</Option>
</FirewallOptions> </FirewallOptions>
@ -1516,19 +1517,19 @@
</Policy> </Policy>
<Routing id="id46435A0316989"/> <Routing id="id46435A0316989"/>
<Interface bridgeport="False" comment="" dyn="False" id="id46435A0416989" label="" mgmt="False" name="Ethernet1/0" security_level="0" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id46435A0416989" label="" mgmt="False" name="Ethernet1/0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.171.2" id="id46435A0516989" name="c3620:Ethernet1/0:ip" netmask="255.255.255.0"/> <IPv4 id="id46435A0516989" name="c3620:Ethernet1/0:ip" address="192.168.171.2" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id46435A0616989" label="" mgmt="False" name="Ethernet1/1" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id46435A0616989" label="" mgmt="False" name="Ethernet1/1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="0.0.0.0" id="id46435A0716989" name="c3620:Ethernet1/1:ip" netmask="255.255.255.255"/> <IPv4 id="id46435A0716989" name="c3620:Ethernet1/1:ip" address="0.0.0.0" netmask="255.255.255.255"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id46435A0816989" label="" mgmt="True" name="FastEthernet0/0" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id46435A0816989" label="" mgmt="True" name="FastEthernet0/0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="10.3.14.201" id="id46435A0916989" name="c3620:FastEthernet0/0:ip" netmask="255.255.255.0"/> <IPv4 id="id46435A0916989" name="c3620:FastEthernet0/0:ip" address="10.3.14.201" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id46435A0A16989" label="" mgmt="False" name="Null0" security_level="100" unnum="False" unprotected="True"> <Interface bridgeport="False" comment="" dyn="False" id="id46435A0A16989" label="" mgmt="False" name="Null0" security_level="100" unnum="False" unprotected="True">
<IPv4 address="0.0.0.0" id="id46435A0B16989" name="c3620:Null0:ip" netmask="255.255.255.255"/> <IPv4 id="id46435A0B16989" name="c3620:Null0:ip" address="0.0.0.0" netmask="255.255.255.255"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id46435A0C16989" label="" mgmt="False" name="Serial1/0" security_level="100" unnum="False" unprotected="True"> <Interface bridgeport="False" comment="" dyn="False" id="id46435A0C16989" label="" mgmt="False" name="Serial1/0" security_level="100" unnum="False" unprotected="True">
<IPv4 address="0.0.0.0" id="id46435A0D16989" name="c3620:Serial1/0:ip" netmask="255.255.255.255"/> <IPv4 id="id46435A0D16989" name="c3620:Serial1/0:ip" address="0.0.0.0" netmask="255.255.255.255"/>
</Interface> </Interface>
<Management address="10.3.14.201"> <Management address="10.3.14.201">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/> <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -1539,8 +1540,8 @@
<Option name="accept_established">true</Option> <Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option> <Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option> <Option name="add_check_state_rule">true</Option>
<Option name="admUser"/> <Option name="admUser"></Option>
<Option name="altAddress"/> <Option name="altAddress"></Option>
<Option name="check_shading">False</Option> <Option name="check_shading">False</Option>
<Option name="configure_interfaces">true</Option> <Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option> <Option name="eliminate_duplicates">true</Option>
@ -1552,21 +1553,21 @@
<Option name="iosacl_acl_basic">True</Option> <Option name="iosacl_acl_basic">True</Option>
<Option name="iosacl_acl_no_clear">False</Option> <Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">False</Option> <Option name="iosacl_acl_substitution">False</Option>
<Option name="iosacl_acl_temp_addr"/> <Option name="iosacl_acl_temp_addr"></Option>
<Option name="iosacl_add_clear_statements">true</Option> <Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option> <Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"/> <Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_include_comments">True</Option> <Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option> <Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"/> <Option name="iosacl_logging_buffered_level"></Option>
<Option name="iosacl_logging_console">False</Option> <Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"/> <Option name="iosacl_logging_console_level"></Option>
<Option name="iosacl_logging_timestamp">False</Option> <Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"/> <Option name="iosacl_logging_trap_level"></Option>
<Option name="iosacl_prolog_script"/> <Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_regroup_commands">False</Option> <Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"/> <Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"/> <Option name="iosacl_syslog_host"></Option>
<Option name="limit_value">0</Option> <Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option> <Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option> <Option name="load_modules">true</Option>
@ -1579,7 +1580,7 @@
<Option name="mgmt_addr">10.3.14.40</Option> <Option name="mgmt_addr">10.3.14.40</Option>
<Option name="mgmt_ssh">True</Option> <Option name="mgmt_ssh">True</Option>
<Option name="openbsd_ip_forward">1</Option> <Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/> <Option name="output_file"></Option>
<Option name="pass_all_out">false</Option> <Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option> <Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option> <Option name="pf_limit_states">10000</Option>
@ -1601,7 +1602,7 @@
<Option name="prompt1">$ </Option> <Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option> <Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option> <Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/> <Option name="sshArgs"></Option>
<Option name="ulog_nlgroup">1</Option> <Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option> <Option name="verify_interfaces">true</Option>
</FirewallOptions> </FirewallOptions>
@ -1611,7 +1612,7 @@
</Library> </Library>
<Library id="sysid99" name="Deleted Objects" ro="False"> <Library id="sysid99" name="Deleted Objects" ro="False">
<ObjectRef ref="sysid0"/> <ObjectRef ref="sysid0"/>
<IPv4 address="10.10.10.1" comment="" id="id463FF31019380" name="test-ipt:eth0:ip" netmask="255.255.255.0"/> <IPv4 comment="" id="id463FF31019380" name="test-ipt:eth0:ip" address="10.10.10.1" netmask="255.255.255.0"/>
<Interface bridgeport="False" comment="" dyn="False" id="id4511651D23682" label="" mgmt="False" name="imq1" security_level="100" unnum="True" unprotected="False"/> <Interface bridgeport="False" comment="" dyn="False" id="id4511651D23682" label="" mgmt="False" name="imq1" security_level="100" unnum="True" unprotected="False"/>
<Firewall comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network.&#10;This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." host_OS="freebsd" id="id453D8A6D12118" lastCompiled="0" lastInstalled="0" lastModified="1178678949" name="ipf" platform="ipf" ro="False" version=""> <Firewall comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network.&#10;This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." host_OS="freebsd" id="id453D8A6D12118" lastCompiled="0" lastInstalled="0" lastModified="1178678949" name="ipf" platform="ipf" ro="False" version="">
<NAT id="id453D8AE412118"> <NAT id="id453D8AE412118">
@ -1694,27 +1695,27 @@
<IntervalRef ref="sysid2"/> <IntervalRef ref="sysid2"/>
</When> </When>
<PolicyRuleOptions> <PolicyRuleOptions>
<Option name="action_on_reject"/> <Option name="action_on_reject"></Option>
<Option name="classify_str"/> <Option name="classify_str"></Option>
<Option name="custom_str"/> <Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"/> <Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if">le1</Option> <Option name="ipf_route_opt_if">le1</Option>
<Option name="ipf_route_option">route_through</Option> <Option name="ipf_route_option">route_through</Option>
<Option name="ipfw_classify_method">2</Option> <Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option> <Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option> <Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option> <Option name="ipt_continue">False</Option>
<Option name="ipt_gw"/> <Option name="ipt_gw"></Option>
<Option name="ipt_iif"/> <Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option> <Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option> <Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif"/> <Option name="ipt_oif"></Option>
<Option name="ipt_tee">False</Option> <Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option> <Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"/> <Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"/> <Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">route_through</Option> <Option name="pf_route_option">route_through</Option>
<Option name="rule_name_accounting"/> <Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option> <Option name="stateless">True</Option>
</PolicyRuleOptions> </PolicyRuleOptions>
</PolicyRule> </PolicyRule>
@ -1835,10 +1836,10 @@
<Routing id="id453D8AF312118"/> <Routing id="id453D8AF312118"/>
<Interface bridgeport="False" comment="" dyn="True" id="id453D8AF412118" label="" mgmt="False" name="le0" security_level="0" unnum="False" unprotected="False"/> <Interface bridgeport="False" comment="" dyn="True" id="id453D8AF412118" label="" mgmt="False" name="le0" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="False" id="id453D8AF512118" label="" mgmt="True" name="le1" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id453D8AF512118" label="" mgmt="True" name="le1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id453D8AF712118" name="ipf:le1:ip" netmask="255.255.255.0"/> <IPv4 comment="" id="id453D8AF712118" name="ipf:le1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id453D8AF812118" label="loopback" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id453D8AF812118" label="loopback" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id453D8AFA12118" name="ipf:lo:ip" netmask="255.0.0.0"/> <IPv4 comment="" id="id453D8AFA12118" name="ipf:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface> </Interface>
<Management address="0.0.0.0"> <Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/> <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -1929,27 +1930,27 @@
<IntervalRef ref="sysid2"/> <IntervalRef ref="sysid2"/>
</When> </When>
<PolicyRuleOptions> <PolicyRuleOptions>
<Option name="action_on_reject"/> <Option name="action_on_reject"></Option>
<Option name="classify_str"/> <Option name="classify_str"></Option>
<Option name="custom_str"/> <Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"/> <Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"/> <Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">Route through</Option> <Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option> <Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option> <Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option> <Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option> <Option name="ipt_continue">False</Option>
<Option name="ipt_gw"/> <Option name="ipt_gw"></Option>
<Option name="ipt_iif"/> <Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option> <Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option> <Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif">vlan1</Option> <Option name="ipt_oif">vlan1</Option>
<Option name="ipt_tee">False</Option> <Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option> <Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"/> <Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"/> <Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">Route through</Option> <Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"/> <Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option> <Option name="stateless">True</Option>
</PolicyRuleOptions> </PolicyRuleOptions>
</PolicyRule> </PolicyRule>
@ -1970,27 +1971,27 @@
<IntervalRef ref="sysid2"/> <IntervalRef ref="sysid2"/>
</When> </When>
<PolicyRuleOptions> <PolicyRuleOptions>
<Option name="action_on_reject"/> <Option name="action_on_reject"></Option>
<Option name="classify_str"/> <Option name="classify_str"></Option>
<Option name="custom_str"/> <Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"/> <Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"/> <Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">Route through</Option> <Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option> <Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option> <Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option> <Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option> <Option name="ipt_continue">False</Option>
<Option name="ipt_gw"/> <Option name="ipt_gw"></Option>
<Option name="ipt_iif"/> <Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option> <Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option> <Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif">eth1</Option> <Option name="ipt_oif">eth1</Option>
<Option name="ipt_tee">False</Option> <Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option> <Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"/> <Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"/> <Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">Route through</Option> <Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"/> <Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option> <Option name="stateless">True</Option>
</PolicyRuleOptions> </PolicyRuleOptions>
</PolicyRule> </PolicyRule>
@ -2037,11 +2038,11 @@
</Policy> </Policy>
<Routing id="id4511651323682"/> <Routing id="id4511651323682"/>
<Interface bridgeport="False" dyn="False" id="id4511651623682" name="lo" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id4511651623682" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id4511651723682" name="test-ipt:lo:ip" netmask="255.0.0.0"/> <IPv4 id="id4511651723682" name="test-ipt:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4511651923682" label="" mgmt="False" name="teql0" security_level="100" unnum="True" unprotected="False"/> <Interface bridgeport="False" comment="" dyn="False" id="id4511651923682" label="" mgmt="False" name="teql0" security_level="100" unnum="True" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="False" id="id4511651B23682" label="" mgmt="False" name="imq0" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id4511651B23682" label="" mgmt="False" name="imq0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id463FFA2619380" name="test-ipt:imq0:ip" netmask="255.255.255.0"/> <IPv4 comment="" id="id463FFA2619380" name="test-ipt:imq0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" comment="" dyn="True" id="id4511652023682" label="" mgmt="False" name="eth0" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="True" id="id4511652023682" label="" mgmt="False" name="eth0" security_level="100" unnum="False" unprotected="False">
<physAddress address="00:12:17:03:B9:81" id="id4511652123682" name="test-ipt:eth0:mac"/> <physAddress address="00:12:17:03:B9:81" id="id4511652123682" name="test-ipt:eth0:mac"/>
@ -2053,11 +2054,11 @@
<physAddress address="00:12:17:03:B9:81" id="id4511652923682" name="test-ipt:vlan0:mac"/> <physAddress address="00:12:17:03:B9:81" id="id4511652923682" name="test-ipt:vlan0:mac"/>
</Interface> </Interface>
<Interface bridgeport="False" dyn="False" id="id4511652D23682" name="vlan1" security_level="0" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id4511652D23682" name="vlan1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="24.6.139.57" id="id4511652F23682" name="test-ipt:vlan1:ip" netmask="255.255.248.0"/> <IPv4 id="id4511652F23682" name="test-ipt:vlan1:ip" address="24.6.139.57" netmask="255.255.248.0"/>
<physAddress address="00:E0:18:A8:80:1E" id="id4511652E23682" name="test-ipt:vlan1:mac"/> <physAddress address="00:E0:18:A8:80:1E" id="id4511652E23682" name="test-ipt:vlan1:mac"/>
</Interface> </Interface>
<Interface bridgeport="False" dyn="False" id="id4511653223682" name="br0" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id4511653223682" name="br0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="10.10.10.2" comment="" id="id463FF31119380" name="test-ipt:br0:ip" netmask="255.255.255.0"/> <IPv4 comment="" id="id463FF31119380" name="test-ipt:br0:ip" address="10.10.10.2" netmask="255.255.255.0"/>
<physAddress address="00:12:17:03:B9:81" id="id4511653323682" name="test-ipt:br0:mac"/> <physAddress address="00:12:17:03:B9:81" id="id4511653323682" name="test-ipt:br0:mac"/>
</Interface> </Interface>
<Management address="10.10.10.2"> <Management address="10.10.10.2">
@ -2068,27 +2069,27 @@
<FirewallOptions> <FirewallOptions>
<Option name="accept_established">True</Option> <Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option> <Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"/> <Option name="action_on_reject"></Option>
<Option name="activationCmd"/> <Option name="activationCmd"></Option>
<Option name="admUser"/> <Option name="admUser"></Option>
<Option name="altAddress"/> <Option name="altAddress"></Option>
<Option name="bridging_fw">False</Option> <Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option> <Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option> <Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option> <Option name="classify_mark_terminating">False</Option>
<Option name="cmdline"/> <Option name="cmdline"></Option>
<Option name="compiler"/> <Option name="compiler"></Option>
<Option name="configure_interfaces">True</Option> <Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option> <Option name="debug">False</Option>
<Option name="drop_invalid">False</Option> <Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option> <Option name="eliminate_duplicates">true</Option>
<Option name="epilog_script"/> <Option name="epilog_script"></Option>
<Option name="firewall_dir">/etc</Option> <Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option> <Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward">1</Option> <Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option> <Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option> <Option name="in_out_code">true</Option>
<Option name="limit_suffix"/> <Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option> <Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option> <Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option> <Option name="load_modules">True</Option>
@ -2103,10 +2104,10 @@
<Option name="loopback_interface">lo0</Option> <Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option> <Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option> <Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"/> <Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option> <Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option> <Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/> <Option name="output_file"></Option>
<Option name="pass_all_out">false</Option> <Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option> <Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option> <Option name="pf_limit_states">10000</Option>
@ -2126,14 +2127,14 @@
<Option name="pix_syslog_device_id_supported">false</Option> <Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option> <Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">top</Option> <Option name="prolog_place">top</Option>
<Option name="prolog_script"/> <Option name="prolog_script"></Option>
<Option name="prompt1">$ </Option> <Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option> <Option name="prompt2"> # </Option>
<Option name="snmp_contact">root</Option> <Option name="snmp_contact">root</Option>
<Option name="snmp_description">Linux SVEASOFT 2.4.20 #2 Wed Nov 17 11:49:43 CET 2004 mips</Option> <Option name="snmp_description">Linux SVEASOFT 2.4.20 #2 Wed Nov 17 11:49:43 CET 2004 mips</Option>
<Option name="snmp_location">Unknown</Option> <Option name="snmp_location">Unknown</Option>
<Option name="solaris_ip_forward">1</Option> <Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/> <Option name="sshArgs"></Option>
<Option name="ulog_cprange">0</Option> <Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option> <Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option> <Option name="ulog_qthreshold">1</Option>

2
test/ipt/do-diff
View File

@ -7,7 +7,7 @@ if which opendiff > /dev/null 2>&1; then
elif which tkdiff > /dev/null 2>&1; then elif which tkdiff > /dev/null 2>&1; then
TOOL="tkdiff -b -B " TOOL="tkdiff -b -B "
else else
TOOL="diff -b -B " TOOL="diff -U 8 -b -B "
fi fi
${TOOL} firewall${N}.fw.orig firewall${N}.fw ${TOOL} firewall${N}.fw.orig firewall${N}.fw

68
test/ipt/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd"> <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="4" lastModified="1206322269" id="root"> <FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="4" lastModified="1208501354" id="root">
<Library color="#d2ffd0" comment="User defined objects" id="syslib001" name="User"> <Library color="#d2ffd0" comment="User defined objects" id="syslib001" name="User">
<ObjectGroup id="stdid01_1" name="Objects"> <ObjectGroup id="stdid01_1" name="Objects">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables"> <ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables">
@ -324,8 +324,8 @@
</HostOptions> </HostOptions>
</Host> </Host>
<Host comment="" id="host-hostA" name="hostA"> <Host comment="" id="host-hostA" name="hostA">
<Interface bridgeport="False" dyn="False" id="host-hostA-i" name="unknown" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="host-hostA-i" label="" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 id="host-hostA-i-ipv4" name="address" address="192.168.1.10" netmask="255.255.255.255"/> <IPv4 id="host-hostA-i-ipv4" name="hostA:eth0:ip" address="192.168.1.10" netmask="255.255.255.255"/>
</Interface> </Interface>
<Management address="192.168.1.10"> <Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/> <SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -668,9 +668,9 @@
</HostOptions> </HostOptions>
</Host> </Host>
<Host comment="this host has the same IP address as firewall 'firewall', plus it has MAC address.&#10;Testing for a combination of &quot;--mac --source-mac&quot; in the OUTPUT chain.&#10;" id="id3F14DFB8" name="fw-with-mac-1"> <Host comment="this host has the same IP address as firewall 'firewall', plus it has MAC address.&#10;Testing for a combination of &quot;--mac --source-mac&quot; in the OUTPUT chain.&#10;" id="id3F14DFB8" name="fw-with-mac-1">
<Interface bridgeport="False" comment="" dyn="False" id="id3F14DFB9" label="" mgmt="False" name="host-with-mac-1:1" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id3F14DFB9" label="" mgmt="False" name="fw-with-mac-1:1" security_level="100" unnum="False" unprotected="False">
<IPv4 comment="" id="id3F14DFBA" name="host-with-mac-1/addr" address="192.168.1.1" netmask="255.255.255.0"/> <IPv4 comment="" id="id3F14DFBA" name="fw-with-mac-1:fw-with-mac-1:1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
<physAddress address="00:10:4b:de:e9:6f" id="id3F14DFBB" name="host-with-mac-1:1-pa"/> <physAddress address="00:10:4b:de:e9:6f" id="id3F14DFBB" name="fw-with-mac-1:fw-with-mac-1:1:mac"/>
</Interface> </Interface>
<Management address="192.168.1.10"> <Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/> <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -988,7 +988,7 @@
</ServiceGroup> </ServiceGroup>
</ServiceGroup> </ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls"> <ObjectGroup id="stdid12_1" name="Firewalls">
<Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule&#10;" host_OS="linux24" id="fw-firewall2" inactive="False" lastCompiled="1188096924" lastInstalled="1142003872" lastModified="1206322269" name="firewall" platform="iptables" ro="False" version=""> <Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule&#10;" host_OS="linux24" id="fw-firewall2" inactive="False" lastCompiled="1188096924" lastInstalled="1142003872" lastModified="1208501354" name="firewall" platform="iptables" ro="False" version="">
<NAT id="nat-firewall2"> <NAT id="nat-firewall2">
<NATRule comment="" disabled="False" id="nat-firewall2-0" position="0"> <NATRule comment="" disabled="False" id="nat-firewall2-0" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -2732,7 +2732,7 @@
<Option name="verify_interfaces">True</Option> <Option name="verify_interfaces">True</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="this object is used to test all kinds of negation in policy and NAT rules" host_OS="linux24" id="id3AF5AA0A" inactive="False" lastCompiled="1188096933" lastInstalled="1142003872" lastModified="1158818477" name="firewall1" platform="iptables" ro="False" version=""> <Firewall comment="this object is used to test all kinds of negation in policy and NAT rules" host_OS="linux24" id="id3AF5AA0A" inactive="False" lastCompiled="1188096933" lastInstalled="1142003872" lastModified="1208501354" name="firewall1" platform="iptables" ro="False" version="">
<NAT id="id3AF5AA0D"> <NAT id="id3AF5AA0D">
<NATRule disabled="False" id="id3C98491C" position="0"> <NATRule disabled="False" id="id3C98491C" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -4013,19 +4013,19 @@
</Policy> </Policy>
<Routing id="id3AF5AA0A-routing"/> <Routing id="id3AF5AA0A-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3AF5AA96" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" comment="" dyn="False" id="id3AF5AA96" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 id="id3AF5AA96-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/> <IPv4 comment="" id="id3AF5AA96-ipv4" name="eth0:address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" dyn="False" id="id3AF5AA99" name="eth1" security_level="0" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id3AF5AA99" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 id="id3AF5AA99-ipv4" name="address" address="22.22.22.22" netmask="255.255.255.0"/> <IPv4 comment="" id="id3AF5AA99-ipv4" name="eth1:address" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" dyn="False" id="id3B0B4BC8" name="eth2" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id3B0B4BC8" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 id="id3B0B4BC8-ipv4" name="address" address="192.168.2.1" netmask="255.255.255.0"/> <IPv4 comment="" id="id3B0B4BC8-ipv4" name="eth2:address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface> </Interface>
<Interface bridgeport="False" dyn="False" id="id3B0B4D35" name="lo" security_level="100" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id3B0B4D35" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 id="id3B0B4D35-ipv4" name="address" address="127.0.0.1" netmask="255.0.0.0"/> <IPv4 comment="" id="id3B0B4D35-ipv4" name="lo:address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface> </Interface>
<Interface bridgeport="False" dyn="False" id="id3B11F434" name="eth3" security_level="0" unnum="False" unprotected="False"> <Interface bridgeport="False" dyn="False" id="id3B11F434" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 id="id3B11F434-ipv4" name="address" address="22.22.23.23" netmask="255.255.255.0"/> <IPv4 comment="" id="id3B11F434-ipv4" name="eth3:address" address="22.22.23.23" netmask="255.255.255.0"/>
</Interface> </Interface>
<Management address="192.168.1.1"> <Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/> <SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -4117,7 +4117,7 @@
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " host_OS="linux24" id="id3AFB66C6" inactive="False" lastCompiled="1188315148" lastInstalled="1142003872" lastModified="1197388709" name="firewall2" platform="iptables" ro="False" version=""> <Firewall comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " host_OS="linux24" id="id3AFB66C6" inactive="False" lastCompiled="1188315148" lastInstalled="1142003872" lastModified="1208501354" name="firewall2" platform="iptables" ro="False" version="">
<NAT id="id3AFB66C7"> <NAT id="id3AFB66C7">
<NATRule disabled="False" id="id3AFB66C8" position="0"> <NATRule disabled="False" id="id3AFB66C8" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -5688,7 +5688,7 @@
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="this object is used to test negation in policy rules with &quot;Assume firewall is part of 'Any'&quot; turned OFF" host_OS="linux24" id="id3B0226B6" inactive="False" lastCompiled="1196093755" lastInstalled="1142003872" lastModified="1196093903" name="firewall3" platform="iptables" ro="False" version=""> <Firewall comment="this object is used to test negation in policy rules with &quot;Assume firewall is part of 'Any'&quot; turned OFF" host_OS="linux24" id="id3B0226B6" inactive="False" lastCompiled="1196093755" lastInstalled="1142003872" lastModified="1208501354" name="firewall3" platform="iptables" ro="False" version="">
<NAT id="id3B0226B7"> <NAT id="id3B0226B7">
<NATRule disabled="False" id="id3B0226B8" position="0"> <NATRule disabled="False" id="id3B0226B8" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -6341,7 +6341,7 @@
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="this object is used to test a configuration where firewall has dynamic address " host_OS="linux24" id="id3B0C6380" inactive="False" lastCompiled="1188097179" lastInstalled="1142003872" lastModified="1184801731" name="firewall4" platform="iptables" ro="False" version=""> <Firewall comment="this object is used to test a configuration where firewall has dynamic address " host_OS="linux24" id="id3B0C6380" inactive="False" lastCompiled="1188097179" lastInstalled="1142003872" lastModified="1208501354" name="firewall4" platform="iptables" ro="False" version="">
<NAT id="id3B0C6381"> <NAT id="id3B0C6381">
<NATRule disabled="False" id="id3B0C6382" position="0"> <NATRule disabled="False" id="id3B0C6382" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -7128,7 +7128,7 @@
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing firewall_is_part_of_any_and_networks&#10;also testing SNAT and DNAT rules when external interface&#10;has dynamic address&#10;&#10;dynamic interface ppp0 has an address object attached to it&#10;(interface used to be static and had an address, then got&#10;converted to dynamic but address object is still there). Compiler&#10;should ignore this address object and issue a warning.&#10;" host_OS="linux24" id="id3B19BEE6" lastCompiled="1204560061" lastInstalled="1142003872" lastModified="1204560033" name="firewall5" platform="iptables" ro="False"> <Firewall comment="testing firewall_is_part_of_any_and_networks&#10;also testing SNAT and DNAT rules when external interface&#10;has dynamic address&#10;&#10;dynamic interface ppp0 has an address object attached to it&#10;(interface used to be static and had an address, then got&#10;converted to dynamic but address object is still there). Compiler&#10;should ignore this address object and issue a warning.&#10;" host_OS="linux24" id="id3B19BEE6" lastCompiled="1204560061" lastInstalled="1142003872" lastModified="1208501354" name="firewall5" platform="iptables" ro="False">
<NAT id="id3B19BEE7"> <NAT id="id3B19BEE7">
<NATRule disabled="False" id="id3CFD9EE2" position="0"> <NATRule disabled="False" id="id3CFD9EE2" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -9413,7 +9413,7 @@
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing rules with broadcasts and multicasts and action-on-reject 'TCP reset'. &#10;&#10;This is BRIDGING FIREWALL &#10;Firewall is part of any is OFF&#10;&#10;Interfaces eth0 and eth1 are parts of the bridge; Interface eth2 is external interface (doing NAT and routing on this interface) Interface eth3 is connected to protected network and is used to manage firewall. This is rather realistic configuration for the bridging firewall " host_OS="linux24" id="id3D94D4F8" inactive="False" lastCompiled="1188096947" lastInstalled="1142003872" lastModified="1171611400" name="firewall11" platform="iptables" ro="False" version=""> <Firewall comment="testing rules with broadcasts and multicasts and action-on-reject 'TCP reset'. &#10;&#10;This is BRIDGING FIREWALL &#10;Firewall is part of any is OFF&#10;&#10;Interfaces eth0 and eth1 are parts of the bridge; Interface eth2 is external interface (doing NAT and routing on this interface) Interface eth3 is connected to protected network and is used to manage firewall. This is rather realistic configuration for the bridging firewall " host_OS="linux24" id="id3D94D4F8" inactive="False" lastCompiled="1188096947" lastInstalled="1142003872" lastModified="1208501354" name="firewall11" platform="iptables" ro="False" version="">
<NAT id="id3D94D4F9"> <NAT id="id3D94D4F9">
<NATRule disabled="True" id="id3E854D22" position="0"> <NATRule disabled="True" id="id3E854D22" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -10271,7 +10271,7 @@
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="Testing empty groups thing&#10;" host_OS="linux24" id="id3DE68A18" lastCompiled="1188096961" lastInstalled="1142003872" lastModified="0" name="firewall13" platform="iptables" ro="False"> <Firewall comment="Testing empty groups thing&#10;" host_OS="linux24" id="id3DE68A18" lastCompiled="1188096961" lastInstalled="1142003872" lastModified="1208501354" name="firewall13" platform="iptables" ro="False">
<NAT id="id3DE68A19"> <NAT id="id3DE68A19">
<NATRule disabled="False" id="id3DE68AFA" position="0"> <NATRule disabled="False" id="id3DE68AFA" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -10787,7 +10787,7 @@
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing translation from outside to the web server on DMZ, need to see what happens if clients on internal net connect to the NATted address of this server. This is a kind of &quot;NAT back to the same subnet&quot; with a twist.&#10;&#10;This firewall also has option &quot;local NAT&quot; enabled. NAT rules 0,2-7 should generate code in the OUTPUT and POSTROUTING chains.&#10;" host_OS="linux24" id="id3E189481" lastCompiled="1188096980" lastInstalled="1142003872" lastModified="0" name="firewall16" platform="iptables" ro="False" version=""> <Firewall comment="testing translation from outside to the web server on DMZ, need to see what happens if clients on internal net connect to the NATted address of this server. This is a kind of &quot;NAT back to the same subnet&quot; with a twist.&#10;&#10;This firewall also has option &quot;local NAT&quot; enabled. NAT rules 0,2-7 should generate code in the OUTPUT and POSTROUTING chains.&#10;" host_OS="linux24" id="id3E189481" lastCompiled="1188096980" lastInstalled="1142003872" lastModified="1208501354" name="firewall16" platform="iptables" ro="False" version="">
<NAT id="id3E189482"> <NAT id="id3E189482">
<NATRule comment="should generate code in both PREROUTING&#10;and OUTPUT chain because option &quot;local NAT&quot;&#10;is enabled" disabled="False" id="id3E189483" position="0"> <NATRule comment="should generate code in both PREROUTING&#10;and OUTPUT chain because option &quot;local NAT&quot;&#10;is enabled" disabled="False" id="id3E189483" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -12225,7 +12225,7 @@
<Option name="verify_interfaces">True</Option> <Option name="verify_interfaces">True</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing firewall_is_part_of_any_and_networks&#10;also testing SNAT and DNAT rules when external interface&#10;has dynamic address&#10;&#10;dynamic interface ppp0 has an address object attached to it&#10;(interface used to be static and had an address, then got&#10;converted to dynamic but address object is still there). Compiler&#10;should ignore this address object and issue a warning.&#10;" host_OS="linux24" id="id3EFBC648" lastCompiled="1188097016" lastInstalled="1142003872" lastModified="1142003913" name="firewall20" platform="iptables" ro="False" version=""> <Firewall comment="testing firewall_is_part_of_any_and_networks&#10;also testing SNAT and DNAT rules when external interface&#10;has dynamic address&#10;&#10;dynamic interface ppp0 has an address object attached to it&#10;(interface used to be static and had an address, then got&#10;converted to dynamic but address object is still there). Compiler&#10;should ignore this address object and issue a warning.&#10;" host_OS="linux24" id="id3EFBC648" lastCompiled="1188097016" lastInstalled="1142003872" lastModified="1208501354" name="firewall20" platform="iptables" ro="False" version="">
<NAT id="id3EFBC649"> <NAT id="id3EFBC649">
<NATRule disabled="False" id="id3EFBC64A" position="0"> <NATRule disabled="False" id="id3EFBC64A" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -12764,7 +12764,7 @@
<Option name="verify_interfaces">True</Option> <Option name="verify_interfaces">True</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="two dynamic interfaces in the same policy or NAT rule&#10;" host_OS="linux24" id="id3F29FAAD" lastCompiled="1188097023" lastInstalled="1142003872" lastModified="0" name="firewall21" platform="iptables" ro="False"> <Firewall comment="two dynamic interfaces in the same policy or NAT rule&#10;" host_OS="linux24" id="id3F29FAAD" lastCompiled="1188097023" lastInstalled="1142003872" lastModified="1208501354" name="firewall21" platform="iptables" ro="False">
<NAT id="id3F29FAAE"> <NAT id="id3F29FAAE">
<NATRule disabled="False" id="id3F2A008C" position="0"> <NATRule disabled="False" id="id3F2A008C" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -12953,7 +12953,7 @@
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing NAT rules using custom services&#10;" host_OS="linux24" id="id3FADB89A" lastCompiled="1188097029" lastInstalled="1142003872" lastModified="1142003913" name="firewall22" platform="iptables" ro="False" version="1.2.9"> <Firewall comment="testing NAT rules using custom services&#10;" host_OS="linux24" id="id3FADB89A" lastCompiled="1188097029" lastInstalled="1142003872" lastModified="1208501354" name="firewall22" platform="iptables" ro="False" version="1.2.9">
<NAT id="id3FADB89B"> <NAT id="id3FADB89B">
<NATRule disabled="False" id="id3FADBAA3" position="0"> <NATRule disabled="False" id="id3FADBAA3" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -13149,7 +13149,7 @@
<Option name="verify_interfaces">True</Option> <Option name="verify_interfaces">True</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="&#10;This is BRIDGING FIREWALL&#10;&#10;" host_OS="linux24" id="id3FB32E8E" lastCompiled="1188097036" lastInstalled="1142003872" lastModified="1142003859" name="firewall23" platform="iptables" ro="False"> <Firewall comment="&#10;This is BRIDGING FIREWALL&#10;&#10;" host_OS="linux24" id="id3FB32E8E" lastCompiled="1188097036" lastInstalled="1142003872" lastModified="1208501354" name="firewall23" platform="iptables" ro="False">
<NAT id="id3FB32E8F"/> <NAT id="id3FB32E8F"/>
<Policy id="id3FB32EAC"> <Policy id="id3FB32EAC">
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id3FB33184" log="False" position="0"> <PolicyRule action="Accept" direction="Inbound" disabled="False" id="id3FB33184" log="False" position="0">
@ -13547,7 +13547,7 @@
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing rules on unnumbered interface tun*&#10;" host_OS="linux24" id="id402B23A8" lastCompiled="1188097050" lastInstalled="1142003872" lastModified="0" name="firewall24" platform="iptables" ro="False"> <Firewall comment="testing rules on unnumbered interface tun*&#10;" host_OS="linux24" id="id402B23A8" lastCompiled="1188097050" lastInstalled="1142003872" lastModified="1208501354" name="firewall24" platform="iptables" ro="False">
<NAT id="id402B23A9"/> <NAT id="id402B23A9"/>
<Policy id="id402B23AA"> <Policy id="id402B23AA">
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id402B2413" log="False" position="0"> <PolicyRule action="Accept" direction="Inbound" disabled="False" id="id402B2413" log="False" position="0">
@ -14229,7 +14229,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">true</Option> <Option name="verify_interfaces">true</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="this firewall uses iptables-restore format. Firewall has wildcard interface ppp*; script is generated dynamically and then piped to iptables-restore&#10;" host_OS="linux24" id="id417C680B" lastCompiled="1188097057" lastInstalled="1142003872" lastModified="1142003913" name="firewall25" platform="iptables" ro="False" version=""> <Firewall comment="this firewall uses iptables-restore format. Firewall has wildcard interface ppp*; script is generated dynamically and then piped to iptables-restore&#10;" host_OS="linux24" id="id417C680B" lastCompiled="1188097057" lastInstalled="1142003872" lastModified="1208501354" name="firewall25" platform="iptables" ro="False" version="">
<NAT id="id417C688D"> <NAT id="id417C688D">
<NATRule disabled="False" id="id417C688E" position="0"> <NATRule disabled="False" id="id417C688E" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -14762,7 +14762,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">True</Option> <Option name="verify_interfaces">True</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="this firewall uses iptables-restore format&#10;One interface has dynamic address, script uses echo to generated iptables commands and then pipes them to iptables-restore" host_OS="linux24" id="id418C4609" lastCompiled="1188097064" lastInstalled="1142003872" lastModified="1142003913" name="firewall26" platform="iptables" ro="False" version=""> <Firewall comment="this firewall uses iptables-restore format&#10;One interface has dynamic address, script uses echo to generated iptables commands and then pipes them to iptables-restore" host_OS="linux24" id="id418C4609" lastCompiled="1188097064" lastInstalled="1142003872" lastModified="1208501354" name="firewall26" platform="iptables" ro="False" version="">
<NAT id="id418C468B"> <NAT id="id418C468B">
<NATRule disabled="False" id="id418C468C" position="0"> <NATRule disabled="False" id="id418C468C" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -15293,7 +15293,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">True</Option> <Option name="verify_interfaces">True</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="this firewall uses iptables-restore format&#10;all interfaces have static addresses, script pipes iptables commands straight to iptables-restore" host_OS="linux24" id="id4183D041" inactive="False" lastCompiled="1197477543" lastInstalled="1142003872" lastModified="1197477519" name="firewall27" platform="iptables" ro="False" version=""> <Firewall comment="this firewall uses iptables-restore format&#10;all interfaces have static addresses, script pipes iptables commands straight to iptables-restore" host_OS="linux24" id="id4183D041" inactive="False" lastCompiled="1197477543" lastInstalled="1142003872" lastModified="1208501354" name="firewall27" platform="iptables" ro="False" version="">
<NAT id="id4183D0C3"> <NAT id="id4183D0C3">
<NATRule disabled="False" id="id4183D0C4" position="0"> <NATRule disabled="False" id="id4183D0C4" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -16012,7 +16012,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="two dynamic interfaces in the same policy or NAT rule. Interfaces have a dot in their names&#10;" host_OS="linux24" id="id41D2945B" lastCompiled="1188097084" lastInstalled="1142003872" lastModified="0" name="firewall29" platform="iptables" ro="False" version=""> <Firewall comment="two dynamic interfaces in the same policy or NAT rule. Interfaces have a dot in their names&#10;" host_OS="linux24" id="id41D2945B" lastCompiled="1188097084" lastInstalled="1142003872" lastModified="1208501354" name="firewall29" platform="iptables" ro="False" version="">
<NAT id="id41D29482"> <NAT id="id41D29482">
<NATRule disabled="False" id="id41D29483" position="0"> <NATRule disabled="False" id="id41D29483" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -16570,7 +16570,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing AddressTable" host_OS="linux24" id="id43868A331434" lastCompiled="1188097112" lastInstalled="1142003872" lastModified="1205611789" name="firewall32" platform="iptables" ro="False" version=""> <Firewall comment="testing AddressTable" host_OS="linux24" id="id43868A331434" lastCompiled="1188097112" lastInstalled="1142003872" lastModified="1208501354" name="firewall32" platform="iptables" ro="False" version="">
<NAT id="id43868A6D1434"> <NAT id="id43868A6D1434">
<NATRule disabled="False" id="id43868A6E1434" position="0"> <NATRule disabled="False" id="id43868A6E1434" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -16771,7 +16771,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing DNSName object" host_OS="linux24" id="id43867C1018346" lastCompiled="1188097121" lastInstalled="1142003872" lastModified="1205119254" name="firewall33" platform="iptables" ro="False" version=""> <Firewall comment="testing DNSName object" host_OS="linux24" id="id43867C1018346" lastCompiled="1188097121" lastInstalled="1142003872" lastModified="1208501354" name="firewall33" platform="iptables" ro="False" version="">
<NAT id="id43867C4818346"> <NAT id="id43867C4818346">
<NATRule disabled="False" id="id43867C4918346" position="0"> <NATRule disabled="False" id="id43867C4918346" position="0">
<OSrc neg="False"> <OSrc neg="False">
@ -20013,7 +20013,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">False</Option> <Option name="verify_interfaces">False</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="&#10;This is BRIDGING FIREWALL&#10;Testing module physdev&#10;" host_OS="linux24" id="id440C055614846" lastCompiled="1188097043" lastInstalled="1142003872" lastModified="1163136879" name="firewall23-1" platform="iptables" ro="False" version="1.3.0"> <Firewall comment="&#10;This is BRIDGING FIREWALL&#10;Testing module physdev&#10;" host_OS="linux24" id="id440C055614846" lastCompiled="1188097043" lastInstalled="1142003872" lastModified="1208501354" name="firewall23-1" platform="iptables" ro="False" version="1.3.0">
<NAT id="id440C062B14846"/> <NAT id="id440C062B14846"/>
<Policy id="id440C055C14846"> <Policy id="id440C055C14846">
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id440C055D14846" log="False" position="0"> <PolicyRule action="Accept" direction="Inbound" disabled="False" id="id440C055D14846" log="False" position="0">
@ -22086,7 +22086,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">true</Option> <Option name="verify_interfaces">true</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing shadowing detection&#10;compiler runs with -xt flag&#10;firewall is assumed to be part of any" host_OS="linux24" id="id4513DEA62143" inactive="False" lastCompiled="1188097253" lastInstalled="0" lastModified="1158818614" name="test-shadowing-1" platform="iptables" ro="False" version=""> <Firewall comment="testing shadowing detection&#10;compiler runs with -xt flag&#10;firewall is assumed to be part of any" host_OS="linux24" id="id4513DEA62143" inactive="False" lastCompiled="1188097253" lastInstalled="0" lastModified="1208501354" name="test-shadowing-1" platform="iptables" ro="False" version="">
<NAT id="id4513DEAA2143"/> <NAT id="id4513DEAA2143"/>
<Policy id="id4513DEA92143"> <Policy id="id4513DEA92143">
<PolicyRule action="Accept" comment="shades rule below" direction="Outbound" disabled="False" id="id4513DECC2143" log="False" position="0"> <PolicyRule action="Accept" comment="shades rule below" direction="Outbound" disabled="False" id="id4513DECC2143" log="False" position="0">
@ -22369,7 +22369,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">True</Option> <Option name="verify_interfaces">True</Option>
</FirewallOptions> </FirewallOptions>
</Firewall> </Firewall>
<Firewall comment="testing shadowing detection&#10;compiler runs with -xt flag&#10;firewall is NOT assumed to be part of any" host_OS="linux24" id="id451488C42143" inactive="False" lastCompiled="1188097259" lastInstalled="0" lastModified="1158818614" name="test-shadowing-2" platform="iptables" ro="False" version=""> <Firewall comment="testing shadowing detection&#10;compiler runs with -xt flag&#10;firewall is NOT assumed to be part of any" host_OS="linux24" id="id451488C42143" inactive="False" lastCompiled="1188097259" lastInstalled="0" lastModified="1208501354" name="test-shadowing-2" platform="iptables" ro="False" version="">
<NAT id="id451489072143"/> <NAT id="id451489072143"/>
<Policy id="id451488CA2143"> <Policy id="id451488CA2143">
<PolicyRule action="Accept" comment="shades rule below" direction="Outbound" disabled="False" id="id451488CB2143" log="False" position="0"> <PolicyRule action="Accept" comment="shades rule below" direction="Outbound" disabled="False" id="id451488CB2143" log="False" position="0">