onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 17:57:22 +01:00
Code Issues Releases Wiki Activity

* PolicyCompiler_PrintRuleIptRst.cpp (PrintRuleIptRst::_printRuleLabel):

Browse Source 
really fixed #869 "compile rule" should also print the comment.
Printing rule comment in the compiler output in the single rule
compile mode when firewall object is configured to use
iptables-restore. Code that prints rule label and comment has been
unified for compilers for all firewall platforms.
This commit is contained in:
Vadim Kurland 2010-01-13 21:21:07 +00:00
parent f3bb075d45
commit f6e1886d4f
26 changed files with 1468 additions and 1317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 2340
#define BUILD_NUM 2341

9
doc/ChangeLog
View File

@ -1,3 +1,12 @@
2010-01-13 vadim <vadim@vk.crocodile.org>
* PolicyCompiler_PrintRuleIptRst.cpp (PrintRuleIptRst::_printRuleLabel):
really fixed #869 '"compile rule" should also print the comment'.
Printing rule comment in the compiler output in the single rule
compile mode when firewall object is configured to use
iptables-restore. Code that prints rule label and comment has been
unified for compilers for all firewall platforms.
2010-01-12 vadim <vadim@vk.crocodile.org>
* TCPServiceDialog.cpp (TCPServiceDialog::applyChanges): fixed bug

2
src/cisco_lib/CompilerDriver_iosacl_run.cpp
View File

@ -311,7 +311,7 @@ string CompilerDriver_iosacl::run(const std::string &cluster_id,
if (single_rule_compile_on)
{
return all_errors.join("\n").toStdString() +
return //all_errors.join("\n").toStdString() +
policy_script + routing_script;
}

2
src/cisco_lib/CompilerDriver_pix_run.cpp
View File

@ -620,7 +620,7 @@ string CompilerDriver_pix::run(const std::string &cluster_id,
if (single_rule_compile_on)
{
return all_errors.join("\n").toStdString() +
return //all_errors.join("\n").toStdString() +
policy_script + nat_script + routing_script;
}

27
src/cisco_lib/NATCompiler_pix_writers.cpp
View File

@ -300,31 +300,12 @@ bool NATCompiler_pix::PrintRule::processNext()
NATRule *rule=getNext(); if (rule==NULL) return false;
tmp_queue.push_back(rule);
if ( compiler->fw->getOptionsObject()->getBool("pix_include_comments") &&
!compiler->inSingleRuleCompileMode())
{
string rl=rule->getLabel();
if (rl!=current_rule_label)
{
compiler->output << "! " << endl;
compiler->output << "! Rule " << rl << endl;
bool suppress_comments = ! compiler->fw->getOptionsObject()->getBool("pix_include_comments");
string comm=rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos ) {
compiler->output << "! " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
}
compiler->output << "! " << comm.substr(c1) << endl;
compiler->output << "! " << endl;
compiler->output << compiler->printComment(rule, current_rule_label, "!", suppress_comments);
current_rule_label=rl;
}
}
string err = rule->getStr(".error_msg");
if (!err.empty()) compiler->output << "! " << err << endl;
// string err = rule->getStr(".error_msg");
// if (!err.empty()) compiler->output << "! " << err << endl;
Address *osrc=compiler->getFirstOSrc(rule); assert(osrc);
Address *odst=compiler->getFirstODst(rule); assert(odst);

27
src/cisco_lib/PolicyCompiler_iosacl_writers.cpp
View File

@ -200,31 +200,10 @@ string PolicyCompiler_iosacl::PrintRule::_printRule(PolicyRule *rule)
ostringstream ruleout;
ostringstream aclstr;
string rl=rule->getLabel();
compiler->output << compiler->printComment(rule, current_rule_label1, "!");
if (write_comments && !compiler->inSingleRuleCompileMode())
{
if (rl!=current_rule_label1)
{
ruleout << "! " << endl;
ruleout << "! Rule " << rl << endl;
string comm=rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos ) {
ruleout << "! " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
}
ruleout << "! " << comm.substr(c1) << endl;
ruleout << "! " << endl;
current_rule_label1=rl;
}
}
string err = rule->getStr(".error_msg");
if (!err.empty()) ruleout << "! " << err << endl;
// string err = rule->getStr(".error_msg");
// if (!err.empty()) ruleout << "! " << err << endl;
/*
* all three rule elements contain exactly one object, which can

5
src/cisco_lib/PolicyCompiler_pix_writers.cpp
View File

@ -560,8 +560,10 @@ bool PolicyCompiler_pix::PrintRule::processNext()
ostringstream comment;
string rl=rule->getLabel();
compiler->output << compiler->printComment(rule, current_rule_label1, "!");
#if 0
string rl=rule->getLabel();
if (write_comments && !compiler->inSingleRuleCompileMode())
{
if (rl!=current_rule_label1)
@ -586,6 +588,7 @@ bool PolicyCompiler_pix::PrintRule::processNext()
string err = rule->getStr(".error_msg");
if (!err.empty()) compiler->output << "! " << err << endl;
#endif
if (rule->getBool("icmp_cmd"))
{

22
src/iptlib/NATCompiler_PrintRule.cpp
View File

@ -60,6 +60,8 @@
#include <assert.h>
#include <QStringList>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
@ -156,10 +158,11 @@ string NATCompiler_ipt::PrintRule::_printRuleLabel(NATRule *rule)
bool nocomm =
Resources::os_res[compiler->fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments");
// TODO: convert this into virtual function NATCompiler_ipt::printComment()
string rl=rule->getLabel();
if (!compiler->inSingleRuleCompileMode() && rl != current_rule_label)
if (rl != current_rule_label)
{
if (!nocomm)
if (!compiler->inSingleRuleCompileMode() && !nocomm)
{
res << "# " << endl;
res << "# Rule " << rl << endl;
@ -169,17 +172,14 @@ string NATCompiler_ipt::PrintRule::_printRuleLabel(NATRule *rule)
res << "# " << endl;
/* do not put comment in the script if it is intended for linksys */
if (!nocomm)
if (!nocomm || compiler->inSingleRuleCompileMode())
{
string comm=rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos ) {
res << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
QStringList comm = QString(rule->getComment().c_str()).split("\n", QString::SkipEmptyParts);
foreach(QString line, comm)
{
res << "# " << line.toStdString() << endl;
}
res << "# " << comm.substr(c1) << endl;
// res << "# " << endl;
//res << "# " << endl;
}
current_rule_label=rl;
}

27
src/iptlib/NATCompiler_PrintRuleIptRst.cpp
View File

@ -43,6 +43,8 @@
#include <assert.h>
#include <QStringList>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
@ -83,17 +85,18 @@ string NATCompiler_ipt::PrintRuleIptRst::_endRuleLine()
string NATCompiler_ipt::PrintRuleIptRst::_printRuleLabel(NATRule *rule)
{
ostringstream res;
bool nocomm =
Resources::os_res[compiler->fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments");
if (compiler->inSingleRuleCompileMode()) return "";
return compiler->printComment(rule, current_rule_label, "#", nocomm);
#if 0
ostringstream res;
string rl=rule->getLabel();
if (rl!=current_rule_label)
{
if (!nocomm)
if (!compiler->inSingleRuleCompileMode() && !nocomm)
{
res << "# " << endl;
res << "# Rule " << rl << endl;
@ -101,20 +104,20 @@ string NATCompiler_ipt::PrintRuleIptRst::_printRuleLabel(NATRule *rule)
}
/* do not put comment in the script if it is intended for linksys */
if (!nocomm)
if (!nocomm || compiler->inSingleRuleCompileMode())
{
string comm=rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos ) {
res << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
QStringList comm = QString(rule->getComment().c_str()).split("\n");
foreach(QString line, comm)
{
res << "# " << line.toStdString() << endl;
}
res << "# " << comm.substr(c1) << endl;
//res << "# " << endl;
}
current_rule_label=rl;
}
return res.str();
#endif
}
bool NATCompiler_ipt::PrintRuleIptRst::processNext()

16
src/iptlib/PolicyCompiler_PrintRule.cpp
View File

@ -166,6 +166,7 @@ string PolicyCompiler_ipt::PrintRule::_printRuleLabel(PolicyRule *rule)
Resources::getResourceBool(
"/FWBuilderResources/Target/options/suppress_comments");
// TODO: convert this into virtual function PolicyCompiler_ipt::printComment()
string rl=rule->getLabel();
if (rl != current_rule_label)
{
@ -184,19 +185,12 @@ string PolicyCompiler_ipt::PrintRule::_printRuleLabel(PolicyRule *rule)
/* do not put comment in the script if it is intended for linksys */
if (!nocomm || compiler->inSingleRuleCompileMode())
{
string comm = rule->getComment();
if (!comm.empty())
QStringList comm = QString(rule->getComment().c_str()).split("\n", QString::SkipEmptyParts);
foreach(QString line, comm)
{
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos )
{
res << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
}
res << "# " << comm.substr(c1) << endl;
res << "# " << endl;
res << "# " << line.toStdString() << endl;
}
//res << "# " << endl;
}
}

27
src/iptlib/PolicyCompiler_PrintRuleIptRst.cpp
View File

@ -43,6 +43,8 @@
#include <assert.h>
#include <QStringList>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
@ -84,17 +86,18 @@ string PolicyCompiler_ipt::PrintRuleIptRst::_endRuleLine()
string PolicyCompiler_ipt::PrintRuleIptRst::_printRuleLabel(PolicyRule *rule)
{
ostringstream res;
bool nocomm =
Resources::os_res[compiler->fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments");
if (compiler->inSingleRuleCompileMode()) return "";
return compiler->printComment(rule, current_rule_label, "#", nocomm);
#if 0
ostringstream res;
string rl=rule->getLabel();
if (rl!=current_rule_label)
{
if (!nocomm)
if (!compiler->inSingleRuleCompileMode() && !nocomm)
{
res << "# " << endl;
res << "# Rule " << rl << endl;
@ -102,21 +105,19 @@ string PolicyCompiler_ipt::PrintRuleIptRst::_printRuleLabel(PolicyRule *rule)
}
/* do not put comment in the script if it is intended for linksys */
if (!nocomm)
if (!nocomm || compiler->inSingleRuleCompileMode())
{
string comm=rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos ) {
res << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
QStringList comm = QString(rule->getComment().c_str()).split("\n");
foreach(QString line, comm)
{
res << "# " << line.toStdString() << endl;
}
res << "# " << comm.substr(c1) << endl;
res << "# " << endl;
//res << "# " << endl;
}
current_rule_label=rl;
}
return res.str();
#endif
}
bool PolicyCompiler_ipt::PrintRuleIptRst::processNext()

1
src/iptlib/RoutingCompiler_ipt_writers.cpp
View File

@ -162,6 +162,7 @@ bool RoutingCompiler_ipt::PrintRule::processNext()
print_once_on_top = false;
}
// TODO: convert this into virtual function RoutingCompiler_ipt::printComment()
string rl = rule->getLabel();
string comm = rule->getComment();
string::size_type c1,c2;

20
src/pflib/CompilerDriver_ipf_run.cpp
View File

@ -313,7 +313,7 @@ string CompilerDriver_ipf::run(const std::string &cluster_id,
}
return
all_errors.join("\n").toStdString() +
//all_errors.join("\n").toStdString() +
ostr.str();
}
@ -340,9 +340,12 @@ string CompilerDriver_ipf::run(const std::string &cluster_id,
if (c.haveErrorsAndWarnings())
{
all_errors.push_back(c.getErrors("").c_str());
ipf_str << "# Policy compiler errors and warnings:"
<< endl;
ipf_str << c.getErrors("# ");
if (!single_rule_compile_on)
{
ipf_str << "# Policy compiler errors and warnings:"
<< endl;
ipf_str << c.getErrors("# ");
}
}
ipf_str << c.getCompiledScript();
ipf_file.close();
@ -388,9 +391,12 @@ string CompilerDriver_ipf::run(const std::string &cluster_id,
if (n.haveErrorsAndWarnings())
{
all_errors.push_back(n.getErrors("").c_str());
nat_str << "# NAT compiler errors and warnings:"
<< endl;
nat_str << n.getErrors("# ");
if (!single_rule_compile_on)
{
nat_str << "# NAT compiler errors and warnings:"
<< endl;
nat_str << n.getErrors("# ");
}
}
nat_str << n.getCompiledScript();
nat_file.close();

2
src/pflib/CompilerDriver_ipfw_run.cpp
View File

@ -294,7 +294,7 @@ string CompilerDriver_ipfw::run(const std::string &cluster_id,
if (single_rule_compile_on)
{
return
all_errors.join("\n").toStdString() +
//all_errors.join("\n").toStdString() +
generated_script;
}

26
src/pflib/CompilerDriver_pf_run.cpp
View File

@ -386,10 +386,13 @@ string CompilerDriver_pf::run(const std::string &cluster_id,
// store errors and warnings so they will appear on top
// of .fw file in addition to the .conf file
all_errors.push_back(n.getErrors("").c_str());
*(generated_scripts[ruleset_name])
<< "# NAT compiler errors and warnings:"
<< endl;
*(generated_scripts[ruleset_name]) << n.getErrors("# ");
if (!single_rule_compile_on)
{
*(generated_scripts[ruleset_name])
<< "# NAT compiler errors and warnings:"
<< endl;
*(generated_scripts[ruleset_name]) << n.getErrors("# ");
}
}
*(generated_scripts[ruleset_name]) << n.getCompiledScript();
*(generated_scripts[ruleset_name]) << endl;
@ -474,10 +477,13 @@ string CompilerDriver_pf::run(const std::string &cluster_id,
if (c.haveErrorsAndWarnings())
{
all_errors.push_back(c.getErrors("").c_str());
*(generated_scripts[ruleset_name])
<< "# Policy compiler errors and warnings:"
<< endl;
*(generated_scripts[ruleset_name]) << c.getErrors("# ");
if (!single_rule_compile_on)
{
*(generated_scripts[ruleset_name])
<< "# Policy compiler errors and warnings:"
<< endl;
*(generated_scripts[ruleset_name]) << c.getErrors("# ");
}
}
*(generated_scripts[ruleset_name]) << c.getCompiledScript();
*(generated_scripts[ruleset_name]) << endl;
@ -521,9 +527,7 @@ string CompilerDriver_pf::run(const std::string &cluster_id,
table_factories.clear();
generated_scripts.clear();
return
all_errors.join("\n").toStdString() +
buffer.toStdString();
return buffer.toStdString();
}
/*

26
src/pflib/NATCompiler_ipf_writers.cpp
View File

@ -229,30 +229,10 @@ bool NATCompiler_ipf::PrintRule::processNext()
tmp_queue.push_back(rule);
if (!compiler->inSingleRuleCompileMode())
{
string rl=rule->getLabel();
if (rl!=current_rule_label) {
compiler->output << compiler->printComment(rule, current_rule_label, "#");
compiler->output << "# " << endl;
compiler->output << "# Rule " << rl << endl;
string comm=rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos ) {
compiler->output << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
}
compiler->output << "# " << comm.substr(c1) << endl;
compiler->output << "# " << endl;
current_rule_label=rl;
}
}
string err = rule->getStr(".error_msg");
if (!err.empty()) compiler->output << "# " << err << endl;
// string err = rule->getStr(".error_msg");
// if (!err.empty()) compiler->output << "# " << err << endl;
Address *osrc=compiler->getFirstOSrc(rule); assert(osrc);
Address *odst=compiler->getFirstODst(rule); assert(odst);

29
src/pflib/NATCompiler_pf_writers.cpp
View File

@ -56,6 +56,9 @@
#include <assert.h>
#include <QStringList>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
@ -83,30 +86,10 @@ bool NATCompiler_pf::PrintRule::processNext()
string version = compiler->fw->getStr("version");
if (!compiler->inSingleRuleCompileMode())
{
string rl=rule->getLabel();
if (rl!=current_rule_label) {
compiler->output << compiler->printComment(rule, current_rule_label, "#");
compiler->output << "# " << endl;
compiler->output << "# Rule " << rl << endl;
string comm=rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos ) {
compiler->output << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
}
compiler->output << "# " << comm.substr(c1) << endl;
compiler->output << "# " << endl;
current_rule_label=rl;
}
}
string err = rule->getStr(".error_msg");
if (!err.empty()) compiler->output << "# " << err << endl;
// string err = rule->getStr(".error_msg");
// if (!err.empty()) compiler->output << "# " << err << endl;
RuleElementOSrc *osrcrel=rule->getOSrc();
RuleElementODst *odstrel=rule->getODst();

29
src/pflib/PolicyCompiler_ipf_writers.cpp
View File

@ -53,6 +53,9 @@
#include <assert.h>
#include <QStringList>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
@ -327,30 +330,10 @@ bool PolicyCompiler_ipf::PrintRule::processNext()
tmp_queue.push_back(rule);
if (!compiler->inSingleRuleCompileMode())
{
string rl=rule->getLabel();
if (rl!=current_rule_label)
{
compiler->output << "# " << endl;
compiler->output << "# Rule " << rl << endl;
compiler->output << compiler->printComment(rule, current_rule_label, "#");
string comm=rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos ) {
compiler->output << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
}
compiler->output << "# " << comm.substr(c1) << endl;
compiler->output << "# " << endl;
current_rule_label=rl;
}
}
string err = rule->getStr(".error_msg");
if (!err.empty()) compiler->output << "# " << err << endl;
// string err = rule->getStr(".error_msg");
// if (!err.empty()) compiler->output << "# " << err << endl;
RuleElementSrc *srcrel=rule->getSrc();
Address *src =compiler->getFirstSrc(rule); assert(src);

27
src/pflib/PolicyCompiler_ipfw_writers.cpp
View File

@ -528,31 +528,10 @@ bool PolicyCompiler_ipfw::PrintRule::processNext()
string quote = "\"";
if (!compiler->inSingleRuleCompileMode())
{
string rl=rule->getLabel();
if (rl!=current_rule_label)
{
compiler->output << "# " << endl;
compiler->output << "# Rule " << rl << endl;
compiler->output << compiler->printComment(rule, current_rule_label, "#");
string comm=rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos )
{
compiler->output << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
}
compiler->output << "# " << comm.substr(c1) << endl;
compiler->output << "# " << endl;
current_rule_label=rl;
}
}
string err = rule->getStr(".error_msg");
if (!err.empty()) compiler->output << "# " << err << endl;
// string err = rule->getStr(".error_msg");
// if (!err.empty()) compiler->output << "# " << err << endl;
RuleElementSrc *srcrel=rule->getSrc();
Address *src =compiler->getFirstSrc(rule); assert(src);

34
src/pflib/PolicyCompiler_pf_writers.cpp
View File

@ -60,6 +60,9 @@
#include <assert.h>
#include <QStringList>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
@ -919,37 +922,12 @@ bool PolicyCompiler_pf::PrintRule::processNext()
FWOptions *ruleopt =rule->getOptionsObject();
string version=compiler->fw->getStr("version");
// cerr << endl;
// cerr << "Rule " << rule->getPosition() << endl;
tmp_queue.push_back(rule);
if (!compiler->inSingleRuleCompileMode())
{
string rl = rule->getLabel();
if (rl!=current_rule_label)
{
compiler->output << "# " << endl;
compiler->output << "# Rule " << rl << endl;
compiler->output << compiler->printComment(rule, current_rule_label, "#");
string comm = rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos )
{
compiler->output << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
}
compiler->output << "# " << comm.substr(c1) << endl;
compiler->output << "# " << endl;
current_rule_label=rl;
}
}
string err = rule->getStr(".error_msg");
if (!err.empty()) compiler->output << "# " << err << endl;
// string err = rule->getStr(".error_msg");
// if (!err.empty()) compiler->output << "# " << err << endl;
RuleElementSrc *srcrel=rule->getSrc();
// Address *src =compiler->getFirstSrc(rule); assert(src);

1456
test/ipf/objects-for-regression-tests.fwb
View File

File diff suppressed because it is too large Load Diff

2
test/ipf/quick-cmp.sh
View File

@ -7,6 +7,6 @@ for f in $(ls *.fw.orig *.conf.orig)
do
V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "echo \"$V\" | cut -c1-72"
new_f=$(echo $f | sed 's/.org//')
new_f=$(echo $f | sed 's/.orig//')
echo "$DIFFCMD $f $new_f"
done

2
test/ipfw/quick-cmp.sh
View File

@ -7,7 +7,7 @@ for f in $(ls *.fw.orig)
do
V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "echo \"$V\" | cut -c1-72"
new_f=$(echo $f | sed 's/.org//')
new_f=$(echo $f | sed 's/.orig//')
echo "$DIFFCMD $f $new_f"
done
exit 0

918
test/ipt/cluster-tests.fwb
View File

File diff suppressed because it is too large Load Diff

4
test/ipt/objects-for-regression-tests.fwb
View File

@ -24166,7 +24166,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id43BBF18E9745" host_OS="linux24" inactive="False" lastCompiled="1247364104" lastInstalled="1142003872" lastModified="1215124213" platform="iptables" version="1.3.0" name="firewall38" comment="testing TAG rules&#10;&#10;using iptables-restore&#10;" ro="False">
<Firewall id="id43BBF18E9745" host_OS="linux24" inactive="False" lastCompiled="1263405289" lastInstalled="1142003872" lastModified="1263410373" platform="iptables" version="1.3.0" name="firewall38" comment="testing TAG rules&#10;&#10;using iptables-restore&#10;" ro="False">
<NAT id="id43BBF1E99745" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43BBF1EA9745" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -24302,7 +24302,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="tagobject_id">id43EC877332486</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id462DEFE630547" disabled="False" log="False" position="4" action="Tag" direction="Both" comment="">
<PolicyRule id="id462DEFE630547" disabled="False" log="False" position="4" action="Tag" direction="Both" comment="rule comment: rule 4">
<Src neg="False">
<ObjectRef ref="id43BBF18E9745"/>
</Src>

43
test/pix/objects-for-regression-tests.fwb
View File

@ -892,7 +892,7 @@
<ServiceGroup id="stdid05_1_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
<Firewall id="fw-firewall2" host_OS="pix_os" inactive="False" lastCompiled="1163922727" lastInstalled="0" lastModified="1261965298" platform="pix" version="6.2" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
<Firewall id="fw-firewall2" host_OS="pix_os" inactive="False" lastCompiled="1163922727" lastInstalled="0" lastModified="1263417413" platform="pix" version="6.2" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
<NAT id="nat-firewall2" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="nat-firewall2-0" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -1174,7 +1174,27 @@
<RuleSetOptions/>
</NAT>
<Policy id="pol-firewall2" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="pol-firewall2-0" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="blocking short fragments">
<PolicyRule id="id1056956X42230" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-0" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="blocking short fragments">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -1194,23 +1214,6 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B09D29D" disabled="True" log="True" position="1" action="Deny" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D6A8E85" disabled="False" log="False" position="2" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
@ -14640,8 +14643,8 @@ no sysopt nodnsalias outbound
</ServiceGroup>
</ServiceGroup>
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
<ObjectGroup id="stdid01" name="Objects" comment="" ro="False">
<ObjectGroup id="stdid02" name="Hosts" comment="" ro="False">
<Host id="id3D84EECF" name="server on dmz" comment="This host is used in examples and template objects" ro="False">