onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 10:47:16 +01:00
Code Issues Releases Wiki Activity

* NATCompiler_ipf.cpp (processNext): see #133, fixes #2108 making

Browse Source 
nat compiler for ipfilter work with interface column, however the
column is not exposed to the user. Compiler behavior should be
backwards compatible with older versions of fwbuilder.
This commit is contained in:
Vadim Kurland 2011-02-17 12:06:50 -08:00
parent 100dca74bb
commit fdb899bdd2
29 changed files with 1035 additions and 750 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/ChangeLog
View File

@ -1,5 +1,10 @@
2011-02-17 vadim <vadim@netcitadel.com>
* NATCompiler_ipf.cpp (processNext): see #133, fixes #2108 making
nat compiler for ipfilter work with interface column, however the
column is not exposed to the user. Compiler behavior should be
backwards compatible with older versions of fwbuilder.
* NATCompiler_pf.cpp (processNext): see #133. MErged code from the
branch, running tests. Making sure rules that have firewall
object in ODst and interface columnblank end up with rdr command

52
src/pflib/NATCompiler_ipf.cpp
View File

@ -182,11 +182,13 @@ bool NATCompiler_ipf::ExpandPortRange::processNext()
bool NATCompiler_ipf::AssignInterface::processNext()
{
NATRule *rule=getNext(); if (rule==NULL) return false;
NATRule *rule = getNext(); if (rule==NULL) return false;
RuleElementItfOutb *itf_re = rule->getItfOutb();
Address *a=NULL;
Address *a = NULL;
switch (rule->getRuleType() ) {
switch (rule->getRuleType() )
{
case NATRule::Continue:
case NATRule::NONAT:
@ -199,7 +201,8 @@ bool NATCompiler_ipf::AssignInterface::processNext()
compiler->fw);
if (iface!=NULL && !iface->isLoopback())
{
rule->setInterfaceId( iface->getId() );
if ( ! itf_re->hasRef(iface)) itf_re->addRef(iface);
// rule->setInterfaceId( iface->getId() );
tmp_queue.push_back( rule );
return true;
}
@ -217,18 +220,20 @@ bool NATCompiler_ipf::AssignInterface::processNext()
* is connected to the subnet OSrc belongs to. If that does not work,
* we assign rule to all interfaces, except loopback
*/
a=NULL;
if ( ! rule->getOSrc()->isAny() ) a=compiler->getFirstOSrc(rule);
if ( a==NULL && ! rule->getODst()->isAny() ) a=compiler->getFirstODst(rule);
a = NULL;
if ( ! rule->getOSrc()->isAny() ) a = compiler->getFirstOSrc(rule);
if ( a==NULL && ! rule->getODst()->isAny() )
a = compiler->getFirstODst(rule);
if(a!=NULL)
if (a!=NULL)
{
Interface *iface;
iface=compiler->findInterfaceFor(a,compiler->fw);
iface = compiler->findInterfaceFor(a,compiler->fw);
if (iface!=NULL && !iface->isLoopback())
{
rule->setInterfaceId( iface->getId() );
if ( ! itf_re->hasRef(iface)) itf_re->addRef(iface);
// rule->setInterfaceId( iface->getId() );
tmp_queue.push_back(rule);
return true;
}
@ -237,16 +242,18 @@ bool NATCompiler_ipf::AssignInterface::processNext()
FWObjectTypedChildIterator j=compiler->fw->findByType(Interface::TYPENAME);
for ( ; j!=j.end(); ++j )
{
Interface *iface=Interface::cast(*j);
Interface *iface = Interface::cast(*j);
assert(iface);
if ( iface->isUnnumbered() ||
iface->isBridgePort() ||
iface->isLoopback()) continue;
NATRule *r= compiler->dbcopy->createNATRule();
NATRule *r = compiler->dbcopy->createNATRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setInterfaceId( iface->getId() );
RuleElementItfOutb *itf_re = r->getItfOutb();
if ( ! itf_re->hasRef(iface)) itf_re->addRef(iface);
//r->setInterfaceId( iface->getId() );
tmp_queue.push_back( r );
}
return true;
@ -259,9 +266,10 @@ bool NATCompiler_ipf::AssignInterface::processNext()
if ( (Interface::isA(a) || IPv4::isA(a)) && a->isChildOf(compiler->fw))
{
FWObject *p=a;
while ( ! Interface::isA(p) ) p=p->getParent();
rule->setInterfaceId( p->getId() );
FWObject *p = a;
while ( ! Interface::isA(p) ) p = p->getParent();
if ( ! itf_re->hasRef(p)) itf_re->addRef(p);
// rule->setInterfaceId( p->getId() );
tmp_queue.push_back(rule);
return true;
}
@ -284,7 +292,9 @@ bool NATCompiler_ipf::AssignInterface::processNext()
r->duplicate(rule);
compiler->temp_ruleset->add(r);
r->setInterfaceId( iface->getId() );
RuleElementItfOutb *itf_re = r->getItfOutb();
if ( ! itf_re->hasRef(iface)) itf_re->addRef(iface);
// r->setInterfaceId( iface->getId() );
tmp_queue.push_back(r);
n++;
@ -362,9 +372,11 @@ bool NATCompiler_ipf::prepareForLB::processNext()
*/
bool NATCompiler_ipf::RedirectRules::processNext()
{
NATRule *rule=getNext(); if (rule==NULL) return false;
Interface *rule_iface=
Interface::cast( rule->getRoot()->getById(rule->getInterfaceId() ,true) );
NATRule *rule = getNext(); if (rule==NULL) return false;
RuleElementItfOutb *itf_re = rule->getItfOutb();
Interface *rule_iface =
Interface::cast(FWObjectReference::getObject(itf_re->front()));
// Interface::cast( rule->getRoot()->getById(rule->getInterfaceId() ,true) );
tmp_queue.push_back(rule);

12
src/pflib/NATCompiler_pf.cpp
View File

@ -108,12 +108,14 @@ int NATCompiler_pf::prolog()
string NATCompiler_pf::debugPrintRule(libfwbuilder::Rule *r)
{
NATRule *rule=NATRule::cast(r);
FWObject *rule_iface = dbcopy->findInIndex(rule->getInterfaceId());
NATRule *rule = NATRule::cast(r);
RuleElementItfOutb *itf_re = rule->getItfOutb();
FWObject *rule_iface = FWObjectReference::getObject(itf_re->front());
// FWObject *rule_iface = dbcopy->findInIndex(rule->getInterfaceId());
return NATCompiler::debugPrintRule(rule)+
" "+string( (rule_iface!=NULL)?rule_iface->getName():"") +
" (type="+rule->getRuleTypeAsString()+")";
return NATCompiler::debugPrintRule(rule) +
" " + string( (rule_iface!=NULL)?rule_iface->getName():"") +
" (type=" + rule->getRuleTypeAsString() + ")";
}
bool NATCompiler_pf::NATRuleType::processNext()

8
src/pflib/PolicyCompiler_ipf.cpp
View File

@ -593,14 +593,6 @@ string PolicyCompiler_ipf::debugPrintRule(Rule *r)
else
s << " intf: ?";
// int iface_id = rule->getInterfaceId();
// if (iface_id > -1)
// {
// FWObject *rule_iface = dbcopy->findInIndex( iface_id );
// s << " intf: "+rule_iface->getName();
// } else
// s << iface_id;
s << " ";
if (r->getBool("skip_check_for_duplicates")) s << "skip_check_for_duplicates ";

7
src/pflib/PolicyCompiler_ipfw.cpp
View File

@ -688,13 +688,6 @@ string PolicyCompiler_ipfw::debugPrintRule(Rule *r)
else
s << " intf: ?";
// int iface = rule->getInterfaceId();
// if (iface > -1)
// {
// FWObject *rule_iface = dbcopy->findInIndex( iface );
// s += " intf: "+rule_iface->getName();
// }
return s.str();
}

15
src/pflib/PolicyCompiler_ipfw_writers.cpp
View File

@ -356,21 +356,6 @@ void PolicyCompiler_ipfw::PrintRule::_printInterface(PolicyRule *r)
}
compiler->output << intf->getName() << " ";
}
// int iface_id = r->getInterfaceId();
// if (iface_id > -1)
// {
// switch (r->getDirection())
// {
// case PolicyRule::Outbound: compiler->output << "xmit "; break;
// case PolicyRule::Inbound: compiler->output << "recv "; break;
// case PolicyRule::Both: compiler->output << "via "; break;
// default: break;
// }
// FWObject *rule_iface = compiler->dbcopy->findInIndex( iface_id );
// compiler->output << rule_iface->getName() << " ";
// }
}
void PolicyCompiler_ipfw::PrintRule::_printSrcService(RuleElement *rel)

2
src/pflib/TableFactory.cpp
View File

@ -105,8 +105,6 @@ void TableFactory::registerTable(const string& tblname, const string& tblid,
void TableFactory::createTablesForRE(RuleElement *re,Rule *rule)
{
//Interface *rule_iface = compiler->getCachedFwInterface(rule->getInterfaceId());
// sanity checks
assert(rule->getRoot()==re->getRoot());
assert(dbroot==rule->getRoot());

4
test/ipf/firewall-nat.conf.orig
View File

@ -7,8 +7,8 @@ map eth1 from 192.168.1.0/24 to any -> 222.222.222.222/32 portmap tcp/udp auto
map eth1 from 192.168.1.0/24 to any -> 222.222.222.222/32
#
# Rule 1 (NAT)
rdr from any to 192.168.1.1/32 port = 25 -> 192.168.1.10 port 25 tcp
rdr from any to 222.222.222.222/32 port = 25 -> 192.168.1.10 port 25 tcp
rdr eth0 from any to 192.168.1.1/32 port = 25 -> 192.168.1.10 port 25 tcp
rdr eth1 from any to 222.222.222.222/32 port = 25 -> 192.168.1.10 port 25 tcp
#
# Rule 2 (NAT)
rdr eth1 from any to any port = 80 -> 222.222.222.222 port 3128 tcp

8
test/ipf/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:44 2011 PST by vadim
# Generated Thu Feb 17 12:00:11 2011 PST by vadim
#
# files: * firewall.fw ipf.fw
# files: firewall-ipf.conf ipf.conf
@ -36,7 +36,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -169,7 +169,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Thu Feb 3 14:54:44 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:11 2011 by vadim"
set_kernel_vars
configure_interfaces

8
test/ipf/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:44 2011 PST by vadim
# Generated Thu Feb 17 12:00:11 2011 PST by vadim
#
# files: * firewall1.fw /etc/ipf.fw
# files: firewall1-ipf.conf /etc/fw/ipf.conf
@ -36,7 +36,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -83,7 +83,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:44 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:11 2011 by vadim"
set_kernel_vars
configure_interfaces

8
test/ipf/firewall10.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:44 2011 PST by vadim
# Generated Thu Feb 17 12:00:11 2011 PST by vadim
#
# files: * firewall10.fw /etc/firewall10.fw
# files: firewall10-ipf.conf /etc/firewall10-ipf.conf
@ -28,7 +28,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -75,7 +75,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:44 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:11 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall11-nat.conf.orig
View File

@ -1,5 +1,5 @@
#
# Rule 0 (NAT)
rdr from any to any -> 10.0.0.1 ip
rdr from any to any -> 10.0.0.1 ip
rdr from any to 10.0.0.1/32 -> 10.0.0.1 ip
rdr ng0 from any to any -> 10.0.0.1 ip
rdr ng1 from any to any -> 10.0.0.1 ip
rdr fxp0 from any to 10.0.0.1/32 -> 10.0.0.1 ip

9
test/ipf/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:44 2011 PST by vadim
# Generated Thu Feb 17 12:00:11 2011 PST by vadim
#
# files: * firewall11.fw /etc/firewall11.fw
# files: firewall11-ipf.conf /etc/firewall11-ipf.conf
@ -29,7 +29,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -158,10 +158,11 @@ run_epilog_and_exit() {
configure_interfaces() {
:
update_addresses_of_interface "fxp0 10.0.0.1/0xffffff00" ""
update_addresses_of_interface "fxp1" ""
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Thu Feb 3 14:54:44 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:11 2011 by vadim"
set_kernel_vars
configure_interfaces

328
test/ipf/firewall2-nat.conf.orig
View File

@ -116,333 +116,333 @@ map eth2 from 192.168.1.0/24 to any -> 22.22.22.0/24
#
# Rule 17 (NAT)
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10000 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10000 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10000 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10000 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10000 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10000 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10000 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10000 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10001 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10001 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10001 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10001 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10001 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10001 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10001 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10001 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10002 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10002 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10002 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10002 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10002 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10002 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10002 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10002 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10003 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10003 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10003 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10003 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10003 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10003 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10003 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10003 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10004 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10004 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10004 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10004 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10004 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10004 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10004 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10004 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10005 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10005 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10005 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10005 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10005 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10005 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10005 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10005 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10006 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10006 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10006 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10006 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10006 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10006 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10006 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10006 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10007 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10007 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10007 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10007 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10007 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10007 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10007 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10007 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10008 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10008 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10008 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10008 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10008 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10008 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10008 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10008 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10009 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10009 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10009 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10009 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10009 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10009 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10009 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10009 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10010 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10010 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10010 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10010 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10010 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10010 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10010 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10010 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10011 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10011 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10011 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10011 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10011 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10011 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10011 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10011 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10012 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10012 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10012 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10012 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10012 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10012 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10012 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10012 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10013 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10013 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10013 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10013 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10013 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10013 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10013 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10013 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10014 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10014 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10014 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10014 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10014 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10014 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10014 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10014 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10015 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10015 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10015 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10015 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10015 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10015 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10015 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10015 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10016 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10016 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10016 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10016 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10016 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10016 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10016 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10016 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10017 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10017 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10017 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10017 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10017 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10017 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10017 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10017 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10018 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10018 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10018 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10018 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10018 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10018 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10018 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10018 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10019 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10019 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10019 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10019 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10019 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10019 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10019 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10019 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10020 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10020 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10020 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10020 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10020 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10020 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10020 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10020 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10021 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10021 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10021 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10021 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10021 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10021 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10021 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10021 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10022 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10022 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10022 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10022 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10022 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10022 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10022 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10022 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10023 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10023 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10023 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10023 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10023 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10023 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10023 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10023 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10024 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10024 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10024 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10024 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10024 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10024 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10024 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10024 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10025 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10025 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10025 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10025 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10025 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10025 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10025 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10025 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10026 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10026 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10026 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10026 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10026 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10026 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10026 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10026 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10027 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10027 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10027 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10027 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10027 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10027 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10027 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10027 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10028 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10028 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10028 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10028 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10028 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10028 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10028 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10028 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10029 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10029 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10029 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10029 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10029 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10029 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10029 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10029 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10030 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10030 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10030 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10030 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10030 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10030 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10030 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10030 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10031 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10031 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10031 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10031 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10031 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10031 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10031 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10031 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10032 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10032 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10032 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10032 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10032 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10032 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10032 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10032 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10033 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10033 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10033 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10033 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10033 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10033 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10033 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10033 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10034 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10034 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10034 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10034 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10034 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10034 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10034 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10034 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10035 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10035 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10035 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10035 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10035 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10035 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10035 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10035 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10036 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10036 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10036 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10036 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10036 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10036 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10036 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10036 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10037 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10037 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10037 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10037 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10037 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10037 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10037 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10037 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10038 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10038 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10038 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10038 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10038 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10038 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10038 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10038 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10039 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10039 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10039 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10039 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10039 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10039 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10039 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10039 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.22.22/32 port = 10040 -> 192.168.1.10 port 10000 tcp
rdr eth1 from any to 22.22.22.22/32 port = 10040 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 22.22.23.23/32 port = 10040 -> 192.168.1.10 port 10000 tcp
rdr eth3 from any to 22.22.23.23/32 port = 10040 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.1.1/32 port = 10040 -> 192.168.1.10 port 10000 tcp
rdr eth0 from any to 192.168.1.1/32 port = 10040 -> 192.168.1.10 port 10000 tcp
# firewall2:NAT:17: warning: Expanding port range test-TCP creates 41 rules
rdr from any to 192.168.2.1/32 port = 10040 -> 192.168.1.10 port 10000 tcp
rdr eth2 from any to 192.168.2.1/32 port = 10040 -> 192.168.1.10 port 10000 tcp
#
# Rule 18 (NAT)
rdr eth1 from any to 22.22.22.23/32 port = 80 -> 192.168.1.10 port 25 tcp

8
test/ipf/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:45 2011 PST by vadim
# Generated Thu Feb 17 12:00:12 2011 PST by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
# files: firewall2-ipf.conf /etc/fw/firewall2-ipf.conf
@ -32,7 +32,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -79,7 +79,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:45 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:12 2011 by vadim"
set_kernel_vars
configure_interfaces

8
test/ipf/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:45 2011 PST by vadim
# Generated Thu Feb 17 12:00:12 2011 PST by vadim
#
# files: * firewall34.fw /etc/fw/firewall34.fw
# files: firewall34-ipf.conf /etc/fw/firewall34-ipf.conf
@ -30,7 +30,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -162,7 +162,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Thu Feb 3 14:54:45 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:12 2011 by vadim"
set_kernel_vars
configure_interfaces

16
test/ipf/firewall35-nat.conf.orig
View File

@ -13,20 +13,20 @@ map le1 from 192.168.1.0/24 to any -> 22.22.22.22/32
map le0 from 192.168.1.0/24 to any -> 0/0
#
# Rule 3 (NAT)
rdr from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 4 (NAT)
rdr from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 5 (NAT)
rdr from any to 22.22.22.22/32 port = 22 -> 192.168.1.1 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.1 port 22 tcp
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.1 port 22 tcp
rdr le0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.1 port 22 tcp
#
# Rule 6 (NAT)
rdr from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 7 (NAT)
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp

8
test/ipf/firewall35.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:45 2011 PST by vadim
# Generated Thu Feb 17 12:00:13 2011 PST by vadim
#
# files: * firewall35.fw /etc/firewall35.fw
# files: firewall35-ipf.conf /etc/firewall35-ipf.conf
@ -30,7 +30,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:45 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:13 2011 by vadim"
set_kernel_vars
configure_interfaces

8
test/ipf/firewall4-nat.conf.orig
View File

@ -22,10 +22,10 @@ map eth1 from 192.168.1.10/32 to any -> 0/32 portmap tcp/udp auto
map eth1 from 192.168.1.10/32 to any -> 0/32
#
# Rule 5 (NAT)
rdr from any to any port = 22 -> 192.168.1.10 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.10 port 22 tcp
rdr from any to 192.168.2.1/32 port = 22 -> 192.168.1.10 port 22 tcp
rdr from any to 222.222.222.222/32 port = 22 -> 192.168.1.10 port 22 tcp
rdr eth1 from any to any port = 22 -> 192.168.1.10 port 22 tcp
rdr eth0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.10 port 22 tcp
rdr eth2 from any to 192.168.2.1/32 port = 22 -> 192.168.1.10 port 22 tcp
rdr eth3 from any to 222.222.222.222/32 port = 22 -> 192.168.1.10 port 22 tcp
#
# Rule 6 (NAT)
rdr eth0 from 192.168.1.0/24 to any port = 80 -> 192.168.2.1 port 3128 tcp

8
test/ipf/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:45 2011 PST by vadim
# Generated Thu Feb 17 12:00:13 2011 PST by vadim
#
# files: * firewall4.fw /etc/fw/firewall4.fw
# files: firewall4-ipf.conf /etc/fw/firewall4-ipf.conf
@ -33,7 +33,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -80,7 +80,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:45 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:13 2011 by vadim"
set_kernel_vars
configure_interfaces

32
test/ipf/firewall5-nat.conf.orig
View File

@ -20,28 +20,28 @@ map eth1 from 192.168.1.0/24 to any -> 33.33.33.33/32 portmap tcp/udp auto
map eth1 from 192.168.1.0/24 to any -> 33.33.33.33/32
#
# Rule 3 (NAT)
rdr from any to (ppp0) port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr ppp0 from any to (ppp0) port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 4 (NAT)
rdr from any to (ppp0) port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr ppp0 from any to (ppp0) port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 5 (NAT)
rdr from any to (ppp0) port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr ppp0 from any to (ppp0) port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 6 (NAT)
rdr from any to (ppp0) port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr ppp0 from any to (ppp0) port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 7 (NAT)
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp

8
test/ipf/firewall5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:46 2011 PST by vadim
# Generated Thu Feb 17 12:00:13 2011 PST by vadim
#
# files: * firewall5.fw /etc/firewall5.fw
# files: firewall5-ipf.conf /etc/firewall5-ipf.conf
@ -30,7 +30,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -92,7 +92,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:46 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:13 2011 by vadim"
set_kernel_vars
configure_interfaces

8
test/ipf/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:46 2011 PST by vadim
# Generated Thu Feb 17 12:00:13 2011 PST by vadim
#
# files: * firewall7.fw /etc/fw/firewall7.fw
# files: firewall7-ipf.conf /etc/fw/firewall7-ipf.conf
@ -29,7 +29,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:46 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:13 2011 by vadim"
set_kernel_vars
configure_interfaces

32
test/ipf/firewall8-nat.conf.orig
View File

@ -20,28 +20,28 @@ map eth1 from 192.168.1.0/24 to any -> 33.33.33.33/32 portmap tcp/udp auto
map eth1 from 192.168.1.0/24 to any -> 33.33.33.33/32
#
# Rule 3 (NAT)
rdr from any to any port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr ppp0 from any to any port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 4 (NAT)
rdr from any to any port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr ppp0 from any to any port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 5 (NAT)
rdr from any to any port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr ppp0 from any to any port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 6 (NAT)
rdr from any to any port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr ppp0 from any to any port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth1 from any to 33.33.33.34/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr eth0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 7 (NAT)
rdr eth1 from any to 33.33.33.33/32 port = 22 -> 192.168.1.100 port 22 tcp

8
test/ipf/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:46 2011 PST by vadim
# Generated Thu Feb 17 12:00:13 2011 PST by vadim
#
# files: * firewall8.fw /etc/firewall8.fw
# files: firewall8-ipf.conf /etc/firewall8-ipf.conf
@ -29,7 +29,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:46 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:13 2011 by vadim"
set_kernel_vars
configure_interfaces

16
test/ipf/firewall9-nat.conf.orig
View File

@ -13,20 +13,20 @@ map le1 from 192.168.1.0/24 to any -> 22.22.22.22/32
map le0 from 192.168.1.0/24 to any -> 0/0
#
# Rule 3 (NAT)
rdr from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 4 (NAT)
rdr from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 5 (NAT)
rdr from any to 22.22.22.22/32 port = 22 -> 192.168.1.1 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.1 port 22 tcp
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.1 port 22 tcp
rdr le0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.1 port 22 tcp
#
# Rule 6 (NAT)
rdr from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp
rdr le0 from any to 192.168.1.1/32 port = 22 -> 192.168.1.100 port 22 tcp
#
# Rule 7 (NAT)
rdr le1 from any to 22.22.22.22/32 port = 22 -> 192.168.1.100 port 22 tcp

8
test/ipf/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:46 2011 PST by vadim
# Generated Thu Feb 17 12:00:14 2011 PST by vadim
#
# files: * firewall9.fw /etc/firewall9.fw
# files: firewall9-ipf.conf /etc/firewall9-ipf.conf
@ -29,7 +29,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:46 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:14 2011 by vadim"
set_kernel_vars
configure_interfaces

8
test/ipf/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3457
# Firewall Builder fwb_ipf v4.2.0.3480
#
# Generated Thu Feb 3 14:54:46 2011 PST by vadim
# Generated Thu Feb 17 12:00:14 2011 PST by vadim
#
# files: * host.fw /etc/fw/host.fw
# files: host-ipf.conf /etc/fw/host-ipf.conf
@ -31,7 +31,7 @@ LOGGER="/usr/bin/logger"
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
@ -78,7 +78,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Thu Feb 3 14:54:46 2011 by vadim"
log "Activating firewall script generated Thu Feb 17 12:00:14 2011 by vadim"
set_kernel_vars
configure_interfaces

1137
test/ipf/objects-for-regression-tests.fwb
View File

File diff suppressed because it is too large Load Diff