onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 09:47:20 +01:00
Code Issues Releases Wiki Activity

refs #1907 split converting to atomic rules in orer to be able to control it better

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-11 10:27:10 -08:00
parent 8c7c07cfb9
commit ff6f43b3e6
37 changed files with 144 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/cisco_lib/NATCompiler_asa8.cpp
View File

@ -249,7 +249,14 @@ void NATCompiler_asa8::compile()
add( new checkForUnnumbered("check for unnumbered interfaces"));
add( new ConvertToAtomic("convert to atomic rules" ));
// add( new ConvertToAtomic("convert to atomic rules" ));
add( new ConvertToAtomicForOriginal("convert to atomic for OSrc, ODst, OSrv"));
// remove ConvertToAtomicForTSrc if we figure out a way to support multiple
// translated soruces per #1907
add( new ConvertToAtomicForTSrc("convert to atomic for TSrc"));
add( new ConvertToAtomicForTDst("convert to atomic for TDst"));
add( new ConvertToAtomicForTSrv("convert to atomic for TSrv"));
add( new AssignInterface("assign rules to interfaces" ));
add( new verifyInterfaces("verify interfaces assignment" ));
add( new fillTranslatedSrv("fill translated service element" ));

2
test/pix/cluster1-1_pix1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:34 2011 PST by vadim
! Generated Tue Jan 11 10:26:22 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/cluster1-1_pix2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:34 2011 PST by vadim
! Generated Tue Jan 11 10:26:22 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/cluster1_pix1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:34 2011 PST by vadim
! Generated Tue Jan 11 10:26:21 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/cluster1_pix2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:34 2011 PST by vadim
! Generated Tue Jan 11 10:26:21 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:10 2011 PST by vadim
! Generated Tue Jan 11 10:25:58 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:10 2011 PST by vadim
! Generated Tue Jan 11 10:25:58 2011 PST by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported

2
test/pix/firewall10.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:11 2011 PST by vadim
! Generated Tue Jan 11 10:25:59 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall11.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:12 2011 PST by vadim
! Generated Tue Jan 11 10:26:00 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall12.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:12 2011 PST by vadim
! Generated Tue Jan 11 10:26:01 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall13.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:13 2011 PST by vadim
! Generated Tue Jan 11 10:26:01 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall14.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:14 2011 PST by vadim
! Generated Tue Jan 11 10:26:02 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:14 2011 PST by vadim
! Generated Tue Jan 11 10:26:03 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall20.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:15 2011 PST by vadim
! Generated Tue Jan 11 10:26:03 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall21-1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:16 2011 PST by vadim
! Generated Tue Jan 11 10:26:05 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall21.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:16 2011 PST by vadim
! Generated Tue Jan 11 10:26:04 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall22.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:17 2011 PST by vadim
! Generated Tue Jan 11 10:26:05 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall3.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:18 2011 PST by vadim
! Generated Tue Jan 11 10:26:06 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall33.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:19 2011 PST by vadim
! Generated Tue Jan 11 10:26:07 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall34.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:20 2011 PST by vadim
! Generated Tue Jan 11 10:26:08 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall4.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:21 2011 PST by vadim
! Generated Tue Jan 11 10:26:08 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall50.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:21 2011 PST by vadim
! Generated Tue Jan 11 10:26:09 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall6.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:22 2011 PST by vadim
! Generated Tue Jan 11 10:26:10 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall8.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:23 2011 PST by vadim
! Generated Tue Jan 11 10:26:11 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall80.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:24 2011 PST by vadim
! Generated Tue Jan 11 10:26:11 2011 PST by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported

2
test/pix/firewall81.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:24 2011 PST by vadim
! Generated Tue Jan 11 10:26:12 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall82.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:25 2011 PST by vadim
! Generated Tue Jan 11 10:26:13 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall83.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:26 2011 PST by vadim
! Generated Tue Jan 11 10:26:13 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall9.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:26 2011 PST by vadim
! Generated Tue Jan 11 10:26:14 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

28
test/pix/firewall90.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:27 2011 PST by vadim
! Generated Tue Jan 11 10:26:15 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -135,6 +135,15 @@ quit
object network external_gw_1
host 22.22.22.254
quit
object network outside_range
range 22.22.22.21 22.22.22.25
quit
object network firewall90:FastEthernet1:ip
host 22.22.22.22
quit
object network external_gw2
host 22.22.22.100
quit
!
! Rule 0 (NAT)
nat (inside,outside) source dynamic Internal_net interface service http http
@ -154,6 +163,23 @@ nat (inside,outside) source dynamic test_range_1 firewall90:FastEthernet1:ip-1 d
!
! Rule 5 (NAT)
nat (inside,outside) source dynamic hostA:eth0 firewall90:FastEthernet1:ip-1 destination static spamhost1 external_gw_1 service smtp smtp
!
! Rule 6 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 firewall90:FastEthernet1:ip service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 external_gw2 service smtp smtp
!
! Rule 7 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 interface service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 external_gw2 service smtp smtp
!
! Rule 8 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 interface service smtp smtp

2
test/pix/firewall91.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:28 2011 PST by vadim
! Generated Tue Jan 11 10:26:15 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall92.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:28 2011 PST by vadim
! Generated Tue Jan 11 10:26:16 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/fwsm1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:29 2011 PST by vadim
! Generated Tue Jan 11 10:26:17 2011 PST by vadim
!
! Compiled for fwsm 2.3
! Outbound ACLs: supported

2
test/pix/fwsm2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:30 2011 PST by vadim
! Generated Tue Jan 11 10:26:18 2011 PST by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported

76
test/pix/objects-for-regression-tests.fwb
View File

@ -18228,7 +18228,7 @@ no sysopt nodnsalias outbound
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294446761" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294770341" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -18357,6 +18357,80 @@ no sysopt nodnsalias outbound
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id130599X29063" disabled="False" group="" position="6" action="Translate" comment="For #1907&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D196750"/>
<ObjectRef ref="id19855X26146"/>
<ObjectRef ref="id23297X67574"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id20720X27505" disabled="False" group="" position="7" action="Translate" comment="For #1907&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D196750"/>
<ObjectRef ref="id23297X67574"/>
<ObjectRef ref="id20111X3981"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id241772X29764" disabled="False" group="" position="8" action="Translate" comment="For #1907&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D196750"/>
<ObjectRef ref="id20111X3981"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id19857X26146" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">

2
test/pix/pix515.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:31 2011 PST by vadim
! Generated Tue Jan 11 10:26:19 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/real.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3427
!
! Generated Tue Jan 11 09:43:32 2011 PST by vadim
! Generated Tue Jan 11 10:26:19 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported