onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-24 04:07:55 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/ipf/large_policy_test.fwb
Vadim Kurland 0ee88506b5 * ../src/iptlib/NATCompiler_ipt.cpp (VerifyRules2::processNext): 
fixes #1109: "rules that do not pass verifyRules() checks may
cause compiler crash in test mode or gui crash in single rule
compile mode"
2010-01-20 02:55:38 +00:00

282 lines
15 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1_clusters" name="Clusters" comment="" ro="False"/>
<ObjectGroup id="stdid01_1" name="Objects" comment="" ro="False">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="stdid01_1_og_dnsn_1" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="stdid16_1" name="Addresses" comment="" ro="False"/>
<ObjectGroup id="stdid04_1" name="Groups" comment="" ro="False"/>
<ObjectGroup id="stdid02_1" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="stdid03_1" name="Networks" comment="" ro="False">
<Network id="id3F9A1BC7" name="net A" comment="" ro="False" address="192.168.0.0" netmask="255.255.255.0"/>
<Network id="id3F9A1BC8" name="net B" comment="" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id3F9A1BC9" name="net C" comment="" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="stdid15_1" name="Address Ranges" comment="" ro="False">
<AddressRange id="id3F9A1BCA" name="range A" comment="" ro="False" start_address="192.168.0.10" end_address="192.168.0.250"/>
<AddressRange id="id3F9A1BCB" name="range B" comment="" ro="False" start_address="192.168.1.10" end_address="192.168.1.250"/>
<AddressRange id="id3F9A1BCC" name="range C" comment="" ro="False" start_address="192.168.2.10" end_address="192.168.2.250"/>
<AddressRange id="id3F9AF27F" name="mini range A" comment="" ro="False" start_address="192.168.0.10" end_address="192.168.0.12"/>
<AddressRange id="id3F9AF280" name="mini range B" comment="" ro="False" start_address="192.168.1.10" end_address="192.168.1.12"/>
<AddressRange id="id3F9AF281" name="mini range C" comment="" ro="False" start_address="192.168.2.10" end_address="192.168.2.12"/>
</ObjectGroup>
</ObjectGroup>
<ServiceGroup id="stdid05_1" name="Services" comment="" ro="False">
<ServiceGroup id="stdid05_1_userservices" name="Users" comment="" ro="False"/>
<ServiceGroup id="stdid05_1_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="stdid10_1" name="Groups" comment="" ro="False"/>
<ServiceGroup id="stdid07_1" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="stdid06_1" name="IP" comment="" ro="False"/>
<ServiceGroup id="stdid09_1" name="TCP" comment="" ro="False"/>
<ServiceGroup id="stdid08_1" name="UDP" comment="" ro="False"/>
<ServiceGroup id="stdid13_1" name="Custom" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
<Firewall id="id3F9A1BD2" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="ipf" name="test" comment="" ro="False">
<NAT id="id3F9A1BD6" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id3F9A1BD5" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3F9A1CE7" disabled="False" log="False" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BC7"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F9A1BC8"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9AF2C0" disabled="False" log="True" position="1" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9AF27F"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F9AF280"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-NNTP"/>
<ServiceRef ref="tcp-FTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F9A1BF6" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BCA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F9A1BCB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9A1BEC" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BCA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F9A1BCC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9A1C2E" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BCB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F9A1BCC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9A1C96" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BC7"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F9A1BC8"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9A1C3A" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id3F9A1BD2-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id3F9A1BD9" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3F9A1BDB" name="test:eth0(ip)" comment="" ro="False" address="192.0.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3F9A1BDC" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3F9A1BDE" name="test:eth1(ip)" comment="" ro="False" address="192.168.0.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3F9A1BDF" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3F9A1BE1" name="test:eth2(ip)" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3F9A1BE2" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3F9A1BE4" name="test:eth3(ip)" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3F9A1BE5" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3F9A1BE7" name="test:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">True</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="loopback_interface">lo</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">True</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time" comment="" ro="False"/>
</Library>
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
<ServiceGroup id="stdid09" name="TCP" comment="" ro="False">
<TCPService id="tcp-SMTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="tcp-NNTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
<TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
</ServiceGroup>
</ServiceGroup>
</Library>
</FWObjectDatabase>
Reference in New Issue View Git Blame Copy Permalink