[fwbuilder-commits] r2898 - in branches/v4_0: . doc src/cisco_lib src/res/configlets/procurve test/
Brought to you by:
mikehorn
Menu
▾
▴
[fwbuilder-commits] r2898 - in branches/v4_0: . doc src/cisco_lib src/res/configlets/procurve test/procurve_acl
|
From: <va...@in...> - 2010-05-12 15:08:42
|
Author: vadim
Date: 2010-05-12 08:08:27 -0700 (Wed, 12 May 2010)
New Revision: 2898
Modified:
branches/v4_0/build_num
branches/v4_0/doc/ChangeLog
branches/v4_0/src/cisco_lib/CompilerDriver_iosacl.cpp
branches/v4_0/src/cisco_lib/PolicyCompiler_procurve_acl_writers.cpp
branches/v4_0/src/res/configlets/procurve/safety_net_acl
branches/v4_0/test/procurve_acl/objects-for-regression-tests.fwb
Log:
newline after exit in commands that attach acl to regular interface; generating different commands depending on whether management interface is vlan or not
Modified: branches/v4_0/build_num
===================================================================
--- branches/v4_0/build_num 2010-05-12 03:22:46 UTC (rev 2897)
+++ branches/v4_0/build_num 2010-05-12 15:08:27 UTC (rev 2898)
@@ -1 +1 @@
-#define BUILD_NUM 2895
+#define BUILD_NUM 2897
Modified: branches/v4_0/doc/ChangeLog
===================================================================
--- branches/v4_0/doc/ChangeLog 2010-05-12 03:22:46 UTC (rev 2897)
+++ branches/v4_0/doc/ChangeLog 2010-05-12 15:08:27 UTC (rev 2898)
@@ -1,6 +1,16 @@
+2010-05-12 vadim <va...@vk...>
+
+ * PolicyCompiler_procurve_acl_writers.cpp (PolicyCompiler_procurve_acl::printAccessGroupCmd):
+ generated commands that attach acl to a regular inetrface needed
+ newline after "exit".
+
+ * configlets/procurve/safety_net_acl: generating different
+ commands in "Safety net" install mode depending on whether
+ management interface is vlan or not.
+
2010-05-11 Vadim Kurland <va...@vk...>
- * ObjectManipulatorTest.cpp (ObjectManipulatorTest::editSelectedObject):
+ * ObjectManipulatorTest.cpp (ObjectManipulatorTest::editSelectedObject):
see #1447 fixed unit test for this change
* ../src/res/configlets/dd-wrt-jffs/installer_commands_root:
Modified: branches/v4_0/src/cisco_lib/CompilerDriver_iosacl.cpp
===================================================================
--- branches/v4_0/src/cisco_lib/CompilerDriver_iosacl.cpp 2010-05-12 03:22:46 UTC (rev 2897)
+++ branches/v4_0/src/cisco_lib/CompilerDriver_iosacl.cpp 2010-05-12 15:08:27 UTC (rev 2898)
@@ -209,6 +209,13 @@
{
configlet.setVariable("management_interface",
intf->getName().c_str());
+
+ FWOptions *ifopt = intf->getOptionsObject();
+ string itype = ifopt->getStr("type");
+ configlet.setVariable("management_interface_is_vlan",
+ (itype == "8021q"));
+ configlet.setVariable("management_interface_is_not_vlan",
+ (itype != "8021q"));
break;
}
}
Modified: branches/v4_0/src/cisco_lib/PolicyCompiler_procurve_acl_writers.cpp
===================================================================
--- branches/v4_0/src/cisco_lib/PolicyCompiler_procurve_acl_writers.cpp 2010-05-12 03:22:46 UTC (rev 2897)
+++ branches/v4_0/src/cisco_lib/PolicyCompiler_procurve_acl_writers.cpp 2010-05-12 15:08:27 UTC (rev 2898)
@@ -118,6 +118,7 @@
outp_combined.push_back(" " + outp.join(" "));
outp_combined.push_back("exit");
+ outp_combined.push_back("");
return outp_combined.join("\n").toStdString();
}
}
Modified: branches/v4_0/src/res/configlets/procurve/safety_net_acl
===================================================================
--- branches/v4_0/src/res/configlets/procurve/safety_net_acl 2010-05-12 03:22:46 UTC (rev 2897)
+++ branches/v4_0/src/res/configlets/procurve/safety_net_acl 2010-05-12 15:08:27 UTC (rev 2898)
@@ -15,40 +15,31 @@
; temporary access list for "safety net install"
{{if ipv4}}
+{{if management_interface_is_vlan}}
+no {{$management_interface}} ip access-group tmp_acl in
+no ip access-list extended tmp_acl
+ip access-list extended tmp_acl
+ permit ip {{$management_addr}} {{$management_netm}} any
+ deny ip any any
+exit
+{{$management_interface}} ip access-group tmp_acl in
+{{endif}}
+
+{{if management_interface_is_not_vlan}}
interface {{$management_interface}}
- no ip access-group in
- no ip access-group out
no ip access-group tmp_acl in
exit
-
no ip access-list extended tmp_acl
ip access-list extended tmp_acl
permit ip {{$management_addr}} {{$management_netm}} any
deny ip any any
exit
-
interface {{$management_interface}}
ip access-group tmp_acl in
exit
{{endif}}
+{{endif}}
{{if ipv6}}
-no ipv6 access-list tmp_acl
-ipv6 access-list tmp_acl
-{{if slash_notation}}
- permit ipv6 {{$management_addr}} any
{{endif}}
-{{if host_addr}}
- permit ipv6 host {{$management_addr}} any
-{{endif}}
- permit icmp any any
- deny ipv6 any any
-exit
-interface {{$management_interface}}
- no ipv6 traffic-filter in
- no ipv6 traffic-filter out
- ipv6 traffic-filter tmp_acl in
-exit
-{{endif}}
-
Modified: branches/v4_0/test/procurve_acl/objects-for-regression-tests.fwb
===================================================================
--- branches/v4_0/test/procurve_acl/objects-for-regression-tests.fwb 2010-05-12 03:22:46 UTC (rev 2897)
+++ branches/v4_0/test/procurve_acl/objects-for-regression-tests.fwb 2010-05-12 15:08:27 UTC (rev 2898)
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1273597059" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1273676680" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@@ -598,7 +598,7 @@
<ServiceGroup id="id4511636C23682_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id4511637423682" name="Firewalls" comment="" ro="False">
- <Firewall id="id46412B5226577" host_OS="procurve" inactive="False" lastCompiled="1273596546" lastInstalled="0" lastModified="1273597135" platform="procurve_acl" version="K.13" name="testhp1" comment="" ro="False">
+ <Firewall id="id46412B5226577" host_OS="procurve" inactive="False" lastCompiled="1273675344" lastInstalled="0" lastModified="1273597135" platform="procurve_acl" version="K.13" name="testhp1" comment="" ro="False">
<NAT id="id46412B5626577" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
@@ -3199,7 +3199,7 @@
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
- <Firewall id="id4722X40592" host_OS="procurve" inactive="False" lastCompiled="1261963115" lastInstalled="0" lastModified="1273546094" platform="procurve_acl" version="K.13" name="testhp3" comment="Using "safety net" script option" ro="False">
+ <Firewall id="id4722X40592" host_OS="procurve" inactive="False" lastCompiled="1273676640" lastInstalled="0" lastModified="1273546094" platform="procurve_acl" version="K.13" name="testhp3" comment="Using "safety net" script option" ro="False">
<NAT id="id5018X40592" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
@@ -3807,6 +3807,620 @@
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
+ <Firewall id="id5570X54035" host_OS="procurve" inactive="False" lastCompiled="1273676701" lastInstalled="0" lastModified="1273676694" platform="procurve_acl" version="K.13" name="testhp4" comment="Using "safety net" script option, management interface is not a vlan" ro="False">
+ <NAT id="id5866X54035" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+ <RuleSetOptions/>
+ </NAT>
+ <Policy id="id5599X54035" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+ <PolicyRule id="id5600X54035" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti-spoofing">
+ <Src neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="id5578X54035"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="stateless">True</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5612X54035" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C0BA44</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5624X54035" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="id5581X54035"/>
+ <ObjectRef ref="id5578X54035"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C0BA44</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5637X54035" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="id25373X82668"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C0BA44</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5649X54035" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="id5578X54035"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C0BA44</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5661X54035" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="id5581X54035"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C0BA44</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5673X54035" disabled="False" log="False" position="6" action="Accept" direction="Inbound" comment="">
+ <Src neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#8BC065</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5685X54035" disabled="False" log="False" position="7" action="Accept" direction="Inbound" comment="">
+ <Src neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="id5578X54035"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#8BC065</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5697X54035" disabled="False" log="False" position="8" action="Accept" direction="Inbound" comment="">
+ <Src neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="id5581X54035"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#8BC065</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5709X54035" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456929061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C0BA44</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5721X54035" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456929061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="id5578X54035"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C0BA44</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5733X54035" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456929061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C4226611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="id5581X54035"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C0BA44</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5745X54035" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="interface ethernet1 has address on network 10.10.10.0/24, therefore net-10.10.10 is behind the router and we do not need to put rules 12-18 in outbound acl of eth0">
+ <Src neg="False">
+ <ObjectRef ref="id4641456629061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C3F26611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="id464147DE29061"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C86E6E</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5757X54035" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456629061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C3F26611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="id464147DD29061"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C86E6E</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5769X54035" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456629061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C3F26611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="id464147DB29061"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C86E6E</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5781X54035" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456629061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C3F26611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="id464147DC29061"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C86E6E</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5793X54035" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456629061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C3F26611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="id463FE5FE11008"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C86E6E</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5805X54035" disabled="False" log="False" position="17" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456629061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C3F26611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="id4641521729061"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C86E6E</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5817X54035" disabled="False" log="False" position="18" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456629061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C3F26611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="id464147DA29061"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#C86E6E</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5829X54035" disabled="False" group="" log="False" position="19" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456629061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C3F26611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="id4226X64279"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#7694C0</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5841X54035" disabled="False" group="" log="False" position="20" action="Accept" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="id4641456629061"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="id46412C3F26611"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="id8888X64279"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="color">#7694C0</Option>
+ <Option name="stateless">False</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <PolicyRule id="id5853X54035" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="">
+ <Src neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Src>
+ <Dst neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Dst>
+ <Srv neg="False">
+ <ServiceRef ref="sysid1"/>
+ </Srv>
+ <Itf neg="False">
+ <ObjectRef ref="sysid0"/>
+ </Itf>
+ <When neg="False">
+ <IntervalRef ref="sysid2"/>
+ </When>
+ <PolicyRuleOptions>
+ <Option name="stateless">True</Option>
+ </PolicyRuleOptions>
+ </PolicyRule>
+ <RuleSetOptions/>
+ </Policy>
+ <Routing id="id5868X54035" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+ <RuleSetOptions/>
+ </Routing>
+ <Interface id="id5578X54035" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="True" unprotected="False" name="vlan 10" comment="" ro="False">
+ <InterfaceOptions>
+ <Option name="type">8021q</Option>
+ <Option name="vlan_id">10</Option>
+ </InterfaceOptions>
+ </Interface>
+ <Interface id="id5581X54035" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="True" unprotected="False" name="vlan 20" comment="" ro="False">
+ <InterfaceOptions>
+ <Option name="type">8021q</Option>
+ <Option name="vlan_id">20</Option>
+ </InterfaceOptions>
+ </Interface>
+ <Interface id="id5584X54035" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="vlan 40" comment="" ro="False">
+ <IPv4 id="id5587X54035" name="testhp4:vlan 40:ip" comment="" ro="False" address="10.10.11.1" netmask="255.255.255.0"/>
+ <InterfaceOptions>
+ <Option name="type">8021q</Option>
+ <Option name="vlan_id">40</Option>
+ </InterfaceOptions>
+ </Interface>
+ <Interface id="id5589X54035" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="vlan 401" comment="" ro="False">
+ <IPv4 id="id5592X54035" name="testhp4:vlan 401:ip" comment="" ro="False" address="10.10.12.1" netmask="255.255.255.0"/>
+ <InterfaceOptions>
+ <Option name="type">8021q</Option>
+ <Option name="vlan_id">401</Option>
+ </InterfaceOptions>
+ </Interface>
+ <Interface id="id5594X54035" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="vlan 402" comment="" ro="False">
+ <IPv4 id="id5597X54035" name="testhp4:vlan 402:ip" comment="" ro="False" address="10.10.10.1" netmask="255.255.255.0"/>
+ <InterfaceOptions>
+ <Option name="type">8021q</Option>
+ <Option name="vlan_id">402</Option>
+ </InterfaceOptions>
+ </Interface>
+ <Interface id="id5961X54035" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="0" unnum="False" unprotected="False" name="a1" comment="" ro="False">
+ <IPv4 id="id5995X54035" name="testhp4:a1:ip" comment="" ro="False" address="10.10.1.1" netmask="255.255.255.0"/>
+ <InterfaceOptions>
+ <Option name="type">ethernet</Option>
+ </InterfaceOptions>
+ </Interface>
+ <Management address="1.1.1.1">
+ <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
+ <FWBDManagement enabled="False" identity="" port="-1"/>
+ <PolicyInstallScript arguments="" command="" enabled="False"/>
+ </Management>
+ <FirewallOptions>
+ <Option name="accept_established">true</Option>
+ <Option name="accept_new_tcp_with_no_syn">true</Option>
+ <Option name="add_check_state_rule">true</Option>
+ <Option name="admUser"></Option>
+ <Option name="altAddress"></Option>
+ <Option name="check_shading">False</Option>
+ <Option name="compiler"></Option>
+ <Option name="configure_interfaces">true</Option>
+ <Option name="eliminate_duplicates">true</Option>
+ <Option name="filesystem">/etc</Option>
+ <Option name="firewall_dir">/etc</Option>
+ <Option name="firewall_is_part_of_any_and_networks">true</Option>
+ <Option name="freebsd_ip_forward">1</Option>
+ <Option name="ignore_empty_groups">False</Option>
+ <Option name="in_out_code">true</Option>
+ <Option name="ios_ip_address">True</Option>
+ <Option name="ios_set_host_name">True</Option>
+ <Option name="iosacl_acl_basic">False</Option>
+ <Option name="iosacl_acl_no_clear">False</Option>
+ <Option name="iosacl_acl_substitution">True</Option>
+ <Option name="iosacl_acl_temp_addr">10.10.10.1</Option>
+ <Option name="iosacl_add_clear_statements">true</Option>
+ <Option name="iosacl_assume_fw_part_of_any">true</Option>
+ <Option name="iosacl_epilog_script">! This is epilog for testing
+</Option>
+ <Option name="iosacl_generate_logging_commands">False</Option>
+ <Option name="iosacl_include_comments">True</Option>
+ <Option name="iosacl_logging_buffered">False</Option>
+ <Option name="iosacl_logging_buffered_level">3</Option>
+ <Option name="iosacl_logging_console">False</Option>
+ <Option name="iosacl_logging_console_level">3</Option>
+ <Option name="iosacl_logging_timestamp">False</Option>
+ <Option name="iosacl_logging_trap_level">3</Option>
+ <Option name="iosacl_prolog_script">! This is prolog</Option>
+ <Option name="iosacl_regroup_commands">False</Option>
+ <Option name="iosacl_syslog_facility"></Option>
+ <Option name="iosacl_syslog_host"></Option>
+ <Option name="iosacl_use_acl_remarks">False</Option>
+ <Option name="ipv4_6_order">ipv4_first</Option>
+ <Option name="limit_value">0</Option>
+ <Option name="linux24_ip_forward">1</Option>
+ <Option name="load_modules">true</Option>
+ <Option name="local_nat">false</Option>
+ <Option name="log_level">info</Option>
+ <Option name="log_prefix">RULE %N -- %A </Option>
+ <Option name="loopback_interface">lo0</Option>
+ <Option name="macosx_ip_forward">1</Option>
+ <Option name="manage_virtual_addr">true</Option>
+ <Option name="mgmt_addr">10.10.11.10</Option>
+ <Option name="mgmt_ssh">True</Option>
+ <Option name="openbsd_ip_forward">1</Option>
+ <Option name="output_file"></Option>
+ <Option name="pass_all_out">false</Option>
+ <Option name="pf_limit_frags">5000</Option>
+ <Option name="pf_limit_states">10000</Option>
+ <Option name="pf_scrub_maxmss">1460</Option>
+ <Option name="pf_timeout_frag">30</Option>
+ <Option name="pf_timeout_interval">10</Option>
+ <Option name="pix_add_clear_statements">true</Option>
+ <Option name="pix_assume_fw_part_of_any">true</Option>
+ <Option name="pix_default_logint">300</Option>
+ <Option name="pix_emblem_log_format">false</Option>
+ <Option name="pix_emulate_out_acl">true</Option>
+ <Option name="pix_floodguard">true</Option>
+ <Option name="pix_include_comments">true</Option>
+ <Option name="pix_route_dnat_supported">true</Option>
+ <Option name="pix_rule_syslog_settings">false</Option>
+ <Option name="pix_security_fragguard_supported">true</Option>
+ <Option name="pix_syslog_device_id_supported">false</Option>
+ <Option name="pix_use_acl_remarks">true</Option>
+ <Option name="procurve_acl_acl_basic">False</Option>
+ <Option name="procurve_acl_acl_no_clear">False</Option>
+ <Option name="procurve_acl_acl_substitution">True</Option>
+ <Option name="procurve_acl_acl_temp_addr">10.10.11.10</Option>
+ <Option name="procurve_acl_add_clear_statements">true</Option>
+ <Option name="procurve_acl_assume_fw_part_of_any">true</Option>
+ <Option name="procurve_acl_epilog_script"></Option>
+ <Option name="procurve_acl_generate_logging_commands">False</Option>
+ <Option name="procurve_acl_include_comments">true</Option>
+ <Option name="procurve_acl_logging_buffered">False</Option>
+ <Option name="procurve_acl_logging_buffered_level">4</Option>
+ <Option name="procurve_acl_logging_console">False</Option>
+ <Option name="procurve_acl_logging_console_level">4</Option>
+ <Option name="procurve_acl_logging_timestamp">False</Option>
+ <Option name="procurve_acl_logging_trap_level">4</Option>
+ <Option name="procurve_acl_prolog_script"></Option>
+ <Option name="procurve_acl_syslog_facility"></Option>
+ <Option name="procurve_acl_syslog_host"></Option>
+ <Option name="prompt1">$ </Option>
+ <Option name="prompt2"> # </Option>
+ <Option name="scpArgs"></Option>
+ <Option name="solaris_ip_forward">1</Option>
+ <Option name="sshArgs"></Option>
+ <Option name="ulog_nlgroup">1</Option>
+ <Option name="use_scp">False</Option>
+ <Option name="verify_interfaces">true</Option>
+ </FirewallOptions>
+ </Firewall>
</ObjectGroup>
<IntervalGroup id="id4511637523682" name="Time" comment="" ro="False"/>
</Library>
|