[fwbuilder-commits] r2854 - in branches/v4_0: . doc src/gui test/ipt
Brought to you by:
mikehorn
From: <va...@in...> - 2010-04-27 23:10:59
|
Author: vadim Date: 2010-04-27 16:10:46 -0700 (Tue, 27 Apr 2010) New Revision: 2854 Modified: branches/v4_0/build_num branches/v4_0/doc/ChangeLog branches/v4_0/src/gui/SSHSession.cpp branches/v4_0/src/gui/instDialog_installer.cpp branches/v4_0/src/gui/instDialog_ui_ops.cpp branches/v4_0/test/ipt/objects-for-regression-tests.fwb Log: * SSHSession.cpp (SSHSession::terminate): see #1426, #1428 use QProcess::waitForFinished() instead of just sleep() after we send TERM signal to the background process. Also let Qt process events to update the GUI while waiting. * instDialog_installer.cpp (instDialog::stopInstall): fixed #1428 button "Stop" in the installer dialog does not stop installer process Modified: branches/v4_0/build_num =================================================================== --- branches/v4_0/build_num 2010-04-27 21:27:51 UTC (rev 2853) +++ branches/v4_0/build_num 2010-04-27 23:10:46 UTC (rev 2854) @@ -1 +1 @@ -#define BUILD_NUM 2852 +#define BUILD_NUM 2853 Modified: branches/v4_0/doc/ChangeLog =================================================================== --- branches/v4_0/doc/ChangeLog 2010-04-27 21:27:51 UTC (rev 2853) +++ branches/v4_0/doc/ChangeLog 2010-04-27 23:10:46 UTC (rev 2854) @@ -1,5 +1,14 @@ -2010-04-27 Vadim Kurland <va...@vk...> +2010-04-27 vadim <va...@vk...> + * SSHSession.cpp (SSHSession::terminate): see #1426, #1428 use + QProcess::waitForFinished() instead of just sleep() after we send + TERM signal to the background process. Also let Qt process events + to update the GUI while waiting. + + * instDialog_installer.cpp (instDialog::stopInstall): fixed #1428 + button "Stop" in the installer dialog does not stop installer + process + * SSHSession.cpp (terminate): fixes #1426 "segfault when cancel while installing" (SF bug 2990333). No need to process events in terminate(); instead, using QProcess::waitForFinished() to give Modified: branches/v4_0/src/gui/SSHSession.cpp =================================================================== --- branches/v4_0/src/gui/SSHSession.cpp 2010-04-27 21:27:51 UTC (rev 2853) +++ branches/v4_0/src/gui/SSHSession.cpp 2010-04-27 23:10:46 UTC (rev 2854) @@ -296,13 +296,6 @@ return; } - disconnect(proc, SIGNAL(readyReadStandardOutput()), - this, SLOT(readFromStdout() ) ); - disconnect(proc, SIGNAL(readyReadStandardError()), - this, SLOT(readFromStderr() ) ); - disconnect(proc, SIGNAL(finished(int, QProcess::ExitStatus)), - this, SLOT(finished(int) ) ); - #ifdef _WIN32 if (proc->pid() != NULL) #else @@ -315,7 +308,7 @@ if (fwbdebug) qDebug() << "SSHSession::terminate terminating child process pid=" << pid; - emit printStdout_sign(QString("Stopping background process")); + emit printStdout_sign(QString("Stopping background process %1").arg(pid)); /* * on windows proc->terminate() posts a WM_CLOSE @@ -337,7 +330,7 @@ int time_to_wait = 20; for (int timeout = 0; timeout < time_to_wait; timeout++) { - if (proc->state() != QProcess::Running) break; + if (proc==NULL || proc->state() != QProcess::Running) break; // print countdown only if we've been waiting more than 3 sec if (timeout > 3) emit printStdout_sign( @@ -351,14 +344,19 @@ s.replace('\r',""); emit printStdout_sign(s); } - QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents); -#ifdef _WIN32 - Sleep(1000); -#else - sleep(1); -#endif + + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,1); + proc->waitForFinished(1000); } + // proc can be NULL at this point if it had sent signal finished() + // which we processed in the call to waitForFinished() above + if (proc == NULL) + { + if (fwbdebug) qDebug("SSHSession::terminate proc==NULL"); + return; + } + if (fwbdebug) qDebug() << "SSHSession::terminate Reading last output buffers"; @@ -370,10 +368,15 @@ } if (fwbdebug) - qDebug() << "SSHSession::terminate done reading I/O buffers"; + qDebug() << "SSHSession::terminate done reading I/O buffers. Disconnecting signals"; - // Looks like sometimes the process may still be running - // after 20 sec. Ticket #1426, SF bug 2990333 + disconnect(proc, SIGNAL(readyReadStandardOutput()), + this, SLOT(readFromStdout() ) ); + disconnect(proc, SIGNAL(readyReadStandardError()), + this, SLOT(readFromStderr() ) ); + disconnect(proc, SIGNAL(finished(int, QProcess::ExitStatus)), + this, SLOT(finished(int) ) ); + if (proc->state() == QProcess::Running) { if (fwbdebug) Modified: branches/v4_0/src/gui/instDialog_installer.cpp =================================================================== --- branches/v4_0/src/gui/instDialog_installer.cpp 2010-04-27 21:27:51 UTC (rev 2853) +++ branches/v4_0/src/gui/instDialog_installer.cpp 2010-04-27 23:10:46 UTC (rev 2854) @@ -146,14 +146,22 @@ void instDialog::stopInstall() { currentStopButton->setEnabled(false); - stopProcessFlag=true; - disconnect(currentStopButton, SIGNAL(clicked()) ); - currentStopButton->setEnabled(false); + disconnect(currentStopButton, SIGNAL(clicked())); - proc.terminate(); //try to close proc. - QTimer::singleShot( 1000, &proc, SLOT( kill() ) ); //if it doesn't respond, kill it + stopProcessFlag = true; // likely unused + proc.terminate(); // try to close proc. + QTimer::singleShot(1000, &proc, SLOT(kill())); //if it doesn't respond, kill it + if (installer != NULL) + { + if (fwbdebug) + qDebug() << "instDialog::stopInstall killing installer"; + installer->terminate(); + delete installer; + installer = NULL; + } + // to terminate whole install sequence rather than just current // process, clear the list. for (list<Firewall*>::iterator i=install_fw_list.begin(); Modified: branches/v4_0/src/gui/instDialog_ui_ops.cpp =================================================================== --- branches/v4_0/src/gui/instDialog_ui_ops.cpp 2010-04-27 21:27:51 UTC (rev 2853) +++ branches/v4_0/src/gui/instDialog_ui_ops.cpp 2010-04-27 23:10:46 UTC (rev 2854) @@ -670,7 +670,8 @@ void instDialog::addToLog(const QString &buf) { if (fwbdebug) - qDebug() << "instDialog::addToLog" << QTime::currentTime().toString(); + qDebug() << "instDialog::addToLog" << QTime::currentTime().toString() + << "buf.size()=" << buf.size(); if (buf.isEmpty()) return; Modified: branches/v4_0/test/ipt/objects-for-regression-tests.fwb =================================================================== --- branches/v4_0/test/ipt/objects-for-regression-tests.fwb 2010-04-27 21:27:51 UTC (rev 2853) +++ branches/v4_0/test/ipt/objects-for-regression-tests.fwb 2010-04-27 23:10:46 UTC (rev 2854) @@ -4694,7 +4694,7 @@ </ServiceGroup> </ServiceGroup> <ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False"> - <Firewall id="fw-firewall2" host_OS="linux24" inactive="False" lastCompiled="1263949492" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False"> + <Firewall id="fw-firewall2" host_OS="linux24" inactive="False" lastCompiled="1272403934" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False"> <NAT id="nat-firewall2" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="nat-firewall2-0" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -6639,7 +6639,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id3AF5AA0A" host_OS="linux24" inactive="False" lastCompiled="1251648630" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="" name="firewall1" comment="this object is used to test all kinds of negation in policy and NAT rules" ro="False"> + <Firewall id="id3AF5AA0A" host_OS="linux24" inactive="False" lastCompiled="1272404302" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="" name="firewall1" comment="this object is used to test all kinds of negation in policy and NAT rules" ro="False"> <NAT id="id3AF5AA0D" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3C98491C" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -8102,7 +8102,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3AFB66C6" host_OS="linux24" inactive="False" lastCompiled="1251648690" lastInstalled="1142003872" lastModified="1264552639" platform="iptables" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False"> + <Firewall id="id3AFB66C6" host_OS="linux24" inactive="False" lastCompiled="1272404335" lastInstalled="1142003872" lastModified="1264552639" platform="iptables" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False"> <NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3AFB66C8" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -9985,7 +9985,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3B0226B6" host_OS="linux24" inactive="False" lastCompiled="1247364029" lastInstalled="1142003872" lastModified="1268936785" platform="iptables" version="" name="firewall3" comment="this object is used to test negation in policy rules with "Assume firewall is part of 'Any'" turned OFF" ro="False"> + <Firewall id="id3B0226B6" host_OS="linux24" inactive="False" lastCompiled="1272404392" lastInstalled="1142003872" lastModified="1268936785" platform="iptables" version="" name="firewall3" comment="this object is used to test negation in policy rules with "Assume firewall is part of 'Any'" turned OFF" ro="False"> <NAT id="id3B0226B7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3B0226B8" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -10646,7 +10646,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3B0C6380" host_OS="linux24" inactive="False" lastCompiled="1247364135" lastInstalled="1142003872" lastModified="1247704084" platform="iptables" version="" name="firewall4" comment="this object is used to test a configuration where firewall has dynamic address " ro="False"> + <Firewall id="id3B0C6380" host_OS="linux24" inactive="False" lastCompiled="1272404501" lastInstalled="1142003872" lastModified="1247704084" platform="iptables" version="" name="firewall4" comment="this object is used to test a configuration where firewall has dynamic address " ro="False"> <NAT id="id3B0C6381" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3B0C6382" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -11442,7 +11442,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3B19BEE6" host_OS="linux24" inactive="False" lastCompiled="1247364158" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="" name="firewall5" comment="testing firewall_is_part_of_any_and_networks. Also testing SNAT and DNAT rules when external interface has dynamic address. dynamic interface ppp0 has an address object attached to it (interface used to be static and had an address, then got converted to dynamic but address object is still there). Compiler should ignore this address object and issue a warning. All "configure interfaces" options are off, testing shell functions for this case." ro="False"> + <Firewall id="id3B19BEE6" host_OS="linux24" inactive="False" lastCompiled="1272404511" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="" name="firewall5" comment="testing firewall_is_part_of_any_and_networks. Also testing SNAT and DNAT rules when external interface has dynamic address. dynamic interface ppp0 has an address object attached to it (interface used to be static and had an address, then got converted to dynamic but address object is still there). Compiler should ignore this address object and issue a warning. All "configure interfaces" options are off, testing shell functions for this case." ro="False"> <NAT id="id3B19BEE7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3CFD9EE2" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -11945,7 +11945,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3AF5A2BA" host_OS="linux24" lastCompiled="1247364269" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="host" comment="firewall protects host it is running on" ro="False"> + <Firewall id="id3AF5A2BA" host_OS="linux24" lastCompiled="1272404585" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="host" comment="firewall protects host it is running on" ro="False"> <NAT id="id3AF5A2BD" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -12218,7 +12218,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3C698F1D" host_OS="linux24" lastCompiled="1247364180" lastInstalled="1142003872" lastModified="1224350148" platform="iptables" name="firewall6" comment="testing rule with firewall in dst and negation also testing "Destination NAT Onto the Same Network" per Turorial chapter 3.5 testing a rule with src=dst=firewall6 in the global policy (should use all interfaces including loopback)" ro="False"> + <Firewall id="id3C698F1D" host_OS="linux24" lastCompiled="1272404522" lastInstalled="1142003872" lastModified="1224350148" platform="iptables" name="firewall6" comment="testing rule with firewall in dst and negation also testing "Destination NAT Onto the Same Network" per Turorial chapter 3.5 testing a rule with src=dst=firewall6 in the global policy (should use all interfaces including loopback)" ro="False"> <NAT id="id3C698F1E" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3D5C25BE" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -12633,7 +12633,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3C69BD4F" host_OS="linux24" lastCompiled="1247364237" lastInstalled="1142003872" lastModified="1171611268" platform="iptables" version="" name="firewall7" comment="testing rules with broadcasts and multicasts and action-on-reject "TCP reset" testing rules used for DHCP relay running on the firewall between interfaces eth0 and eth2" ro="False"> + <Firewall id="id3C69BD4F" host_OS="linux24" lastCompiled="1272404549" lastInstalled="1142003872" lastModified="1171611268" platform="iptables" version="" name="firewall7" comment="testing rules with broadcasts and multicasts and action-on-reject "TCP reset" testing rules used for DHCP relay running on the firewall between interfaces eth0 and eth2" ro="False"> <NAT id="id3C69BD50" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3D6BE398" disabled="True" position="0" action="Translate" comment="this is incorrect rule which should be refused by compiler"> <OSrc neg="False"> @@ -13052,7 +13052,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3D0C1E6E" host_OS="linux24" lastCompiled="1247364252" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall8" comment="this firewall is used to test a rule in the global policy of object "firewall" " ro="False"> + <Firewall id="id3D0C1E6E" host_OS="linux24" lastCompiled="1272404569" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall8" comment="this firewall is used to test a rule in the global policy of object "firewall" " ro="False"> <NAT id="id3D0C1E72" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -13143,7 +13143,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3D4DF34B" host_OS="linux24" lastCompiled="1247364259" lastInstalled="1142003872" lastModified="1230445726" platform="iptables" name="firewall9" comment="testing rules with action-on-reject "TCP reset" " ro="False"> + <Firewall id="id3D4DF34B" host_OS="linux24" lastCompiled="1272404578" lastInstalled="1142003872" lastModified="1230445726" platform="iptables" name="firewall9" comment="testing rules with action-on-reject "TCP reset" " ro="False"> <NAT id="id3D4DF34C" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -13705,7 +13705,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3D4F0A55" host_OS="linux24" inactive="False" lastCompiled="1251648634" lastInstalled="1142003872" lastModified="1219534909" platform="iptables" version="1.2.9" name="firewall10" comment="testing rules with action-on-reject "TCP reset" in this firewall, unlike in firewall9, this option is set globally instead of setting it in the rule options " ro="False"> + <Firewall id="id3D4F0A55" host_OS="linux24" inactive="False" lastCompiled="1272404305" lastInstalled="1142003872" lastModified="1219534909" platform="iptables" version="1.2.9" name="firewall10" comment="testing rules with action-on-reject "TCP reset" in this firewall, unlike in firewall9, this option is set globally instead of setting it in the rule options " ro="False"> <NAT id="id3D4F0A56" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -14023,7 +14023,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3D94D4F8" host_OS="linux24" inactive="False" lastCompiled="1251648639" lastInstalled="1142003872" lastModified="1266172388" platform="iptables" version="" name="firewall11" comment="testing rules with broadcasts and multicasts and action-on-reject 'TCP reset'. This is BRIDGING FIREWALL Firewall is part of any is OFF Interfaces eth0 and eth1 are parts of the bridge; Interface eth2 is external interface (doing NAT and routing on this interface) Interface eth3 is connected to protected network and is used to manage firewall. This is rather realistic configuration for the bridging firewall " ro="False"> + <Firewall id="id3D94D4F8" host_OS="linux24" inactive="False" lastCompiled="1272404308" lastInstalled="1142003872" lastModified="1266172388" platform="iptables" version="" name="firewall11" comment="testing rules with broadcasts and multicasts and action-on-reject 'TCP reset'. This is BRIDGING FIREWALL Firewall is part of any is OFF Interfaces eth0 and eth1 are parts of the bridge; Interface eth2 is external interface (doing NAT and routing on this interface) Interface eth3 is connected to protected network and is used to manage firewall. This is rather realistic configuration for the bridging firewall " ro="False"> <NAT id="id3D94D4F9" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3E854D22" disabled="True" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -15158,7 +15158,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3DE68A18" host_OS="linux24" lastCompiled="1251648648" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall13" comment="Testing empty groups thing " ro="False"> + <Firewall id="id3DE68A18" host_OS="linux24" lastCompiled="1272404312" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall13" comment="Testing empty groups thing " ro="False"> <NAT id="id3DE68A19" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3DE68AFA" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -15338,7 +15338,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3DE71215" host_OS="linux24" lastCompiled="1251648652" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall14" comment="special configuration with overlapping subnets on external and dmz interfaces testing NAT rules (especially choice of interfaces for -o )" ro="False"> + <Firewall id="id3DE71215" host_OS="linux24" lastCompiled="1272404315" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall14" comment="special configuration with overlapping subnets on external and dmz interfaces testing NAT rules (especially choice of interfaces for -o )" ro="False"> <NAT id="id3DE71216" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3DE71217" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -15572,7 +15572,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3DE9128A" host_OS="linux24" lastCompiled="1251648655" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall15" comment="Testing "Accept TCP sessions opened prior to firewall restart flag" in combination with "Assume firewall is part of any" - both flags are OFF here" ro="False"> + <Firewall id="id3DE9128A" host_OS="linux24" lastCompiled="1272404317" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall15" comment="Testing "Accept TCP sessions opened prior to firewall restart flag" in combination with "Assume firewall is part of any" - both flags are OFF here" ro="False"> <NAT id="id3DE9128B" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -15696,7 +15696,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3E189481" host_OS="linux24" lastCompiled="1251648660" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="firewall16" comment="testing translation from outside to the web server on DMZ, need to see what happens if clients on internal net connect to the NATted address of this server. This is a kind of "NAT back to the same subnet" with a twist. This firewall also has option "local NAT" enabled. NAT rules 0,2-7 should generate code in the OUTPUT and POSTROUTING chains. " ro="False"> + <Firewall id="id3E189481" host_OS="linux24" lastCompiled="1272404320" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="firewall16" comment="testing translation from outside to the web server on DMZ, need to see what happens if clients on internal net connect to the NATted address of this server. This is a kind of "NAT back to the same subnet" with a twist. This firewall also has option "local NAT" enabled. NAT rules 0,2-7 should generate code in the OUTPUT and POSTROUTING chains. " ro="False"> <NAT id="id3E189482" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3E189483" disabled="False" position="0" action="Translate" comment="should generate code in both PREROUTING and OUTPUT chain because option "local NAT" is enabled"> <OSrc neg="False"> @@ -16130,7 +16130,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3E1C6B9C" host_OS="linux24" lastCompiled="1251648665" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall17" comment="doing SNAT with virtual addresses of two external interface " ro="False"> + <Firewall id="id3E1C6B9C" host_OS="linux24" lastCompiled="1272404323" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall17" comment="doing SNAT with virtual addresses of two external interface " ro="False"> <NAT id="id3E1C6B9D" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3E1C6B9E" disabled="False" position="0" action="Translate" comment="compiler should add "-o eth2""> <OSrc neg="False"> @@ -16446,7 +16446,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3EE4CB81" host_OS="linux24" lastCompiled="1251648670" lastInstalled="1142003872" lastModified="1142003885" platform="iptables" version="" name="firewall18" comment="this firewall translates outgoing connections using address of the particular interface (not external one). Also testing different cmbinations of objects in the policy rules on loopback interface. Finally, testing for a situation when dynamic interface "shades" a rule with old broadcast" ro="False"> + <Firewall id="id3EE4CB81" host_OS="linux24" lastCompiled="1272404326" lastInstalled="1142003872" lastModified="1142003885" platform="iptables" version="" name="firewall18" comment="this firewall translates outgoing connections using address of the particular interface (not external one). Also testing different cmbinations of objects in the policy rules on loopback interface. Finally, testing for a situation when dynamic interface "shades" a rule with old broadcast" ro="False"> <NAT id="id3EE4CB85" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3EE4CB98" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -16786,7 +16786,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id3EF7F809" host_OS="linux24" lastCompiled="1251648675" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall19" comment="testing different cmbinations of objects in the policy rules on loopback interface" ro="False"> + <Firewall id="id3EF7F809" host_OS="linux24" lastCompiled="1272404329" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall19" comment="testing different cmbinations of objects in the policy rules on loopback interface" ro="False"> <NAT id="id3EF7F80A" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -17171,7 +17171,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id3EFBC648" host_OS="linux24" inactive="False" lastCompiled="1247363964" lastInstalled="1142003872" lastModified="1264552656" platform="iptables" version="" name="firewall20" comment="testing firewall_is_part_of_any_and_networks also testing SNAT and DNAT rules when external interface has dynamic address dynamic interface ppp0 has an address object attached to it (interface used to be static and had an address, then got converted to dynamic but address object is still there). Compiler should ignore this address object and issue a warning. " ro="False"> + <Firewall id="id3EFBC648" host_OS="linux24" inactive="False" lastCompiled="1272404356" lastInstalled="1142003872" lastModified="1264552656" platform="iptables" version="" name="firewall20" comment="testing firewall_is_part_of_any_and_networks also testing SNAT and DNAT rules when external interface has dynamic address dynamic interface ppp0 has an address object attached to it (interface used to be static and had an address, then got converted to dynamic but address object is still there). Compiler should ignore this address object and issue a warning. " ro="False"> <NAT id="id3EFBC649" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3EFBC64A" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -17807,7 +17807,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id3F29FAAD" host_OS="linux24" lastCompiled="1247363973" lastInstalled="1142003872" lastModified="1264552320" platform="iptables" name="firewall21" comment="two dynamic interfaces in the same policy or NAT rule " ro="False"> + <Firewall id="id3F29FAAD" host_OS="linux24" lastCompiled="1272404361" lastInstalled="1142003872" lastModified="1264552320" platform="iptables" name="firewall21" comment="two dynamic interfaces in the same policy or NAT rule " ro="False"> <NAT id="id3F29FAAE" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id908101X71214" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -18125,7 +18125,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id3FADB89A" host_OS="linux24" lastCompiled="1247363977" lastInstalled="1142003872" lastModified="1142003913" platform="iptables" version="1.2.9" name="firewall22" comment="testing NAT rules using custom services " ro="False"> + <Firewall id="id3FADB89A" host_OS="linux24" lastCompiled="1272404367" lastInstalled="1142003872" lastModified="1142003913" platform="iptables" version="1.2.9" name="firewall22" comment="testing NAT rules using custom services " ro="False"> <NAT id="id3FADB89B" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id3FADBAA3" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -18327,7 +18327,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id3FB32E8E" host_OS="linux24" inactive="False" lastCompiled="1247363982" lastInstalled="1142003872" lastModified="1215123498" platform="iptables" version="" name="firewall23" comment=" This is BRIDGING FIREWALL " ro="False"> + <Firewall id="id3FB32E8E" host_OS="linux24" inactive="False" lastCompiled="1272404369" lastInstalled="1142003872" lastModified="1215123498" platform="iptables" version="" name="firewall23" comment=" This is BRIDGING FIREWALL " ro="False"> <NAT id="id3FB32E8F" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -18752,7 +18752,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id402B23A8" host_OS="linux24" lastCompiled="1247363994" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall24" comment="testing rules on unnumbered interface tun* " ro="False"> + <Firewall id="id402B23A8" host_OS="linux24" lastCompiled="1272404374" lastInstalled="1142003872" lastModified="0" platform="iptables" name="firewall24" comment="testing rules on unnumbered interface tun* " ro="False"> <NAT id="id402B23A9" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -19231,7 +19231,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id41528C2C" host_OS="linux24" lastCompiled="1247364275" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="rh90" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False"> + <Firewall id="id41528C2C" host_OS="linux24" lastCompiled="1272404591" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="rh90" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False"> <NAT id="id41528C52" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -19450,7 +19450,7 @@ <Option name="verify_interfaces">true</Option> </FirewallOptions> </Firewall> - <Firewall id="id417C680B" host_OS="linux24" inactive="False" lastCompiled="1247364001" lastInstalled="1142003872" lastModified="1272071699" platform="iptables" version="1.4.0" name="firewall25" comment="this firewall uses iptables-restore format. Firewall has wildcard interface ppp*; script is generated dynamically and then piped to iptables-restore two rule sets for the filter table, to make sure there is only one COMMIT for both" ro="False"> + <Firewall id="id417C680B" host_OS="linux24" inactive="False" lastCompiled="1272404379" lastInstalled="1142003872" lastModified="1272071699" platform="iptables" version="1.4.0" name="firewall25" comment="this firewall uses iptables-restore format. Firewall has wildcard interface ppp*; script is generated dynamically and then piped to iptables-restore two rule sets for the filter table, to make sure there is only one COMMIT for both" ro="False"> <NAT id="id417C688D" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id417C688E" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -20321,7 +20321,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id418C4609" host_OS="linux24" inactive="False" lastCompiled="1247364007" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="1.4.0" name="firewall26" comment="this firewall uses iptables-restore format One interface has dynamic address, script uses echo to generated iptables commands and then pipes them to iptables-restore" ro="False"> + <Firewall id="id418C4609" host_OS="linux24" inactive="False" lastCompiled="1272404382" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="1.4.0" name="firewall26" comment="this firewall uses iptables-restore format One interface has dynamic address, script uses echo to generated iptables commands and then pipes them to iptables-restore" ro="False"> <NAT id="id418C468B" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id418C468C" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -20865,7 +20865,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id4183D041" host_OS="linux24" inactive="False" lastCompiled="1247364014" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="1.4.0" name="firewall27" comment="this firewall uses iptables-restore format all interfaces have static addresses, script pipes iptables commands straight to iptables-restore" ro="False"> + <Firewall id="id4183D041" host_OS="linux24" inactive="False" lastCompiled="1272404385" lastInstalled="1142003872" lastModified="1264474374" platform="iptables" version="1.4.0" name="firewall27" comment="this firewall uses iptables-restore format all interfaces have static addresses, script pipes iptables commands straight to iptables-restore" ro="False"> <NAT id="id4183D0C3" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id4183D0C4" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -21602,7 +21602,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id41D2945B" host_OS="linux24" lastCompiled="1247364023" lastInstalled="1142003872" lastModified="1264045729" platform="iptables" version="" name="firewall29" comment="two dynamic interfaces in the same policy or NAT rule. Interfaces have a dot in their names " ro="False"> + <Firewall id="id41D2945B" host_OS="linux24" lastCompiled="1272404390" lastInstalled="1142003872" lastModified="1264045729" platform="iptables" version="" name="firewall29" comment="two dynamic interfaces in the same policy or NAT rule. Interfaces have a dot in their names " ro="False"> <NAT id="id41D29482" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id41D29483" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -21887,7 +21887,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id41F62B80" host_OS="linux24" lastCompiled="1247364034" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="firewall30" comment="testing shading of rules using MAC addresses" ro="False"> + <Firewall id="id41F62B80" host_OS="linux24" lastCompiled="1272404395" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="firewall30" comment="testing shading of rules using MAC addresses" ro="False"> <NAT id="id41F62BA4" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -22041,7 +22041,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id429910D5" host_OS="linux24" lastCompiled="1247364039" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="firewall31" comment="used to test time matching rules" ro="False"> + <Firewall id="id429910D5" host_OS="linux24" lastCompiled="1272404397" lastInstalled="1142003872" lastModified="0" platform="iptables" version="" name="firewall31" comment="used to test time matching rules" ro="False"> <NAT id="id429910DB" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -22273,7 +22273,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id43868A331434" host_OS="linux24" lastCompiled="1247364043" lastInstalled="1142003872" lastModified="1221975696" platform="iptables" version="" name="firewall32" comment="testing AddressTable" ro="False"> + <Firewall id="id43868A331434" host_OS="linux24" lastCompiled="1272404400" lastInstalled="1142003872" lastModified="1221975696" platform="iptables" version="" name="firewall32" comment="testing AddressTable" ro="False"> <NAT id="id43868A6D1434" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id43868A6E1434" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -22987,7 +22987,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id4389EDAE18346" host_OS="linux24" inactive="False" lastCompiled="1247364056" lastInstalled="1142003872" lastModified="1218859060" platform="iptables" version="" name="firewall34" comment="testing AddressTable object" ro="False"> + <Firewall id="id4389EDAE18346" host_OS="linux24" inactive="False" lastCompiled="1272404436" lastInstalled="1142003872" lastModified="1218859060" platform="iptables" version="" name="firewall34" comment="testing AddressTable object" ro="False"> <NAT id="id4389EE4818346" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id4389EEB018346" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="True"> @@ -23522,7 +23522,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id439254F225682" host_OS="linux24" inactive="False" lastCompiled="1247364062" lastInstalled="1142003872" lastModified="1270847973" platform="iptables" version="" name="firewall35" comment="testing AddressTable object like firewall34, but uses different script format" ro="False"> + <Firewall id="id439254F225682" host_OS="linux24" inactive="False" lastCompiled="1272404440" lastInstalled="1142003872" lastModified="1270847973" platform="iptables" version="" name="firewall35" comment="testing AddressTable object like firewall34, but uses different script format" ro="False"> <NAT id="id4392558E25682" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id4392558F25682" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="True"> @@ -23927,7 +23927,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id43A2BF7416451" host_OS="linux24" inactive="False" lastCompiled="1247364068" lastInstalled="1142003872" lastModified="1236314795" platform="iptables" version="" name="firewall36" comment=" testing routing rules - both actually routing and ROUTE target routing ruleset installs ECMP default" ro="False"> + <Firewall id="id43A2BF7416451" host_OS="linux24" inactive="False" lastCompiled="1272404443" lastInstalled="1142003872" lastModified="1236314795" platform="iptables" version="" name="firewall36" comment=" testing routing rules - both actually routing and ROUTE target routing ruleset installs ECMP default" ro="False"> <NAT id="id43A2C00E16451" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -26386,7 +26386,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id43BBF18E9745" host_OS="linux24" inactive="False" lastCompiled="1263405289" lastInstalled="1142003872" lastModified="1263410373" platform="iptables" version="1.3.0" name="firewall38" comment="testing TAG rules using iptables-restore " ro="False"> + <Firewall id="id43BBF18E9745" host_OS="linux24" inactive="False" lastCompiled="1272404487" lastInstalled="1142003872" lastModified="1263410373" platform="iptables" version="1.3.0" name="firewall38" comment="testing TAG rules using iptables-restore " ro="False"> <NAT id="id43BBF1E99745" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id43BBF1EA9745" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -26958,7 +26958,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id440C055614846" host_OS="linux24" inactive="False" lastCompiled="1247363988" lastInstalled="1142003872" lastModified="1265839725" platform="iptables" version="1.3.0" name="firewall23-1" comment=" This is BRIDGING FIREWALL Testing module physdev " ro="False"> + <Firewall id="id440C055614846" host_OS="linux24" inactive="False" lastCompiled="1272404372" lastInstalled="1142003872" lastModified="1265839725" platform="iptables" version="1.3.0" name="firewall23-1" comment=" This is BRIDGING FIREWALL Testing module physdev " ro="False"> <NAT id="id440C062B14846" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -27607,7 +27607,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id445DA2F330753" host_OS="linux24" inactive="False" lastCompiled="1247364127" lastInstalled="1146967632" lastModified="1208753886" platform="iptables" version="" name="firewall39" comment="testing branching rules normal script mode (not using iptables-restore)" ro="False"> + <Firewall id="id445DA2F330753" host_OS="linux24" inactive="False" lastCompiled="1272404497" lastInstalled="1146967632" lastModified="1208753886" platform="iptables" version="" name="firewall39" comment="testing branching rules normal script mode (not using iptables-restore)" ro="False"> <NAT id="id445DA35A30753" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id445DA35B30753" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -28726,7 +28726,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id4492FED324380" host_OS="linux24" inactive="False" lastCompiled="1247364140" lastInstalled="1142003872" lastModified="1221325413" platform="iptables" version="1.4.0" name="firewall40" comment=" more complex and realistic combination of Tag and Route rules " ro="False"> + <Firewall id="id4492FED324380" host_OS="linux24" inactive="False" lastCompiled="1272404504" lastInstalled="1142003872" lastModified="1221325413" platform="iptables" version="1.4.0" name="firewall40" comment=" more complex and realistic combination of Tag and Route rules " ro="False"> <NAT id="id4492FF2E24380" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id4492FF2F24380" disabled="False" position="0" action="Translate" comment="Translate source address for outgoing connections"> <OSrc neg="False"> @@ -29306,7 +29306,7 @@ <Option name="verify_interfaces">true</Option> </FirewallOptions> </Firewall> - <Firewall id="id4513DEA62143" host_OS="linux24" inactive="False" lastCompiled="1272163661" lastInstalled="0" lastModified="1256245133" platform="iptables" version="" name="test-shadowing-1" comment="testing shadowing detection compiler runs with -xt flag firewall is assumed to be part of any" ro="False"> + <Firewall id="id4513DEA62143" host_OS="linux24" inactive="False" lastCompiled="1272404594" lastInstalled="0" lastModified="1256245133" platform="iptables" version="" name="test-shadowing-1" comment="testing shadowing detection compiler runs with -xt flag firewall is assumed to be part of any" ro="False"> <NAT id="id4513DEAA2143" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -29617,7 +29617,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id451488C42143" host_OS="linux24" inactive="False" lastCompiled="1272162676" lastInstalled="0" lastModified="1272160512" platform="iptables" version="" name="test-shadowing-2" comment="testing shadowing detection compiler runs with -xt flag firewall is NOT assumed to be part of any" ro="False"> + <Firewall id="id451488C42143" host_OS="linux24" inactive="False" lastCompiled="1272404596" lastInstalled="0" lastModified="1272160512" platform="iptables" version="" name="test-shadowing-2" comment="testing shadowing detection compiler runs with -xt flag firewall is NOT assumed to be part of any" ro="False"> <NAT id="id451489072143" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -29868,7 +29868,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id45AB5A2C25451" host_OS="linux24" inactive="False" lastCompiled="1247364097" lastInstalled="1142003872" lastModified="1221325256" platform="iptables" version="" name="firewall37-1" comment="testing TAG and CLASSIFY rules same as firewall37 except rules are made to be terminating" ro="False"> + <Firewall id="id45AB5A2C25451" host_OS="linux24" inactive="False" lastCompiled="1272404483" lastInstalled="1142003872" lastModified="1221325256" platform="iptables" version="" name="firewall37-1" comment="testing TAG and CLASSIFY rules same as firewall37 except rules are made to be terminating" ro="False"> <NAT id="id45AB5C5225451" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <NATRule id="id45AB5C5325451" disabled="False" position="0" action="Translate" comment=""> <OSrc neg="False"> @@ -31097,7 +31097,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id46EFBD7031183" host_OS="linux24" inactive="False" lastCompiled="1247364151" lastInstalled="1142003872" lastModified="1190091778" platform="iptables" version="" name="firewall42" comment="simple test for a rule that matches local broadcast and should go into INPUT chain, but internal interface of the firewall is dynamic so compiler can not determine that given address is broadcast. Using fake interface to make this address match. " ro="False"> + <Firewall id="id46EFBD7031183" host_OS="linux24" inactive="False" lastCompiled="1272404508" lastInstalled="1142003872" lastModified="1190091778" platform="iptables" version="" name="firewall42" comment="simple test for a rule that matches local broadcast and should go into INPUT chain, but internal interface of the firewall is dynamic so compiler can not determine that given address is broadcast. Using fake interface to make this address match. " ro="False"> <NAT id="id46EFBE3731183" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -31301,7 +31301,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id47339E9919714" host_OS="linux24" inactive="False" lastCompiled="1247364163" lastInstalled="1142003872" lastModified="1194539763" platform="iptables" version="" name="firewall50" comment="testing action 'Continue' " ro="False"> + <Firewall id="id47339E9919714" host_OS="linux24" inactive="False" lastCompiled="1272404514" lastInstalled="1142003872" lastModified="1194539763" platform="iptables" version="" name="firewall50" comment="testing action 'Continue' " ro="False"> <NAT id="id47339EDC19714" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -31546,7 +31546,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id4833F62B6131" host_OS="linux24" inactive="False" lastCompiled="1260831611" lastInstalled="0" lastModified="1260831598" platform="iptables" version="" name="firewall-ipv6-1" comment="Using ULOG globally, but ipv6 rules should fall back to LOG because there is no ULOG for ip6tables yet Bug 2141911 " ro="False"> + <Firewall id="id4833F62B6131" host_OS="linux24" inactive="False" lastCompiled="1272404003" lastInstalled="0" lastModified="1260831598" platform="iptables" version="" name="firewall-ipv6-1" comment="Using ULOG globally, but ipv6 rules should fall back to LOG because there is no ULOG for ip6tables yet Bug 2141911 " ro="False"> <NAT id="id4833F62F6131" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -32365,7 +32365,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id4844C0A114522" host_OS="linux24" inactive="False" lastCompiled="1247364185" lastInstalled="0" lastModified="1212443911" platform="iptables" version="" name="firewall60" comment="testing time litmiting for iptables < 1.4.0 " ro="False"> + <Firewall id="id4844C0A114522" host_OS="linux24" inactive="False" lastCompiled="1272404525" lastInstalled="0" lastModified="1212443911" platform="iptables" version="" name="firewall60" comment="testing time litmiting for iptables < 1.4.0 " ro="False"> <NAT id="id4844C0A514522" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -32570,7 +32570,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id4845077415791" host_OS="linux24" inactive="False" lastCompiled="1267483893" lastInstalled="0" lastModified="1230686952" platform="iptables" version="1.4.0" name="firewall61-1.4" comment="testing time litmiting for iptables 1.4.0 " ro="False"> + <Firewall id="id4845077415791" host_OS="linux24" inactive="False" lastCompiled="1272404540" lastInstalled="0" lastModified="1230686952" platform="iptables" version="1.4.0" name="firewall61-1.4" comment="testing time litmiting for iptables 1.4.0 " ro="False"> <NAT id="id484507B715791" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -32767,7 +32767,7 @@ <Option name="verify_interfaces">True</Option> </FirewallOptions> </Firewall> - <Firewall id="id4848A4294626" host_OS="linux24" inactive="False" lastCompiled="1251648541" lastInstalled="1142003872" lastModified="1235665840" platform="iptables" version="" name="firewall-base-rulesets" comment="this firewall is used to test a rule in the global policy of object "firewall" " ro="False"> + <Firewall id="id4848A4294626" host_OS="linux24" inactive="False" lastCompiled="1272403939" lastInstalled="1142003872" lastModified="1235665840" platform="iptables" version="" name="firewall-base-rulesets" comment="this firewall is used to test a rule in the global policy of object "firewall" " ro="False"> <NAT id="id4848A4304626" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -33098,7 +33098,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id484A05C44626" host_OS="linux24" inactive="False" lastCompiled="1247364172" lastInstalled="1142003872" lastModified="1235665873" platform="iptables" version="" name="firewall51" comment="testing branching rules that point at rule sets defined in object firewall-base-rulesets" ro="False"> + <Firewall id="id484A05C44626" host_OS="linux24" inactive="False" lastCompiled="1272404520" lastInstalled="1142003872" lastModified="1235665873" platform="iptables" version="" name="firewall51" comment="testing branching rules that point at rule sets defined in object firewall-base-rulesets" ro="False"> <NAT id="id484A06174626" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSetOptions/> </NAT> @@ -33482,7 +33482,7 @@ <Option name="verify_interfaces">False</Option> </FirewallOptions> </Firewall> - <Firewall id="id4848F19020246" host_OS="linux24" inactive="False" lastCompiled="1247364224" lastInstalled="0" lastModified="1224814681" platform="iptables" version="1.4.0" name="firewall62" comment="testing rules using UserService object Note that iptables does not allow entering iptables command that tries to match using module 'owner' in any chain other than OUTPUT. This includes user defined chains too (it checks how control passes to user defined chain and blocks command if it appears that user defined chain gets control not from OUTPUT) " ro="False"> + <Firewall id="id4848F19020246" host_OS="linux24" inactive="False" lastCompiled="1272404543" lastInstalled="0" lastModified="1224814681" platform="iptables" version="1.4.0" name="firewall62" comment="testing rules using UserService object Note that iptables does not allow entering iptables command that tries to match using module 'owner' in any chain other than OUTPUT. This includes user defined chains too (it checks how control passes to user defined chain and blocks command if it appears that user defined chain gets control not from OUTPUT) " ro="False"> <NAT id="id4848F1D320246" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"> <RuleSe... [truncated message content] |