[fwbuilder-commits] [SCM] Firewall Builder GUI and Policy Compilers Open Source Code branch, develo
Brought to you by:
mikehorn
From: <gi...@ir...> - 2011-03-31 19:29:18
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Firewall Builder GUI and Policy Compilers Open Source Code". The branch, development has been updated via 46cf58e1ff3cf186b701aad215122c405262dee3 (commit) from 01e45b8915666fdb4314dd657dfa1ea28eb858fd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 46cf58e1ff3cf186b701aad215122c405262dee3 Author: Vadim Kurland <va...@sl...> Date: Thu Mar 31 12:40:29 2011 -0700 fixes #2296 added line numbers in front of importer progress log lines diff --git a/src/import/Importer.cpp b/src/import/Importer.cpp index bf1ad5e..31931d0 100644 --- a/src/import/Importer.cpp +++ b/src/import/Importer.cpp @@ -865,12 +865,13 @@ QString Importer::commonFailureErrorMessage() void Importer::addMessageToLog(const std::string &msg) { - *logger << msg + "\n"; + addMessageToLog(QString::fromUtf8(msg.c_str())); } void Importer::addMessageToLog(const QString &msg) { - addMessageToLog(msg.toStdString()); + QString log_line("%1: %2\n"); + *logger << log_line.arg(getCurrentLineNumber()).arg(msg).toUtf8().constData(); } void Importer::addStandardImportComment(FWObject *obj, diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.0.output b/src/unit_tests/PIXImporterTest/test_data/asa8.0.output index 4eca1a2..f641fe0 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.0.output +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.0.output @@ -1,55 +1,55 @@ -Version: 8.0 -Host name: pixfirewall -Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time -New interface: Ethernet0 -Interface parameters: inside -Interface label: inside -Interface address: 192.168.2.221/255.255.255.0 -New interface: Ethernet1 -Interface parameters: outside -Interface label: outside -Interface address: 192.0.2.221/255.255.255.0 -New interface: Ethernet2 +3: Version: 8.0 +5: Host name: pixfirewall +7: Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time +9: New interface: Ethernet0 +9: Interface parameters: inside +9: Interface label: inside +11: Interface address: 192.168.2.221/255.255.255.0 +14: New interface: Ethernet1 +14: Interface parameters: outside +14: Interface label: outside +16: Interface address: 192.0.2.221/255.255.255.0 +19: New interface: Ethernet2 Warning: interface Ethernet2 was not imported because it is in "shutdown" mode -New interface: Ethernet3 +25: New interface: Ethernet3 Warning: interface Ethernet3 was not imported because it is in "shutdown" mode -New interface: Ethernet4 +31: New interface: Ethernet4 Warning: interface Ethernet4 was not imported because it is in "shutdown" mode -Object Group (network) net-1 -Object Group (network) net-2 -Object Group (network) host-1 -Object Group (network) mixed-1 -Object Group (network) host-2 -Object Group (service) tcp-1 -Object Group (service) mixed-service-1 -Object Group (service) service-ranges -Object Group (icmp) icmp-1 -Object Group (icmp) icmp-2 -Object Group (icmp) icmp-3 -Object Group (protocol) protocol-1 -Object Group (protocol) proto-icmp -Object Group (protocol) proto-icmp6 -Parser warning: IPv6 import is not supported. -Object Group (protocol) proto-ip -Object Group (protocol) proto-ipsec -Object Group (protocol) proto-pptp -Object Group (protocol) proto-snp -Object Group (protocol) proto-tcp -Object Group (protocol) proto-udp -Interface Ethernet1 ruleset icmp_commands_outside direction 'in' -Interface Ethernet1 ruleset icmp_commands_outside direction 'in' -Interface Ethernet1 ruleset icmp_commands_outside direction 'in' -Interface Ethernet1 ruleset icmp_commands_outside direction 'in' -Interface Ethernet1 ruleset icmp_commands_outside direction 'in' -Interface Ethernet1 ruleset icmp_commands_outside direction 'in' -Interface Ethernet0 ruleset icmp_commands_inside direction 'in' -Interface Ethernet0 ruleset icmp_commands_inside direction 'in' -Interface Ethernet0 ruleset icmp_commands_inside direction 'in' -Interface Ethernet0 ruleset icmp_commands_inside direction 'in' -Interface Ethernet0 ruleset icmp_commands_inside direction 'in' -Interface Ethernet0 ruleset icmp_commands_inside direction 'in' -Interface Ethernet0 ruleset icmp_commands_inside direction 'in' -Interface Ethernet0 ruleset icmp_commands_inside direction 'in' -Interface Ethernet0 ruleset icmp_commands_inside direction 'in' -Interface Ethernet0 ruleset telnet_commands_inside direction 'in' -Interface Ethernet0 ruleset ssh_commands_inside direction 'in' +39: Object Group (network) net-1 +42: Object Group (network) net-2 +47: Object Group (network) host-1 +49: Object Group (network) mixed-1 +55: Object Group (network) host-2 +58: Object Group (service) tcp-1 +60: Object Group (service) mixed-service-1 +66: Object Group (service) service-ranges +75: Object Group (icmp) icmp-1 +77: Object Group (icmp) icmp-2 +82: Object Group (icmp) icmp-3 +83: Object Group (protocol) protocol-1 +87: Object Group (protocol) proto-icmp +89: Object Group (protocol) proto-icmp6 +90: Parser warning: IPv6 import is not supported. +91: Object Group (protocol) proto-ip +93: Object Group (protocol) proto-ipsec +95: Object Group (protocol) proto-pptp +97: Object Group (protocol) proto-snp +99: Object Group (protocol) proto-tcp +101: Object Group (protocol) proto-udp +108: Interface Ethernet1 ruleset icmp_commands_outside direction 'in' +109: Interface Ethernet1 ruleset icmp_commands_outside direction 'in' +110: Interface Ethernet1 ruleset icmp_commands_outside direction 'in' +111: Interface Ethernet1 ruleset icmp_commands_outside direction 'in' +112: Interface Ethernet1 ruleset icmp_commands_outside direction 'in' +113: Interface Ethernet1 ruleset icmp_commands_outside direction 'in' +114: Interface Ethernet0 ruleset icmp_commands_inside direction 'in' +115: Interface Ethernet0 ruleset icmp_commands_inside direction 'in' +116: Interface Ethernet0 ruleset icmp_commands_inside direction 'in' +117: Interface Ethernet0 ruleset icmp_commands_inside direction 'in' +118: Interface Ethernet0 ruleset icmp_commands_inside direction 'in' +119: Interface Ethernet0 ruleset icmp_commands_inside direction 'in' +120: Interface Ethernet0 ruleset icmp_commands_inside direction 'in' +121: Interface Ethernet0 ruleset icmp_commands_inside direction 'in' +122: Interface Ethernet0 ruleset icmp_commands_inside direction 'in' +135: Interface Ethernet0 ruleset telnet_commands_inside direction 'in' +137: Interface Ethernet0 ruleset ssh_commands_inside direction 'in' diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl-object-groups.output b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl-object-groups.output index f75184d..23cd2f6 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl-object-groups.output +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl-object-groups.output @@ -1,23 +1,23 @@ -Version: 8.3 -Host name: asa5505 -New interface: Vlan1 -Interface parameters: inside -Interface label: inside -Interface address: 192.168.1.1/255.255.255.0 -New interface: Vlan2 -Interface parameters: outside -Interface label: outside -Interface address: dhcp/ -New interface: Ethernet0/0 -Interface comment: Switch port 0 / 0 -Named object (service) http.0 -Named object (service) https.0 -Named object (address) server-1.0 -Named object (address) Internal_net.0 -Named object (address) external_net.0 -Object Group (service) srv-group-1 -Named object (service) ip2 -Object Group (protocol) pg1 -Object Group (network) src-network-group-1 -Object Group (network) dst-network-group-1 -Interface Vlan1 ruleset inside_in direction 'in' +3: Version: 8.3 +5: Host name: asa5505 +8: New interface: Vlan1 +8: Interface parameters: inside +8: Interface label: inside +10: Interface address: 192.168.1.1/255.255.255.0 +14: New interface: Vlan2 +14: Interface parameters: outside +14: Interface label: outside +16: Interface address: dhcp/ +20: New interface: Ethernet0/0 +20: Interface comment: Switch port 0 / 0 +77: Named object (service) http.0 +81: Named object (service) https.0 +85: Named object (address) server-1.0 +89: Named object (address) Internal_net.0 +93: Named object (address) external_net.0 +96: Object Group (service) srv-group-1 +101: Named object (service) ip2 +104: Object Group (protocol) pg1 +110: Object Group (network) src-network-group-1 +114: Object Group (network) dst-network-group-1 +199: Interface Vlan1 ruleset inside_in direction 'in' diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.output b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.output index 85932b4..33964f8 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.output +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.output @@ -1,28 +1,28 @@ -Version: 8.3 -Host name: asa5505 -New interface: Vlan1 -Interface parameters: inside -Interface label: inside -Interface address: 192.168.1.1/255.255.255.0 -New interface: Vlan2 -Interface parameters: outside -Interface label: outside -Interface address: dhcp/ -New interface: Ethernet0/0 -Interface comment: Switch port 0 / 0 -Named object (service) http.0 -Named object (service) https.0 -Named object (address) server-1.0 -Named object (address) Internal_net.0 -Named object (address) external_net.0 -Object Group (service) id5102X14531.srv.tcp.0 -Named object (service) ip2 -Object Group (protocol) pg1 -Object Group (network) src-network-group-1 -Object Group (network) dst-network-group-1 -Rule comment: 0 ( global ) -Rule comment: 3 ( global ) -Interface Vlan1 ruleset inside_in direction 'in' -Interface Vlan1 ruleset inside_out direction 'out' -Interface Vlan2 ruleset outside_in direction 'in' -Interface Vlan2 ruleset outside_out direction 'out' +3: Version: 8.3 +5: Host name: asa5505 +8: New interface: Vlan1 +8: Interface parameters: inside +8: Interface label: inside +10: Interface address: 192.168.1.1/255.255.255.0 +14: New interface: Vlan2 +14: Interface parameters: outside +14: Interface label: outside +16: Interface address: dhcp/ +20: New interface: Ethernet0/0 +20: Interface comment: Switch port 0 / 0 +77: Named object (service) http.0 +81: Named object (service) https.0 +85: Named object (address) server-1.0 +89: Named object (address) Internal_net.0 +93: Named object (address) external_net.0 +96: Object Group (service) id5102X14531.srv.tcp.0 +101: Named object (service) ip2 +104: Object Group (protocol) pg1 +110: Object Group (network) src-network-group-1 +114: Object Group (network) dst-network-group-1 +123: Rule comment: 0 ( global ) +151: Rule comment: 3 ( global ) +224: Interface Vlan1 ruleset inside_in direction 'in' +225: Interface Vlan1 ruleset inside_out direction 'out' +226: Interface Vlan2 ruleset outside_in direction 'in' +227: Interface Vlan2 ruleset outside_out direction 'out' diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.output b/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.output index 29d50d9..3168260 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.output +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.output @@ -1,108 +1,108 @@ -Version: 8.3 -Host name: asa5505 -New interface: Vlan1 -Interface comment: inside interface -Interface parameters: inside -Interface label: inside -Interface address: dhcp/ -New interface: Vlan2 -Interface comment: outside interface -Interface parameters: outside -Interface label: outside -Interface address: 192.168.2.1/255.255.255.0 -New interface: Ethernet0/0 -Interface comment: Switch port 0 / 0 -Switch port vlan 2 -Named object (address) internal_subnet_1 -Named object (address) internal_subnet_2 -Named object (address) internal_subnet_3 -Named object (address) internal_subnet_4 -Named object (address) Internal_net -Named object (address) outside_range-1 -Named object (address) range_1 -Named object (address) firewall90:FastEthernet1:ip-1 -Named object (address) hostA:eth0 -Named object (address) spamhost1 -Named object (address) spamhost2 -Named object (address) external_gw2 -Named object (address) my-range-obj -Named object (address) my-inside-net -Parser warning: Import of named objects with "nat" command is not supported at this time -Named object (address) ipv6-host-object-1 -Parser warning: IPv6 import is not supported. -Named object (address) ipv6-network-object-1 -Parser warning: IPv6 import is not supported. -Named object (address) ipv6-host-object-3 -Parser warning: IPv6 import is not supported. -Named object (address) ipv6-host-object-3 -Parser warning: IPv6 import is not supported. -Named object (address) dummy-address -Named object (address) internal_subnet_5 -Named object (address) dummy-address-1 -Named object (address) internal_subnet_6 -Named object (address) ipv6-host-object-2 -Parser warning: IPv6 import is not supported. -Named object (address) host-1 -Named object (service) smtp -Named object (service) http -Named object (service) squid -Named object (service) smtps -Named object (service) icmp1 -Named object (service) icmp2 -Named object (service) ip5 -Named object (service) tcp-src-1 -Named object (service) tcp-src-2 -Named object (service) tcp-src-3 -Named object (service) tcp-src-4 -Named object (service) tcp-src-5 -Named object (service) tcp-dst-1 -Named object (service) tcp-dst-2 -Named object (service) tcp-dst-3 -Named object (service) tcp-dst-4 -Named object (service) tcp-dst-5 -Named object (service) tcp-src-dst-1 -Named object (service) tcp-src-dst-2 -Named object (service) tcp-src-dst-3 -Named object (service) tcp-src-dst-4 -Named object (service) tcp-src-dst-5 -Named object (service) udp-src-1 -Named object (service) udp-src-2 -Named object (service) udp-src-3 -Named object (service) udp-src-4 -Named object (service) udp-src-5 -Named object (service) udp-dst-1 -Named object (service) udp-dst-2 -Named object (service) udp-dst-3 -Named object (service) udp-dst-4 -Named object (service) udp-dst-5 -Named object (service) ip1 -Named object (service) ip2 -Named object (service) icmp6-1 -Parser warning: Import of IPv6 addresses and servcies is not supported at this time -Named object (service) ip3 -Parser warning: Unknown service name some_weird_protocol -Named object (service) ip4 -Object Group (network) outside.id178211X29963.osrc.net.0 -Object Group (network) outside.id21353X4994.osrc.net.0 -Object Group (network) outside.id77971X5929.osrc.net.1 -Object Group (network) outside.id77971X5929.odst.net.1 -Object Group (network) outside.id77971X5929.tsrc.net.1 -Object Group (network) outside.id77971X5929.osrc.net.0 -Object Group (network) outside.id77971X5929.odst.net.0 -Object Group (network) outside.id77971X5929.tsrc.net.0 -Object Group (service) outside.id77971X5929.osrv.1 -Object Group (service) sg1 -Object Group (service) sg2 -Object Group (service) sg3 -Object Group (service) sg4 -Object Group (service) sg5 -Object Group (service) combo-group-1 -Object Group (service) neq-group-2 -Object Group (protocol) pg1 -Object Group (protocol) pg2 -Object Group (icmp) ig1 -Object Group (icmp) ig2 -Object Group (icmp) ig3 -Object Group (service) id5102X14531.srv.tcp.0 -Object Group (service) tcp-udp-1 -Interface Vlan1 ruleset inside_in direction 'in' +3: Version: 8.3 +5: Host name: asa5505 +7: New interface: Vlan1 +7: Interface comment: inside interface +8: Interface parameters: inside +8: Interface label: inside +10: Interface address: dhcp/ +13: New interface: Vlan2 +13: Interface comment: outside interface +14: Interface parameters: outside +14: Interface label: outside +16: Interface address: 192.168.2.1/255.255.255.0 +19: New interface: Ethernet0/0 +19: Interface comment: Switch port 0 / 0 +20: Switch port vlan 2 +25: Named object (address) internal_subnet_1 +28: Named object (address) internal_subnet_2 +32: Named object (address) internal_subnet_3 +36: Named object (address) internal_subnet_4 +39: Named object (address) Internal_net +41: Named object (address) outside_range-1 +43: Named object (address) range_1 +45: Named object (address) firewall90:FastEthernet1:ip-1 +47: Named object (address) hostA:eth0 +49: Named object (address) spamhost1 +51: Named object (address) spamhost2 +53: Named object (address) external_gw2 +58: Named object (address) my-range-obj +60: Named object (address) my-inside-net +61: Parser warning: Import of named objects with "nat" command is not supported at this time +67: Named object (address) ipv6-host-object-1 +68: Parser warning: IPv6 import is not supported. +70: Named object (address) ipv6-network-object-1 +71: Parser warning: IPv6 import is not supported. +73: Named object (address) ipv6-host-object-3 +74: Parser warning: IPv6 import is not supported. +76: Named object (address) ipv6-host-object-3 +77: Parser warning: IPv6 import is not supported. +81: Named object (address) dummy-address +84: Named object (address) internal_subnet_5 +88: Named object (address) dummy-address-1 +89: Named object (address) internal_subnet_6 +92: Named object (address) ipv6-host-object-2 +93: Parser warning: IPv6 import is not supported. +95: Named object (address) host-1 +99: Named object (service) smtp +101: Named object (service) http +103: Named object (service) squid +105: Named object (service) smtps +108: Named object (service) icmp1 +110: Named object (service) icmp2 +112: Named object (service) ip5 +116: Named object (service) tcp-src-1 +118: Named object (service) tcp-src-2 +120: Named object (service) tcp-src-3 +122: Named object (service) tcp-src-4 +124: Named object (service) tcp-src-5 +127: Named object (service) tcp-dst-1 +129: Named object (service) tcp-dst-2 +131: Named object (service) tcp-dst-3 +133: Named object (service) tcp-dst-4 +135: Named object (service) tcp-dst-5 +139: Named object (service) tcp-src-dst-1 +141: Named object (service) tcp-src-dst-2 +143: Named object (service) tcp-src-dst-3 +145: Named object (service) tcp-src-dst-4 +147: Named object (service) tcp-src-dst-5 +151: Named object (service) udp-src-1 +153: Named object (service) udp-src-2 +155: Named object (service) udp-src-3 +157: Named object (service) udp-src-4 +159: Named object (service) udp-src-5 +162: Named object (service) udp-dst-1 +164: Named object (service) udp-dst-2 +166: Named object (service) udp-dst-3 +168: Named object (service) udp-dst-4 +170: Named object (service) udp-dst-5 +174: Named object (service) ip1 +176: Named object (service) ip2 +178: Named object (service) icmp6-1 +179: Parser warning: Import of IPv6 addresses and servcies is not supported at this time +182: Named object (service) ip3 +183: Parser warning: Unknown service name some_weird_protocol +187: Named object (service) ip4 +190: Object Group (network) outside.id178211X29963.osrc.net.0 +193: Object Group (network) outside.id21353X4994.osrc.net.0 +197: Object Group (network) outside.id77971X5929.osrc.net.1 +200: Object Group (network) outside.id77971X5929.odst.net.1 +203: Object Group (network) outside.id77971X5929.tsrc.net.1 +206: Object Group (network) outside.id77971X5929.osrc.net.0 +209: Object Group (network) outside.id77971X5929.odst.net.0 +212: Object Group (network) outside.id77971X5929.tsrc.net.0 +216: Object Group (service) outside.id77971X5929.osrv.1 +220: Object Group (service) sg1 +225: Object Group (service) sg2 +229: Object Group (service) sg3 +235: Object Group (service) sg4 +240: Object Group (service) sg5 +251: Object Group (service) combo-group-1 +255: Object Group (service) neq-group-2 +271: Object Group (protocol) pg1 +276: Object Group (protocol) pg2 +281: Object Group (icmp) ig1 +284: Object Group (icmp) ig2 +287: Object Group (icmp) ig3 +293: Object Group (service) id5102X14531.srv.tcp.0 +298: Object Group (service) tcp-udp-1 +302: Interface Vlan1 ruleset inside_in direction 'in' diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3.output b/src/unit_tests/PIXImporterTest/test_data/asa8.3.output index f42baca..167f5c0 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3.output +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3.output @@ -1,41 +1,41 @@ -Version: 8.3 -Host name: asa5505 -Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time -Name 1.2.3.4 gw -Name 192.168.3.0 fake_network -Name 192.168.4.1 inside_ip -Parser warning: IPv6 import is not supported. -New interface: Vlan1 -Interface comment: inside interface -Interface parameters: inside -Interface label: inside -Interface address: dhcp/ -New interface: Vlan2 -Interface comment: outside interface -Interface parameters: outside -Interface label: outside -Interface address: 192.168.2.1/255.255.255.0 -New interface: Ethernet0/0 -Interface comment: Switch port 0 / 0 -Switch port vlan 2 -New interface: Vlan2020 -New interface: Ethernet0/1 +3: Version: 8.3 +5: Host name: asa5505 +8: Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time +9: Name 1.2.3.4 gw +10: Name 192.168.3.0 fake_network +11: Name 192.168.4.1 inside_ip +11: Parser warning: IPv6 import is not supported. +14: New interface: Vlan1 +14: Interface comment: inside interface +15: Interface parameters: inside +15: Interface label: inside +17: Interface address: dhcp/ +20: New interface: Vlan2 +20: Interface comment: outside interface +21: Interface parameters: outside +21: Interface label: outside +23: Interface address: 192.168.2.1/255.255.255.0 +26: New interface: Ethernet0/0 +26: Interface comment: Switch port 0 / 0 +27: Switch port vlan 2 +30: New interface: Vlan2020 +35: New interface: Ethernet0/1 Warning: interface Ethernet0/1 was not imported because it is in "shutdown" mode -New interface: Ethernet0/2 +37: New interface: Ethernet0/2 Warning: interface Ethernet0/2 was not imported because it is in "shutdown" mode -New interface: Ethernet0/3 +39: New interface: Ethernet0/3 Warning: interface Ethernet0/3 was not imported because it is in "shutdown" mode -New interface: Ethernet0/4 +41: New interface: Ethernet0/4 Warning: interface Ethernet0/4 was not imported because it is in "shutdown" mode -New interface: Ethernet0/5 +43: New interface: Ethernet0/5 Warning: interface Ethernet0/5 was not imported because it is in "shutdown" mode -New interface: Ethernet0/6 +45: New interface: Ethernet0/6 Warning: interface Ethernet0/6 was not imported because it is in "shutdown" mode -New interface: Ethernet0/7 +47: New interface: Ethernet0/7 Warning: interface Ethernet0/7 was not imported because it is in "shutdown" mode -Named object (address) internal_subnet_1 -Named object (address) internal_subnet_2 -Named object (address) Internal_net -Named object (address) hostA:eth0 -Interface Vlan1 ruleset ssh_commands_inside direction 'in' -Interface Vlan1 ruleset ssh_commands_inside direction 'in' +53: Named object (address) internal_subnet_1 +56: Named object (address) internal_subnet_2 +59: Named object (address) Internal_net +61: Named object (address) hostA:eth0 +92: Interface Vlan1 ruleset ssh_commands_inside direction 'in' +93: Interface Vlan1 ruleset ssh_commands_inside direction 'in' diff --git a/src/unit_tests/PIXImporterTest/test_data/pix6.output b/src/unit_tests/PIXImporterTest/test_data/pix6.output index 264af69..16a1097 100644 --- a/src/unit_tests/PIXImporterTest/test_data/pix6.output +++ b/src/unit_tests/PIXImporterTest/test_data/pix6.output @@ -1,56 +1,56 @@ -Version: 6.3 -New interface: ethernet0 -New interface: ethernet1 -Interface parameters: ethernet0 outside security0 -Interface parameters: ethernet1 inside security100 -Host name: guardian -Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time -Object Group (icmp) inside.id12349X2458.srv.icmp.0 -Object Group (icmp) outside.id12363X2458.srv.icmp.0 -Object Group (service) outside.id12376X2458.srv.udp.0 -Object Group (service) outside.id12438X2458.srv.tcp.0 -Object Group (service) outside.id12466X2458.srv.tcp.0 -Rule comment: 0 ( ethernet0 ) -Rule comment: 3 ( global ) -Rule comment: 4 ( global ) -Rule comment: fw uses DHCP -Rule comment: plus many DHCP requests -Rule comment: from cable modem -Rule comment: 6 ( global ) -Rule comment: 7 ( global ) -Rule comment: 10 ( global ) -Rule comment: using swatch to automatically -Rule comment: block probing ssh connections , so no -Rule comment: need to limit -Rule comment: 11 ( global ) -Rule comment: 17 ( global ) -Rule comment: 19 ( global ) -Rule comment: ' catch all' rule -Rule comment: 1 ( global ) -Rule comment: 5 ( global ) -Rule comment: 6 ( global ) -Rule comment: 7 ( global ) -Rule comment: 17 ( global ) -Rule comment: 18 ( global ) -Rule comment: 19 ( global ) -Rule comment: ' catch all' rule -Interface ethernet0 ruleset outside_acl_in direction 'in' -Interface ethernet1 ruleset inside_acl_in direction 'in' -Interface ethernet0 ruleset icmp_commands_outside direction 'in' -Interface ethernet0 ruleset icmp_commands_outside direction 'in' -Interface ethernet0 ruleset icmp_commands_outside direction 'in' -Interface ethernet0 ruleset icmp_commands_outside direction 'in' -Interface ethernet0 ruleset icmp_commands_outside direction 'in' -Interface ethernet0 ruleset icmp_commands_outside direction 'in' -Interface ethernet1 ruleset icmp_commands_inside direction 'in' -Interface ethernet1 ruleset icmp_commands_inside direction 'in' -Interface ethernet1 ruleset icmp_commands_inside direction 'in' -Interface ethernet1 ruleset icmp_commands_inside direction 'in' -Interface ethernet1 ruleset icmp_commands_inside direction 'in' -Interface ethernet1 ruleset icmp_commands_inside direction 'in' -Interface ethernet1 ruleset icmp_commands_inside direction 'in' -Interface ethernet1 ruleset icmp_commands_inside direction 'in' -Interface ethernet1 ruleset icmp_commands_inside direction 'in' -Interface ethernet1 ruleset telnet_commands_inside direction 'in' -Interface ethernet1 ruleset ssh_commands_inside direction 'in' -Interface ethernet1 ruleset ssh_commands_inside direction 'in' +3: Version: 6.3 +4: New interface: ethernet0 +5: New interface: ethernet1 +5: Interface parameters: ethernet0 outside security0 +5: Interface parameters: ethernet1 inside security100 +10: Host name: guardian +33: Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time +34: Object Group (icmp) inside.id12349X2458.srv.icmp.0 +38: Object Group (icmp) outside.id12363X2458.srv.icmp.0 +43: Object Group (service) outside.id12376X2458.srv.udp.0 +46: Object Group (service) outside.id12438X2458.srv.tcp.0 +49: Object Group (service) outside.id12466X2458.srv.tcp.0 +52: Rule comment: 0 ( ethernet0 ) +55: Rule comment: 3 ( global ) +58: Rule comment: 4 ( global ) +59: Rule comment: fw uses DHCP +60: Rule comment: plus many DHCP requests +61: Rule comment: from cable modem +64: Rule comment: 6 ( global ) +66: Rule comment: 7 ( global ) +68: Rule comment: 10 ( global ) +69: Rule comment: using swatch to automatically +70: Rule comment: block probing ssh connections , so no +71: Rule comment: need to limit +75: Rule comment: 11 ( global ) +79: Rule comment: 17 ( global ) +82: Rule comment: 19 ( global ) +83: Rule comment: ' catch all' rule +85: Rule comment: 1 ( global ) +93: Rule comment: 5 ( global ) +95: Rule comment: 6 ( global ) +97: Rule comment: 7 ( global ) +106: Rule comment: 17 ( global ) +109: Rule comment: 18 ( global ) +111: Rule comment: 19 ( global ) +112: Rule comment: ' catch all' rule +127: Interface ethernet0 ruleset outside_acl_in direction 'in' +128: Interface ethernet1 ruleset inside_acl_in direction 'in' +140: Interface ethernet0 ruleset icmp_commands_outside direction 'in' +141: Interface ethernet0 ruleset icmp_commands_outside direction 'in' +142: Interface ethernet0 ruleset icmp_commands_outside direction 'in' +143: Interface ethernet0 ruleset icmp_commands_outside direction 'in' +144: Interface ethernet0 ruleset icmp_commands_outside direction 'in' +145: Interface ethernet0 ruleset icmp_commands_outside direction 'in' +146: Interface ethernet1 ruleset icmp_commands_inside direction 'in' +147: Interface ethernet1 ruleset icmp_commands_inside direction 'in' +148: Interface ethernet1 ruleset icmp_commands_inside direction 'in' +149: Interface ethernet1 ruleset icmp_commands_inside direction 'in' +150: Interface ethernet1 ruleset icmp_commands_inside direction 'in' +151: Interface ethernet1 ruleset icmp_commands_inside direction 'in' +152: Interface ethernet1 ruleset icmp_commands_inside direction 'in' +153: Interface ethernet1 ruleset icmp_commands_inside direction 'in' +154: Interface ethernet1 ruleset icmp_commands_inside direction 'in' +156: Interface ethernet1 ruleset telnet_commands_inside direction 'in' +158: Interface ethernet1 ruleset ssh_commands_inside direction 'in' +159: Interface ethernet1 ruleset ssh_commands_inside direction 'in' diff --git a/src/unit_tests/PIXImporterTest/test_data/pix7-nat.output b/src/unit_tests/PIXImporterTest/test_data/pix7-nat.output index aecc3c5..6a39a6a 100644 --- a/src/unit_tests/PIXImporterTest/test_data/pix7-nat.output +++ b/src/unit_tests/PIXImporterTest/test_data/pix7-nat.output @@ -1,57 +1,57 @@ -Version: 7.2 -Host name: pix1 -Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time -Name 1.2.3.4 gw -Name 192.168.3.0 fake_network -Name 192.168.4.1 inside_ip -New interface: Ethernet0 -New interface: Ethernet0.101 -Interface parameters: outside -Interface label: outside -Interface address: 192.0.2.253/255.255.255.0 -New interface: Ethernet0.102 -Interface parameters: dmz20 -Interface label: dmz20 -Interface address: 10.0.0.253/255.255.255.0 -Parser warning: failover IP detected. Failover is not supported by import at this time -New interface: Ethernet1 -Interface parameters: inside -Interface label: inside -Interface address: 10.1.1.206/255.255.255.0 -New interface: Ethernet2 +3: Version: 7.2 +6: Host name: pix1 +9: Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time +10: Name 1.2.3.4 gw +11: Name 192.168.3.0 fake_network +12: Name 192.168.4.1 inside_ip +16: New interface: Ethernet0 +21: New interface: Ethernet0.101 +22: Interface parameters: outside +22: Interface label: outside +24: Interface address: 192.0.2.253/255.255.255.0 +27: New interface: Ethernet0.102 +28: Interface parameters: dmz20 +28: Interface label: dmz20 +30: Interface address: 10.0.0.253/255.255.255.0 +30: Parser warning: failover IP detected. Failover is not supported by import at this time +33: New interface: Ethernet1 +35: Interface parameters: inside +35: Interface label: inside +37: Interface address: 10.1.1.206/255.255.255.0 +40: New interface: Ethernet2 Warning: interface Ethernet2 was not imported because it is in "shutdown" mode -New interface: Ethernet3 +45: New interface: Ethernet3 Warning: interface Ethernet3 was not imported because it is in "shutdown" mode -New interface: Ethernet4 +51: New interface: Ethernet4 Warning: interface Ethernet4 was not imported because it is in "shutdown" mode -New interface: Ethernet5 +57: New interface: Ethernet5 Warning: interface Ethernet5 was not imported because it is in "shutdown" mode -New interface: Ethernet6 +63: New interface: Ethernet6 Warning: interface Ethernet6 was not imported because it is in "shutdown" mode -Object Group (network) outside.id12051X6282.src.net.0 -Object Group (network) outside.id12051X6282.src.net.1 -Object Group (network) outside.id12051X6282.src.net.2 -Object Group (network) network-zone-inside -Object Group (network) network-zone-dmz20 -Global address pool: number 1, interface outside, address range interface-interface, netmask 255.255.255.255 -Source translation rule ("nat" command) -Global address pool: number 2, interface outside, address range 192.0.2.10-192.0.2.10, netmask 255.255.255.255 -Global address pool: number 2, interface outside, address range 192.0.2.11-192.0.2.15, netmask 255.255.255.255 -Global address pool: number 2, interface outside, address range 192.0.2.128-192.0.2.128, netmask 255.255.255.240 -Global address pool: number 2, interface dmz20, address range 10.0.0.128-10.0.0.128, netmask 255.255.255.240 -Source translation rule ("nat" command) -Source translation rule ("nat" command) -Destination translation rule ("static" command) -Destination translation rule ("static" command) -Destination translation rule ("static" command) -Destination translation rule ("static" command) -Destination translation rule ("static" command) -Destination translation rule ("static" command) -Destination translation rule ("static" command) -Destination translation rule ("static" command) -Interface Ethernet0.101 ruleset outside_in direction 'in' -Interface Ethernet1 ruleset inside_in direction 'in' -Interface Ethernet1 ruleset inside_out direction 'out' -Interface Ethernet1 ruleset ssh_commands_inside direction 'in' -Interface Ethernet1 ruleset ssh_commands_inside direction 'in' -Interface Ethernet0.101 ruleset ssh_commands_outside direction 'in' +71: Object Group (network) outside.id12051X6282.src.net.0 +74: Object Group (network) outside.id12051X6282.src.net.1 +79: Object Group (network) outside.id12051X6282.src.net.2 +83: Object Group (network) network-zone-inside +85: Object Group (network) network-zone-dmz20 +133: Global address pool: number 1, interface outside, address range interface-interface, netmask 255.255.255.255 +134: Source translation rule ("nat" command) +136: Global address pool: number 2, interface outside, address range 192.0.2.10-192.0.2.10, netmask 255.255.255.255 +137: Global address pool: number 2, interface outside, address range 192.0.2.11-192.0.2.15, netmask 255.255.255.255 +138: Global address pool: number 2, interface outside, address range 192.0.2.128-192.0.2.128, netmask 255.255.255.240 +139: Global address pool: number 2, interface dmz20, address range 10.0.0.128-10.0.0.128, netmask 255.255.255.240 +141: Source translation rule ("nat" command) +142: Source translation rule ("nat" command) +145: Destination translation rule ("static" command) +146: Destination translation rule ("static" command) +147: Destination translation rule ("static" command) +148: Destination translation rule ("static" command) +149: Destination translation rule ("static" command) +151: Destination translation rule ("static" command) +152: Destination translation rule ("static" command) +153: Destination translation rule ("static" command) +157: Interface Ethernet0.101 ruleset outside_in direction 'in' +158: Interface Ethernet1 ruleset inside_in direction 'in' +159: Interface Ethernet1 ruleset inside_out direction 'out' +200: Interface Ethernet1 ruleset ssh_commands_inside direction 'in' +201: Interface Ethernet1 ruleset ssh_commands_inside direction 'in' +202: Interface Ethernet0.101 ruleset ssh_commands_outside direction 'in' diff --git a/src/unit_tests/PIXImporterTest/test_data/pix7.output b/src/unit_tests/PIXImporterTest/test_data/pix7.output index 50c3b2d..735e2f4 100644 --- a/src/unit_tests/PIXImporterTest/test_data/pix7.output +++ b/src/unit_tests/PIXImporterTest/test_data/pix7.output @@ -1,41 +1,41 @@ -Version: 7.2 -Host name: pix1 -Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time -Name 1.2.3.4 gw -Name 192.168.3.0 fake_network -Name 192.168.4.1 inside_ip -New interface: Ethernet0 -New interface: Ethernet0.101 -Interface parameters: outside -Interface label: outside -Interface address: 192.0.2.253/255.255.255.0 -New interface: Ethernet0.102 -Interface parameters: dmz20 -Interface label: dmz20 -Interface address: 10.0.0.253/255.255.255.0 -Parser warning: failover IP detected. Failover is not supported by import at this time -New interface: Ethernet1 -Interface parameters: inside -Interface label: inside -Interface address: 10.1.1.206/255.255.255.0 -New interface: Ethernet2 -Interface comment: LAN/STATE Failover Interface -New interface: Ethernet3 +3: Version: 7.2 +6: Host name: pix1 +9: Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time +10: Name 1.2.3.4 gw +11: Name 192.168.3.0 fake_network +12: Name 192.168.4.1 inside_ip +16: New interface: Ethernet0 +21: New interface: Ethernet0.101 +22: Interface parameters: outside +22: Interface label: outside +24: Interface address: 192.0.2.253/255.255.255.0 +27: New interface: Ethernet0.102 +28: Interface parameters: dmz20 +28: Interface label: dmz20 +30: Interface address: 10.0.0.253/255.255.255.0 +30: Parser warning: failover IP detected. Failover is not supported by import at this time +33: New interface: Ethernet1 +35: Interface parameters: inside +35: Interface label: inside +37: Interface address: 10.1.1.206/255.255.255.0 +40: New interface: Ethernet2 +40: Interface comment: LAN/STATE Failover Interface +44: New interface: Ethernet3 Warning: interface Ethernet3 was not imported because it is in "shutdown" mode -New interface: Ethernet4 +50: New interface: Ethernet4 Warning: interface Ethernet4 was not imported because it is in "shutdown" mode -New interface: Ethernet5 +56: New interface: Ethernet5 Warning: interface Ethernet5 was not imported because it is in "shutdown" mode -New interface: Ethernet6 +62: New interface: Ethernet6 Warning: interface Ethernet6 was not imported because it is in "shutdown" mode -Object Group (network) outside.id12051X6282.src.net.0 -Object Group (network) outside.id12051X6282.src.net.1 -Object Group (network) outside.id12051X6282.src.net.2 -Interface Ethernet1 ruleset inside_in direction 'in' -Interface Ethernet0.101 ruleset outside_in direction 'in' -Interface Ethernet0.101 ruleset outside_in direction 'in' -Interface Ethernet1 ruleset inside_in direction 'in' -Interface Ethernet1 ruleset inside_out direction 'out' -Interface Ethernet1 ruleset ssh_commands_inside direction 'in' -Interface Ethernet1 ruleset ssh_commands_inside direction 'in' -Interface Ethernet0.101 ruleset ssh_commands_outside direction 'in' +70: Object Group (network) outside.id12051X6282.src.net.0 +73: Object Group (network) outside.id12051X6282.src.net.1 +78: Object Group (network) outside.id12051X6282.src.net.2 +97: Interface Ethernet1 ruleset inside_in direction 'in' +98: Interface Ethernet0.101 ruleset outside_in direction 'in' +123: Interface Ethernet0.101 ruleset outside_in direction 'in' +124: Interface Ethernet1 ruleset inside_in direction 'in' +125: Interface Ethernet1 ruleset inside_out direction 'out' +164: Interface Ethernet1 ruleset ssh_commands_inside direction 'in' +165: Interface Ethernet1 ruleset ssh_commands_inside direction 'in' +166: Interface Ethernet0.101 ruleset ssh_commands_outside direction 'in' ----------------------------------------------------------------------- Summary of changes: src/import/Importer.cpp | 5 +- .../PIXImporterTest/test_data/asa8.0.output | 104 +++++----- .../test_data/asa8.3-acl-object-groups.output | 46 ++-- .../PIXImporterTest/test_data/asa8.3-acl.output | 56 +++--- .../test_data/asa8.3-objects-and-groups.output | 216 ++++++++++---------- .../PIXImporterTest/test_data/asa8.3.output | 68 +++--- .../PIXImporterTest/test_data/pix6.output | 112 +++++----- .../PIXImporterTest/test_data/pix7-nat.output | 104 +++++----- .../PIXImporterTest/test_data/pix7.output | 74 ++++---- 9 files changed, 393 insertions(+), 392 deletions(-) hooks/post-receive -- Firewall Builder GUI and Policy Compilers Open Source Code |