summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile16
-rw-r--r--data/configd-include.json12
-rw-r--r--data/templates/accel-ppp/chap-secrets.config_dict.j2 (renamed from data/templates/accel-ppp/chap-secrets.config_dict.tmpl)10
-rw-r--r--data/templates/accel-ppp/chap-secrets.ipoe.j2 (renamed from data/templates/accel-ppp/chap-secrets.ipoe.tmpl)22
-rw-r--r--data/templates/accel-ppp/chap-secrets.j2 (renamed from data/templates/accel-ppp/chap-secrets.tmpl)10
-rw-r--r--data/templates/accel-ppp/ipoe.config.j2 (renamed from data/templates/accel-ppp/ipoe.config.tmpl)92
-rw-r--r--data/templates/accel-ppp/l2tp.config.j2 (renamed from data/templates/accel-ppp/l2tp.config.tmpl)69
-rw-r--r--data/templates/accel-ppp/pppoe.config.j2 (renamed from data/templates/accel-ppp/pppoe.config.tmpl)70
-rw-r--r--data/templates/accel-ppp/pptp.config.j2 (renamed from data/templates/accel-ppp/pptp.config.tmpl)32
-rw-r--r--data/templates/accel-ppp/sstp.config.j2 (renamed from data/templates/accel-ppp/sstp.config.tmpl)0
-rw-r--r--data/templates/bcast-relay/udp-broadcast-relay.j2 (renamed from data/templates/bcast-relay/udp-broadcast-relay.tmpl)0
-rw-r--r--data/templates/conntrack/nftables-ct.j248
-rw-r--r--data/templates/conntrack/nftables-ct.tmpl48
-rw-r--r--data/templates/conntrack/sysctl.conf.j2 (renamed from data/templates/conntrack/sysctl.conf.tmpl)0
-rw-r--r--data/templates/conntrack/vyos_nf_conntrack.conf.j2 (renamed from data/templates/conntrack/vyos_nf_conntrack.conf.tmpl)0
-rw-r--r--data/templates/conntrackd/conntrackd.conf.j2 (renamed from data/templates/conntrackd/conntrackd.conf.tmpl)48
-rw-r--r--data/templates/conntrackd/conntrackd.op-mode.j213
-rw-r--r--data/templates/conntrackd/conntrackd.op-mode.tmpl13
-rw-r--r--data/templates/conserver/conserver.conf.j2 (renamed from data/templates/conserver/conserver.conf.tmpl)2
-rw-r--r--data/templates/conserver/dropbear@.service.j2 (renamed from data/templates/conserver/dropbear@.service.tmpl)0
-rw-r--r--data/templates/container/registries.conf.j227
-rw-r--r--data/templates/container/storage.conf.j24
-rw-r--r--data/templates/containers/registry.tmpl5
-rw-r--r--data/templates/containers/storage.tmpl5
-rw-r--r--data/templates/dhcp-server/dhcpd.conf.j212
-rw-r--r--data/templates/dhcp-server/dhcpdv6.conf.j28
-rw-r--r--data/templates/firewall/nftables-defines.j232
-rw-r--r--data/templates/firewall/nftables-defines.tmpl32
-rw-r--r--data/templates/firewall/nftables-nat.j2182
-rw-r--r--data/templates/firewall/nftables-nat.tmpl179
-rw-r--r--data/templates/firewall/nftables-nat66.j2 (renamed from data/templates/firewall/nftables-nat66.tmpl)74
-rw-r--r--data/templates/firewall/nftables-policy.j2 (renamed from data/templates/firewall/nftables-policy.tmpl)30
-rw-r--r--data/templates/firewall/nftables-vrf-zones.j2 (renamed from data/templates/firewall/nftables-vrf-zones.tmpl)0
-rw-r--r--data/templates/firewall/nftables.j2 (renamed from data/templates/firewall/nftables.tmpl)72
-rw-r--r--data/templates/firewall/upnpd.conf.j2 (renamed from data/templates/firewall/upnpd.conf.tmpl)34
-rw-r--r--data/templates/frr/policy.frr.j217
-rw-r--r--data/templates/frr/staticd.frr.j28
-rw-r--r--data/templates/getty/serial-getty.service.j2 (renamed from data/templates/getty/serial-getty.service.tmpl)0
-rw-r--r--data/templates/high-availability/keepalived.conf.j2169
-rw-r--r--data/templates/high-availability/keepalived.conf.tmpl169
-rw-r--r--data/templates/https/nginx.default.j2 (renamed from data/templates/https/nginx.default.tmpl)33
-rw-r--r--data/templates/https/override.conf.j2 (renamed from data/templates/https/override.conf.tmpl)0
-rw-r--r--data/templates/https/vyos-http-api.service.j2 (renamed from data/templates/https/vyos-http-api.service.tmpl)0
-rw-r--r--data/templates/ids/fastnetmon.j2 (renamed from data/templates/ids/fastnetmon.tmpl)16
-rw-r--r--data/templates/ids/fastnetmon_networks_list.j2 (renamed from data/templates/ids/fastnetmon_networks_list.tmpl)4
-rw-r--r--data/templates/igmp-proxy/igmpproxy.conf.j2 (renamed from data/templates/igmp-proxy/igmpproxy.conf.tmpl)26
-rw-r--r--data/templates/ipsec/charon.j2 (renamed from data/templates/ipsec/charon.tmpl)11
-rw-r--r--data/templates/ipsec/charon/dhcp.conf.j2 (renamed from data/templates/ipsec/charon/dhcp.conf.tmpl)0
-rw-r--r--data/templates/ipsec/charon/eap-radius.conf.j2 (renamed from data/templates/ipsec/charon/eap-radius.conf.tmpl)14
-rw-r--r--data/templates/ipsec/interfaces_use.conf.j2 (renamed from data/templates/ipsec/interfaces_use.conf.tmpl)4
-rw-r--r--data/templates/ipsec/ios_profile.j2 (renamed from data/templates/ipsec/ios_profile.tmpl)0
-rw-r--r--data/templates/ipsec/ipsec.conf.j219
-rw-r--r--data/templates/ipsec/ipsec.conf.tmpl18
-rw-r--r--data/templates/ipsec/ipsec.secrets.j2 (renamed from data/templates/ipsec/ipsec.secrets.tmpl)4
-rw-r--r--data/templates/ipsec/swanctl.conf.j2131
-rw-r--r--data/templates/ipsec/swanctl.conf.tmpl131
-rw-r--r--data/templates/ipsec/swanctl/l2tp.j2 (renamed from data/templates/ipsec/swanctl/l2tp.tmpl)8
-rw-r--r--data/templates/ipsec/swanctl/peer.j2 (renamed from data/templates/ipsec/swanctl/peer.tmpl)152
-rw-r--r--data/templates/ipsec/swanctl/profile.j2 (renamed from data/templates/ipsec/swanctl/profile.tmpl)24
-rw-r--r--data/templates/ipsec/swanctl/remote_access.j2 (renamed from data/templates/ipsec/swanctl/remote_access.tmpl)37
-rw-r--r--data/templates/ipsec/windows_profile.j2 (renamed from data/templates/ipsec/windows_profile.tmpl)0
-rw-r--r--data/templates/lcd/LCDd.conf.j2 (renamed from data/templates/lcd/LCDd.conf.tmpl)16
-rw-r--r--data/templates/lcd/lcdproc.conf.j2 (renamed from data/templates/lcd/lcdproc.conf.tmpl)0
-rw-r--r--data/templates/lldp/lldpd.j22
-rw-r--r--data/templates/lldp/lldpd.tmpl2
-rw-r--r--data/templates/lldp/vyos.conf.j2 (renamed from data/templates/lldp/vyos.conf.tmpl)26
-rw-r--r--data/templates/login/authorized_keys.j2 (renamed from data/templates/login/authorized_keys.tmpl)4
-rw-r--r--data/templates/login/pam_radius_auth.conf.j236
-rw-r--r--data/templates/login/pam_radius_auth.conf.tmpl36
-rw-r--r--data/templates/logs/logrotate/vyos-atop.j2 (renamed from data/templates/logs/logrotate/vyos-atop.tmpl)0
-rw-r--r--data/templates/logs/logrotate/vyos-rsyslog.j2 (renamed from data/templates/logs/logrotate/vyos-rsyslog.tmpl)0
-rw-r--r--data/templates/mdns-repeater/avahi-daemon.j2 (renamed from data/templates/mdns-repeater/avahi-daemon.tmpl)0
-rw-r--r--data/templates/monitoring/override.conf.j2 (renamed from data/templates/monitoring/override.conf.tmpl)0
-rw-r--r--data/templates/monitoring/syslog_telegraf.j2 (renamed from data/templates/monitoring/syslog_telegraf.tmpl)0
-rw-r--r--data/templates/monitoring/systemd_vyos_telegraf_service.j2 (renamed from data/templates/monitoring/systemd_vyos_telegraf_service.tmpl)0
-rw-r--r--data/templates/monitoring/telegraf.j2105
-rw-r--r--data/templates/monitoring/telegraf.tmpl60
-rw-r--r--data/templates/ndppd/ndppd.conf.j244
-rw-r--r--data/templates/ndppd/ndppd.conf.tmpl44
-rw-r--r--data/templates/nhrp/opennhrp.conf.j242
-rw-r--r--data/templates/nhrp/opennhrp.conf.tmpl41
-rw-r--r--data/templates/ocserv/ocserv_config.j2 (renamed from data/templates/ocserv/ocserv_config.tmpl)38
-rw-r--r--data/templates/ocserv/ocserv_otp_usr.j2 (renamed from data/templates/ocserv/ocserv_otp_usr.tmpl)8
-rw-r--r--data/templates/ocserv/ocserv_passwd.j2 (renamed from data/templates/ocserv/ocserv_passwd.tmpl)0
-rw-r--r--data/templates/ocserv/radius_conf.j2 (renamed from data/templates/ocserv/radius_conf.tmpl)12
-rw-r--r--data/templates/ocserv/radius_servers.j27
-rw-r--r--data/templates/ocserv/radius_servers.tmpl7
-rw-r--r--data/templates/pmacct/override.conf.j2 (renamed from data/templates/pmacct/override.conf.tmpl)0
-rw-r--r--data/templates/pmacct/uacctd.conf.j2 (renamed from data/templates/pmacct/uacctd.conf.tmpl)48
-rw-r--r--data/templates/pppoe/ip-down.script.tmpl38
-rw-r--r--data/templates/pppoe/ip-pre-up.script.tmpl18
-rw-r--r--data/templates/pppoe/ip-up.script.tmpl49
-rw-r--r--data/templates/pppoe/ipv6-up.script.tmpl46
-rw-r--r--data/templates/pppoe/peer.j2 (renamed from data/templates/pppoe/peer.tmpl)6
-rw-r--r--data/templates/router-advert/radvd.conf.j2 (renamed from data/templates/router-advert/radvd.conf.tmpl)64
-rw-r--r--data/templates/snmp/etc.snmp.conf.j2 (renamed from data/templates/snmp/etc.snmp.conf.tmpl)0
-rw-r--r--data/templates/snmp/etc.snmpd.conf.j2182
-rw-r--r--data/templates/snmp/etc.snmpd.conf.tmpl182
-rw-r--r--data/templates/snmp/override.conf.j2 (renamed from data/templates/snmp/override.conf.tmpl)0
-rw-r--r--data/templates/snmp/usr.snmpd.conf.j2 (renamed from data/templates/snmp/usr.snmpd.conf.tmpl)4
-rw-r--r--data/templates/snmp/var.snmpd.conf.j2 (renamed from data/templates/snmp/var.snmpd.conf.tmpl)12
-rw-r--r--data/templates/squid/sg_acl.conf.j2 (renamed from data/templates/squid/sg_acl.conf.tmpl)0
-rw-r--r--data/templates/squid/squid.conf.j2 (renamed from data/templates/squid/squid.conf.tmpl)38
-rw-r--r--data/templates/squid/squidGuard.conf.j2124
-rw-r--r--data/templates/squid/squidGuard.conf.tmpl124
-rw-r--r--data/templates/ssh/sshguard_config.j227
-rw-r--r--data/templates/ssh/sshguard_whitelist.j27
-rw-r--r--data/templates/syslog/logrotate.j2 (renamed from data/templates/syslog/logrotate.tmpl)0
-rw-r--r--data/templates/syslog/rsyslog.conf.j2 (renamed from data/templates/syslog/rsyslog.conf.tmpl)50
-rw-r--r--data/templates/system/curlrc.j2 (renamed from data/templates/system/curlrc.tmpl)0
-rw-r--r--data/templates/system/proxy.j27
-rw-r--r--data/templates/system/ssh_config.j2 (renamed from data/templates/system/ssh_config.tmpl)0
-rw-r--r--data/templates/system/sysctl.conf.j2 (renamed from data/templates/system/sysctl.conf.tmpl)4
-rw-r--r--data/templates/tftp-server/default.j2 (renamed from data/templates/tftp-server/default.tmpl)1
-rw-r--r--data/templates/vrf/vrf.conf.j2 (renamed from data/templates/vrf/vrf.conf.tmpl)4
-rw-r--r--data/templates/zone_policy/nftables.j2 (renamed from data/templates/zone_policy/nftables.tmpl)100
-rw-r--r--debian/control1
-rw-r--r--interface-definitions/container.xml.in (renamed from interface-definitions/containers.xml.in)16
-rw-r--r--interface-definitions/dhcp-relay.xml.in2
-rw-r--r--interface-definitions/dhcp-server.xml.in44
-rw-r--r--interface-definitions/dhcpv6-server.xml.in27
-rw-r--r--interface-definitions/dns-domain-name.xml.in6
-rw-r--r--interface-definitions/dns-dynamic.xml.in4
-rw-r--r--interface-definitions/dns-forwarding.xml.in34
-rw-r--r--interface-definitions/firewall.xml.in40
-rw-r--r--interface-definitions/flow-accounting-conf.xml.in4
-rw-r--r--interface-definitions/high-availability.xml.in8
-rw-r--r--interface-definitions/https.xml.in2
-rw-r--r--interface-definitions/igmp-proxy.xml.in2
-rw-r--r--interface-definitions/include/accel-ppp/auth-mode.xml.i2
-rw-r--r--interface-definitions/include/accel-ppp/auth-protocols.xml.i2
-rw-r--r--interface-definitions/include/accel-ppp/ppp-mppe.xml.i2
-rw-r--r--interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i2
-rw-r--r--interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i2
-rw-r--r--interface-definitions/include/auth-local-users.xml.i68
-rw-r--r--interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i4
-rw-r--r--interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i4
-rw-r--r--interface-definitions/include/bgp/afi-label.xml.i2
-rw-r--r--interface-definitions/include/bgp/afi-rd.xml.i2
-rw-r--r--interface-definitions/include/bgp/afi-route-map-export-import.xml.i4
-rw-r--r--interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i8
-rw-r--r--interface-definitions/include/bgp/neighbor-graceful-restart.xml.i2
-rw-r--r--interface-definitions/include/bgp/protocol-common-config.xml.i4
-rw-r--r--interface-definitions/include/bgp/remote-as.xml.i2
-rw-r--r--interface-definitions/include/firewall/action-accept-drop-reject.xml.i2
-rw-r--r--interface-definitions/include/firewall/action.xml.i2
-rw-r--r--interface-definitions/include/firewall/common-rule.xml.i48
-rw-r--r--interface-definitions/include/firewall/icmp-type-name.xml.i2
-rw-r--r--interface-definitions/include/firewall/icmpv6-type-name.xml.i2
-rw-r--r--interface-definitions/include/firewall/name-default-action.xml.i2
-rw-r--r--interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i2
-rw-r--r--interface-definitions/include/interface/adjust-mss.xml.i2
-rw-r--r--interface-definitions/include/interface/default-route-distance.xml.i15
-rw-r--r--interface-definitions/include/interface/description.xml.i2
-rw-r--r--interface-definitions/include/interface/dhcp-options.xml.i21
-rw-r--r--interface-definitions/include/interface/no-default-route.xml.i8
-rw-r--r--interface-definitions/include/interface/parameters-flowlabel.xml.i2
-rw-r--r--interface-definitions/include/interface/source-validation.xml.i2
-rw-r--r--interface-definitions/include/interface/vif-s.xml.i2
-rw-r--r--interface-definitions/include/interface/vif.xml.i4
-rw-r--r--interface-definitions/include/ipsec/local-address.xml.i2
-rw-r--r--interface-definitions/include/nat-translation-options.xml.i4
-rw-r--r--interface-definitions/include/ospf/authentication.xml.i4
-rw-r--r--interface-definitions/include/ospf/protocol-common-config.xml.i14
-rw-r--r--interface-definitions/include/ospfv3/protocol-common-config.xml.i2
-rw-r--r--interface-definitions/include/policy/action.xml.i2
-rw-r--r--interface-definitions/include/policy/route-common-rule-ipv6.xml.i14
-rw-r--r--interface-definitions/include/policy/route-common-rule.xml.i12
-rw-r--r--interface-definitions/include/policy/route-rule-action.xml.i2
-rw-r--r--interface-definitions/include/route-map.xml.i2
-rw-r--r--interface-definitions/include/routing-passive-interface.xml.i2
-rw-r--r--interface-definitions/include/snmp/access-mode.xml.i2
-rw-r--r--interface-definitions/include/snmp/authentication-type.xml.i2
-rw-r--r--interface-definitions/include/snmp/privacy-type.xml.i2
-rw-r--r--interface-definitions/include/snmp/protocol.xml.i2
-rw-r--r--interface-definitions/include/ssh-user.xml.i2
-rw-r--r--interface-definitions/include/static/static-route-vrf.xml.i2
-rw-r--r--interface-definitions/include/version/interfaces-version.xml.i2
-rw-r--r--interface-definitions/include/version/quagga-version.xml.i2
-rw-r--r--interface-definitions/include/version/system-version.xml.i2
-rw-r--r--interface-definitions/include/vpn-ipsec-encryption.xml.i2
-rw-r--r--interface-definitions/include/vpn-ipsec-hash.xml.i2
-rw-r--r--interface-definitions/include/webproxy-url-filtering.xml.i2
-rw-r--r--interface-definitions/interfaces-bonding.xml.in8
-rw-r--r--interface-definitions/interfaces-bridge.xml.in2
-rw-r--r--interface-definitions/interfaces-dummy.xml.in2
-rw-r--r--interface-definitions/interfaces-ethernet.xml.in6
-rw-r--r--interface-definitions/interfaces-geneve.xml.in2
-rw-r--r--interface-definitions/interfaces-l2tpv3.xml.in4
-rw-r--r--interface-definitions/interfaces-loopback.xml.in2
-rw-r--r--interface-definitions/interfaces-macsec.xml.in8
-rw-r--r--interface-definitions/interfaces-openvpn.xml.in22
-rw-r--r--interface-definitions/interfaces-pppoe.xml.in31
-rw-r--r--interface-definitions/interfaces-pseudo-ethernet.xml.in4
-rw-r--r--interface-definitions/interfaces-tunnel.xml.in10
-rw-r--r--interface-definitions/interfaces-vti.xml.in2
-rw-r--r--interface-definitions/interfaces-vxlan.xml.in2
-rw-r--r--interface-definitions/interfaces-wireguard.xml.in10
-rw-r--r--interface-definitions/interfaces-wireless.xml.in40
-rw-r--r--interface-definitions/interfaces-wwan.xml.in2
-rw-r--r--interface-definitions/nat.xml.in2
-rw-r--r--interface-definitions/nat66.xml.in2
-rw-r--r--interface-definitions/netns.xml.in2
-rw-r--r--interface-definitions/policy-local-route.xml.in4
-rw-r--r--interface-definitions/policy-route.xml.in4
-rw-r--r--interface-definitions/policy.xml.in123
-rw-r--r--interface-definitions/protocols-bfd.xml.in2
-rw-r--r--interface-definitions/protocols-nhrp.xml.in4
-rw-r--r--interface-definitions/protocols-rip.xml.in4
-rw-r--r--interface-definitions/protocols-static-arp.xml.in44
-rw-r--r--interface-definitions/service-ids-ddos-protection.xml.in2
-rw-r--r--interface-definitions/service_conntrack-sync.xml.in7
-rw-r--r--interface-definitions/service_console-server.xml.in6
-rw-r--r--interface-definitions/service_ipoe-server.xml.in6
-rw-r--r--interface-definitions/service_monitoring_telegraf.xml.in129
-rw-r--r--interface-definitions/service_pppoe-server.xml.in8
-rw-r--r--interface-definitions/service_router-advert.xml.in10
-rw-r--r--interface-definitions/service_upnp.xml.in2
-rw-r--r--interface-definitions/service_webproxy.xml.in12
-rw-r--r--interface-definitions/snmp.xml.in46
-rw-r--r--interface-definitions/ssh.xml.in72
-rw-r--r--interface-definitions/system-conntrack.xml.in2
-rw-r--r--interface-definitions/system-console.xml.in4
-rw-r--r--interface-definitions/system-lcd.xml.in4
-rw-r--r--interface-definitions/system-login.xml.in8
-rw-r--r--interface-definitions/system-option.xml.in4
-rw-r--r--interface-definitions/system-proxy.xml.in4
-rw-r--r--interface-definitions/system-syslog.xml.in22
-rw-r--r--interface-definitions/vpn_ipsec.xml.in36
-rw-r--r--interface-definitions/vpn_l2tp.xml.in4
-rw-r--r--interface-definitions/vpn_openconnect.xml.in78
-rw-r--r--interface-definitions/vpn_pptp.xml.in2
-rw-r--r--interface-definitions/vrf.xml.in16
-rw-r--r--interface-definitions/zone-policy.xml.in6
-rw-r--r--op-mode-definitions/container.xml.in (renamed from op-mode-definitions/containers.xml.in)60
-rw-r--r--op-mode-definitions/generate-openconnect-user-key.xml.in67
-rw-r--r--op-mode-definitions/monitor-log.xml.in109
-rw-r--r--op-mode-definitions/show-log.xml.in21
-rw-r--r--op-mode-definitions/traceroute.xml.in220
-rw-r--r--python/vyos/config.py73
-rw-r--r--python/vyos/configdict.py121
-rw-r--r--python/vyos/configverify.py6
-rw-r--r--python/vyos/firewall.py9
-rwxr-xr-xpython/vyos/ifconfig/interface.py8
-rw-r--r--python/vyos/ifconfig/pppoe.py80
-rw-r--r--smoketest/configs.no-load/firewall-big43440
-rw-r--r--smoketest/configs/basic-vyos54
-rw-r--r--smoketest/configs/bgp-big-as-cloud4
-rw-r--r--smoketest/configs/qos-basic205
-rw-r--r--smoketest/scripts/cli/base_interfaces_test.py20
-rw-r--r--smoketest/scripts/cli/base_vyostest_shim.py15
-rwxr-xr-xsmoketest/scripts/cli/test_firewall.py44
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_bonding.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_bridge.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_dummy.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_ethernet.py25
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_geneve.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_l2tpv3.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_loopback.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_macsec.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_openvpn.py114
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_pppoe.py14
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_pseudo_ethernet.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_tunnel.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_vxlan.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_wireguard.py9
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_wireless.py2
-rwxr-xr-xsmoketest/scripts/cli/test_nat.py111
-rwxr-xr-xsmoketest/scripts/cli/test_nat66.py2
-rwxr-xr-xsmoketest/scripts/cli/test_pki.py9
-rwxr-xr-xsmoketest/scripts/cli/test_policy.py66
-rwxr-xr-xsmoketest/scripts/cli/test_policy_route.py35
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_bgp.py43
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_isis.py2
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_mpls.py2
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_ospf.py4
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_ospfv3.py4
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_static.py4
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_static_arp.py88
-rwxr-xr-xsmoketest/scripts/cli/test_service_dhcp-server.py4
-rwxr-xr-xsmoketest/scripts/cli/test_service_dhcpv6-server.py20
-rwxr-xr-xsmoketest/scripts/cli/test_service_https.py6
-rwxr-xr-xsmoketest/scripts/cli/test_service_ids.py2
-rwxr-xr-xsmoketest/scripts/cli/test_service_lldp.py4
-rwxr-xr-xsmoketest/scripts/cli/test_service_salt.py4
-rwxr-xr-xsmoketest/scripts/cli/test_service_snmp.py2
-rwxr-xr-xsmoketest/scripts/cli/test_service_ssh.py51
-rwxr-xr-xsmoketest/scripts/cli/test_service_upnp.py4
-rwxr-xr-xsmoketest/scripts/cli/test_service_webproxy.py4
-rwxr-xr-xsmoketest/scripts/cli/test_system_flow-accounting.py2
-rwxr-xr-xsmoketest/scripts/cli/test_system_ntp.py2
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_ipsec.py5
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_openconnect.py41
-rwxr-xr-xsmoketest/scripts/cli/test_vrf.py26
-rwxr-xr-xsmoketest/scripts/cli/test_zone_policy.py4
-rwxr-xr-xsrc/conf_mode/arp.py114
-rwxr-xr-xsrc/conf_mode/bcast_relay.py4
-rwxr-xr-xsrc/conf_mode/conntrack.py6
-rwxr-xr-xsrc/conf_mode/conntrack_sync.py7
-rwxr-xr-xsrc/conf_mode/container.py (renamed from src/conf_mode/containers.py)86
-rwxr-xr-xsrc/conf_mode/dhcpv6_server.py33
-rwxr-xr-xsrc/conf_mode/firewall.py4
-rwxr-xr-xsrc/conf_mode/flow_accounting_conf.py4
-rwxr-xr-xsrc/conf_mode/high-availability.py10
-rwxr-xr-xsrc/conf_mode/http-api.py2
-rwxr-xr-xsrc/conf_mode/https.py4
-rwxr-xr-xsrc/conf_mode/igmp_proxy.py2
-rwxr-xr-xsrc/conf_mode/interfaces-bonding.py8
-rwxr-xr-xsrc/conf_mode/interfaces-bridge.py8
-rwxr-xr-xsrc/conf_mode/interfaces-dummy.py2
-rwxr-xr-xsrc/conf_mode/interfaces-ethernet.py2
-rwxr-xr-xsrc/conf_mode/interfaces-geneve.py8
-rwxr-xr-xsrc/conf_mode/interfaces-l2tpv3.py6
-rwxr-xr-xsrc/conf_mode/interfaces-loopback.py2
-rwxr-xr-xsrc/conf_mode/interfaces-macsec.py2
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py9
-rwxr-xr-xsrc/conf_mode/interfaces-pppoe.py39
-rwxr-xr-xsrc/conf_mode/interfaces-pseudo-ethernet.py12
-rwxr-xr-xsrc/conf_mode/interfaces-tunnel.py4
-rwxr-xr-xsrc/conf_mode/interfaces-vti.py2
-rwxr-xr-xsrc/conf_mode/interfaces-vxlan.py8
-rwxr-xr-xsrc/conf_mode/interfaces-wireguard.py10
-rwxr-xr-xsrc/conf_mode/interfaces-wireless.py8
-rwxr-xr-xsrc/conf_mode/interfaces-wwan.py28
-rwxr-xr-xsrc/conf_mode/lldp.py4
-rwxr-xr-xsrc/conf_mode/nat.py2
-rwxr-xr-xsrc/conf_mode/nat66.py4
-rwxr-xr-xsrc/conf_mode/policy-route.py2
-rwxr-xr-xsrc/conf_mode/protocols_bgp.py16
-rwxr-xr-xsrc/conf_mode/protocols_nhrp.py2
-rwxr-xr-xsrc/conf_mode/protocols_static.py5
-rwxr-xr-xsrc/conf_mode/service_console-server.py4
-rwxr-xr-xsrc/conf_mode/service_ids_fastnetmon.py4
-rwxr-xr-xsrc/conf_mode/service_ipoe-server.py4
-rwxr-xr-xsrc/conf_mode/service_mdns-repeater.py4
-rwxr-xr-xsrc/conf_mode/service_monitoring_telegraf.py39
-rwxr-xr-xsrc/conf_mode/service_pppoe-server.py4
-rwxr-xr-xsrc/conf_mode/service_router-advert.py2
-rwxr-xr-xsrc/conf_mode/service_upnp.py2
-rwxr-xr-xsrc/conf_mode/service_webproxy.py6
-rwxr-xr-xsrc/conf_mode/snmp.py10
-rwxr-xr-xsrc/conf_mode/ssh.py19
-rwxr-xr-xsrc/conf_mode/system-login.py4
-rwxr-xr-xsrc/conf_mode/system-logs.py4
-rwxr-xr-xsrc/conf_mode/system-option.py4
-rwxr-xr-xsrc/conf_mode/system-proxy.py90
-rwxr-xr-xsrc/conf_mode/system-syslog.py4
-rwxr-xr-xsrc/conf_mode/system_console.py2
-rwxr-xr-xsrc/conf_mode/system_lcd.py6
-rwxr-xr-xsrc/conf_mode/system_sysctl.py2
-rwxr-xr-xsrc/conf_mode/tftp_server.py2
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py20
-rwxr-xr-xsrc/conf_mode/vpn_l2tp.py4
-rwxr-xr-xsrc/conf_mode/vpn_openconnect.py18
-rwxr-xr-xsrc/conf_mode/vpn_pptp.py4
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py4
-rwxr-xr-xsrc/conf_mode/vrf.py18
-rwxr-xr-xsrc/conf_mode/zone_policy.py2
-rw-r--r--src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper2
-rwxr-xr-xsrc/etc/ppp/ip-up.d/99-vyos-pppoe-callback20
-rwxr-xr-xsrc/migration-scripts/interfaces/25-to-2654
-rwxr-xr-xsrc/migration-scripts/quagga/9-to-1062
-rwxr-xr-xsrc/migration-scripts/system/23-to-2485
-rwxr-xr-xsrc/op_mode/conntrack_sync.py2
-rwxr-xr-xsrc/op_mode/containers_op.py78
-rwxr-xr-xsrc/op_mode/generate_openconnect_otp_key.py65
-rwxr-xr-xsrc/op_mode/generate_ovpn_client_file.py4
-rwxr-xr-xsrc/op_mode/ikev2_profile_generator.py4
-rwxr-xr-xsrc/op_mode/show_openvpn.py23
-rwxr-xr-xsrc/op_mode/traceroute.py207
-rwxr-xr-xsrc/op_mode/vpn_ipsec.py17
-rwxr-xr-xsrc/validators/as-number-list29
-rwxr-xr-xsrc/validators/port-multi27
373 files changed, 48462 insertions, 3464 deletions
diff --git a/Makefile b/Makefile
index 1abc79ab3..2333eebed 100644
--- a/Makefile
+++ b/Makefile
@@ -60,9 +60,10 @@ op_mode_definitions: $(op_xml_obj)
rm -f $(OP_TMPL_DIR)/show/node.def
rm -f $(OP_TMPL_DIR)/show/system/node.def
- # XXX: ping must be able to recursivly call itself as the
+ # XXX: ping and traceroute must be able to recursivly call itself as the
# options are provided from the script itself
ln -s ../node.tag $(OP_TMPL_DIR)/ping/node.tag/node.tag/
+ ln -s ../node.tag $(OP_TMPL_DIR)/traceroute/node.tag/node.tag/
# XXX: test if there are empty node.def files - this is not allowed as these
# could mask help strings or mandatory priority statements
@@ -77,7 +78,18 @@ vyxdp:
$(MAKE) -C $(XDP_DIR)
.PHONY: all
-all: clean interface_definitions op_mode_definitions test j2lint vyshim
+all: clean interface_definitions op_mode_definitions check test j2lint vyshim
+
+.PHONY: check
+.ONESHELL:
+check:
+ @echo "Checking which CLI scripts are not enabled to work with vyos-configd..."
+ @for file in `ls src/conf_mode -I__pycache__`
+ do
+ if ! grep -q $$file data/configd-include.json; then
+ echo "* $$file"
+ fi
+ done
.PHONY: clean
clean:
diff --git a/data/configd-include.json b/data/configd-include.json
index b77d48001..5a4912e30 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -1,11 +1,16 @@
[
+"arp.py",
"bcast_relay.py",
+"container.py",
"conntrack.py",
"conntrack_sync.py",
"dhcp_relay.py",
+"dhcp_server.py",
"dhcpv6_relay.py",
+"dhcpv6_server.py",
"dns_forwarding.py",
"dynamic_dns.py",
+"firewall.py",
"flow_accounting_conf.py",
"high-availability.py",
"host_name.py",
@@ -24,6 +29,7 @@
"interfaces-pppoe.py",
"interfaces-pseudo-ethernet.py",
"interfaces-tunnel.py",
+"interfaces-vti.py",
"interfaces-vxlan.py",
"interfaces-wireguard.py",
"interfaces-wireless.py",
@@ -31,6 +37,7 @@
"lldp.py",
"nat.py",
"nat66.py",
+"netns.py",
"ntp.py",
"pki.py",
"policy.py",
@@ -46,6 +53,7 @@
"protocols_pim.py",
"protocols_rip.py",
"protocols_ripng.py",
+"protocols_rpki.py",
"protocols_static.py",
"protocols_static_multicast.py",
"qos.py",
@@ -54,6 +62,7 @@
"service_ids_fastnetmon.py",
"service_ipoe-server.py",
"service_mdns-repeater.py",
+"service_monitoring_telegraf.py",
"service_pppoe-server.py",
"service_router-advert.py",
"service_upnp.py",
@@ -61,7 +70,10 @@
"system-ip.py",
"system-ipv6.py",
"system-login-banner.py",
+"system-logs.py",
"system-option.py",
+"system-proxy.py",
+"system_sysctl.py",
"system-syslog.py",
"system-timezone.py",
"system_console.py",
diff --git a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl b/data/templates/accel-ppp/chap-secrets.config_dict.j2
index d4e8bb2aa..51e66d57c 100644
--- a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl
+++ b/data/templates/accel-ppp/chap-secrets.config_dict.j2
@@ -1,10 +1,10 @@
# username server password acceptable local IP addresses shaper
{% if authentication.local_users.username is vyos_defined %}
-{% for user, user_config in authentication.local_users.username.items() if user_config.disabled is not vyos_defined %}
-{% if user_config.rate_limit is vyos_defined %}
+{% for user, user_config in authentication.local_users.username.items() if user_config.disabled is not vyos_defined %}
+{% if user_config.rate_limit is vyos_defined %}
{{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }} {{ user_config.rate_limit.download }}/{{ user_config.rate_limit.upload }}
-{% else %}
+{% else %}
{{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl b/data/templates/accel-ppp/chap-secrets.ipoe.j2
index 1df878fcf..a1430ec22 100644
--- a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl
+++ b/data/templates/accel-ppp/chap-secrets.ipoe.j2
@@ -1,18 +1,18 @@
# username server password acceptable local IP addresses shaper
{% for interface in auth_interfaces %}
-{% for mac in interface.mac %}
-{% if mac.rate_upload and mac.rate_download %}
-{% if mac.vlan_id %}
+{% for mac in interface.mac %}
+{% if mac.rate_upload and mac.rate_download %}
+{% if mac.vlan_id %}
{{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }}
-{% else %}
+{% else %}
{{ interface.name }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }}
-{% endif %}
-{% else %}
-{% if mac.vlan_id %}
+{% endif %}
+{% else %}
+{% if mac.vlan_id %}
{{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} *
-{% else %}
+{% else %}
{{ interface.name }} * {{ mac.address | lower }} *
-{% endif %}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
{% endfor %}
diff --git a/data/templates/accel-ppp/chap-secrets.tmpl b/data/templates/accel-ppp/chap-secrets.j2
index 6cace5401..cc3ddc28f 100644
--- a/data/templates/accel-ppp/chap-secrets.tmpl
+++ b/data/templates/accel-ppp/chap-secrets.j2
@@ -1,10 +1,10 @@
# username server password acceptable local IP addresses shaper
{% for user in local_users %}
-{% if user.state == 'enabled' %}
-{% if user.upload and user.download %}
+{% if user.state == 'enabled' %}
+{% if user.upload and user.download %}
{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} {{ user.download }}/{{ user.upload }}
-{% else %}
+{% else %}
{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }}
-{% endif %}
-{% endif %}
+{% endif %}
+{% endif %}
{% endfor %}
diff --git a/data/templates/accel-ppp/ipoe.config.tmpl b/data/templates/accel-ppp/ipoe.config.j2
index 92c2d5715..3c0d47b27 100644
--- a/data/templates/accel-ppp/ipoe.config.tmpl
+++ b/data/templates/accel-ppp/ipoe.config.j2
@@ -1,3 +1,4 @@
+{# j2lint: disable=operator-enclosed-by-spaces #}
### generated by ipoe.py ###
[modules]
log_syslog
@@ -24,45 +25,50 @@ level=5
[ipoe]
verbose=1
{% for interface in interfaces %}
-{% if interface.vlan_mon %}
-interface=re:{{ interface.name }}\.\d+,{% else %}interface={{ interface.name }},{% endif %}shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }}{{ ',range=' + interface.range if interface.range is defined and interface.range is not none }},start={{ interface.sess_start }},ipv6=1
+{% set tmp = 'interface=' %}
+{% if interface.vlan_mon %}
+{% set tmp = tmp ~ 're:' ~ interface.name ~ '\.\d+' %}
+{% else %}
+{% set tmp = tmp ~ interface.name %}
+{% endif %}
+{{ tmp }},shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }}{{ ',range=' ~ interface.range if interface.range is defined and interface.range is not none }},start={{ interface.sess_start }},ipv6=1
{% endfor %}
-{% if auth_mode == 'noauth' %}
+{% if auth_mode == 'noauth' %}
noauth=1
{% if client_named_ip_pool %}
-{% for pool in client_named_ip_pool %}
-{% if pool.subnet is defined %}
+{% for pool in client_named_ip_pool %}
+{% if pool.subnet is defined %}
ip-pool={{ pool.name }}
-{% endif %}
-{% if pool.gateway_address is defined %}
+{% endif %}
+{% if pool.gateway_address is defined %}
gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }}
-{% endif %}
-{% endfor%}
+{% endif %}
+{% endfor %}
{% endif %}
-{% elif auth_mode == 'local' %}
+{% elif auth_mode == 'local' %}
username=ifname
password=csid
{% endif %}
proxy-arp=1
{% for interface in interfaces %}
-{% if (interface.shared == '0') and (interface.vlan_mon) %}
+{% if (interface.shared == '0') and (interface.vlan_mon) %}
vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }}
-{% endif %}
+{% endif %}
{% endfor %}
{% if dnsv4 %}
[dns]
-{% for dns in dnsv4 %}
+{% for dns in dnsv4 %}
dns{{ loop.index }}={{ dns }}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if dnsv6 %}
[ipv6-dns]
-{% for dns in dnsv6 %}
+{% for dns in dnsv6 %}
{{ dns }}
-{% endfor %}
+{% endfor %}
{% endif %}
[ipv6-nd]
@@ -73,24 +79,24 @@ verbose=1
{% if client_named_ip_pool %}
[ip-pool]
-{% for pool in client_named_ip_pool %}
-{% if pool.subnet is defined %}
+{% for pool in client_named_ip_pool %}
+{% if pool.subnet is defined %}
{{ pool.subnet }},name={{ pool.name }}
-{% endif %}
-{% if pool.gateway_address is defined %}
+{% endif %}
+{% if pool.gateway_address is defined %}
gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }}
-{% endif %}
-{% endfor%}
+{% endif %}
+{% endfor %}
{% endif %}
{% if client_ipv6_pool %}
[ipv6-pool]
-{% for p in client_ipv6_pool %}
+{% for p in client_ipv6_pool %}
{{ p.prefix }},{{ p.mask }}
-{% endfor %}
-{% for p in client_ipv6_delegate_prefix %}
+{% endfor %}
+{% for p in client_ipv6_delegate_prefix %}
delegate={{ p.prefix }},{{ p.mask }}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if auth_mode == 'local' %}
@@ -99,39 +105,37 @@ chap-secrets={{ chap_secrets_file }}
{% elif auth_mode == 'radius' %}
[radius]
verbose=1
-{% for r in radius_server %}
+{% for r in radius_server %}
server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
-{% endfor %}
+{% endfor %}
-{% if radius_acct_inter_jitter %}
+{% if radius_acct_inter_jitter %}
acct-interim-jitter={{ radius_acct_inter_jitter }}
-{% endif %}
+{% endif %}
acct-timeout={{ radius_acct_tmo }}
timeout={{ radius_timeout }}
max-try={{ radius_max_try }}
-{% if radius_nas_id %}
+{% if radius_nas_id %}
nas-identifier={{ radius_nas_id }}
-{% endif %}
-{% if radius_nas_ip %}
+{% endif %}
+{% if radius_nas_ip %}
nas-ip-address={{ radius_nas_ip }}
-{% endif %}
-{% if radius_source_address %}
+{% endif %}
+{% if radius_source_address %}
bind={{ radius_source_address }}
-{% endif %}
-
-{% if radius_dynamic_author %}
+{% endif %}
+{% if radius_dynamic_author %}
dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }}
-{% endif %}
-
-{% if radius_shaper_attr %}
+{% endif %}
+{% if radius_shaper_attr %}
[shaper]
verbose=1
attr={{ radius_shaper_attr }}
-{% if radius_shaper_vendor %}
+{% if radius_shaper_vendor %}
vendor={{ radius_shaper_vendor }}
-{% endif %}
-{% endif %}
+{% endif %}
+{% endif %}
{% endif %}
[cli]
diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.j2
index 9fcda76d4..9eeaf7622 100644
--- a/data/templates/accel-ppp/l2tp.config.tmpl
+++ b/data/templates/accel-ppp/l2tp.config.j2
@@ -3,9 +3,9 @@
log_syslog
l2tp
chap-secrets
-{% for proto in auth_proto: %}
-{{proto}}
-{% endfor%}
+{% for proto in auth_proto %}
+{{ proto }}
+{% endfor %}
{% if auth_mode == 'radius' %}
radius
@@ -18,7 +18,7 @@ ipv6_nd
ipv6_dhcp
[core]
-thread-count={{thread_cnt}}
+thread-count={{ thread_cnt }}
[log]
syslog=accel-l2tp,daemon
@@ -27,23 +27,23 @@ level=5
{% if dnsv4 %}
[dns]
-{% for dns in dnsv4 %}
+{% for dns in dnsv4 %}
dns{{ loop.index }}={{ dns }}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if dnsv6 %}
[ipv6-dns]
-{% for dns in dnsv6 %}
+{% for dns in dnsv6 %}
{{ dns }}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if wins %}
[wins]
-{% for server in wins %}
+{% for server in wins %}
wins{{ loop.index }}={{ server }}
-{% endfor %}
+{% endfor %}
{% endif %}
[l2tp]
@@ -66,14 +66,14 @@ host-name={{ lns_host_name }}
{% if client_ip_pool or client_ip_subnets %}
[ip-pool]
-{% if client_ip_pool %}
+{% if client_ip_pool %}
{{ client_ip_pool }}
-{% endif %}
-{% if client_ip_subnets %}
-{% for sn in client_ip_subnets %}
-{{sn}}
-{% endfor %}
-{% endif %}
+{% endif %}
+{% if client_ip_subnets %}
+{% for sn in client_ip_subnets %}
+{{ sn }}
+{% endfor %}
+{% endif %}
{% endif %}
{% if gateway_address %}
gw-ip-address={{ gateway_address }}
@@ -85,27 +85,24 @@ chap-secrets={{ chap_secrets_file }}
{% elif auth_mode == 'radius' %}
[radius]
verbose=1
-{% for r in radius_server %}
+{% for r in radius_server %}
server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
-{% endfor %}
-
-{% if radius_acct_inter_jitter %}
+{% endfor %}
+{% if radius_acct_inter_jitter %}
acct-interim-jitter={{ radius_acct_inter_jitter }}
-{% endif %}
-
+{% endif %}
acct-timeout={{ radius_acct_tmo }}
timeout={{ radius_timeout }}
max-try={{ radius_max_try }}
-
-{% if radius_nas_id %}
+{% if radius_nas_id %}
nas-identifier={{ radius_nas_id }}
-{% endif %}
-{% if radius_nas_ip %}
+{% endif %}
+{% if radius_nas_ip %}
nas-ip-address={{ radius_nas_ip }}
-{% endif %}
-{% if radius_source_address %}
+{% endif %}
+{% if radius_source_address %}
bind={{ radius_source_address }}
-{% endif %}
+{% endif %}
{% endif %}
{% if gateway_address %}
gw-ip-address={{ gateway_address }}
@@ -128,12 +125,12 @@ ipv6=allow
{% if client_ipv6_pool %}
[ipv6-pool]
-{% for p in client_ipv6_pool %}
+{% for p in client_ipv6_pool %}
{{ p.prefix }},{{ p.mask }}
-{% endfor %}
-{% for p in client_ipv6_delegate_prefix %}
+{% endfor %}
+{% for p in client_ipv6_delegate_prefix %}
delegate={{ p.prefix }},{{ p.mask }}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if client_ipv6_delegate_prefix %}
@@ -145,9 +142,9 @@ verbose=1
[shaper]
verbose=1
attr={{ radius_shaper_attr }}
-{% if radius_shaper_vendor %}
+{% if radius_shaper_vendor %}
vendor={{ radius_shaper_vendor }}
-{% endif %}
+{% endif %}
{% endif %}
[cli]
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.j2
index 81b98cc81..0a92e2d54 100644
--- a/data/templates/accel-ppp/pppoe.config.tmpl
+++ b/data/templates/accel-ppp/pppoe.config.j2
@@ -49,9 +49,9 @@ disable
{% if wins_server is vyos_defined %}
[wins]
-{% for server in wins_server %}
+{% for server in wins_server %}
wins{{ loop.index }}={{ server }}
-{% endfor %}
+{% endfor %}
{% endif %}
{# Common chap-secrets and RADIUS server/option definitions #}
@@ -85,12 +85,12 @@ ipv4={{ ppp_options.ipv4 }}
{# IPv6 #}
{% if ppp_options.ipv6 is vyos_defined %}
ipv6={{ ppp_options.ipv6 }}
-{% if ppp_options.ipv6_intf_id is vyos_defined %}
+{% if ppp_options.ipv6_intf_id is vyos_defined %}
ipv6-intf-id={{ ppp_options.ipv6_intf_id }}
-{% endif %}
-{% if ppp_options.ipv6_peer_intf_id is vyos_defined %}
+{% endif %}
+{% if ppp_options.ipv6_peer_intf_id is vyos_defined %}
ipv6-peer-intf-id={{ ppp_options.ipv6_peer_intf_id }}
-{% endif %}
+{% endif %}
ipv6-accept-peer-intf-id={{ "1" if ppp_options.ipv6_accept_peer_intf_id is vyos_defined else "0" }}
{% endif %}
{# MTU #}
@@ -104,23 +104,23 @@ verbose=1
ac-name={{ access_concentrator }}
{% if interface is vyos_defined %}
-{% for iface, iface_config in interface.items() %}
-{% if iface_config.vlan_id is not vyos_defined and iface_config.vlan_range is not vyos_defined %}
+{% for iface, iface_config in interface.items() %}
+{% if iface_config.vlan_id is not vyos_defined and iface_config.vlan_range is not vyos_defined %}
interface={{ iface }}
-{% endif %}
-{% if iface_config.vlan_range is vyos_defined %}
-{% for regex in iface_config.regex %}
+{% endif %}
+{% if iface_config.vlan_range is vyos_defined %}
+{% for regex in iface_config.regex %}
interface=re:^{{ iface | replace('.', '\\.') }}\.({{ regex }})$
-{% endfor %}
+{% endfor %}
vlan-mon={{ iface }},{{ iface_config.vlan_range | join(',') }}
-{% endif %}
-{% if iface_config.vlan_id is vyos_defined %}
-{% for vlan in iface_config.vlan_id %}
+{% endif %}
+{% if iface_config.vlan_id is vyos_defined %}
+{% for vlan in iface_config.vlan_id %}
vlan-mon={{ iface }},{{ vlan }}
interface=re:^{{ iface | replace('.', '\\.') }}\.{{ vlan }}$
-{% endfor %}
-{% endif %}
-{% endfor %}
+{% endfor %}
+{% endif %}
+{% endfor %}
{% endif %}
{% if service_name %}
@@ -128,14 +128,14 @@ service-name={{ service_name | join(',') }}
{% endif %}
{% if pado_delay %}
-{% set pado_delay_param = namespace(value='0') %}
-{% for delay in pado_delay|sort(attribute='0') %}
-{% if not loop.last %}
-{% set pado_delay_param.value = pado_delay_param.value + ',' + delay + ':' + pado_delay[delay].sessions %}
-{% else %}
-{% set pado_delay_param.value = pado_delay_param.value + ',-1:' + pado_delay[delay].sessions %}
-{% endif %}
-{% endfor %}
+{% set pado_delay_param = namespace(value='0') %}
+{% for delay in pado_delay | sort(attribute='0') %}
+{% if not loop.last %}
+{% set pado_delay_param.value = pado_delay_param.value + ',' + delay + ':' + pado_delay[delay].sessions %}
+{% else %}
+{% set pado_delay_param.value = pado_delay_param.value + ',-1:' + pado_delay[delay].sessions %}
+{% endif %}
+{% endfor %}
pado-delay={{ pado_delay_param.value }}
{% endif %}
{% if authentication.radius.called_sid_format is vyos_defined %}
@@ -144,15 +144,15 @@ called-sid={{ authentication.radius.called_sid_format }}
{% if limits is vyos_defined %}
[connlimit]
-{% if limits.connection_limit is vyos_defined %}
+{% if limits.connection_limit is vyos_defined %}
limit={{ limits.connection_limit }}
-{% endif %}
-{% if limits.burst is vyos_defined %}
+{% endif %}
+{% if limits.burst is vyos_defined %}
burst={{ limits.burst }}
-{% endif %}
-{% if limits.timeout is vyos_defined %}
+{% endif %}
+{% if limits.timeout is vyos_defined %}
timeout={{ limits.timeout }}
-{% endif %}
+{% endif %}
{% endif %}
{# Common RADIUS shaper configuration #}
@@ -162,10 +162,10 @@ timeout={{ limits.timeout }}
[pppd-compat]
verbose=1
radattr-prefix=/run/accel-pppd/radattr
-{% set script_name = {'on_up': 'ip-up', 'on_down': 'ip-down', 'on_change':'ip-change', 'on_pre_up':'ip-pre-up'} %}
-{% for script in extended_scripts %}
+{% set script_name = {'on_up': 'ip-up', 'on_down': 'ip-down', 'on_change':'ip-change', 'on_pre_up':'ip-pre-up'} %}
+{% for script in extended_scripts %}
{{ script_name[script] }}={{ extended_scripts[script] }}
-{% endfor %}
+{% endfor %}
{% endif %}
[cli]
diff --git a/data/templates/accel-ppp/pptp.config.tmpl b/data/templates/accel-ppp/pptp.config.j2
index 3cfc4a906..cc1a45d6b 100644
--- a/data/templates/accel-ppp/pptp.config.tmpl
+++ b/data/templates/accel-ppp/pptp.config.j2
@@ -10,7 +10,7 @@ radius
{% endif %}
ippool
{% for proto in auth_proto %}
-{{proto}}
+{{ proto }}
{% endfor %}
[core]
@@ -23,16 +23,16 @@ level=5
{% if dnsv4 %}
[dns]
-{% for dns in dnsv4 %}
+{% for dns in dnsv4 %}
dns{{ loop.index }}={{ dns }}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if wins %}
[wins]
-{% for server in wins %}
+{% for server in wins %}
wins{{ loop.index }}={{ server }}
-{% endfor %}
+{% endfor %}
{% endif %}
@@ -42,7 +42,7 @@ ifname=pptp%d
bind={{ outside_addr }}
{% endif %}
verbose=1
-ppp-max-mtu={{mtu}}
+ppp-max-mtu={{ mtu }}
mppe={{ ppp_mppe }}
echo-interval=10
echo-failure=3
@@ -66,27 +66,27 @@ chap-secrets={{ chap_secrets_file }}
{% elif auth_mode == 'radius' %}
[radius]
verbose=1
-{% for r in radius_server %}
+{% for r in radius_server %}
server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
-{% endfor %}
+{% endfor %}
-{% if radius_acct_inter_jitter %}
+{% if radius_acct_inter_jitter %}
acct-interim-jitter={{ radius_acct_inter_jitter }}
-{% endif %}
+{% endif %}
acct-timeout={{ radius_acct_tmo }}
timeout={{ radius_timeout }}
max-try={{ radius_max_try }}
-{% if radius_nas_id %}
+{% if radius_nas_id %}
nas-identifier={{ radius_nas_id }}
-{% endif %}
-{% if radius_nas_ip %}
+{% endif %}
+{% if radius_nas_ip %}
nas-ip-address={{ radius_nas_ip }}
-{% endif %}
-{% if radius_source_address %}
+{% endif %}
+{% if radius_source_address %}
bind={{ radius_source_address }}
-{% endif %}
+{% endif %}
{% endif %}
{# Both chap-secrets and radius block required the gw-ip-address #}
{% if gw_ip is defined and gw_ip is not none %}
diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.j2
index 5c6f19306..5c6f19306 100644
--- a/data/templates/accel-ppp/sstp.config.tmpl
+++ b/data/templates/accel-ppp/sstp.config.j2
diff --git a/data/templates/bcast-relay/udp-broadcast-relay.tmpl b/data/templates/bcast-relay/udp-broadcast-relay.j2
index 75740e04c..75740e04c 100644
--- a/data/templates/bcast-relay/udp-broadcast-relay.tmpl
+++ b/data/templates/bcast-relay/udp-broadcast-relay.j2
diff --git a/data/templates/conntrack/nftables-ct.j2 b/data/templates/conntrack/nftables-ct.j2
new file mode 100644
index 000000000..16a03fc6e
--- /dev/null
+++ b/data/templates/conntrack/nftables-ct.j2
@@ -0,0 +1,48 @@
+#!/usr/sbin/nft -f
+
+{% set nft_ct_ignore_name = 'VYOS_CT_IGNORE' %}
+{% set nft_ct_timeout_name = 'VYOS_CT_TIMEOUT' %}
+
+# we first flush all chains and render the content from scratch - this makes
+# any delta check obsolete
+flush chain raw {{ nft_ct_ignore_name }}
+flush chain raw {{ nft_ct_timeout_name }}
+
+table raw {
+ chain {{ nft_ct_ignore_name }} {
+{% if ignore.rule is vyos_defined %}
+{% for rule, rule_config in ignore.rule.items() %}
+ # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }}
+{% set nft_command = '' %}
+{% if rule_config.inbound_interface is vyos_defined %}
+{% set nft_command = nft_command ~ ' iifname ' ~ rule_config.inbound_interface %}
+{% endif %}
+{% if rule_config.protocol is vyos_defined %}
+{% set nft_command = nft_command ~ ' ip protocol ' ~ rule_config.protocol %}
+{% endif %}
+{% if rule_config.destination.address is vyos_defined %}
+{% set nft_command = nft_command ~ ' ip daddr ' ~ rule_config.destination.address %}
+{% endif %}
+{% if rule_config.destination.port is vyos_defined %}
+{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' dport { ' ~ rule_config.destination.port ~ ' }' %}
+{% endif %}
+{% if rule_config.source.address is vyos_defined %}
+{% set nft_command = nft_command ~ ' ip saddr ' ~ rule_config.source.address %}
+{% endif %}
+{% if rule_config.source.port is vyos_defined %}
+{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' sport { ' ~ rule_config.source.port ~ ' }' %}
+{% endif %}
+ {{ nft_command }} counter notrack comment ignore-{{ rule }}
+{% endfor %}
+{% endif %}
+ return
+ }
+ chain {{ nft_ct_timeout_name }} {
+{% if timeout.custom.rule is vyos_defined %}
+{% for rule, rule_config in timeout.custom.rule.items() %}
+ # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }}
+{% endfor %}
+{% endif %}
+ return
+ }
+}
diff --git a/data/templates/conntrack/nftables-ct.tmpl b/data/templates/conntrack/nftables-ct.tmpl
deleted file mode 100644
index 569e73df1..000000000
--- a/data/templates/conntrack/nftables-ct.tmpl
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/sbin/nft -f
-
-{% set nft_ct_ignore_name = 'VYOS_CT_IGNORE' %}
-{% set nft_ct_timeout_name = 'VYOS_CT_TIMEOUT' %}
-
-# we first flush all chains and render the content from scratch - this makes
-# any delta check obsolete
-flush chain raw {{ nft_ct_ignore_name }}
-flush chain raw {{ nft_ct_timeout_name }}
-
-table raw {
- chain {{ nft_ct_ignore_name }} {
-{% if ignore.rule is vyos_defined %}
-{% for rule, rule_config in ignore.rule.items() %}
- # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }}
-{% set nft_command = '' %}
-{% if rule_config.inbound_interface is vyos_defined %}
-{% set nft_command = nft_command ~ ' iifname ' ~ rule_config.inbound_interface %}
-{% endif %}
-{% if rule_config.protocol is vyos_defined %}
-{% set nft_command = nft_command ~ ' ip protocol ' ~ rule_config.protocol %}
-{% endif %}
-{% if rule_config.destination.address is vyos_defined %}
-{% set nft_command = nft_command ~ ' ip daddr ' ~ rule_config.destination.address %}
-{% endif %}
-{% if rule_config.destination.port is vyos_defined %}
-{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' dport { ' ~ rule_config.destination.port ~ ' }' %}
-{% endif %}
-{% if rule_config.source.address is vyos_defined %}
-{% set nft_command = nft_command ~ ' ip saddr ' ~ rule_config.source.address %}
-{% endif %}
-{% if rule_config.source.port is vyos_defined %}
-{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' sport { ' ~ rule_config.source.port ~ ' }' %}
-{% endif %}
- {{ nft_command }} counter notrack comment ignore-{{ rule }}
-{% endfor %}
-{% endif %}
- return
- }
- chain {{ nft_ct_timeout_name }} {
-{% if timeout.custom.rule is vyos_defined %}
-{% for rule, rule_config in timeout.custom.rule.items() %}
- # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }}
-{% endfor %}
-{% endif %}
- return
- }
-}
diff --git a/data/templates/conntrack/sysctl.conf.tmpl b/data/templates/conntrack/sysctl.conf.j2
index 075402c04..075402c04 100644
--- a/data/templates/conntrack/sysctl.conf.tmpl
+++ b/data/templates/conntrack/sysctl.conf.j2
diff --git a/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl b/data/templates/conntrack/vyos_nf_conntrack.conf.j2
index 111459485..111459485 100644
--- a/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl
+++ b/data/templates/conntrack/vyos_nf_conntrack.conf.j2
diff --git a/data/templates/conntrackd/conntrackd.conf.tmpl b/data/templates/conntrackd/conntrackd.conf.j2
index 80e7254a0..66024869d 100644
--- a/data/templates/conntrackd/conntrackd.conf.tmpl
+++ b/data/templates/conntrackd/conntrackd.conf.j2
@@ -6,11 +6,11 @@ Sync {
DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }}
}
{% for iface, iface_config in interface.items() %}
-{% if iface_config.peer is vyos_defined %}
+{% if iface_config.peer is vyos_defined %}
UDP {
-{% if listen_address is vyos_defined %}
+{% if listen_address is vyos_defined %}
IPv4_address {{ listen_address }}
-{% endif %}
+{% endif %}
IPv4_Destination_Address {{ iface_config.peer }}
Port {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
Interface {{ iface }}
@@ -18,9 +18,9 @@ Sync {
RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
Checksum on
}
-{% else %}
+{% else %}
Multicast {
-{% set ip_address = iface | get_ipv4 %}
+{% set ip_address = iface | get_ipv4 %}
IPv4_address {{ mcast_group }}
Group {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
IPv4_interface {{ ip_address[0] | ip_from_cidr }}
@@ -29,19 +29,19 @@ Sync {
RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
Checksum on
}
-{% endif %}
+{% endif %}
{% endfor %}
{% if expect_sync is vyos_defined %}
Options {
-{% if 'all' in expect_sync %}
+{% if 'all' in expect_sync %}
ExpectationSync on
-{% else %}
+{% else %}
ExpectationSync {
-{% for protocol in expect_sync %}
+{% for protocol in expect_sync %}
{{ protocol }}
-{% endfor %}
+{% endfor %}
}
-{% endif %}
+{% endif %}
}
{% endif %}
}
@@ -85,27 +85,27 @@ General {
NetlinkEventsReliable on
{% if ignore_address is vyos_defined or accept_protocol is vyos_defined %}
Filter From Userspace {
-{% if ignore_address is vyos_defined %}
+{% if ignore_address is vyos_defined %}
Address Ignore {
-{% for address in ignore_address if address | is_ipv4 %}
+{% for address in ignore_address if address | is_ipv4 %}
IPv4_address {{ address }}
-{% endfor %}
-{% for address in ignore_address if address | is_ipv6 %}
+{% endfor %}
+{% for address in ignore_address if address | is_ipv6 %}
IPv6_address {{ address }}
-{% endfor %}
+{% endfor %}
}
-{% endif %}
-{% if accept_protocol is vyos_defined %}
+{% endif %}
+{% if accept_protocol is vyos_defined %}
Protocol Accept {
-{% for protocol in accept_protocol %}
-{% if protocol == 'icmp6' %}
+{% for protocol in accept_protocol %}
+{% if protocol == 'icmp6' %}
IPv6-ICMP
-{% else %}
+{% else %}
{{ protocol | upper }}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
}
-{% endif %}
+{% endif %}
}
{% endif %}
}
diff --git a/data/templates/conntrackd/conntrackd.op-mode.j2 b/data/templates/conntrackd/conntrackd.op-mode.j2
new file mode 100644
index 000000000..82f7e2859
--- /dev/null
+++ b/data/templates/conntrackd/conntrackd.op-mode.j2
@@ -0,0 +1,13 @@
+Source Destination Protocol
+{% for parsed in data if parsed.flow.meta is vyos_defined %}
+{% for key in parsed.flow.meta %}
+{% if key['@direction'] == 'original' %}
+{% set saddr = key.layer3.src | bracketize_ipv6 %}
+{% set sport = key.layer4.sport %}
+{% set daddr = key.layer3.dst | bracketize_ipv6 %}
+{% set dport = key.layer4.dport %}
+{% set protocol = key.layer4['@protoname'] %}
+{{ "%-48s" | format(saddr ~ ':' ~ sport) }} {{ "%-48s" | format(daddr ~ ':' ~ dport) }} {{ protocol }}
+{% endif %}
+{% endfor %}
+{% endfor %}
diff --git a/data/templates/conntrackd/conntrackd.op-mode.tmpl b/data/templates/conntrackd/conntrackd.op-mode.tmpl
deleted file mode 100644
index c3f6911ce..000000000
--- a/data/templates/conntrackd/conntrackd.op-mode.tmpl
+++ /dev/null
@@ -1,13 +0,0 @@
-Source Destination Protocol
-{% for parsed in data if parsed.flow.meta is vyos_defined %}
-{% for key in parsed.flow.meta %}
-{% if key['@direction'] == 'original' %}
-{% set saddr = key.layer3.src | bracketize_ipv6 %}
-{% set sport = key.layer4.sport %}
-{% set daddr = key.layer3.dst | bracketize_ipv6 %}
-{% set dport = key.layer4.dport %}
-{% set protocol = key.layer4['@protoname'] %}
-{{ "%-48s" | format(saddr ~ ':' ~ sport) }} {{ "%-48s" | format(daddr ~ ':' ~ dport) }} {{ protocol }}
-{% endif %}
-{% endfor %}
-{% endfor %}
diff --git a/data/templates/conserver/conserver.conf.tmpl b/data/templates/conserver/conserver.conf.j2
index 4e7b5d8d7..1823657d7 100644
--- a/data/templates/conserver/conserver.conf.tmpl
+++ b/data/templates/conserver/conserver.conf.j2
@@ -17,7 +17,7 @@ default * {
##
{% for key, value in device.items() %}
{# Depending on our USB serial console we could require a path adjustment #}
-{% set path = '/dev' if key.startswith('ttyS') else '/dev/serial/by-bus' %}
+{% set path = '/dev' if key.startswith('ttyS') else '/dev/serial/by-bus' %}
console {{ key }} {
master localhost;
type device;
diff --git a/data/templates/conserver/dropbear@.service.tmpl b/data/templates/conserver/dropbear@.service.j2
index e355dab43..e355dab43 100644
--- a/data/templates/conserver/dropbear@.service.tmpl
+++ b/data/templates/conserver/dropbear@.service.j2
diff --git a/data/templates/container/registries.conf.j2 b/data/templates/container/registries.conf.j2
new file mode 100644
index 000000000..2e86466a1
--- /dev/null
+++ b/data/templates/container/registries.conf.j2
@@ -0,0 +1,27 @@
+### Autogenerated by container.py ###
+
+# For more information on this configuration file, see containers-registries.conf(5).
+#
+# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES
+# We recommend always using fully qualified image names including the registry
+# server (full dns name), namespace, image name, and tag
+# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,
+# quay.io/repository/name@digest) further eliminates the ambiguity of tags.
+# When using short names, there is always an inherent risk that the image being
+# pulled could be spoofed. For example, a user wants to pull an image named
+# `foobar` from a registry and expects it to come from myregistry.com. If
+# myregistry.com is not first in the search list, an attacker could place a
+# different `foobar` image at a registry earlier in the search list. The user
+# would accidentally pull and run the attacker's image and code rather than the
+# intended content. We recommend only adding registries which are completely
+# trusted (i.e., registries which don't allow unknown or anonymous users to
+# create accounts with arbitrary names). This will prevent an image from being
+# spoofed, squatted or otherwise made insecure. If it is necessary to use one
+# of these registries, it should be added at the end of the list.
+#
+# An array of host[:port] registries to try when pulling an unqualified image, in order.
+# unqualified-search-registries = ["example.com"]
+
+{% if registry is vyos_defined %}
+unqualified-search-registries = {{ registry }}
+{% endif %}
diff --git a/data/templates/container/storage.conf.j2 b/data/templates/container/storage.conf.j2
new file mode 100644
index 000000000..665f9bf95
--- /dev/null
+++ b/data/templates/container/storage.conf.j2
@@ -0,0 +1,4 @@
+### Autogenerated by container.py ###
+[storage]
+ driver = "vfs"
+ graphroot = "/usr/lib/live/mount/persistence/container/storage"
diff --git a/data/templates/containers/registry.tmpl b/data/templates/containers/registry.tmpl
deleted file mode 100644
index 0cbd9ecc2..000000000
--- a/data/templates/containers/registry.tmpl
+++ /dev/null
@@ -1,5 +0,0 @@
-### Autogenerated by /usr/libexec/vyos/conf_mode/containers.py ###
-
-{% if registry is vyos_defined %}
-unqualified-search-registries = {{ registry }}
-{% endif %}
diff --git a/data/templates/containers/storage.tmpl b/data/templates/containers/storage.tmpl
deleted file mode 100644
index 3a69b7252..000000000
--- a/data/templates/containers/storage.tmpl
+++ /dev/null
@@ -1,5 +0,0 @@
-### Autogenerated by /usr/libexec/vyos/conf_mode/containers.py ###
-
-[storage]
- driver = "vfs"
- graphroot = "/config/containers/storage"
diff --git a/data/templates/dhcp-server/dhcpd.conf.j2 b/data/templates/dhcp-server/dhcpd.conf.j2
index 40575cea2..4c2da0aa5 100644
--- a/data/templates/dhcp-server/dhcpd.conf.j2
+++ b/data/templates/dhcp-server/dhcpd.conf.j2
@@ -23,6 +23,15 @@ option rfc3442-static-route code 121 = array of integer 8;
option windows-static-route code 249 = array of integer 8;
option wpad-url code 252 = text;
+# Vendor specific options - Ubiquiti Networks
+option space ubnt;
+option ubnt.unifi-controller code 1 = ip-address;
+class "ubnt" {
+ match if substring (option vendor-class-identifier , 0, 4) = "ubnt";
+ option vendor-class-identifier "ubnt";
+ vendor-option-space ubnt;
+}
+
{% if global_parameters is vyos_defined %}
# The following {{ global_parameters | length }} line(s) have been added as
# global-parameters in the CLI and have not been validated !!!
@@ -194,6 +203,9 @@ shared-network {{ network }} {
}
{% endfor %}
{% endif %}
+{% if subnet_config.vendor_option.ubiquiti.unifi_controller is vyos_defined %}
+ option ubnt.unifi-controller {{ subnet_config.vendor_option.ubiquiti.unifi_controller }};
+{% endif %}
{% if subnet_config.range is vyos_defined %}
{# pool configuration can only be used if there follows a range option #}
pool {
diff --git a/data/templates/dhcp-server/dhcpdv6.conf.j2 b/data/templates/dhcp-server/dhcpdv6.conf.j2
index 284b7f269..5c3471316 100644
--- a/data/templates/dhcp-server/dhcpdv6.conf.j2
+++ b/data/templates/dhcp-server/dhcpdv6.conf.j2
@@ -12,6 +12,11 @@ option dhcp6.preference {{ preference }};
option dhcp6.name-servers {{ global_parameters.name_server | join(', ') }};
{% endif %}
+# Vendor specific options - Cisco
+option space cisco code width 2 length width 2;
+option cisco.tftp-servers code 1 = array of ip6-address;
+option vsio.cisco code 9 = encapsulate cisco;
+
# Shared network configration(s)
{% if shared_network_name is vyos_defined %}
{% for network, network_config in shared_network_name.items() if network_config.disable is not vyos_defined %}
@@ -113,6 +118,9 @@ shared-network {{ network }} {
}
{% endfor %}
{% endif %}
+{% if subnet_config.vendor_option.cisco.tftp_server is vyos_defined %}
+ option cisco.tftp-servers {{ subnet_config.vendor_option.cisco.tftp_server | join(', ') }};
+{% endif %}
}
{% endfor %}
{% endif %}
diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2
new file mode 100644
index 000000000..4fa92f2e3
--- /dev/null
+++ b/data/templates/firewall/nftables-defines.j2
@@ -0,0 +1,32 @@
+{% if group is vyos_defined %}
+{% if group.address_group is vyos_defined %}
+{% for group_name, group_conf in group.address_group.items() %}
+define A_{{ group_name }} = { {{ group_conf.address | join(",") }} }
+{% endfor %}
+{% endif %}
+{% if group.ipv6_address_group is vyos_defined %}
+{% for group_name, group_conf in group.ipv6_address_group.items() %}
+define A6_{{ group_name }} = { {{ group_conf.address | join(",") }} }
+{% endfor %}
+{% endif %}
+{% if group.mac_group is vyos_defined %}
+{% for group_name, group_conf in group.mac_group.items() %}
+define M_{{ group_name }} = { {{ group_conf.mac_address | join(",") }} }
+{% endfor %}
+{% endif %}
+{% if group.network_group is vyos_defined %}
+{% for group_name, group_conf in group.network_group.items() %}
+define N_{{ group_name }} = { {{ group_conf.network | join(",") }} }
+{% endfor %}
+{% endif %}
+{% if group.ipv6_network_group is vyos_defined %}
+{% for group_name, group_conf in group.ipv6_network_group.items() %}
+define N6_{{ group_name }} = { {{ group_conf.network | join(",") }} }
+{% endfor %}
+{% endif %}
+{% if group.port_group is vyos_defined %}
+{% for group_name, group_conf in group.port_group.items() %}
+define P_{{ group_name }} = { {{ group_conf.port | join(",") }} }
+{% endfor %}
+{% endif %}
+{% endif %} \ No newline at end of file
diff --git a/data/templates/firewall/nftables-defines.tmpl b/data/templates/firewall/nftables-defines.tmpl
deleted file mode 100644
index 66d31093b..000000000
--- a/data/templates/firewall/nftables-defines.tmpl
+++ /dev/null
@@ -1,32 +0,0 @@
-{% if group is vyos_defined %}
-{% if group.address_group is vyos_defined %}
-{% for group_name, group_conf in group.address_group.items() %}
-define A_{{ group_name }} = { {{ group_conf.address | join(",") }} }
-{% endfor %}
-{% endif %}
-{% if group.ipv6_address_group is vyos_defined %}
-{% for group_name, group_conf in group.ipv6_address_group.items() %}
-define A6_{{ group_name }} = { {{ group_conf.address | join(",") }} }
-{% endfor %}
-{% endif %}
-{% if group.mac_group is vyos_defined %}
-{% for group_name, group_conf in group.mac_group.items() %}
-define M_{{ group_name }} = { {{ group_conf.mac_address | join(",") }} }
-{% endfor %}
-{% endif %}
-{% if group.network_group is vyos_defined %}
-{% for group_name, group_conf in group.network_group.items() %}
-define N_{{ group_name }} = { {{ group_conf.network | join(",") }} }
-{% endfor %}
-{% endif %}
-{% if group.ipv6_network_group is vyos_defined %}
-{% for group_name, group_conf in group.ipv6_network_group.items() %}
-define N6_{{ group_name }} = { {{ group_conf.network | join(",") }} }
-{% endfor %}
-{% endif %}
-{% if group.port_group is vyos_defined %}
-{% for group_name, group_conf in group.port_group.items() %}
-define P_{{ group_name }} = { {{ group_conf.port | join(",") }} }
-{% endfor %}
-{% endif %}
-{% endif %} \ No newline at end of file
diff --git a/data/templates/firewall/nftables-nat.j2 b/data/templates/firewall/nftables-nat.j2
new file mode 100644
index 000000000..1481e9104
--- /dev/null
+++ b/data/templates/firewall/nftables-nat.j2
@@ -0,0 +1,182 @@
+#!/usr/sbin/nft -f
+
+{% macro nat_rule(rule, config, chain) %}
+{% set comment = '' %}
+{% set base_log = '' %}
+{% set src_addr = 'ip saddr ' ~ config.source.address.replace('!','!= ') if config.source.address is vyos_defined %}
+{% set dst_addr = 'ip daddr ' ~ config.destination.address.replace('!','!= ') if config.destination.address is vyos_defined %}
+{# negated port groups need special treatment, move != in front of { } group #}
+{% if config.source.port is vyos_defined and config.source.port.startswith('!') %}
+{% set src_port = 'sport != { ' ~ config.source.port.replace('!','') ~ ' }' %}
+{% else %}
+{% set src_port = 'sport { ' ~ config.source.port ~ ' }' if config.source.port is vyos_defined %}
+{% endif %}
+{# negated port groups need special treatment, move != in front of { } group #}
+{% if config.destination.port is vyos_defined and config.destination.port.startswith('!') %}
+{% set dst_port = 'dport != { ' ~ config.destination.port.replace('!','') ~ ' }' %}
+{% else %}
+{% set dst_port = 'dport { ' ~ config.destination.port ~ ' }' if config.destination.port is vyos_defined %}
+{% endif %}
+{% if chain is vyos_defined('PREROUTING') %}
+{% set comment = 'DST-NAT-' ~ rule %}
+{% set base_log = '[NAT-DST-' ~ rule %}
+{% set interface = ' iifname "' ~ config.inbound_interface ~ '"' if config.inbound_interface is vyos_defined and config.inbound_interface is not vyos_defined('any') else '' %}
+{% if config.translation.address is vyos_defined %}
+{# support 1:1 network translation #}
+{% if config.translation.address | is_ip_network %}
+{% set trns_addr = 'dnat ip prefix to ip daddr map { ' ~ config.destination.address ~ ' : ' ~ config.translation.address ~ ' }' %}
+{# we can now clear out the dst_addr part as it's already covered in aboves map #}
+{% set dst_addr = '' %}
+{% else %}
+{% set trns_addr = 'dnat to ' ~ config.translation.address %}
+{% endif %}
+{% endif %}
+{% elif chain is vyos_defined('POSTROUTING') %}
+{% set comment = 'SRC-NAT-' ~ rule %}
+{% set base_log = '[NAT-SRC-' ~ rule %}
+{% set interface = ' oifname "' ~ config.outbound_interface ~ '"' if config.outbound_interface is vyos_defined and config.outbound_interface is not vyos_defined('any') else '' %}
+{% if config.translation.address is vyos_defined %}
+{% if config.translation.address is vyos_defined('masquerade') %}
+{% set trns_addr = config.translation.address %}
+{% if config.translation.port is vyos_defined %}
+{% set trns_addr = trns_addr ~ ' to ' %}
+{% endif %}
+{# support 1:1 network translation #}
+{% elif config.translation.address | is_ip_network %}
+{% set trns_addr = 'snat ip prefix to ip saddr map { ' ~ config.source.address ~ ' : ' ~ config.translation.address ~ ' }' %}
+{# we can now clear out the src_addr part as it's already covered in aboves map #}
+{% set src_addr = '' %}
+{% else %}
+{% set trns_addr = 'snat to ' ~ config.translation.address %}
+{% endif %}
+{% endif %}
+{% endif %}
+{% set trns_port = ':' ~ config.translation.port if config.translation.port is vyos_defined %}
+{# protocol has a default value thus it is always present #}
+{% if config.protocol is vyos_defined('tcp_udp') %}
+{% set protocol = 'tcp' %}
+{% set comment = comment ~ ' tcp_udp' %}
+{% else %}
+{% set protocol = config.protocol %}
+{% endif %}
+{% if config.log is vyos_defined %}
+{% if config.exclude is vyos_defined %}
+{% set log = base_log ~ '-EXCL]' %}
+{% elif config.translation.address is vyos_defined('masquerade') %}
+{% set log = base_log ~ '-MASQ]' %}
+{% else %}
+{% set log = base_log ~ ']' %}
+{% endif %}
+{% endif %}
+{% if config.exclude is vyos_defined %}
+{# rule has been marked as 'exclude' thus we simply return here #}
+{% set trns_addr = 'return' %}
+{% set trns_port = '' %}
+{% endif %}
+{# T1083: NAT address and port translation options #}
+{% if config.translation.options is vyos_defined %}
+{% if config.translation.options.address_mapping is vyos_defined('persistent') %}
+{% set trns_opts_addr = 'persistent' %}
+{% endif %}
+{% if config.translation.options.port_mapping is vyos_defined('random') %}
+{% set trns_opts_port = 'random' %}
+{% elif config.translation.options.port_mapping is vyos_defined('fully-random') %}
+{% set trns_opts_port = 'fully-random' %}
+{% endif %}
+{% endif %}
+{% if trns_opts_addr is vyos_defined and trns_opts_port is vyos_defined %}
+{% set trns_opts = trns_opts_addr ~ ',' ~ trns_opts_port %}
+{% elif trns_opts_addr is vyos_defined %}
+{% set trns_opts = trns_opts_addr %}
+{% elif trns_opts_port is vyos_defined %}
+{% set trns_opts = trns_opts_port %}
+{% endif %}
+{% set output = 'add rule ip nat ' ~ chain ~ interface %}
+{% if protocol is not vyos_defined('all') %}
+{% set output = output ~ ' ip protocol ' ~ protocol %}
+{% endif %}
+{% if src_addr is vyos_defined %}
+{% set output = output ~ ' ' ~ src_addr %}
+{% endif %}
+{% if src_port is vyos_defined %}
+{% set output = output ~ ' ' ~ protocol ~ ' ' ~ src_port %}
+{% endif %}
+{% if dst_addr is vyos_defined %}
+{% set output = output ~ ' ' ~ dst_addr %}
+{% endif %}
+{% if dst_port is vyos_defined %}
+{% set output = output ~ ' ' ~ protocol ~ ' ' ~ dst_port %}
+{% endif %}
+{# Count packets #}
+{% set output = output ~ ' counter' %}
+{# Special handling of log option, we must repeat the entire rule before the #}
+{# NAT translation options are added, this is essential #}
+{% if log is vyos_defined %}
+{% set log_output = output ~ ' log prefix "' ~ log ~ '" comment "' ~ comment ~ '"' %}
+{% endif %}
+{% if trns_addr is vyos_defined %}
+{% set output = output ~ ' ' ~ trns_addr %}
+{% endif %}
+{% if trns_port is vyos_defined %}
+{# Do not add a whitespace here, translation port must be directly added after IP address #}
+{# e.g. 192.0.2.10:3389 #}
+{% set output = output ~ trns_port %}
+{% endif %}
+{% if trns_opts is vyos_defined %}
+{% set output = output ~ ' ' ~ trns_opts %}
+{% endif %}
+{% if comment is vyos_defined %}
+{% set output = output ~ ' comment "' ~ comment ~ '"' %}
+{% endif %}
+{{ log_output if log_output is vyos_defined }}
+{{ output }}
+{# Special handling if protocol is tcp_udp, we must repeat the entire rule with udp as protocol #}
+{% if config.protocol is vyos_defined('tcp_udp') %}
+{# Beware of trailing whitespace, without it the comment tcp_udp will be changed to udp_udp #}
+{{ log_output | replace('tcp ', 'udp ') if log_output is vyos_defined }}
+{{ output | replace('tcp ', 'udp ') }}
+{% endif %}
+{% endmacro %}
+
+# Start with clean SNAT and DNAT chains
+flush chain ip nat PREROUTING
+flush chain ip nat POSTROUTING
+{% if helper_functions is vyos_defined('remove') %}
+{# NAT if going to be disabled - remove rules and targets from nftables #}
+{% set base_command = 'delete rule ip raw' %}
+{{ base_command }} PREROUTING handle {{ pre_ct_ignore }}
+{{ base_command }} OUTPUT handle {{ out_ct_ignore }}
+{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }}
+{{ base_command }} OUTPUT handle {{ out_ct_conntrack }}
+
+delete chain ip raw NAT_CONNTRACK
+
+{% elif helper_functions is vyos_defined('add') %}
+{# NAT if enabled - add targets to nftables #}
+add chain ip raw NAT_CONNTRACK
+add rule ip raw NAT_CONNTRACK counter accept
+{% set base_command = 'add rule ip raw' %}
+{{ base_command }} PREROUTING position {{ pre_ct_ignore }} counter jump VYOS_CT_HELPER
+{{ base_command }} OUTPUT position {{ out_ct_ignore }} counter jump VYOS_CT_HELPER
+{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK
+{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK
+{% endif %}
+
+#
+# Destination NAT rules build up here
+#
+add rule ip nat PREROUTING counter jump VYOS_PRE_DNAT_HOOK
+{% if destination.rule is vyos_defined %}
+{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %}
+{{ nat_rule(rule, config, 'PREROUTING') }}
+{% endfor %}
+{% endif %}
+#
+# Source NAT rules build up here
+#
+add rule ip nat POSTROUTING counter jump VYOS_PRE_SNAT_HOOK
+{% if source.rule is vyos_defined %}
+{% for rule, config in source.rule.items() if config.disable is not vyos_defined %}
+{{ nat_rule(rule, config, 'POSTROUTING') }}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl
deleted file mode 100644
index 922f3dcb4..000000000
--- a/data/templates/firewall/nftables-nat.tmpl
+++ /dev/null
@@ -1,179 +0,0 @@
-#!/usr/sbin/nft -f
-
-{% macro nat_rule(rule, config, chain) %}
-{% set comment = '' %}
-{% set base_log = '' %}
-{% set src_addr = 'ip saddr ' ~ config.source.address.replace('!','!= ') if config.source.address is vyos_defined %}
-{% set dst_addr = 'ip daddr ' ~ config.destination.address.replace('!','!= ') if config.destination.address is vyos_defined %}
-{# negated port groups need special treatment, move != in front of { } group #}
-{% if config.source.port is vyos_defined and config.source.port.startswith('!=') %}
-{% set src_port = 'sport != { ' ~ config.source.port.replace('!=','') ~ ' }' %}
-{% else %}
-{% set src_port = 'sport { ' ~ config.source.port ~ ' }' if config.source.port is vyos_defined %}
-{% endif %}
-{# negated port groups need special treatment, move != in front of { } group #}
-{% if config.destination.port is vyos_defined and config.destination.port.startswith('!=') %}
-{% set dst_port = 'dport != { ' ~ config.destination.port.replace('!=','') ~ ' }' %}
-{% else %}
-{% set dst_port = 'dport { ' ~ config.destination.port ~ ' }' if config.destination.port is vyos_defined %}
-{% endif %}
-{% if chain is vyos_defined('PREROUTING') %}
-{% set comment = 'DST-NAT-' ~ rule %}
-{% set base_log = '[NAT-DST-' ~ rule %}
-{% set interface = ' iifname "' ~ config.inbound_interface ~ '"' if config.inbound_interface is vyos_defined and config.inbound_interface is not vyos_defined('any') else '' %}
-{% if config.translation.address is vyos_defined %}
-{# support 1:1 network translation #}
-{% if config.translation.address | is_ip_network %}
-{% set trns_addr = 'dnat ip prefix to ip daddr map { ' ~ config.destination.address ~ ' : ' ~ config.translation.address ~ ' }' %}
-{# we can now clear out the dst_addr part as it's already covered in aboves map #}
-{% set dst_addr = '' %}
-{% else %}
-{% set trns_addr = 'dnat to ' ~ config.translation.address %}
-{% endif %}
-{% endif %}
-{% elif chain is vyos_defined('POSTROUTING') %}
-{% set comment = 'SRC-NAT-' ~ rule %}
-{% set base_log = '[NAT-SRC-' ~ rule %}
-{% set interface = ' oifname "' ~ config.outbound_interface ~ '"' if config.outbound_interface is vyos_defined and config.outbound_interface is not vyos_defined('any') else '' %}
-{% if config.translation.address is vyos_defined %}
-{% if config.translation.address is vyos_defined('masquerade') %}
-{% set trns_addr = config.translation.address %}
-{% if config.translation.port is vyos_defined %}
-{% set trns_addr = trns_addr ~ ' to ' %}
-{% endif %}
-{# support 1:1 network translation #}
-{% elif config.translation.address | is_ip_network %}
-{% set trns_addr = 'snat ip prefix to ip saddr map { ' ~ config.source.address ~ ' : ' ~ config.translation.address ~ ' }' %}
-{# we can now clear out the src_addr part as it's already covered in aboves map #}
-{% set src_addr = '' %}
-{% else %}
-{% set trns_addr = 'snat to ' ~ config.translation.address %}
-{% endif %}
-{% endif %}
-{% endif %}
-{% set trns_port = ':' ~ config.translation.port if config.translation.port is vyos_defined %}
-{# protocol has a default value thus it is always present #}
-{% if config.protocol is vyos_defined('tcp_udp') %}
-{% set protocol = 'tcp' %}
-{% set comment = comment ~ ' tcp_udp' %}
-{% else %}
-{% set protocol = config.protocol %}
-{% endif %}
-{% if config.log is vyos_defined %}
-{% if config.exclude is vyos_defined %}
-{% set log = base_log ~ '-EXCL]' %}
-{% elif config.translation.address is vyos_defined('masquerade') %}
-{% set log = base_log +'-MASQ]' %}
-{% else %}
-{% set log = base_log ~ ']' %}
-{% endif %}
-{% endif %}
-{% if config.exclude is vyos_defined %}
-{# rule has been marked as 'exclude' thus we simply return here #}
-{% set trns_addr = 'return' %}
-{% set trns_port = '' %}
-{% endif %}
-{# T1083: NAT address and port translation options #}
-{% if config.translation.options is vyos_defined %}
-{% if config.translation.options.address_mapping is vyos_defined('persistent') %}
-{% set trns_opts_addr = 'persistent' %}
-{% endif %}
-{% if config.translation.options.port_mapping is vyos_defined('random') %}
-{% set trns_opts_port = 'random' %}
-{% elif config.translation.options.port_mapping is vyos_defined('fully-random') %}
-{% set trns_opts_port = 'fully-random' %}
-{% endif %}
-{% endif %}
-{% if trns_opts_addr is vyos_defined and trns_opts_port is vyos_defined %}
-{% set trns_opts = trns_opts_addr ~ ',' ~ trns_opts_port %}
-{% elif trns_opts_addr is vyos_defined %}
-{% set trns_opts = trns_opts_addr %}
-{% elif trns_opts_port is vyos_defined %}
-{% set trns_opts = trns_opts_port %}
-{% endif %}
-{% set output = 'add rule ip nat ' ~ chain ~ interface %}
-{% if protocol is not vyos_defined('all') %}
-{% set output = output ~ ' ip protocol ' ~ protocol %}
-{% endif %}
-{% if src_addr is vyos_defined %}
-{% set output = output ~ ' ' ~ src_addr %}
-{% endif %}
-{% if src_port is vyos_defined %}
-{% set output = output ~ ' ' ~ protocol ~ ' ' ~ src_port %}
-{% endif %}
-{% if dst_addr is vyos_defined %}
-{% set output = output ~ ' ' ~ dst_addr %}
-{% endif %}
-{% if dst_port is vyos_defined %}
-{% set output = output ~ ' ' ~ protocol ~ ' ' ~ dst_port %}
-{% endif %}
-{# Count packets #}
-{% set output = output ~ ' counter' %}
-{# Special handling of log option, we must repeat the entire rule before the #}
-{# NAT translation options are added, this is essential #}
-{% if log is vyos_defined %}
-{% set log_output = output ~ ' log prefix "' ~ log ~ '" comment "' ~ comment ~ '"' %}
-{% endif %}
-{% if trns_addr is vyos_defined %}
-{% set output = output ~ ' ' ~ trns_addr %}
-{% endif %}
-{% if trns_port is vyos_defined %}
-{# Do not add a whitespace here, translation port must be directly added after IP address #}
-{# e.g. 192.0.2.10:3389 #}
-{% set output = output ~ trns_port %}
-{% endif %}
-{% if trns_opts is vyos_defined %}
-{% set output = output ~ ' ' ~ trns_opts %}
-{% endif %}
-{% if comment is vyos_defined %}
-{% set output = output ~ ' comment "' ~ comment ~ '"' %}
-{% endif %}
-{{ log_output if log_output is vyos_defined}}
-{{ output }}
-{# Special handling if protocol is tcp_udp, we must repeat the entire rule with udp as protocol #}
-{% if config.protocol is vyos_defined('tcp_udp') %}
-{# Beware of trailing whitespace, without it the comment tcp_udp will be changed to udp_udp #}
-{{ log_output | replace('tcp ', 'udp ') if log_output is vyos_defined }}
-{{ output | replace('tcp ', 'udp ') }}
-{% endif %}
-{% endmacro %}
-
-# Start with clean NAT table
-flush table ip nat
-{% if helper_functions is vyos_defined('remove') %}
-{# NAT if going to be disabled - remove rules and targets from nftables #}
-{% set base_command = 'delete rule ip raw' %}
-{{ base_command }} PREROUTING handle {{ pre_ct_ignore }}
-{{ base_command }} OUTPUT handle {{ out_ct_ignore }}
-{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }}
-{{ base_command }} OUTPUT handle {{ out_ct_conntrack }}
-
-delete chain ip raw NAT_CONNTRACK
-
-{% elif helper_functions is vyos_defined('add') %}
-{# NAT if enabled - add targets to nftables #}
-add chain ip raw NAT_CONNTRACK
-add rule ip raw NAT_CONNTRACK counter accept
-{% set base_command = 'add rule ip raw' %}
-{{ base_command }} PREROUTING position {{ pre_ct_ignore }} counter jump VYOS_CT_HELPER
-{{ base_command }} OUTPUT position {{ out_ct_ignore }} counter jump VYOS_CT_HELPER
-{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK
-{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK
-{% endif %}
-
-#
-# Destination NAT rules build up here
-#
-{% if destination.rule is vyos_defined %}
-{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %}
-{{ nat_rule(rule, config, 'PREROUTING') }}
-{% endfor %}
-{% endif %}
-#
-# Source NAT rules build up here
-#
-{% if source.rule is vyos_defined %}
-{% for rule, config in source.rule.items() if config.disable is not vyos_defined %}
-{{ nat_rule(rule, config, 'POSTROUTING') }}
-{% endfor %}
-{% endif %}
diff --git a/data/templates/firewall/nftables-nat66.tmpl b/data/templates/firewall/nftables-nat66.j2
index ed98b888a..003b138b2 100644
--- a/data/templates/firewall/nftables-nat66.tmpl
+++ b/data/templates/firewall/nftables-nat66.j2
@@ -1,22 +1,22 @@
#!/usr/sbin/nft -f
{% macro nptv6_rule(rule,config, chain) %}
-{% set comment = '' %}
-{% set base_log = '' %}
-{% set src_prefix = 'ip6 saddr ' ~ config.source.prefix if config.source.prefix is vyos_defined %}
-{% set dest_address = 'ip6 daddr ' ~ config.destination.address if config.destination.address is vyos_defined %}
-{% if chain is vyos_defined('PREROUTING') %}
+{% set comment = '' %}
+{% set base_log = '' %}
+{% set src_prefix = 'ip6 saddr ' ~ config.source.prefix if config.source.prefix is vyos_defined %}
+{% set dest_address = 'ip6 daddr ' ~ config.destination.address if config.destination.address is vyos_defined %}
+{% if chain is vyos_defined('PREROUTING') %}
{% set comment = 'DST-NAT66-' ~ rule %}
{% set base_log = '[NAT66-DST-' ~ rule %}
{% set interface = ' iifname "' ~ config.inbound_interface ~ '"' if config.inbound_interface is vyos_defined and config.inbound_interface is not vyos_defined('any') else '' %}
{% if config.translation.address | is_ip_network %}
-{# support 1:1 network translation #}
-{% set dnat_type = 'dnat prefix to ' %}
+{# support 1:1 network translation #}
+{% set dnat_type = 'dnat prefix to ' %}
{% else %}
-{% set dnat_type = 'dnat to ' %}
+{% set dnat_type = 'dnat to ' %}
{% endif %}
{% set trns_address = dnat_type ~ config.translation.address if config.translation.address is vyos_defined %}
-{% elif chain is vyos_defined('POSTROUTING') %}
+{% elif chain is vyos_defined('POSTROUTING') %}
{% set comment = 'SRC-NAT66-' ~ rule %}
{% set base_log = '[NAT66-SRC-' ~ rule %}
{% if config.translation.address is vyos_defined %}
@@ -33,34 +33,34 @@
{% endif %}
{% endif %}
{% set interface = ' oifname "' ~ config.outbound_interface ~ '"' if config.outbound_interface is vyos_defined else '' %}
-{% endif %}
-{% if config.log is vyos_defined %}
+{% endif %}
+{% if config.log is vyos_defined %}
{% if config.translation.address is vyos_defined('masquerade') %}
-{% set log = base_log +'-MASQ]' %}
+{% set log = base_log ~ '-MASQ]' %}
{% else %}
-{% set log = base_log ~ ']' %}
+{% set log = base_log ~ ']' %}
{% endif %}
-{% endif %}
-{% set output = 'add rule ip6 nat ' ~ chain ~ interface %}
-{# Count packets #}
-{% set output = output ~ ' counter' %}
-{# Special handling of log option, we must repeat the entire rule before the #}
-{# NAT translation options are added, this is essential #}
-{% if log is vyos_defined %}
+{% endif %}
+{% set output = 'add rule ip6 nat ' ~ chain ~ interface %}
+{# Count packets #}
+{% set output = output ~ ' counter' %}
+{# Special handling of log option, we must repeat the entire rule before the #}
+{# NAT translation options are added, this is essential #}
+{% if log is vyos_defined %}
{% set log_output = output ~ ' log prefix "' ~ log ~ '" comment "' ~ comment ~ '"' %}
-{% endif %}
-{% if src_prefix is vyos_defined %}
+{% endif %}
+{% if src_prefix is vyos_defined %}
{% set output = output ~ ' ' ~ src_prefix %}
-{% endif %}
-{% if dest_address is vyos_defined %}
+{% endif %}
+{% if dest_address is vyos_defined %}
{% set output = output ~ ' ' ~ dest_address %}
-{% endif %}
-{% if trns_address is vyos_defined %}
+{% endif %}
+{% if trns_address is vyos_defined %}
{% set output = output ~ ' ' ~ trns_address %}
-{% endif %}
-{% if comment is vyos_defined %}
+{% endif %}
+{% if comment is vyos_defined %}
{% set output = output ~ ' comment "' ~ comment ~ '"' %}
-{% endif %}
+{% endif %}
{{ log_output if log_output is vyos_defined }}
{{ output }}
{% endmacro %}
@@ -69,9 +69,9 @@
flush table ip6 nat
{% if helper_functions is vyos_defined('remove') %}
{# NAT if going to be disabled - remove rules and targets from nftables #}
-{% set base_command = 'delete rule ip6 raw' %}
-{{base_command}} PREROUTING handle {{ pre_ct_conntrack }}
-{{base_command}} OUTPUT handle {{ out_ct_conntrack }}
+{% set base_command = 'delete rule ip6 raw' %}
+{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }}
+{{ base_command }} OUTPUT handle {{ out_ct_conntrack }}
delete chain ip6 raw NAT_CONNTRACK
@@ -79,7 +79,7 @@ delete chain ip6 raw NAT_CONNTRACK
{# NAT if enabled - add targets to nftables #}
add chain ip6 raw NAT_CONNTRACK
add rule ip6 raw NAT_CONNTRACK counter accept
-{% set base_command = 'add rule ip6 raw' %}
+{% set base_command = 'add rule ip6 raw' %}
{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK
{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK
{% endif %}
@@ -88,15 +88,15 @@ add rule ip6 raw NAT_CONNTRACK counter accept
# Destination NAT66 rules build up here
#
{% if destination.rule is vyos_defined %}
-{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %}
+{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %}
{{ nptv6_rule(rule, config, 'PREROUTING') }}
-{% endfor %}
+{% endfor %}
{% endif %}
#
# Source NAT66 rules build up here
#
{% if source.rule is vyos_defined %}
-{% for rule, config in source.rule.items() if config.disable is not vyos_defined %}
+{% for rule, config in source.rule.items() if config.disable is not vyos_defined %}
{{ nptv6_rule(rule, config, 'POSTROUTING') }}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/firewall/nftables-policy.tmpl b/data/templates/firewall/nftables-policy.j2
index d1b0fa56e..0154c9f7e 100644
--- a/data/templates/firewall/nftables-policy.tmpl
+++ b/data/templates/firewall/nftables-policy.j2
@@ -1,9 +1,9 @@
#!/usr/sbin/nft -f
{% if cleanup_commands is vyos_defined %}
-{% for command in cleanup_commands %}
+{% for command in cleanup_commands %}
{{ command }}
-{% endfor %}
+{% endfor %}
{% endif %}
include "/run/nftables_defines.conf"
@@ -18,17 +18,17 @@ table ip mangle {
}
{% endif %}
{% if route is vyos_defined %}
-{% for route_text, conf in route.items() %}
+{% for route_text, conf in route.items() %}
chain VYOS_PBR_{{ route_text }} {
-{% if conf.rule is vyos_defined %}
-{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
+{% if conf.rule is vyos_defined %}
+{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
{{ rule_conf | nft_rule(route_text, rule_id, 'ip') }}
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
{{ conf | nft_default_rule(route_text) }}
}
-{% endfor %}
-{%- endif %}
+{% endfor %}
+{% endif %}
}
table ip6 mangle {
@@ -41,15 +41,15 @@ table ip6 mangle {
}
{% endif %}
{% if route6 is vyos_defined %}
-{% for route_text, conf in route6.items() %}
+{% for route_text, conf in route6.items() %}
chain VYOS_PBR6_{{ route_text }} {
-{% if conf.rule is vyos_defined %}
-{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
+{% if conf.rule is vyos_defined %}
+{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
{{ rule_conf | nft_rule(route_text, rule_id, 'ip6') }}
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
{{ conf | nft_default_rule(route_text) }}
}
-{% endfor %}
+{% endfor %}
{% endif %}
}
diff --git a/data/templates/firewall/nftables-vrf-zones.tmpl b/data/templates/firewall/nftables-vrf-zones.j2
index eecf47b78..eecf47b78 100644
--- a/data/templates/firewall/nftables-vrf-zones.tmpl
+++ b/data/templates/firewall/nftables-vrf-zones.j2
diff --git a/data/templates/firewall/nftables.tmpl b/data/templates/firewall/nftables.j2
index 3a3f2e04c..fac3fad03 100644
--- a/data/templates/firewall/nftables.tmpl
+++ b/data/templates/firewall/nftables.j2
@@ -1,9 +1,9 @@
#!/usr/sbin/nft -f
{% if cleanup_commands is vyos_defined %}
-{% for command in cleanup_commands %}
+{% for command in cleanup_commands %}
{{ command }}
-{% endfor %}
+{% endfor %}
{% endif %}
include "/run/nftables_defines.conf"
@@ -31,39 +31,39 @@ table ip filter {
}
{% endif %}
{% if name is vyos_defined %}
-{% set ns = namespace(sets=[]) %}
-{% for name_text, conf in name.items() %}
+{% set ns = namespace(sets=[]) %}
+{% for name_text, conf in name.items() %}
chain NAME_{{ name_text }} {
-{% if conf.rule is vyos_defined %}
-{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
+{% if conf.rule is vyos_defined %}
+{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
{{ rule_conf | nft_rule(name_text, rule_id) }}
-{% if rule_conf.recent is vyos_defined %}
-{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %}
+{% if rule_conf.recent is vyos_defined %}
+{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %}
+{% endif %}
+{% endfor %}
{% endif %}
-{% endfor %}
-{% endif %}
{{ conf | nft_default_rule(name_text) }}
}
-{% endfor %}
-{% for set_name in ns.sets %}
+{% endfor %}
+{% for set_name in ns.sets %}
set RECENT_{{ set_name }} {
type ipv4_addr
size 65535
flags dynamic
}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if state_policy is vyos_defined %}
chain VYOS_STATE_POLICY {
-{% if state_policy.established is vyos_defined %}
+{% if state_policy.established is vyos_defined %}
{{ state_policy.established | nft_state_policy('established') }}
-{% endif %}
-{% if state_policy.invalid is vyos_defined %}
+{% endif %}
+{% if state_policy.invalid is vyos_defined %}
{{ state_policy.invalid | nft_state_policy('invalid') }}
-{% endif %}
-{% if state_policy.related is vyos_defined %}
+{% endif %}
+{% if state_policy.related is vyos_defined %}
{{ state_policy.related | nft_state_policy('related') }}
-{% endif %}
+{% endif %}
return
}
{% endif %}
@@ -92,39 +92,39 @@ table ip6 filter {
}
{% endif %}
{% if ipv6_name is vyos_defined %}
-{% set ns = namespace(sets=[]) %}
-{% for name_text, conf in ipv6_name.items() %}
+{% set ns = namespace(sets=[]) %}
+{% for name_text, conf in ipv6_name.items() %}
chain NAME6_{{ name_text }} {
-{% if conf.rule is vyos_defined %}
-{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
+{% if conf.rule is vyos_defined %}
+{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
{{ rule_conf | nft_rule(name_text, rule_id, 'ip6') }}
-{% if rule_conf.recent is vyos_defined %}
-{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %}
+{% if rule_conf.recent is vyos_defined %}
+{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %}
+{% endif %}
+{% endfor %}
{% endif %}
-{% endfor %}
-{% endif %}
{{ conf | nft_default_rule(name_text) }}
}
-{% endfor %}
-{% for set_name in ns.sets %}
+{% endfor %}
+{% for set_name in ns.sets %}
set RECENT6_{{ set_name }} {
type ipv6_addr
size 65535
flags dynamic
}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if state_policy is vyos_defined %}
chain VYOS_STATE_POLICY6 {
-{% if state_policy.established is vyos_defined %}
+{% if state_policy.established is vyos_defined %}
{{ state_policy.established | nft_state_policy('established', ipv6=True) }}
-{% endif %}
-{% if state_policy.invalid is vyos_defined %}
+{% endif %}
+{% if state_policy.invalid is vyos_defined %}
{{ state_policy.invalid | nft_state_policy('invalid', ipv6=True) }}
-{% endif %}
-{% if state_policy.related is vyos_defined %}
+{% endif %}
+{% if state_policy.related is vyos_defined %}
{{ state_policy.related | nft_state_policy('related', ipv6=True) }}
-{% endif %}
+{% endif %}
return
}
{% endif %}
diff --git a/data/templates/firewall/upnpd.conf.tmpl b/data/templates/firewall/upnpd.conf.j2
index 6e73995fa..27573cbf9 100644
--- a/data/templates/firewall/upnpd.conf.tmpl
+++ b/data/templates/firewall/upnpd.conf.j2
@@ -5,9 +5,9 @@ ext_ifname={{ wan_interface }}
{% if wan_ip is vyos_defined %}
# If the WAN interface has several IP addresses, you
# can specify the one to use below
-{% for addr in wan_ip %}
+{% for addr in wan_ip %}
ext_ip={{ addr }}
-{% endfor %}
+{% endfor %}
{% endif %}
# LAN network interfaces IPs / networks
@@ -20,15 +20,15 @@ ext_ip={{ addr }}
# When MULTIPLE_EXTERNAL_IP is enabled, the external IP
# address associated with the subnet follows. For example:
# listening_ip=192.168.0.1/24 88.22.44.13
-{% for addr in listen %}
-{% if addr | is_ipv4 %}
+{% for addr in listen %}
+{% if addr | is_ipv4 %}
listening_ip={{ addr }}
-{% elif addr | is_ipv6 %}
+{% elif addr | is_ipv6 %}
ipv6_listening_ip={{ addr }}
-{% else %}
+{% else %}
listening_ip={{ addr }}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
{% endif %}
# CAUTION: mixing up WAN and LAN interfaces may introduce security risks!
@@ -57,12 +57,12 @@ enable_upnp=yes
# PCP
# Configure the minimum and maximum lifetime of a port mapping in seconds
# 120s and 86400s (24h) are suggested values from PCP-base
-{% if pcp_lifetime.max is vyos_defined %}
+{% if pcp_lifetime.max is vyos_defined %}
max_lifetime={{ pcp_lifetime.max }}
-{% endif %}
-{% if pcp_lifetime.min is vyos_defined %}
+{% endif %}
+{% if pcp_lifetime.min is vyos_defined %}
min_lifetime={{ pcp_lifetime.min }}
-{% endif %}
+{% endif %}
{% endif %}
@@ -142,11 +142,11 @@ lease_file=/config/upnp.leases
# modify the IP ranges to match their own internal networks, and
# also consider implementing network-specific restrictions
# CAUTION: failure to enforce any rules may permit insecure requests to be made!
-{% for rule, config in rules.items() %}
-{% if config.disable is vyos_defined %}
-{{ config.action}} {{ config.external_port_range }} {{ config.ip }} {{ config.internal_port_range }}
-{% endif %}
-{% endfor %}
+{% for rule, config in rules.items() %}
+{% if config.disable is vyos_defined %}
+{{ config.action }} {{ config.external_port_range }} {{ config.ip }} {{ config.internal_port_range }}
+{% endif %}
+{% endfor %}
{% endif %}
{% if stun is vyos_defined %}
diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2
index 9f3097f82..a42b73e98 100644
--- a/data/templates/frr/policy.frr.j2
+++ b/data/templates/frr/policy.frr.j2
@@ -238,11 +238,14 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
{% if rule_config.set.aggregator.as is vyos_defined and rule_config.set.aggregator.ip is vyos_defined %}
set aggregator as {{ rule_config.set.aggregator.as }} {{ rule_config.set.aggregator.ip }}
{% endif %}
-{% if rule_config.set.as_path_exclude is vyos_defined %}
- set as-path exclude {{ rule_config.set.as_path_exclude }}
+{% if rule_config.set.as_path.exclude is vyos_defined %}
+ set as-path exclude {{ rule_config.set.as_path.exclude }}
{% endif %}
-{% if rule_config.set.as_path_prepend is vyos_defined %}
- set as-path prepend {{ rule_config.set.as_path_prepend }}
+{% if rule_config.set.as_path.prepend is vyos_defined %}
+ set as-path prepend {{ rule_config.set.as_path.prepend }}
+{% endif %}
+{% if rule_config.set.as_path.prepend_last_as is vyos_defined %}
+ set as-path prepend last-as {{ rule_config.set.as_path.prepend_last_as }}
{% endif %}
{% if rule_config.set.atomic_aggregate is vyos_defined %}
set atomic-aggregate
@@ -256,6 +259,12 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
{% if rule_config.set.distance is vyos_defined %}
set distance {{ rule_config.set.distance }}
{% endif %}
+{% if rule_config.set.evpn.gateway.ipv4 is vyos_defined %}
+ set evpn gateway-ip ipv4 {{ rule_config.set.evpn.gateway.ipv4 }}
+{% endif %}
+{% if rule_config.set.evpn.gateway.ipv6 is vyos_defined %}
+ set evpn gateway-ip ipv6 {{ rule_config.set.evpn.gateway.ipv6 }}
+{% endif %}
{% if rule_config.set.extcommunity.bandwidth is vyos_defined %}
set extcommunity bandwidth {{ rule_config.set.extcommunity.bandwidth }}
{% endif %}
diff --git a/data/templates/frr/staticd.frr.j2 b/data/templates/frr/staticd.frr.j2
index 08b2a3dab..589f03c2c 100644
--- a/data/templates/frr/staticd.frr.j2
+++ b/data/templates/frr/staticd.frr.j2
@@ -20,10 +20,16 @@ vrf {{ vrf }}
{% for interface, interface_config in dhcp.items() %}
{% set next_hop = interface | get_dhcp_router %}
{% if next_hop is vyos_defined %}
-{{ ip_prefix }} route 0.0.0.0/0 {{ next_hop }} {{ interface }} tag 210 {{ interface_config.distance }}
+{{ ip_prefix }} route 0.0.0.0/0 {{ next_hop }} {{ interface }} tag 210 {{ interface_config.dhcp_options.default_route_distance if interface_config.dhcp_options.default_route_distance is vyos_defined }}
{% endif %}
{% endfor %}
{% endif %}
+{# IPv4 default routes from PPPoE interfaces #}
+{% if pppoe is vyos_defined %}
+{% for interface, interface_config in pppoe.items() %}
+{{ ip_prefix }} route 0.0.0.0/0 {{ interface }} tag 210 {{ interface_config.default_route_distance if interface_config.default_route_distance is vyos_defined }}
+{% endfor %}
+{% endif %}
{# IPv6 routing #}
{% if route6 is vyos_defined %}
{% for prefix, prefix_config in route6.items() %}
diff --git a/data/templates/getty/serial-getty.service.tmpl b/data/templates/getty/serial-getty.service.j2
index 0183eae7d..0183eae7d 100644
--- a/data/templates/getty/serial-getty.service.tmpl
+++ b/data/templates/getty/serial-getty.service.j2
diff --git a/data/templates/high-availability/keepalived.conf.j2 b/data/templates/high-availability/keepalived.conf.j2
new file mode 100644
index 000000000..6684dbc2c
--- /dev/null
+++ b/data/templates/high-availability/keepalived.conf.j2
@@ -0,0 +1,169 @@
+# Autogenerated by VyOS
+# Do not edit this file, all your changes will be lost
+# on next commit or reboot
+
+global_defs {
+ dynamic_interfaces
+ script_user root
+ notify_fifo /run/keepalived/keepalived_notify_fifo
+ notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
+}
+
+{% if vrrp.group is vyos_defined %}
+{% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %}
+{% if group_config.health_check.script is vyos_defined %}
+vrrp_script healthcheck_{{ name }} {
+ script "{{ group_config.health_check.script }}"
+ interval {{ group_config.health_check.interval }}
+ fall {{ group_config.health_check.failure_count }}
+ rise 1
+}
+{% endif %}
+vrrp_instance {{ name }} {
+{% if group_config.description is vyos_defined %}
+ # {{ group_config.description }}
+{% endif %}
+ state BACKUP
+ interface {{ group_config.interface }}
+ virtual_router_id {{ group_config.vrid }}
+ priority {{ group_config.priority }}
+ advert_int {{ group_config.advertise_interval }}
+{% if group_config.track.exclude_vrrp_interface is vyos_defined %}
+ dont_track_primary
+{% endif %}
+{% if group_config.no_preempt is not vyos_defined and group_config.preempt_delay is vyos_defined %}
+ preempt_delay {{ group_config.preempt_delay }}
+{% elif group_config.no_preempt is vyos_defined %}
+ nopreempt
+{% endif %}
+{% if group_config.peer_address is vyos_defined %}
+ unicast_peer { {{ group_config.peer_address }} }
+{% endif %}
+{% if group_config.hello_source_address is vyos_defined %}
+{% if group_config.peer_address is vyos_defined %}
+ unicast_src_ip {{ group_config.hello_source_address }}
+{% else %}
+ mcast_src_ip {{ group_config.hello_source_address }}
+{% endif %}
+{% endif %}
+{% if group_config.rfc3768_compatibility is vyos_defined and group_config.peer_address is vyos_defined %}
+ use_vmac {{ group_config.interface }}v{{ group_config.vrid }}
+ vmac_xmit_base
+{% elif group_config.rfc3768_compatibility is vyos_defined %}
+ use_vmac {{ group_config.interface }}v{{ group_config.vrid }}
+{% endif %}
+{% if group_config.authentication is vyos_defined %}
+ authentication {
+ auth_pass "{{ group_config.authentication.password }}"
+{% if group_config.authentication.type is vyos_defined('plaintext-password') %}
+ auth_type PASS
+{% else %}
+ auth_type {{ group_config.authentication.type | upper }}
+{% endif %}
+ }
+{% endif %}
+{% if group_config.address is vyos_defined %}
+ virtual_ipaddress {
+{% for addr, addr_config in group_config.address.items() %}
+ {{ addr }}{{ ' dev ' + addr_config.interface if addr_config.interface is vyos_defined }}
+{% endfor %}
+ }
+{% endif %}
+{% if group_config.excluded_address is vyos_defined %}
+ virtual_ipaddress_excluded {
+{% for addr in group_config.excluded_address %}
+ {{ addr }}
+{% endfor %}
+ }
+{% endif %}
+{% if group_config.track.interface is vyos_defined %}
+ track_interface {
+{% for interface in group_config.track.interface %}
+ {{ interface }}
+{% endfor %}
+ }
+{% endif %}
+{% if group_config.health_check.script is vyos_defined %}
+ track_script {
+ healthcheck_{{ name }}
+ }
+{% endif %}
+}
+{% endfor %}
+{% endif %}
+
+{% if vrrp.sync_group is vyos_defined %}
+{% for name, sync_group_config in vrrp.sync_group.items() if sync_group_config.disable is not vyos_defined %}
+vrrp_sync_group {{ name }} {
+ group {
+{% if sync_group_config.member is vyos_defined %}
+{% for member in sync_group_config.member %}
+ {{ member }}
+{% endfor %}
+{% endif %}
+ }
+
+{# Health-check scripts should be in section sync-group if member is part of the sync-group T4081 #}
+{% if vrrp.group is vyos_defined %}
+{% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %}
+{% if group_config.health_check.script is vyos_defined and name in sync_group_config.member %}
+ track_script {
+ healthcheck_{{ name }}
+ }
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if conntrack_sync_group is vyos_defined(name) %}
+{% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %}
+ notify_master "{{ vyos_helper }} master {{ name }}"
+ notify_backup "{{ vyos_helper }} backup {{ name }}"
+ notify_fault "{{ vyos_helper }} fault {{ name }}"
+{% endif %}
+}
+{% endfor %}
+{% endif %}
+
+{% if virtual_server is vyos_defined %}
+# Virtual-server configuration
+{% for vserver, vserver_config in virtual_server.items() %}
+virtual_server {{ vserver }} {{ vserver_config.port }} {
+ delay_loop {{ vserver_config.delay_loop }}
+{% if vserver_config.algorithm is vyos_defined('round-robin') %}
+ lb_algo rr
+{% elif vserver_config.algorithm is vyos_defined('weighted-round-robin') %}
+ lb_algo wrr
+{% elif vserver_config.algorithm is vyos_defined('least-connection') %}
+ lb_algo lc
+{% elif vserver_config.algorithm is vyos_defined('weighted-least-connection') %}
+ lb_algo wlc
+{% elif vserver_config.algorithm is vyos_defined('source-hashing') %}
+ lb_algo sh
+{% elif vserver_config.algorithm is vyos_defined('destination-hashing') %}
+ lb_algo dh
+{% elif vserver_config.algorithm is vyos_defined('locality-based-least-connection') %}
+ lb_algo lblc
+{% endif %}
+{% if vserver_config.forward_method is vyos_defined('nat') %}
+ lb_kind NAT
+{% elif vserver_config.forward_method is vyos_defined('direct') %}
+ lb_kind DR
+{% elif vserver_config.forward_method is vyos_defined('tunnel') %}
+ lb_kind TUN
+{% endif %}
+ persistence_timeout {{ vserver_config.persistence_timeout }}
+ protocol {{ vserver_config.protocol | upper }}
+{% if vserver_config.real_server is vyos_defined %}
+{% for rserver, rserver_config in vserver_config.real_server.items() %}
+ real_server {{ rserver }} {{ rserver_config.port }} {
+ weight 1
+ {{ vserver_config.protocol | upper }}_CHECK {
+{% if rserver_config.connection_timeout is vyos_defined %}
+ connect_timeout {{ rserver_config.connection_timeout }}
+{% endif %}
+ }
+ }
+{% endfor %}
+{% endif %}
+}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/high-availability/keepalived.conf.tmpl b/data/templates/high-availability/keepalived.conf.tmpl
deleted file mode 100644
index 202760251..000000000
--- a/data/templates/high-availability/keepalived.conf.tmpl
+++ /dev/null
@@ -1,169 +0,0 @@
-# Autogenerated by VyOS
-# Do not edit this file, all your changes will be lost
-# on next commit or reboot
-
-global_defs {
- dynamic_interfaces
- script_user root
- notify_fifo /run/keepalived/keepalived_notify_fifo
- notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
-}
-
-{% if vrrp.group is vyos_defined %}
-{% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %}
-{% if group_config.health_check.script is vyos_defined %}
-vrrp_script healthcheck_{{ name }} {
- script "{{ group_config.health_check.script }}"
- interval {{ group_config.health_check.interval }}
- fall {{ group_config.health_check.failure_count }}
- rise 1
-}
-{% endif %}
-vrrp_instance {{ name }} {
-{% if group_config.description is vyos_defined %}
- # {{ group_config.description }}
-{% endif %}
- state BACKUP
- interface {{ group_config.interface }}
- virtual_router_id {{ group_config.vrid }}
- priority {{ group_config.priority }}
- advert_int {{ group_config.advertise_interval }}
-{% if group_config.track.exclude_vrrp_interface is vyos_defined %}
- dont_track_primary
-{% endif %}
-{% if group_config.no_preempt is not vyos_defined and group_config.preempt_delay is vyos_defined %}
- preempt_delay {{ group_config.preempt_delay }}
-{% elif group_config.no_preempt is vyos_defined %}
- nopreempt
-{% endif %}
-{% if group_config.peer_address is vyos_defined %}
- unicast_peer { {{ group_config.peer_address }} }
-{% endif %}
-{% if group_config.hello_source_address is vyos_defined %}
-{% if group_config.peer_address is vyos_defined %}
- unicast_src_ip {{ group_config.hello_source_address }}
-{% else %}
- mcast_src_ip {{ group_config.hello_source_address }}
-{% endif %}
-{% endif %}
-{% if group_config.rfc3768_compatibility is vyos_defined and group_config.peer_address is vyos_defined %}
- use_vmac {{ group_config.interface }}v{{ group_config.vrid }}
- vmac_xmit_base
-{% elif group_config.rfc3768_compatibility is vyos_defined %}
- use_vmac {{ group_config.interface }}v{{ group_config.vrid }}
-{% endif %}
-{% if group_config.authentication is vyos_defined %}
- authentication {
- auth_pass "{{ group_config.authentication.password }}"
-{% if group_config.authentication.type is vyos_defined('plaintext-password') %}
- auth_type PASS
-{% else %}
- auth_type {{ group_config.authentication.type | upper }}
-{% endif %}
- }
-{% endif %}
-{% if group_config.address is vyos_defined %}
- virtual_ipaddress {
-{% for addr, addr_config in group_config.address.items() %}
- {{ addr }}{{ ' dev ' + addr_config.interface if addr_config.interface is vyos_defined }}
-{% endfor %}
- }
-{% endif %}
-{% if group_config.excluded_address is vyos_defined %}
- virtual_ipaddress_excluded {
-{% for addr in group_config.excluded_address %}
- {{ addr }}
-{% endfor %}
- }
-{% endif %}
-{% if group_config.track.interface is vyos_defined %}
- track_interface {
-{% for interface in group_config.track.interface %}
- {{ interface }}
-{% endfor %}
- }
-{% endif %}
-{% if group_config.health_check.script is vyos_defined %}
- track_script {
- healthcheck_{{ name }}
- }
-{% endif %}
-}
-{% endfor %}
-{% endif %}
-
-{% if vrrp.sync_group is vyos_defined %}
-{% for name, sync_group_config in vrrp.sync_group.items() if sync_group_config.disable is not vyos_defined %}
-vrrp_sync_group {{ name }} {
- group {
-{% if sync_group_config.member is vyos_defined %}
-{% for member in sync_group_config.member %}
- {{ member }}
-{% endfor %}
-{% endif %}
- }
-
-{# Health-check scripts should be in section sync-group if member is part of the sync-group T4081 #}
-{% if vrrp.group is vyos_defined %}
-{% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %}
-{% if group_config.health_check.script is vyos_defined and name in sync_group_config.member %}
- track_script {
- healthcheck_{{ name }}
- }
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if conntrack_sync_group is vyos_defined(name) %}
-{% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %}
- notify_master "{{ vyos_helper }} master {{ name }}"
- notify_backup "{{ vyos_helper }} backup {{ name }}"
- notify_fault "{{ vyos_helper }} fault {{ name }}"
-{% endif %}
-}
-{% endfor %}
-{% endif %}
-
-{% if virtual_server is vyos_defined %}
-# Virtual-server configuration
-{% for vserver, vserver_config in virtual_server.items() %}
-virtual_server {{ vserver }} {{ vserver_config.port }} {
- delay_loop {{ vserver_config.delay_loop }}
-{% if vserver_config.algorithm is vyos_defined('round-robin') %}
- lb_algo rr
-{% elif vserver_config.algorithm is vyos_defined('weighted-round-robin') %}
- lb_algo wrr
-{% elif vserver_config.algorithm is vyos_defined('least-connection') %}
- lb_algo lc
-{% elif vserver_config.algorithm is vyos_defined('weighted-least-connection') %}
- lb_algo wlc
-{% elif vserver_config.algorithm is vyos_defined('source-hashing') %}
- lb_algo sh
-{% elif vserver_config.algorithm is vyos_defined('destination-hashing') %}
- lb_algo dh
-{% elif vserver_config.algorithm is vyos_defined('locality-based-least-connection') %}
- lb_algo lblc
-{% endif %}
-{% if vserver_config.forward_method is vyos_defined('nat') %}
- lb_kind NAT
-{% elif vserver_config.forward_method is vyos_defined('direct') %}
- lb_kind DR
-{% elif vserver_config.forward_method is vyos_defined('tunnel') %}
- lb_kind TUN
-{% endif %}
- persistence_timeout {{ vserver_config.persistence_timeout }}
- protocol {{ vserver_config.protocol | upper }}
-{% if vserver_config.real_server is vyos_defined %}
-{% for rserver, rserver_config in vserver_config.real_server.items() %}
- real_server {{ rserver }} {{ rserver_config.port }} {
- weight 1
- {{ vserver_config.protocol | upper }}_CHECK {
-{% if rserver_config.connection_timeout is vyos_defined %}
- connect_timeout {{ rserver_config.connection_timeout }}
-{% endif %}
- }
- }
-{% endfor %}
-{% endif %}
-}
-{% endfor %}
-{% endif %}
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.j2
index a51505270..70e62ae7a 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.j2
@@ -1,59 +1,56 @@
### Autogenerated by https.py ###
# Default server configuration
-#
{% for server in server_block_list %}
server {
-
# SSL configuration
#
-{% if server.address == '*' %}
+{% if server.address == '*' %}
listen {{ server.port }} ssl;
listen [::]:{{ server.port }} ssl;
-{% else %}
+{% else %}
listen {{ server.address | bracketize_ipv6 }}:{{ server.port }} ssl;
-{% endif %}
+{% endif %}
-{% for name in server.name %}
+{% for name in server.name %}
server_name {{ name }};
-{% endfor %}
+{% endfor %}
-{% if server.certbot %}
+{% if server.certbot %}
ssl_certificate {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/fullchain.pem;
ssl_certificate_key {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/privkey.pem;
include {{ server.certbot_dir }}/options-ssl-nginx.conf;
ssl_dhparam {{ server.certbot_dir }}/ssl-dhparams.pem;
-{% elif server.vyos_cert %}
+{% elif server.vyos_cert %}
ssl_certificate {{ server.vyos_cert.crt }};
ssl_certificate_key {{ server.vyos_cert.key }};
-{% else %}
+{% else %}
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
include snippets/snakeoil.conf;
-{% endif %}
+{% endif %}
ssl_protocols TLSv1.2 TLSv1.3;
# proxy settings for HTTP API, if enabled; 503, if not
location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) {
-{% if server.api %}
-{% if server.api.socket %}
+{% if server.api %}
+{% if server.api.socket %}
proxy_pass http://unix:/run/api.sock;
-{% else %}
+{% else %}
proxy_pass http://localhost:{{ server.api.port }};
-{% endif %}
+{% endif %}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600;
proxy_buffering off;
-{% else %}
+{% else %}
return 503;
-{% endif %}
+{% endif %}
}
error_page 497 =301 https://$host:{{ server.port }}$request_uri;
-
}
{% endfor %}
diff --git a/data/templates/https/override.conf.tmpl b/data/templates/https/override.conf.j2
index c2c191b06..c2c191b06 100644
--- a/data/templates/https/override.conf.tmpl
+++ b/data/templates/https/override.conf.j2
diff --git a/data/templates/https/vyos-http-api.service.tmpl b/data/templates/https/vyos-http-api.service.j2
index fb424e06c..fb424e06c 100644
--- a/data/templates/https/vyos-http-api.service.tmpl
+++ b/data/templates/https/vyos-http-api.service.j2
diff --git a/data/templates/ids/fastnetmon.tmpl b/data/templates/ids/fastnetmon.j2
index b6bef9a68..c482002fa 100644
--- a/data/templates/ids/fastnetmon.tmpl
+++ b/data/templates/ids/fastnetmon.j2
@@ -29,22 +29,22 @@ enable_subnet_counters = off
mirror_afpacket = on
{% endif %}
-process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off '}}
-process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off '}}
+process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off' }}
+process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }}
{% if threshold is vyos_defined %}
-{% for thr, thr_value in threshold.items() %}
-{% if thr is vyos_defined('fps') %}
+{% for thr, thr_value in threshold.items() %}
+{% if thr is vyos_defined('fps') %}
ban_for_flows = on
threshold_flows = {{ thr_value }}
-{% elif thr is vyos_defined('mbps') %}
+{% elif thr is vyos_defined('mbps') %}
ban_for_bandwidth = on
threshold_mbps = {{ thr_value }}
-{% elif thr is vyos_defined('pps') %}
+{% elif thr is vyos_defined('pps') %}
ban_for_pps = on
threshold_pps = {{ thr_value }}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
{% endif %}
{% if listen_interface is vyos_defined %}
diff --git a/data/templates/ids/fastnetmon_networks_list.tmpl b/data/templates/ids/fastnetmon_networks_list.j2
index ab9add22c..1c81180be 100644
--- a/data/templates/ids/fastnetmon_networks_list.tmpl
+++ b/data/templates/ids/fastnetmon_networks_list.j2
@@ -1,7 +1,7 @@
{% if network is vyos_defined(var_type=str) %}
{{ network }}
{% else %}
-{% for net in network %}
+{% for net in network %}
{{ net }}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/igmp-proxy/igmpproxy.conf.tmpl b/data/templates/igmp-proxy/igmpproxy.conf.j2
index f32d68e43..ab3c9fd31 100644
--- a/data/templates/igmp-proxy/igmpproxy.conf.tmpl
+++ b/data/templates/igmp-proxy/igmpproxy.conf.j2
@@ -18,23 +18,23 @@
quickleave
{% endif %}
{% if interface is vyos_defined %}
-{% for iface, config in interface.items() %}
+{% for iface, config in interface.items() %}
# Configuration for {{ iface }} ({{ config.role }} interface)
-{% if config.role is vyos_defined('disabled') %}
+{% if config.role is vyos_defined('disabled') %}
phyint {{ iface }} disabled
-{% else %}
+{% else %}
phyint {{ iface }} {{ config.role }} ratelimit 0 threshold {{ config.threshold }}
-{% endif %}
-{% if config.alt_subnet is vyos_defined %}
-{% for subnet in config.alt_subnet %}
+{% endif %}
+{% if config.alt_subnet is vyos_defined %}
+{% for subnet in config.alt_subnet %}
altnet {{ subnet }}
-{% endfor %}
-{% endif %}
-{% if config.whitelist is vyos_defined %}
-{% for subnet in config.whitelist %}
+{% endfor %}
+{% endif %}
+{% if config.whitelist is vyos_defined %}
+{% for subnet in config.whitelist %}
whitelist {{ subnet }}
-{% endfor %}
-{% endif %}
-{% endfor %}
+{% endfor %}
+{% endif %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/ipsec/charon.tmpl b/data/templates/ipsec/charon.j2
index 2eac24eaa..388559af8 100644
--- a/data/templates/ipsec/charon.tmpl
+++ b/data/templates/ipsec/charon.j2
@@ -1,6 +1,5 @@
# Options for the charon IKE daemon.
charon {
-
# Accept unencrypted ID and HASH payloads in IKEv1 Main Mode.
# accept_unencrypted_mainmode_messages = no
@@ -23,13 +22,13 @@ charon {
# Cisco FlexVPN
{% if options is vyos_defined %}
cisco_flexvpn = {{ 'yes' if options.flexvpn is vyos_defined else 'no' }}
-{% if options.virtual_ip is vyos_defined %}
+{% if options.virtual_ip is vyos_defined %}
install_virtual_ip = yes
-{% endif %}
-{% if options.interface is vyos_defined %}
+{% endif %}
+{% if options.interface is vyos_defined %}
install_virtual_ip_on = {{ options.interface }}
-{% endif %}
-{% endif %}
+{% endif %}
+{% endif %}
# Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
# close_ike_on_child_failure = no
diff --git a/data/templates/ipsec/charon/dhcp.conf.tmpl b/data/templates/ipsec/charon/dhcp.conf.j2
index aaa5613fb..aaa5613fb 100644
--- a/data/templates/ipsec/charon/dhcp.conf.tmpl
+++ b/data/templates/ipsec/charon/dhcp.conf.j2
diff --git a/data/templates/ipsec/charon/eap-radius.conf.tmpl b/data/templates/ipsec/charon/eap-radius.conf.j2
index b58022521..8495011fe 100644
--- a/data/templates/ipsec/charon/eap-radius.conf.tmpl
+++ b/data/templates/ipsec/charon/eap-radius.conf.j2
@@ -94,19 +94,19 @@ eap-radius {
# Section to specify multiple RADIUS servers.
servers {
-{% if remote_access.radius.server is vyos_defined %}
-{% for server, server_options in remote_access.radius.server.items() if server_options.disable is not vyos_defined %}
+{% if remote_access.radius.server is vyos_defined %}
+{% for server, server_options in remote_access.radius.server.items() if server_options.disable is not vyos_defined %}
{{ server | replace('.', '-') }} {
address = {{ server }}
secret = {{ server_options.key }}
auth_port = {{ server_options.port }}
-{% if server_options.disable_accounting is not vyos_defined %}
- acct_port = {{ server_options.port | int +1 }}
-{% endif %}
+{% if server_options.disable_accounting is not vyos_defined %}
+ acct_port = {{ server_options.port | int + 1 }}
+{% endif %}
sockets = 20
}
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
}
# Section to configure multiple XAuth authentication rounds via RADIUS.
diff --git a/data/templates/ipsec/interfaces_use.conf.tmpl b/data/templates/ipsec/interfaces_use.conf.j2
index 55c3ce4f3..c1bf8270d 100644
--- a/data/templates/ipsec/interfaces_use.conf.tmpl
+++ b/data/templates/ipsec/interfaces_use.conf.j2
@@ -1,5 +1,5 @@
-{% if interface is vyos_defined %}
+{% if interface is vyos_defined %}
charon {
interfaces_use = {{ ', '.join(interface) }}
}
-{% endif %} \ No newline at end of file
+{% endif %} \ No newline at end of file
diff --git a/data/templates/ipsec/ios_profile.tmpl b/data/templates/ipsec/ios_profile.j2
index c8e17729a..c8e17729a 100644
--- a/data/templates/ipsec/ios_profile.tmpl
+++ b/data/templates/ipsec/ios_profile.j2
diff --git a/data/templates/ipsec/ipsec.conf.j2 b/data/templates/ipsec/ipsec.conf.j2
new file mode 100644
index 000000000..f63995b38
--- /dev/null
+++ b/data/templates/ipsec/ipsec.conf.j2
@@ -0,0 +1,19 @@
+# Created by VyOS - manual changes will be overwritten
+
+config setup
+{% set charondebug = '' %}
+{% if log.subsystem is vyos_defined %}
+{% set subsystem = log.subsystem %}
+{% if 'any' in log.subsystem %}
+{% set subsystem = ['dmn', 'mgr', 'ike', 'chd','job', 'cfg', 'knl',
+ 'net', 'asn', 'enc', 'lib', 'esp', 'tls', 'tnc',
+ 'imc', 'imv', 'pts'] %}
+{% endif %}
+{% set charondebug = subsystem | join (' ' ~ log.level ~ ', ') ~ ' ' ~ log.level %}
+{% endif %}
+ charondebug = "{{ charondebug }}"
+ uniqueids = {{ "no" if disable_uniqreqids is vyos_defined else "yes" }}
+
+{% if include_ipsec_conf is vyos_defined %}
+include {{ include_ipsec_conf }}
+{% endif %}
diff --git a/data/templates/ipsec/ipsec.conf.tmpl b/data/templates/ipsec/ipsec.conf.tmpl
deleted file mode 100644
index 0f7131dff..000000000
--- a/data/templates/ipsec/ipsec.conf.tmpl
+++ /dev/null
@@ -1,18 +0,0 @@
-# Created by VyOS - manual changes will be overwritten
-
-config setup
-{% set charondebug = '' %}
-{% if log.subsystem is vyos_defined %}
-{% set subsystem = log.subsystem %}
-{% if 'any' in log.subsystem %}
-{% set subsystem = ['dmn', 'mgr', 'ike', 'chd','job', 'cfg', 'knl', 'net', 'asn',
- 'enc', 'lib', 'esp', 'tls', 'tnc', 'imc', 'imv', 'pts'] %}
-{% endif %}
-{% set charondebug = subsystem | join (' ' ~ log.level ~ ', ') ~ ' ' ~ log.level %}
-{% endif %}
- charondebug = "{{ charondebug }}"
- uniqueids = {{ "no" if disable_uniqreqids is vyos_defined else "yes" }}
-
-{% if include_ipsec_conf is vyos_defined %}
-include {{ include_ipsec_conf }}
-{% endif %}
diff --git a/data/templates/ipsec/ipsec.secrets.tmpl b/data/templates/ipsec/ipsec.secrets.j2
index 865c1ab17..a87ac9bc7 100644
--- a/data/templates/ipsec/ipsec.secrets.tmpl
+++ b/data/templates/ipsec/ipsec.secrets.j2
@@ -1,5 +1,5 @@
# Created by VyOS - manual changes will be overwritten
-{% if include_ipsec_secrets is vyos_defined %}
+{% if include_ipsec_secrets is vyos_defined %}
include {{ include_ipsec_secrets }}
-{% endif %}
+{% endif %}
diff --git a/data/templates/ipsec/swanctl.conf.j2 b/data/templates/ipsec/swanctl.conf.j2
new file mode 100644
index 000000000..bf6b8259c
--- /dev/null
+++ b/data/templates/ipsec/swanctl.conf.j2
@@ -0,0 +1,131 @@
+### Autogenerated by vpn_ipsec.py ###
+{% import 'ipsec/swanctl/l2tp.j2' as l2tp_tmpl %}
+{% import 'ipsec/swanctl/profile.j2' as profile_tmpl %}
+{% import 'ipsec/swanctl/peer.j2' as peer_tmpl %}
+{% import 'ipsec/swanctl/remote_access.j2' as remote_access_tmpl %}
+
+connections {
+{% if profile is vyos_defined %}
+{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %}
+{{ profile_tmpl.conn(name, profile_conf, ike_group, esp_group) }}
+{% endfor %}
+{% endif %}
+{% if site_to_site.peer is vyos_defined %}
+{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %}
+{{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }}
+{% endfor %}
+{% endif %}
+{% if remote_access.connection is vyos_defined %}
+{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not vyos_defined %}
+{{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }}
+{% endfor %}
+{% endif %}
+{% if l2tp %}
+{{ l2tp_tmpl.conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) }}
+{% endif %}
+}
+
+pools {
+{% if remote_access.pool is vyos_defined %}
+{% for pool, pool_config in remote_access.pool.items() %}
+ {{ pool }} {
+{% if pool_config.prefix is vyos_defined %}
+ addrs = {{ pool_config.prefix }}
+{% endif %}
+{% if pool_config.name_server is vyos_defined %}
+ dns = {{ pool_config.name_server | join(',') }}
+{% endif %}
+{% if pool_config.exclude is vyos_defined %}
+ split_exclude = {{ pool_config.exclude | join(',') }}
+{% endif %}
+ }
+{% endfor %}
+{% endif %}
+}
+
+secrets {
+{% if profile is vyos_defined %}
+{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %}
+{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
+{% for interface in profile_conf.bind.tunnel %}
+ ike-dmvpn-{{ interface }} {
+ secret = {{ profile_conf.authentication.pre_shared_secret }}
+ }
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if site_to_site.peer is vyos_defined %}
+{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %}
+{% set peer_name = peer.replace("@", "") | dot_colon_to_dash %}
+{% if peer_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
+ ike_{{ peer_name }} {
+{% if peer_conf.local_address is vyos_defined %}
+ id-local = {{ peer_conf.local_address }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }}
+{% endif %}
+ id-remote = {{ peer }}
+{% if peer_conf.authentication.id is vyos_defined %}
+ id-localid = {{ peer_conf.authentication.id }}
+{% endif %}
+{% if peer_conf.authentication.remote_id is vyos_defined %}
+ id-remoteid = {{ peer_conf.authentication.remote_id }}
+{% endif %}
+ secret = "{{ peer_conf.authentication.pre_shared_secret }}"
+ }
+{% elif peer_conf.authentication.mode is vyos_defined('x509') %}
+ private_{{ peer_name }} {
+ file = {{ peer_conf.authentication.x509.certificate }}.pem
+{% if peer_conf.authentication.x509.passphrase is vyos_defined %}
+ secret = "{{ peer_conf.authentication.x509.passphrase }}"
+{% endif %}
+ }
+{% elif peer_conf.authentication.mode is vyos_defined('rsa') %}
+ rsa_{{ peer_name }}_local {
+ file = {{ peer_conf.authentication.rsa.local_key }}.pem
+{% if peer_conf.authentication.rsa.passphrase is vyos_defined %}
+ secret = "{{ peer_conf.authentication.rsa.passphrase }}"
+{% endif %}
+ }
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if remote_access.connection is vyos_defined %}
+{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not vyos_defined %}
+{% if ra_conf.authentication.server_mode is vyos_defined('pre-shared-secret') %}
+ ike_{{ ra }} {
+{% if ra_conf.authentication.id is vyos_defined %}
+ id = "{{ ra_conf.authentication.id }}"
+{% elif ra_conf.local_address is vyos_defined %}
+ id = "{{ ra_conf.local_address }}"
+{% endif %}
+ secret = "{{ ra_conf.authentication.pre_shared_secret }}"
+ }
+{% endif %}
+{% if ra_conf.authentication.client_mode is vyos_defined('eap-mschapv2') and ra_conf.authentication.local_users.username is vyos_defined %}
+{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not vyos_defined %}
+ eap-{{ ra }}-{{ user }} {
+ secret = "{{ user_conf.password }}"
+ id-{{ ra }}-{{ user }} = "{{ user }}"
+ }
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if l2tp %}
+{% if l2tp.authentication.mode is vyos_defined('pre-shared-secret') %}
+ ike_l2tp_remote_access {
+ id = "{{ l2tp_outside_address }}"
+ secret = "{{ l2tp.authentication.pre_shared_secret }}"
+ }
+{% elif l2tp.authentication.mode is vyos_defined('x509') %}
+ private_l2tp_remote_access {
+ id = "{{ l2tp_outside_address }}"
+ file = {{ l2tp.authentication.x509.certificate }}.pem
+{% if l2tp.authentication.x509.passphrase is vyos_defined %}
+ secret = "{{ l2tp.authentication.x509.passphrase }}"
+{% endif %}
+ }
+{% endif %}
+{% endif %}
+}
+
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
deleted file mode 100644
index 6ba93dd1f..000000000
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ /dev/null
@@ -1,131 +0,0 @@
-### Autogenerated by vpn_ipsec.py ###
-{% import 'ipsec/swanctl/l2tp.tmpl' as l2tp_tmpl %}
-{% import 'ipsec/swanctl/profile.tmpl' as profile_tmpl %}
-{% import 'ipsec/swanctl/peer.tmpl' as peer_tmpl %}
-{% import 'ipsec/swanctl/remote_access.tmpl' as remote_access_tmpl %}
-
-connections {
-{% if profile is vyos_defined %}
-{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %}
-{{ profile_tmpl.conn(name, profile_conf, ike_group, esp_group) }}
-{% endfor %}
-{% endif %}
-{% if site_to_site.peer is vyos_defined %}
-{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %}
-{{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }}
-{% endfor %}
-{% endif %}
-{% if remote_access.connection is vyos_defined %}
-{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not vyos_defined %}
-{{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }}
-{% endfor %}
-{% endif %}
-{% if l2tp %}
-{{ l2tp_tmpl.conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) }}
-{% endif %}
-}
-
-pools {
-{% if remote_access.pool is vyos_defined %}
-{% for pool, pool_config in remote_access.pool.items() %}
- {{ pool }} {
-{% if pool_config.prefix is vyos_defined %}
- addrs = {{ pool_config.prefix }}
-{% endif %}
-{% if pool_config.name_server is vyos_defined %}
- dns = {{ pool_config.name_server | join(',') }}
-{% endif %}
-{% if pool_config.exclude is vyos_defined %}
- split_exclude = {{ pool_config.exclude | join(',') }}
-{% endif %}
- }
-{% endfor %}
-{% endif %}
-}
-
-secrets {
-{% if profile is vyos_defined %}
-{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %}
-{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
-{% for interface in profile_conf.bind.tunnel %}
- ike-dmvpn-{{ interface }} {
- secret = {{ profile_conf.authentication.pre_shared_secret }}
- }
-{% endfor %}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if site_to_site.peer is vyos_defined %}
-{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %}
-{% set peer_name = peer.replace("@", "") | dot_colon_to_dash %}
-{% if peer_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
- ike_{{ peer_name }} {
-{% if peer_conf.local_address is vyos_defined %}
- id-local = {{ peer_conf.local_address }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }}
-{% endif %}
- id-remote = {{ peer }}
-{% if peer_conf.authentication.id is vyos_defined %}
- id-localid = {{ peer_conf.authentication.id }}
-{% endif %}
-{% if peer_conf.authentication.remote_id is vyos_defined %}
- id-remoteid = {{ peer_conf.authentication.remote_id }}
-{% endif %}
- secret = "{{ peer_conf.authentication.pre_shared_secret }}"
- }
-{% elif peer_conf.authentication.mode is vyos_defined('x509') %}
- private_{{ peer_name }} {
- file = {{ peer_conf.authentication.x509.certificate }}.pem
-{% if peer_conf.authentication.x509.passphrase is vyos_defined %}
- secret = "{{ peer_conf.authentication.x509.passphrase }}"
-{% endif %}
- }
-{% elif peer_conf.authentication.mode is vyos_defined('rsa') %}
- rsa_{{ peer_name }}_local {
- file = {{ peer_conf.authentication.rsa.local_key }}.pem
-{% if peer_conf.authentication.rsa.passphrase is vyos_defined %}
- secret = "{{ peer_conf.authentication.rsa.passphrase }}"
-{% endif %}
- }
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if remote_access.connection is vyos_defined %}
-{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not vyos_defined %}
-{% if ra_conf.authentication.server_mode is vyos_defined('pre-shared-secret') %}
- ike_{{ ra }} {
-{% if ra_conf.authentication.id is vyos_defined %}
- id = "{{ ra_conf.authentication.id }}"
-{% elif ra_conf.local_address is vyos_defined %}
- id = "{{ ra_conf.local_address }}"
-{% endif %}
- secret = "{{ ra_conf.authentication.pre_shared_secret }}"
- }
-{% endif %}
-{% if ra_conf.authentication.client_mode is vyos_defined('eap-mschapv2') and ra_conf.authentication.local_users.username is vyos_defined %}
-{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not vyos_defined %}
- eap-{{ ra }}-{{ user }} {
- secret = "{{ user_conf.password }}"
- id-{{ ra }}-{{ user }} = "{{ user }}"
- }
-{% endfor %}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if l2tp %}
-{% if l2tp.authentication.mode is vyos_defined('pre-shared-secret') %}
- ike_l2tp_remote_access {
- id = "{{ l2tp_outside_address }}"
- secret = "{{ l2tp.authentication.pre_shared_secret }}"
- }
-{% elif l2tp.authentication.mode is vyos_defined('x509') %}
- private_l2tp_remote_access {
- id = "{{ l2tp_outside_address }}"
- file = {{ l2tp.authentication.x509.certificate }}.pem
-{% if l2tp.authentication.x509.passphrase is vyos_defined %}
- secret = "{{ l2tp.authentication.x509.passphrase }}"
-{% endif %}
- }
-{% endif %}
-{% endif %}
-}
-
diff --git a/data/templates/ipsec/swanctl/l2tp.tmpl b/data/templates/ipsec/swanctl/l2tp.j2
index c0e81e0aa..7e63865cc 100644
--- a/data/templates/ipsec/swanctl/l2tp.tmpl
+++ b/data/templates/ipsec/swanctl/l2tp.j2
@@ -1,6 +1,6 @@
{% macro conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) %}
-{% set l2tp_ike = ike_group[l2tp.ike_group] if l2tp.ike_group is vyos_defined else None %}
-{% set l2tp_esp = esp_group[l2tp.esp_group] if l2tp.esp_group is vyos_defined else None %}
+{% set l2tp_ike = ike_group[l2tp.ike_group] if l2tp.ike_group is vyos_defined else None %}
+{% set l2tp_esp = esp_group[l2tp.esp_group] if l2tp.esp_group is vyos_defined else None %}
l2tp_remote_access {
proposals = {{ l2tp_ike | get_esp_ike_cipher | join(',') if l2tp_ike else l2tp_ike_default }}
local_addrs = {{ l2tp_outside_address }}
@@ -10,9 +10,9 @@
reauth_time = 0
local {
auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
-{% if l2tp.authentication.mode == 'x509' %}
+{% if l2tp.authentication.mode == 'x509' %}
certs = {{ l2tp.authentication.x509.certificate }}.pem
-{% endif %}
+{% endif %}
}
remote {
auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.j2
index b21dce9f0..90d2c774f 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.j2
@@ -1,78 +1,78 @@
{% macro conn(peer, peer_conf, ike_group, esp_group) %}
-{% set name = peer.replace("@", "") | dot_colon_to_dash %}
-{# peer needs to reference the global IKE configuration for certain values #}
-{% set ike = ike_group[peer_conf.ike_group] %}
+{% set name = peer.replace("@", "") | dot_colon_to_dash %}
+{# peer needs to reference the global IKE configuration for certain values #}
+{% set ike = ike_group[peer_conf.ike_group] %}
peer_{{ name }} {
proposals = {{ ike | get_esp_ike_cipher | join(',') }}
version = {{ ike.key_exchange[4:] if ike.key_exchange is vyos_defined else "0" }}
-{% if peer_conf.virtual_address is vyos_defined %}
+{% if peer_conf.virtual_address is vyos_defined %}
vips = {{ peer_conf.virtual_address | join(', ') }}
-{% endif %}
+{% endif %}
local_addrs = {{ peer_conf.local_address if peer_conf.local_address != 'any' else '0.0.0.0/0' }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }}
remote_addrs = {{ peer if peer not in ['any', '0.0.0.0'] and peer[0:1] != '@' else '0.0.0.0/0' }}
-{% if peer_conf.authentication.mode is vyos_defined('x509') %}
+{% if peer_conf.authentication.mode is vyos_defined('x509') %}
send_cert = always
-{% endif %}
-{% if ike.dead_peer_detection is vyos_defined %}
+{% endif %}
+{% if ike.dead_peer_detection is vyos_defined %}
dpd_timeout = {{ ike.dead_peer_detection.timeout }}
dpd_delay = {{ ike.dead_peer_detection.interval }}
-{% endif %}
-{% if ike.key_exchange is vyos_defined('ikev1') and ike.mode is vyos_defined('aggressive') %}
+{% endif %}
+{% if ike.key_exchange is vyos_defined('ikev1') and ike.mode is vyos_defined('aggressive') %}
aggressive = yes
-{% endif %}
+{% endif %}
rekey_time = {{ ike.lifetime }}s
mobike = {{ "yes" if ike.mobike is not defined or ike.mobike == "enable" else "no" }}
-{% if peer[0:1] == '@' %}
+{% if peer[0:1] == '@' %}
keyingtries = 0
reauth_time = 0
-{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %}
+{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %}
keyingtries = 0
-{% elif peer_conf.connection_type is vyos_defined('respond') %}
+{% elif peer_conf.connection_type is vyos_defined('respond') %}
keyingtries = 1
-{% endif %}
-{% if peer_conf.force_encapsulation is vyos_defined('enable') %}
+{% endif %}
+{% if peer_conf.force_encapsulation is vyos_defined('enable') %}
encap = yes
-{% endif %}
+{% endif %}
local {
-{% if peer_conf.authentication.id is vyos_defined %}
+{% if peer_conf.authentication.id is vyos_defined %}
id = "{{ peer_conf.authentication.id }}"
-{% endif %}
+{% endif %}
auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
-{% if peer_conf.authentication.mode == 'x509' %}
+{% if peer_conf.authentication.mode == 'x509' %}
certs = {{ peer_conf.authentication.x509.certificate }}.pem
-{% elif peer_conf.authentication.mode == 'rsa' %}
+{% elif peer_conf.authentication.mode == 'rsa' %}
pubkeys = {{ peer_conf.authentication.rsa.local_key }}.pem
-{% endif %}
+{% endif %}
}
remote {
-{% if peer_conf.authentication.remote_id is vyos_defined %}
+{% if peer_conf.authentication.remote_id is vyos_defined %}
id = "{{ peer_conf.authentication.remote_id }}"
-{% else %}
+{% else %}
id = "{{ peer }}"
-{% endif %}
+{% endif %}
auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
-{% if peer_conf.authentication.mode == 'rsa' %}
+{% if peer_conf.authentication.mode == 'rsa' %}
pubkeys = {{ peer_conf.authentication.rsa.remote_key }}.pem
-{% endif %}
+{% endif %}
}
children {
-{% if peer_conf.vti.bind is vyos_defined and peer_conf.tunnel is not vyos_defined %}
+{% if peer_conf.vti.bind is vyos_defined and peer_conf.tunnel is not vyos_defined %}
{% set vti_esp = esp_group[ peer_conf.vti.esp_group ] if peer_conf.vti.esp_group is vyos_defined else esp_group[ peer_conf.default_esp_group ] %}
peer_{{ name }}_vti {
esp_proposals = {{ vti_esp | get_esp_ike_cipher(ike) | join(',') }}
-{% if vti_esp.life_bytes is vyos_defined %}
+{% if vti_esp.life_bytes is vyos_defined %}
life_bytes = {{ vti_esp.life_bytes }}
-{% endif %}
-{% if vti_esp.life_packets is vyos_defined %}
+{% endif %}
+{% if vti_esp.life_packets is vyos_defined %}
life_packets = {{ vti_esp.life_packets }}
-{% endif %}
+{% endif %}
life_time = {{ vti_esp.lifetime }}s
local_ts = 0.0.0.0/0,::/0
remote_ts = 0.0.0.0/0,::/0
updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}"
- {# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}
- {# Thus we simply shift the key by one to also support a vti0 interface #}
-{% set if_id = peer_conf.vti.bind | replace('vti', '') | int +1 %}
+{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}
+{# Thus we simply shift the key by one to also support a vti0 interface #}
+{% set if_id = peer_conf.vti.bind | replace('vti', '') | int + 1 %}
if_id_in = {{ if_id }}
if_id_out = {{ if_id }}
ipcomp = {{ 'yes' if vti_esp.compression is vyos_defined('enable') else 'no' }}
@@ -87,80 +87,80 @@
start_action = none
{% endif %}
{% if ike.dead_peer_detection is vyos_defined %}
-{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
+{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }}
{% endif %}
close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }}
}
-{% elif peer_conf.tunnel is vyos_defined %}
+{% elif peer_conf.tunnel is vyos_defined %}
{% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() if tunnel_conf.disable is not defined %}
-{% set tunnel_esp_name = tunnel_conf.esp_group if tunnel_conf.esp_group is vyos_defined else peer_conf.default_esp_group %}
-{% set tunnel_esp = esp_group[tunnel_esp_name] %}
-{% set proto = tunnel_conf.protocol if tunnel_conf.protocol is vyos_defined else '' %}
-{% set local_port = tunnel_conf.local.port if tunnel_conf.local.port is vyos_defined else '' %}
-{% set local_suffix = '[{0}/{1}]'.format(proto, local_port) if proto or local_port else '' %}
-{% set remote_port = tunnel_conf.remote.port if tunnel_conf.remote.port is vyos_defined else '' %}
-{% set remote_suffix = '[{0}/{1}]'.format(proto, remote_port) if proto or remote_port else '' %}
+{% set tunnel_esp_name = tunnel_conf.esp_group if tunnel_conf.esp_group is vyos_defined else peer_conf.default_esp_group %}
+{% set tunnel_esp = esp_group[tunnel_esp_name] %}
+{% set proto = tunnel_conf.protocol if tunnel_conf.protocol is vyos_defined else '' %}
+{% set local_port = tunnel_conf.local.port if tunnel_conf.local.port is vyos_defined else '' %}
+{% set local_suffix = '[{0}/{1}]'.format(proto, local_port) if proto or local_port else '' %}
+{% set remote_port = tunnel_conf.remote.port if tunnel_conf.remote.port is vyos_defined else '' %}
+{% set remote_suffix = '[{0}/{1}]'.format(proto, remote_port) if proto or remote_port else '' %}
peer_{{ name }}_tunnel_{{ tunnel_id }} {
esp_proposals = {{ tunnel_esp | get_esp_ike_cipher(ike) | join(',') }}
-{% if tunnel_esp.life_bytes is vyos_defined %}
+{% if tunnel_esp.life_bytes is vyos_defined %}
life_bytes = {{ tunnel_esp.life_bytes }}
-{% endif %}
-{% if tunnel_esp.life_packets is vyos_defined %}
+{% endif %}
+{% if tunnel_esp.life_packets is vyos_defined %}
life_packets = {{ tunnel_esp.life_packets }}
-{% endif %}
+{% endif %}
life_time = {{ tunnel_esp.lifetime }}s
-{% if tunnel_esp.mode is not defined or tunnel_esp.mode == 'tunnel' %}
-{% if tunnel_conf.local.prefix is vyos_defined %}
-{% set local_prefix = tunnel_conf.local.prefix if 'any' not in tunnel_conf.local.prefix else ['0.0.0.0/0', '::/0'] %}
+{% if tunnel_esp.mode is not defined or tunnel_esp.mode == 'tunnel' %}
+{% if tunnel_conf.local.prefix is vyos_defined %}
+{% set local_prefix = tunnel_conf.local.prefix if 'any' not in tunnel_conf.local.prefix else ['0.0.0.0/0', '::/0'] %}
local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }}
-{% endif %}
-{% if tunnel_conf.remote.prefix is vyos_defined %}
-{% set remote_prefix = tunnel_conf.remote.prefix if 'any' not in tunnel_conf.remote.prefix else ['0.0.0.0/0', '::/0'] %}
+{% endif %}
+{% if tunnel_conf.remote.prefix is vyos_defined %}
+{% set remote_prefix = tunnel_conf.remote.prefix if 'any' not in tunnel_conf.remote.prefix else ['0.0.0.0/0', '::/0'] %}
remote_ts = {{ remote_prefix | join(remote_suffix + ",") }}{{ remote_suffix }}
-{% endif %}
-{% if tunnel_conf.priority is vyos_defined %}
+{% endif %}
+{% if tunnel_conf.priority is vyos_defined %}
priority = {{ tunnel_conf.priority }}
-{% endif %}
-{% elif tunnel_esp.mode == 'transport' %}
+{% endif %}
+{% elif tunnel_esp.mode == 'transport' %}
local_ts = {{ peer_conf.local_address }}{{ local_suffix }}
remote_ts = {{ peer }}{{ remote_suffix }}
-{% endif %}
+{% endif %}
ipcomp = {{ 'yes' if tunnel_esp.compression is vyos_defined('enable') else 'no' }}
mode = {{ tunnel_esp.mode }}
-{% if peer[0:1] == '@' %}
+{% if peer[0:1] == '@' %}
start_action = none
-{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %}
+{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %}
start_action = start
-{% elif peer_conf.connection_type is vyos_defined('respond') %}
+{% elif peer_conf.connection_type is vyos_defined('respond') %}
start_action = trap
-{% elif peer_conf.connection_type is vyos_defined('none') %}
+{% elif peer_conf.connection_type is vyos_defined('none') %}
start_action = none
-{% endif %}
-{% if ike.dead_peer_detection is vyos_defined %}
-{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
+{% endif %}
+{% if ike.dead_peer_detection is vyos_defined %}
+{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }}
-{% endif %}
+{% endif %}
close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }}
-{% if peer_conf.vti.bind is vyos_defined %}
+{% if peer_conf.vti.bind is vyos_defined %}
+{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}
+{# Thus we simply shift the key by one to also support a vti0 interface #}
+{% set if_id = peer_conf.vti.bind | replace('vti', '') | int + 1 %}
updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}"
- {# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}
- {# Thus we simply shift the key by one to also support a vti0 interface #}
-{% set if_id = peer_conf.vti.bind | replace('vti', '') | int +1 %}
if_id_in = {{ if_id }}
if_id_out = {{ if_id }}
-{% endif %}
+{% endif %}
}
-{% if tunnel_conf.passthrough is vyos_defined %}
- peer_{{ name }}_tunnel_{{ tunnel_id }}_passthough {
+{% if tunnel_conf.passthrough is vyos_defined %}
+ peer_{{ name }}_tunnel_{{ tunnel_id }}_passthrough {
local_ts = {{ tunnel_conf.passthrough | join(",") }}
remote_ts = {{ tunnel_conf.passthrough | join(",") }}
start_action = trap
mode = pass
}
-{% endif %}
+{% endif %}
{% endfor %}
-{% endif %}
+{% endif %}
}
}
{% endmacro %}
diff --git a/data/templates/ipsec/swanctl/profile.tmpl b/data/templates/ipsec/swanctl/profile.j2
index 0f1c2fda2..d4f417378 100644
--- a/data/templates/ipsec/swanctl/profile.tmpl
+++ b/data/templates/ipsec/swanctl/profile.j2
@@ -1,39 +1,39 @@
{% macro conn(name, profile_conf, ike_group, esp_group) %}
-{# peer needs to reference the global IKE configuration for certain values #}
-{% set ike = ike_group[profile_conf.ike_group] %}
-{% set esp = esp_group[profile_conf.esp_group] %}
-{% if profile_conf.bind.tunnel is vyos_defined %}
+{# peer needs to reference the global IKE configuration for certain values #}
+{% set ike = ike_group[profile_conf.ike_group] %}
+{% set esp = esp_group[profile_conf.esp_group] %}
+{% if profile_conf.bind.tunnel is vyos_defined %}
{% for interface in profile_conf.bind.tunnel %}
dmvpn-{{ name }}-{{ interface }} {
proposals = {{ ike_group[profile_conf.ike_group] | get_esp_ike_cipher | join(',') }}
version = {{ ike.key_exchange[4:] if ike.key_exchange is vyos_defined else "0" }}
rekey_time = {{ ike.lifetime }}s
keyingtries = 0
-{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
+{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
local {
auth = psk
}
remote {
auth = psk
}
-{% endif %}
+{% endif %}
children {
dmvpn {
- esp_proposals = {{ esp | get_esp_ike_cipher(ike) | join(',') }}
+ esp_proposals = {{ esp | get_esp_ike_cipher(ike) | join(',') }}
rekey_time = {{ esp.lifetime }}s
rand_time = 540s
local_ts = dynamic[gre]
remote_ts = dynamic[gre]
mode = {{ esp.mode }}
-{% if ike.dead_peer_detection.action is vyos_defined %}
+{% if ike.dead_peer_detection.action is vyos_defined %}
dpd_action = {{ ike.dead_peer_detection.action }}
-{% endif %}
-{% if esp.compression is vyos_defined('enable') %}
+{% endif %}
+{% if esp.compression is vyos_defined('enable') %}
ipcomp = yes
-{% endif %}
+{% endif %}
}
}
}
{% endfor %}
-{% endif %}
+{% endif %}
{% endmacro %}
diff --git a/data/templates/ipsec/swanctl/remote_access.tmpl b/data/templates/ipsec/swanctl/remote_access.j2
index 059984139..d2760ec1f 100644
--- a/data/templates/ipsec/swanctl/remote_access.tmpl
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -1,7 +1,7 @@
{% macro conn(name, rw_conf, ike_group, esp_group) %}
-{# peer needs to reference the global IKE configuration for certain values #}
-{% set ike = ike_group[rw_conf.ike_group] %}
-{% set esp = esp_group[rw_conf.esp_group] %}
+{# peer needs to reference the global IKE configuration for certain values #}
+{% set ike = ike_group[rw_conf.ike_group] %}
+{% set esp = esp_group[rw_conf.esp_group] %}
ra-{{ name }} {
remote_addrs = %any
local_addrs = {{ rw_conf.local_address if rw_conf.local_address is vyos_defined else '%any' }}
@@ -10,28 +10,29 @@
send_certreq = no
rekey_time = {{ ike.lifetime }}s
keyingtries = 0
-{% if rw_conf.unique is vyos_defined %}
+{% if rw_conf.unique is vyos_defined %}
unique = {{ rw_conf.unique }}
-{% endif %}
-{% if rw_conf.pool is vyos_defined %}
+{% endif %}
+{% if rw_conf.pool is vyos_defined %}
pools = {{ rw_conf.pool | join(',') }}
-{% endif %}
+{% endif %}
local {
-{% if rw_conf.authentication.id is vyos_defined and rw_conf.authentication.use_x509_id is not vyos_defined %}
- id = '{{ rw_conf.authentication.id }}'
-{% endif %}
-{% if rw_conf.authentication.server_mode == 'x509' %}
+{% if rw_conf.authentication.id is vyos_defined and rw_conf.authentication.use_x509_id is not vyos_defined %}
+{# please use " quotes - else Apple iOS goes crazy #}
+ id = "{{ rw_conf.authentication.id }}"
+{% endif %}
+{% if rw_conf.authentication.server_mode == 'x509' %}
auth = pubkey
certs = {{ rw_conf.authentication.x509.certificate }}.pem
-{% elif rw_conf.authentication.server_mode == 'pre-shared-secret' %}
+{% elif rw_conf.authentication.server_mode == 'pre-shared-secret' %}
auth = psk
-{% endif %}
+{% endif %}
}
remote {
auth = {{ rw_conf.authentication.client_mode }}
-{% if rw_conf.authentication.client_mode.startswith("eap") %}
+{% if rw_conf.authentication.client_mode.startswith("eap") %}
eap_id = %any
-{% endif %}
+{% endif %}
}
children {
ikev2-vpn {
@@ -40,9 +41,9 @@
rand_time = 540s
dpd_action = clear
inactivity = {{ rw_conf.timeout }}
-{% set local_prefix = rw_conf.local.prefix if rw_conf.local.prefix is vyos_defined else ['0.0.0.0/0', '::/0'] %}
-{% set local_port = rw_conf.local.port if rw_conf.local.port is vyos_defined else '' %}
-{% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %}
+{% set local_prefix = rw_conf.local.prefix if rw_conf.local.prefix is vyos_defined else ['0.0.0.0/0', '::/0'] %}
+{% set local_port = rw_conf.local.port if rw_conf.local.port is vyos_defined else '' %}
+{% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %}
local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }}
}
}
diff --git a/data/templates/ipsec/windows_profile.tmpl b/data/templates/ipsec/windows_profile.j2
index 8c26944be..8c26944be 100644
--- a/data/templates/ipsec/windows_profile.tmpl
+++ b/data/templates/ipsec/windows_profile.j2
diff --git a/data/templates/lcd/LCDd.conf.tmpl b/data/templates/lcd/LCDd.conf.j2
index 2c8c6602d..3631add1d 100644
--- a/data/templates/lcd/LCDd.conf.tmpl
+++ b/data/templates/lcd/LCDd.conf.j2
@@ -49,13 +49,13 @@ DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/
# text, tyan, ula200, vlsys_m428, xosd, yard2LCD
{% if model is vyos_defined %}
-{% if model.startswith('cfa-') %}
+{% if model.startswith('cfa-') %}
Driver=CFontzPacket
-{% elif model == 'sdec' %}
+{% elif model == 'sdec' %}
Driver=sdeclcd
-{% elif model == 'hd44780' %}
+{% elif model == 'hd44780' %}
Driver=hd44780
-{% endif %}
+{% endif %}
{% endif %}
# Tells the driver to bind to the given interface. [default: 127.0.0.1]
@@ -116,7 +116,7 @@ Heartbeat=off
TitleSpeed=10
{% if model is vyos_defined %}
-{% if model.startswith('cfa-') %}
+{% if model.startswith('cfa-') %}
## CrystalFontz packet driver (for CFA533, CFA631, CFA633 & CFA635) ##
[CFontzPacket]
Model={{ model.split('-')[1] }}
@@ -126,14 +126,14 @@ Brightness=500
OffBrightness=50
Reboot=yes
USB=yes
-{% elif model == 'sdec' %}
+{% elif model == 'sdec' %}
## SDEC driver for Lanner, Watchguard, Sophos sppliances ##
[sdeclcd]
# No options
-{% elif model == 'hd44780' %}
+{% elif model == 'hd44780' %}
[hd44780]
ConnectionType=ezio
Device={{ device }}
Size=16x2
-{% endif %}
+{% endif %}
{% endif %}
diff --git a/data/templates/lcd/lcdproc.conf.tmpl b/data/templates/lcd/lcdproc.conf.j2
index c79f3cd0d..c79f3cd0d 100644
--- a/data/templates/lcd/lcdproc.conf.tmpl
+++ b/data/templates/lcd/lcdproc.conf.j2
diff --git a/data/templates/lldp/lldpd.j2 b/data/templates/lldp/lldpd.j2
new file mode 100644
index 000000000..3c499197d
--- /dev/null
+++ b/data/templates/lldp/lldpd.j2
@@ -0,0 +1,2 @@
+### Autogenerated by lldp.py ###
+DAEMON_ARGS="-M 4 {{ '-x' if snmp.enable is vyos_defined }} {{ '-c' if legacy_protocols.cdp is vyos_defined }} {{ '-e' if legacy_protocols.edp is vyos_defined }} {{ '-f' if legacy_protocols.fdp is vyos_defined }} {{ '-s' if legacy_protocols.sonmp is vyos_defined }}"
diff --git a/data/templates/lldp/lldpd.tmpl b/data/templates/lldp/lldpd.tmpl
deleted file mode 100644
index 9ab1e4367..000000000
--- a/data/templates/lldp/lldpd.tmpl
+++ /dev/null
@@ -1,2 +0,0 @@
-### Autogenerated by lldp.py ###
-DAEMON_ARGS="-M 4{% if snmp.enable is vyos_defined %} -x{% endif %}{% if legacy_protocols.cdp is vyos_defined %} -c{% endif %}{% if legacy_protocols.edp is vyos_defined %} -e{% endif %}{% if legacy_protocols.fdp is vyos_defined %} -f{% endif %}{% if legacy_protocols.sonmp is vyos_defined %} -s{% endif %}"
diff --git a/data/templates/lldp/vyos.conf.tmpl b/data/templates/lldp/vyos.conf.j2
index c34a851aa..ec84231d8 100644
--- a/data/templates/lldp/vyos.conf.tmpl
+++ b/data/templates/lldp/vyos.conf.j2
@@ -3,21 +3,21 @@
configure system platform VyOS
configure system description "VyOS {{ version }}"
{% if interface is vyos_defined %}
-{% set tmp = [] %}
-{% for iface, iface_options in interface.items() if not iface_options.disable %}
-{% if iface == 'all' %}
-{% set iface = '*' %}
-{% endif %}
-{% set _ = tmp.append(iface) %}
-{% if iface_options.location is vyos_defined %}
-{% if iface_options.location.elin is vyos_defined %}
+{% set tmp = [] %}
+{% for iface, iface_options in interface.items() if not iface_options.disable %}
+{% if iface == 'all' %}
+{% set iface = '*' %}
+{% endif %}
+{% set _ = tmp.append(iface) %}
+{% if iface_options.location is vyos_defined %}
+{% if iface_options.location.elin is vyos_defined %}
configure ports {{ iface }} med location elin "{{ iface_options.location.elin }}"
-{% endif %}
-{% if iface_options.location.coordinate_based is vyos_defined %}
+{% endif %}
+{% if iface_options.location.coordinate_based is vyos_defined %}
configure ports {{ iface }} med location coordinate latitude "{{ iface_options.location.coordinate_based.latitude }}" longitude "{{ iface_options.location.coordinate_based.longitude }}" altitude "{{ iface_options.location.coordinate_based.altitude }}m" datum "{{ iface_options.location.coordinate_based.datum }}"
-{% endif %}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
configure system interface pattern "{{ tmp | join(",") }}"
{% endif %}
{% if management_address is vyos_defined %}
diff --git a/data/templates/login/authorized_keys.tmpl b/data/templates/login/authorized_keys.j2
index 9402c8719..aabca47cf 100644
--- a/data/templates/login/authorized_keys.tmpl
+++ b/data/templates/login/authorized_keys.j2
@@ -1,9 +1,9 @@
### Automatically generated by system-login.py ###
{% if authentication.public_keys is vyos_defined %}
-{% for key, key_options in authentication.public_keys.items() %}
+{% for key, key_options in authentication.public_keys.items() %}
{# The whitespace after options is wisely chosen #}
{{ key_options.options ~ ' ' if key_options.options is vyos_defined }}{{ key_options.type }} {{ key_options.key }} {{ key }}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/login/pam_radius_auth.conf.j2 b/data/templates/login/pam_radius_auth.conf.j2
new file mode 100644
index 000000000..1105b60e5
--- /dev/null
+++ b/data/templates/login/pam_radius_auth.conf.j2
@@ -0,0 +1,36 @@
+# Automatically generated by system-login.py
+# RADIUS configuration file
+
+{% if radius is vyos_defined %}
+{# RADIUS IPv6 source address must be specified in [] notation #}
+{% set source_address = namespace() %}
+{% if radius.source_address is vyos_defined %}
+{% for address in radius.source_address %}
+{% if address | is_ipv4 %}
+{% set source_address.ipv4 = address %}
+{% elif address | is_ipv6 %}
+{% set source_address.ipv6 = "[" + address + "]" %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if radius.server is vyos_defined %}
+# server[:port] shared_secret timeout source_ip
+{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #}
+{% for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %}
+{# RADIUS IPv6 servers must be specified in [] notation #}
+{% if server | is_ipv4 %}
+{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }}
+{% else %}
+[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+priv-lvl 15
+mapped_priv_user radius_priv_user
+
+{% if radius.vrf is vyos_defined %}
+vrf-name {{ radius.vrf }}
+{% endif %}
+{% endif %}
+
diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl
deleted file mode 100644
index 4e34ade41..000000000
--- a/data/templates/login/pam_radius_auth.conf.tmpl
+++ /dev/null
@@ -1,36 +0,0 @@
-# Automatically generated by system-login.py
-# RADIUS configuration file
-
-{% if radius is vyos_defined %}
-{# RADIUS IPv6 source address must be specified in [] notation #}
-{% set source_address = namespace() %}
-{% if radius.source_address is vyos_defined %}
-{% for address in radius.source_address %}
-{% if address | is_ipv4 %}
-{% set source_address.ipv4 = address %}
-{% elif address | is_ipv6 %}
-{% set source_address.ipv6 = "[" + address + "]" %}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if radius.server is vyos_defined %}
-# server[:port] shared_secret timeout source_ip
-{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #}
-{% for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %}
-{# RADIUS IPv6 servers must be specified in [] notation #}
-{% if server | is_ipv4 %}
-{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }}
-{% else %}
-[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }}
-{% endif %}
-{% endfor %}
-{% endif %}
-
-priv-lvl 15
-mapped_priv_user radius_priv_user
-
-{% if radius.vrf is vyos_defined %}
-vrf-name {{ radius.vrf }}
-{% endif %}
-{% endif %}
-
diff --git a/data/templates/logs/logrotate/vyos-atop.tmpl b/data/templates/logs/logrotate/vyos-atop.j2
index 2d078f379..2d078f379 100644
--- a/data/templates/logs/logrotate/vyos-atop.tmpl
+++ b/data/templates/logs/logrotate/vyos-atop.j2
diff --git a/data/templates/logs/logrotate/vyos-rsyslog.tmpl b/data/templates/logs/logrotate/vyos-rsyslog.j2
index f2e4d2ab2..f2e4d2ab2 100644
--- a/data/templates/logs/logrotate/vyos-rsyslog.tmpl
+++ b/data/templates/logs/logrotate/vyos-rsyslog.j2
diff --git a/data/templates/mdns-repeater/avahi-daemon.tmpl b/data/templates/mdns-repeater/avahi-daemon.j2
index 65bb5a306..65bb5a306 100644
--- a/data/templates/mdns-repeater/avahi-daemon.tmpl
+++ b/data/templates/mdns-repeater/avahi-daemon.j2
diff --git a/data/templates/monitoring/override.conf.tmpl b/data/templates/monitoring/override.conf.j2
index f8f150791..f8f150791 100644
--- a/data/templates/monitoring/override.conf.tmpl
+++ b/data/templates/monitoring/override.conf.j2
diff --git a/data/templates/monitoring/syslog_telegraf.tmpl b/data/templates/monitoring/syslog_telegraf.j2
index cdcbd92a4..cdcbd92a4 100644
--- a/data/templates/monitoring/syslog_telegraf.tmpl
+++ b/data/templates/monitoring/syslog_telegraf.j2
diff --git a/data/templates/monitoring/systemd_vyos_telegraf_service.tmpl b/data/templates/monitoring/systemd_vyos_telegraf_service.j2
index 234ef5586..234ef5586 100644
--- a/data/templates/monitoring/systemd_vyos_telegraf_service.tmpl
+++ b/data/templates/monitoring/systemd_vyos_telegraf_service.j2
diff --git a/data/templates/monitoring/telegraf.j2 b/data/templates/monitoring/telegraf.j2
new file mode 100644
index 000000000..d1a94366b
--- /dev/null
+++ b/data/templates/monitoring/telegraf.j2
@@ -0,0 +1,105 @@
+# Generated by /usr/libexec/vyos/conf_mode/service_monitoring_telegraf.py
+
+[agent]
+ interval = "15s"
+ round_interval = true
+ metric_batch_size = 1000
+ metric_buffer_limit = 10000
+ collection_jitter = "5s"
+ flush_interval = "15s"
+ flush_jitter = "0s"
+ precision = ""
+ debug = false
+ quiet = false
+ logfile = ""
+ hostname = ""
+ omit_hostname = false
+{% if influxdb_configured is vyos_defined %}
+### InfluxDB2 ###
+[[outputs.influxdb_v2]]
+ urls = ["{{ url }}:{{ port }}"]
+ insecure_skip_verify = true
+ token = "$INFLUX_TOKEN"
+ organization = "{{ authentication.organization }}"
+ bucket = "{{ bucket }}"
+### End InfluxDB2 ###
+{% endif %}
+{% if prometheus_client is vyos_defined %}
+### Prometheus ###
+[[outputs.prometheus_client]]
+ ## Address to listen on
+ listen = "{{ prometheus_client.listen_address if prometheus_client.listen_address is vyos_defined else '' }}:{{ prometheus_client.port }}"
+ metric_version = {{ prometheus_client.metric_version }}
+{% if prometheus_client.authentication.username is vyos_defined and prometheus_client.authentication.password is vyos_defined %}
+ ## Use HTTP Basic Authentication
+ basic_username = "{{ prometheus_client.authentication.username }}"
+ basic_password = "{{ prometheus_client.authentication.password }}"
+{% endif %}
+{% if prometheus_client.allow_from is vyos_defined %}
+ ip_range = {{ prometheus_client.allow_from }}
+{% endif %}
+### End Prometheus ###
+{% endif %}
+{% if splunk is vyos_defined %}
+### Splunk ###
+[[outputs.http]]
+ ## URL is the address to send metrics to
+ url = "{{ splunk.url }}"
+ ## Timeout for HTTP message
+ # timeout = "5s"
+ ## Use TLS but skip chain & host verification
+{% if splunk.authentication.insecure is vyos_defined %}
+ insecure_skip_verify = true
+{% endif %}
+ ## Data format to output
+ data_format = "splunkmetric"
+ ## Provides time, index, source overrides for the HEC
+ splunkmetric_hec_routing = true
+ ## Additional HTTP headers
+ [outputs.http.headers]
+ # Should be set manually to "application/json" for json data_format
+ Content-Type = "application/json"
+ Authorization = "Splunk {{ splunk.authentication.token }}"
+ X-Splunk-Request-Channel = "{{ splunk.authentication.token }}"
+### End Splunk ###
+{% endif %}
+[[inputs.cpu]]
+ percpu = true
+ totalcpu = true
+ collect_cpu_time = false
+ report_active = false
+[[inputs.disk]]
+ ignore_fs = ["devtmpfs", "devfs"]
+[[inputs.diskio]]
+[[inputs.mem]]
+[[inputs.net]]
+[[inputs.system]]
+[[inputs.netstat]]
+[[inputs.processes]]
+[[inputs.kernel]]
+[[inputs.interrupts]]
+[[inputs.linux_sysctl_fs]]
+[[inputs.systemd_units]]
+[[inputs.conntrack]]
+ files = ["ip_conntrack_count","ip_conntrack_max","nf_conntrack_count","nf_conntrack_max"]
+ dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"]
+[[inputs.ethtool]]
+ interface_include = {{ interfaces_ethernet }}
+[[inputs.ntpq]]
+ dns_lookup = true
+[[inputs.internal]]
+[[inputs.nstat]]
+[[inputs.syslog]]
+ server = "unixgram:///run/telegraf/telegraf_syslog.sock"
+ best_effort = true
+ syslog_standard = "RFC3164"
+{% if influxdb_configured is vyos_defined %}
+[[inputs.exec]]
+ commands = [
+ "{{ custom_scripts_dir }}/show_firewall_input_filter.py",
+ "{{ custom_scripts_dir }}/show_interfaces_input_filter.py",
+ "{{ custom_scripts_dir }}/vyos_services_input_filter.py"
+ ]
+ timeout = "10s"
+ data_format = "influx"
+{% endif %}
diff --git a/data/templates/monitoring/telegraf.tmpl b/data/templates/monitoring/telegraf.tmpl
deleted file mode 100644
index d3145a500..000000000
--- a/data/templates/monitoring/telegraf.tmpl
+++ /dev/null
@@ -1,60 +0,0 @@
-# Generated by /usr/libexec/vyos/conf_mode/service_monitoring_telegraf.py
-
-[agent]
- interval = "10s"
- round_interval = true
- metric_batch_size = 1000
- metric_buffer_limit = 10000
- collection_jitter = "0s"
- flush_interval = "10s"
- flush_jitter = "0s"
- precision = ""
- debug = false
- quiet = false
- logfile = ""
- hostname = ""
- omit_hostname = false
-[[outputs.influxdb_v2]]
- urls = ["{{ url }}:{{ port }}"]
- insecure_skip_verify = true
- token = "$INFLUX_TOKEN"
- organization = "{{ authentication.organization }}"
- bucket = "{{ bucket }}"
-[[inputs.cpu]]
- percpu = true
- totalcpu = true
- collect_cpu_time = false
- report_active = false
-[[inputs.disk]]
- ignore_fs = ["devtmpfs", "devfs"]
-[[inputs.diskio]]
-[[inputs.mem]]
-[[inputs.net]]
-[[inputs.system]]
-[[inputs.netstat]]
-[[inputs.processes]]
-[[inputs.kernel]]
-[[inputs.interrupts]]
-[[inputs.linux_sysctl_fs]]
-[[inputs.systemd_units]]
-[[inputs.conntrack]]
- files = ["ip_conntrack_count","ip_conntrack_max","nf_conntrack_count","nf_conntrack_max"]
- dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"]
-[[inputs.ethtool]]
- interface_include = {{ interfaces_ethernet }}
-[[inputs.ntpq]]
- dns_lookup = true
-[[inputs.internal]]
-[[inputs.nstat]]
-[[inputs.syslog]]
- server = "unixgram:///run/telegraf/telegraf_syslog.sock"
- best_effort = true
- syslog_standard = "RFC3164"
-[[inputs.exec]]
- commands = [
- "{{ custom_scripts_dir }}/show_firewall_input_filter.py",
- "{{ custom_scripts_dir }}/show_interfaces_input_filter.py",
- "{{ custom_scripts_dir }}/vyos_services_input_filter.py"
- ]
- timeout = "10s"
- data_format = "influx"
diff --git a/data/templates/ndppd/ndppd.conf.j2 b/data/templates/ndppd/ndppd.conf.j2
new file mode 100644
index 000000000..120fa0a64
--- /dev/null
+++ b/data/templates/ndppd/ndppd.conf.j2
@@ -0,0 +1,44 @@
+########################################################
+#
+# autogenerated by nat66.py
+#
+# The configuration file must define one upstream
+# interface.
+#
+# For some services, such as nat66, because it runs
+# stateless, it needs to rely on NDP Proxy to respond
+# to NDP requests.
+#
+# When using nat66 source rules, NDP Proxy needs
+# to be enabled
+#
+########################################################
+
+{% set global = namespace(ndppd_interfaces = [],ndppd_prefixs = []) %}
+{% if source.rule is vyos_defined %}
+{% for rule, config in source.rule.items() if config.disable is not defined %}
+{% if config.outbound_interface is vyos_defined %}
+{% if config.outbound_interface not in global.ndppd_interfaces %}
+{% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface] %}
+{% endif %}
+{% if config.translation.address is vyos_defined and config.translation.address | is_ip_network %}
+{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface,'rule':config.translation.address}] %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% for interface in global.ndppd_interfaces %}
+proxy {{ interface }} {
+ router yes
+ timeout 500
+ ttl 30000
+{% for map in global.ndppd_prefixs %}
+{% if map.interface == interface %}
+ rule {{ map.rule }} {
+ static
+ }
+{% endif %}
+{% endfor %}
+}
+{% endfor %}
diff --git a/data/templates/ndppd/ndppd.conf.tmpl b/data/templates/ndppd/ndppd.conf.tmpl
deleted file mode 100644
index c41392cc7..000000000
--- a/data/templates/ndppd/ndppd.conf.tmpl
+++ /dev/null
@@ -1,44 +0,0 @@
-########################################################
-#
-# autogenerated by nat66.py
-#
-# The configuration file must define one upstream
-# interface.
-#
-# For some services, such as nat66, because it runs
-# stateless, it needs to rely on NDP Proxy to respond
-# to NDP requests.
-#
-# When using nat66 source rules, NDP Proxy needs
-# to be enabled
-#
-########################################################
-
-{% set global = namespace(ndppd_interfaces = [],ndppd_prefixs = []) %}
-{% if source.rule is vyos_defined %}
-{% for rule, config in source.rule.items() if config.disable is not defined %}
-{% if config.outbound_interface is vyos_defined %}
-{% if config.outbound_interface not in global.ndppd_interfaces %}
-{% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface] %}
-{% endif %}
-{% if config.translation.address is vyos_defined and config.translation.address | is_ip_network %}
-{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface,'rule':config.translation.address}] %}
-{% endif %}
-{% endif %}
-{% endfor %}
-{% endif %}
-
-{% for interface in global.ndppd_interfaces %}
-proxy {{ interface }} {
- router yes
- timeout 500
- ttl 30000
-{% for map in global.ndppd_prefixs %}
-{% if map.interface == interface %}
- rule {{ map.rule }} {
- static
- }
-{% endif %}
-{% endfor %}
-}
-{% endfor %}
diff --git a/data/templates/nhrp/opennhrp.conf.j2 b/data/templates/nhrp/opennhrp.conf.j2
new file mode 100644
index 000000000..c040a8f14
--- /dev/null
+++ b/data/templates/nhrp/opennhrp.conf.j2
@@ -0,0 +1,42 @@
+{# j2lint: disable=jinja-variable-format #}
+# Created by VyOS - manual changes will be overwritten
+
+{% if tunnel is vyos_defined %}
+{% for name, tunnel_conf in tunnel.items() %}
+{% set type = 'spoke' if tunnel_conf.map is vyos_defined or tunnel_conf.dynamic_map is vyos_defined else 'hub' %}
+{% set profile_name = profile_map[name] if profile_map is vyos_defined and name in profile_map else '' %}
+interface {{ name }} #{{ type }} {{ profile_name }}
+{% if tunnel_conf.map is vyos_defined %}
+{% for map, map_conf in tunnel_conf.map.items() %}
+{% set cisco = ' cisco' if map_conf.cisco is vyos_defined else '' %}
+{% set register = ' register' if map_conf.register is vyos_defined else '' %}
+ map {{ map }} {{ map_conf.nbma_address }}{{ register }}{{ cisco }}
+{% endfor %}
+{% endif %}
+{% if tunnel_conf.dynamic_map is vyos_defined %}
+{% for map, map_conf in tunnel_conf.dynamic_map.items() %}
+ dynamic-map {{ map }} {{ map_conf.nbma_domain_name }}
+{% endfor %}
+{% endif %}
+{% if tunnel_conf.cisco_authentication is vyos_defined %}
+ cisco-authentication {{ tunnel_conf.cisco_authentication }}
+{% endif %}
+{% if tunnel_conf.holding_time is vyos_defined %}
+ holding-time {{ tunnel_conf.holding_time }}
+{% endif %}
+{% if tunnel_conf.multicast is vyos_defined %}
+ multicast {{ tunnel_conf.multicast }}
+{% endif %}
+{% for key in ['non_caching', 'redirect', 'shortcut', 'shortcut_destination'] %}
+{% if key in tunnel_conf %}
+ {{ key | replace("_", "-") }}
+{% endif %}
+{% endfor %}
+{% if tunnel_conf.shortcut_target is vyos_defined %}
+{% for target, shortcut_conf in tunnel_conf.shortcut_target.items() %}
+ shortcut-target {{ target }}{{ ' holding-time ' + shortcut_conf.holding_time if shortcut_conf.holding_time is vyos_defined }}
+{% endfor %}
+{% endif %}
+
+{% endfor %}
+{% endif %}
diff --git a/data/templates/nhrp/opennhrp.conf.tmpl b/data/templates/nhrp/opennhrp.conf.tmpl
deleted file mode 100644
index 721d41e49..000000000
--- a/data/templates/nhrp/opennhrp.conf.tmpl
+++ /dev/null
@@ -1,41 +0,0 @@
-# Created by VyOS - manual changes will be overwritten
-
-{% if tunnel is vyos_defined %}
-{% for name, tunnel_conf in tunnel.items() %}
-{% set type = 'spoke' if tunnel_conf.map is vyos_defined or tunnel_conf.dynamic_map is vyos_defined else 'hub' %}
-{% set profile_name = profile_map[name] if profile_map is vyos_defined and name in profile_map else '' %}
-interface {{ name }} #{{ type }} {{ profile_name }}
-{% if tunnel_conf.map is vyos_defined %}
-{% for map, map_conf in tunnel_conf.map.items() %}
-{% set cisco = ' cisco' if map_conf.cisco is vyos_defined else '' %}
-{% set register = ' register' if map_conf.register is vyos_defined else '' %}
- map {{ map }} {{ map_conf.nbma_address }}{{ register }}{{ cisco }}
-{% endfor %}
-{% endif %}
-{% if tunnel_conf.dynamic_map is vyos_defined %}
-{% for map, map_conf in tunnel_conf.dynamic_map.items() %}
- dynamic-map {{ map }} {{ map_conf.nbma_domain_name }}
-{% endfor %}
-{% endif %}
-{% if tunnel_conf.cisco_authentication is vyos_defined %}
- cisco-authentication {{ tunnel_conf.cisco_authentication }}
-{% endif %}
-{% if tunnel_conf.holding_time is vyos_defined %}
- holding-time {{ tunnel_conf.holding_time }}
-{% endif %}
-{% if tunnel_conf.multicast is vyos_defined %}
- multicast {{ tunnel_conf.multicast }}
-{% endif %}
-{% for key in ['non_caching', 'redirect', 'shortcut', 'shortcut_destination'] %}
-{% if key in tunnel_conf %}
- {{ key | replace("_", "-") }}
-{% endif %}
-{% endfor %}
-{% if tunnel_conf.shortcut_target is vyos_defined %}
-{% for target, shortcut_conf in tunnel_conf.shortcut_target.items() %}
- shortcut-target {{ target }}{{ ' holding-time ' + shortcut_conf.holding_time if shortcut_conf.holding_time is vyos_defined }}
-{% endfor %}
-{% endif %}
-
-{% endfor %}
-{% endif %}
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.j2
index 05b85a610..8418a2185 100644
--- a/data/templates/ocserv/ocserv_config.tmpl
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -9,13 +9,13 @@ run-as-group = daemon
{% if "radius" in authentication.mode %}
auth = "radius [config=/run/ocserv/radiusclient.conf]"
{% elif "local" in authentication.mode %}
-{% if authentication.mode.local == "password-otp" %}
+{% if authentication.mode.local == "password-otp" %}
auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]"
-{% elif authentication.mode.local == "otp" %}
+{% elif authentication.mode.local == "otp" %}
auth = "plain[otp=/run/ocserv/users.oath]"
-{% else %}
+{% else %}
auth = "plain[/run/ocserv/ocpasswd]"
-{% endif %}
+{% endif %}
{% else %}
auth = "plain[/run/ocserv/ocpasswd]"
{% endif %}
@@ -23,9 +23,9 @@ auth = "plain[/run/ocserv/ocpasswd]"
{% if ssl.certificate is vyos_defined %}
server-cert = /run/ocserv/cert.pem
server-key = /run/ocserv/cert.key
-{% if ssl.passphrase is vyos_defined %}
+{% if ssl.passphrase is vyos_defined %}
key-pin = {{ ssl.passphrase }}
-{% endif %}
+{% endif %}
{% endif %}
{% if ssl.ca_certificate is vyos_defined %}
@@ -59,33 +59,33 @@ device = sslvpn
# An alternative way of specifying the network:
{% if network_settings %}
# DNS settings
-{% if network_settings.name_server is string %}
+{% if network_settings.name_server is string %}
dns = {{ network_settings.name_server }}
-{% else %}
-{% for dns in network_settings.name_server %}
+{% else %}
+{% for dns in network_settings.name_server %}
dns = {{ dns }}
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
# IPv4 network pool
-{% if network_settings.client_ip_settings %}
-{% if network_settings.client_ip_settings.subnet %}
+{% if network_settings.client_ip_settings %}
+{% if network_settings.client_ip_settings.subnet %}
ipv4-network = {{ network_settings.client_ip_settings.subnet }}
+{% endif %}
{% endif %}
-{% endif %}
# IPv6 network pool
-{% if network_settings.client_ipv6_pool %}
-{% if network_settings.client_ipv6_pool.prefix %}
+{% if network_settings.client_ipv6_pool %}
+{% if network_settings.client_ipv6_pool.prefix %}
ipv6-network = {{ network_settings.client_ipv6_pool.prefix }}
ipv6-subnet-prefix = {{ network_settings.client_ipv6_pool.mask }}
+{% endif %}
{% endif %}
-{% endif %}
{% endif %}
{% if network_settings.push_route is string %}
route = {{ network_settings.push_route }}
{% else %}
-{% for route in network_settings.push_route %}
+{% for route in network_settings.push_route %}
route = {{ route }}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/ocserv/ocserv_otp_usr.tmpl b/data/templates/ocserv/ocserv_otp_usr.j2
index 18de5fec6..b2511ed94 100644
--- a/data/templates/ocserv/ocserv_otp_usr.tmpl
+++ b/data/templates/ocserv/ocserv_otp_usr.j2
@@ -1,8 +1,8 @@
#<token_type> <username> <pin> <secret_hex_key> <counter> <lastpass> <time>
{% if username is vyos_defined %}
-{% for user, user_config in username.items() %}
-{% if user_config.disable is not vyos_defined and user_config.otp is vyos_defined %}
+{% for user, user_config in username.items() %}
+{% if user_config.disable is not vyos_defined and user_config.otp is vyos_defined %}
{{ user_config.otp.token_tmpl }} {{ user }} {{ user_config.otp.pin | default("-", true) }} {{ user_config.otp.key }}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/ocserv/ocserv_passwd.tmpl b/data/templates/ocserv/ocserv_passwd.j2
index 30c79d66a..30c79d66a 100644
--- a/data/templates/ocserv/ocserv_passwd.tmpl
+++ b/data/templates/ocserv/ocserv_passwd.j2
diff --git a/data/templates/ocserv/radius_conf.tmpl b/data/templates/ocserv/radius_conf.j2
index 1712d83ef..b6612fee5 100644
--- a/data/templates/ocserv/radius_conf.tmpl
+++ b/data/templates/ocserv/radius_conf.j2
@@ -1,13 +1,13 @@
### generated by vpn_openconnect.py ###
nas-identifier VyOS
{% for srv in server %}
-{% if not "disable" in server[srv] %}
-{% if "port" in server[srv] %}
-authserver {{ srv }}:{{server[srv]["port"]}}
-{% else %}
+{% if not "disable" in server[srv] %}
+{% if "port" in server[srv] %}
+authserver {{ srv }}:{{ server[srv]["port"] }}
+{% else %}
authserver {{ srv }}
+{% endif %}
{% endif %}
-{% endif %}
{% endfor %}
radius_timeout {{ timeout }}
{% if source_address %}
@@ -15,7 +15,7 @@ bindaddr {{ source_address }}
{% else %}
bindaddr *
{% endif %}
-servers /run/ocserv/radius_servers
+servers /run/ocserv/radius_servers
dictionary /etc/radcli/dictionary
default_realm
radius_retries 3
diff --git a/data/templates/ocserv/radius_servers.j2 b/data/templates/ocserv/radius_servers.j2
new file mode 100644
index 000000000..302e91600
--- /dev/null
+++ b/data/templates/ocserv/radius_servers.j2
@@ -0,0 +1,7 @@
+### generated by vpn_openconnect.py ###
+# server key
+{% for srv in server %}
+{% if not "disable" in server[srv] %}
+{{ srv }} {{ server[srv].key }}
+{% endif %}
+{% endfor %}
diff --git a/data/templates/ocserv/radius_servers.tmpl b/data/templates/ocserv/radius_servers.tmpl
deleted file mode 100644
index 7bacac992..000000000
--- a/data/templates/ocserv/radius_servers.tmpl
+++ /dev/null
@@ -1,7 +0,0 @@
-### generated by vpn_openconnect.py ###
-# server key
-{% for srv in server %}
-{% if not "disable" in server[srv] %}
-{{ srv }} {{ server[srv].key }}
-{% endif %}
-{% endfor %}
diff --git a/data/templates/pmacct/override.conf.tmpl b/data/templates/pmacct/override.conf.j2
index 213569ddc..213569ddc 100644
--- a/data/templates/pmacct/override.conf.tmpl
+++ b/data/templates/pmacct/override.conf.j2
diff --git a/data/templates/pmacct/uacctd.conf.tmpl b/data/templates/pmacct/uacctd.conf.j2
index 7e4f80e95..ea6247005 100644
--- a/data/templates/pmacct/uacctd.conf.tmpl
+++ b/data/templates/pmacct/uacctd.conf.j2
@@ -20,14 +20,14 @@ imt_mem_pools_number: 169
{% set plugin = [] %}
{% if netflow.server is vyos_defined %}
-{% for server in netflow.server %}
-{% set _ = plugin.append('nfprobe[nf_' ~ server ~ ']') %}
-{% endfor %}
+{% for server in netflow.server %}
+{% set _ = plugin.append('nfprobe[nf_' ~ server ~ ']') %}
+{% endfor %}
{% endif %}
{% if sflow.server is vyos_defined %}
-{% for server in sflow.server %}
-{% set _ = plugin.append('sfprobe[sf_' ~ server ~ ']') %}
-{% endfor %}
+{% for server in sflow.server %}
+{% set _ = plugin.append('sfprobe[sf_' ~ server ~ ']') %}
+{% endfor %}
{% endif %}
{% if disable_imt is not defined %}
{% set _ = plugin.append('memory') %}
@@ -36,39 +36,39 @@ plugins: {{ plugin | join(',') }}
{% if netflow.server is vyos_defined %}
# NetFlow servers
-{% for server, server_config in netflow.server.items() %}
+{% for server, server_config in netflow.server.items() %}
nfprobe_receiver[nf_{{ server }}]: {{ server }}:{{ server_config.port }}
nfprobe_version[nf_{{ server }}]: {{ netflow.version }}
-{% if netflow.engine_id is vyos_defined %}
+{% if netflow.engine_id is vyos_defined %}
nfprobe_engine[nf_{{ server }}]: {{ netflow.engine_id }}
-{% endif %}
-{% if netflow.max_flows is vyos_defined %}
+{% endif %}
+{% if netflow.max_flows is vyos_defined %}
nfprobe_maxflows[nf_{{ server }}]: {{ netflow.max_flows }}
-{% endif %}
-{% if netflow.sampling_rate is vyos_defined %}
+{% endif %}
+{% if netflow.sampling_rate is vyos_defined %}
sampling_rate[nf_{{ server }}]: {{ netflow.sampling_rate }}
-{% endif %}
-{% if netflow.source_address is vyos_defined %}
+{% endif %}
+{% if netflow.source_address is vyos_defined %}
nfprobe_source_ip[nf_{{ server }}]: {{ netflow.source_address }}
-{% endif %}
-{% if netflow.timeout is vyos_defined %}
+{% endif %}
+{% if netflow.timeout is vyos_defined %}
nfprobe_timeouts[nf_{{ server }}]: expint={{ netflow.timeout.expiry_interval }}:general={{ netflow.timeout.flow_generic }}:icmp={{ netflow.timeout.icmp }}:maxlife={{ netflow.timeout.max_active_life }}:tcp.fin={{ netflow.timeout.tcp_fin }}:tcp={{ netflow.timeout.tcp_generic }}:tcp.rst={{ netflow.timeout.tcp_rst }}:udp={{ netflow.timeout.udp }}
-{% endif %}
+{% endif %}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if sflow.server is vyos_defined %}
# sFlow servers
-{% for server, server_config in sflow.server.items() %}
+{% for server, server_config in sflow.server.items() %}
sfprobe_receiver[sf_{{ server }}]: {{ server }}:{{ server_config.port }}
sfprobe_agentip[sf_{{ server }}]: {{ sflow.agent_address }}
-{% if sflow.sampling_rate is vyos_defined %}
+{% if sflow.sampling_rate is vyos_defined %}
sampling_rate[sf_{{ server }}]: {{ sflow.sampling_rate }}
-{% endif %}
-{% if sflow.source_address is vyos_defined %}
+{% endif %}
+{% if sflow.source_address is vyos_defined %}
sfprobe_source_ip[sf_{{ server }}]: {{ sflow.source_address }}
-{% endif %}
+{% endif %}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/pppoe/ip-down.script.tmpl b/data/templates/pppoe/ip-down.script.tmpl
deleted file mode 100644
index 0be7b03c8..000000000
--- a/data/templates/pppoe/ip-down.script.tmpl
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/sh
-
-# As PPPoE is an "on demand" interface we need to re-configure it when it
-# becomes up
-if [ "$6" != "{{ ifname }}" ]; then
- exit
-fi
-
-# add some info to syslog
-DIALER_PID=$(cat /var/run/{{ ifname }}.pid)
-logger -t pppd[$DIALER_PID] "executing $0"
-
-{% if connect_on_demand is not defined %}
-# See https://phabricator.vyos.net/T2248. Determine if we are enslaved to a
-# VRF, this is needed to properly insert the default route.
-VRF_NAME=""
-if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then
- # Determine upper (VRF) interface
- VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*))
- # Remove upper_ prefix from result string
- VRF=${VRF#"upper_"}
- # Populate variable to run in VR context
- VRF_NAME="vrf ${VRF_NAME}"
-fi
-
-{% if default_route != 'none' %}
-# Always delete default route when interface goes down if we installed it
-vtysh -c "conf t" ${VRF_NAME} -c "no ip route 0.0.0.0/0 {{ ifname }} ${VRF_NAME}"
-{% if ipv6.address.autoconf is vyos_defined %}
-vtysh -c "conf t" ${VRF_NAME} -c "no ipv6 route ::/0 {{ ifname }} ${VRF_NAME}"
-{% endif %}
-{% endif %}
-{% endif %}
-
-{% if dhcpv6_options.pd is vyos_defined %}
-# Stop wide dhcpv6 client
-systemctl stop dhcp6c@{{ ifname }}.service
-{% endif %}
diff --git a/data/templates/pppoe/ip-pre-up.script.tmpl b/data/templates/pppoe/ip-pre-up.script.tmpl
deleted file mode 100644
index a54e4e9bd..000000000
--- a/data/templates/pppoe/ip-pre-up.script.tmpl
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-# As PPPoE is an "on demand" interface we need to re-configure it when it
-# becomes up
-if [ "$6" != "{{ ifname }}" ]; then
- exit
-fi
-
-# add some info to syslog
-DIALER_PID=$(cat /var/run/{{ ifname }}.pid)
-logger -t pppd[$DIALER_PID] "executing $0"
-
-echo "{{ description }}" > /sys/class/net/{{ ifname }}/ifalias
-
-{% if vrf %}
-logger -t pppd[$DIALER_PID] "configuring dialer interface $6 for VRF {{ vrf }}"
-ip link set dev {{ ifname }} master {{ vrf }}
-{% endif %}
diff --git a/data/templates/pppoe/ip-up.script.tmpl b/data/templates/pppoe/ip-up.script.tmpl
deleted file mode 100644
index 302756960..000000000
--- a/data/templates/pppoe/ip-up.script.tmpl
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/sh
-
-# As PPPoE is an "on demand" interface we need to re-configure it when it
-# becomes up
-if [ "$6" != "{{ ifname }}" ]; then
- exit
-fi
-
-{% if connect_on_demand is not defined %}
-# add some info to syslog
-DIALER_PID=$(cat /var/run/{{ ifname }}.pid)
-logger -t pppd[$DIALER_PID] "executing $0"
-
-{% if default_route != 'none' %}
-# See https://phabricator.vyos.net/T2248 & T2220. Determine if we are enslaved
-# to a VRF, this is needed to properly insert the default route.
-
-SED_OPT="^ip route"
-VRF_NAME=""
-if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then
- # Determine upper (VRF) interface
- VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*))
- # Remove upper_ prefix from result string
- VRF=${VRF#"upper_"}
- # generate new SED command
- SED_OPT="vrf ${VRF}"
- # generate vtysh option
- VRF_NAME="vrf ${VRF}"
-fi
-
-{% if default_route == 'auto' %}
-# Only insert a new default route if there is no default route configured
-routes=$(vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep 0.0.0.0/0 | wc -l)
-if [ "$routes" -ne 0 ]; then
- exit 1
-fi
-
-{% elif default_route == 'force' %}
-# Retrieve current static default routes and remove it from the routing table
-vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep 0.0.0.0/0 | while read route ; do
- vtysh -c "conf t" ${VTY_OPT} -c "no ${route} ${VRF_NAME}"
-done
-{% endif %}
-
-# Add default route to default or VRF routing table
-vtysh -c "conf t" ${VTY_OPT} -c "ip route 0.0.0.0/0 {{ ifname }} ${VRF_NAME}"
-logger -t pppd[$DIALER_PID] "added default route via {{ ifname }} ${VRF_NAME}"
-{% endif %}
-{% endif %}
diff --git a/data/templates/pppoe/ipv6-up.script.tmpl b/data/templates/pppoe/ipv6-up.script.tmpl
deleted file mode 100644
index da73cb4d5..000000000
--- a/data/templates/pppoe/ipv6-up.script.tmpl
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/sh
-
-# As PPPoE is an "on demand" interface we need to re-configure it when it
-# becomes up
-
-if [ "$6" != "{{ ifname }}" ]; then
- exit
-fi
-
-
-{% if default_route != 'none' %}
-# See https://phabricator.vyos.net/T2248 & T2220. Determine if we are enslaved
-# to a VRF, this is needed to properly insert the default route.
-
-SED_OPT="^ipv6 route"
-VRF_NAME=""
-if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then
- # Determine upper (VRF) interface
- VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*))
- # Remove upper_ prefix from result string
- VRF=${VRF#"upper_"}
- # generate new SED command
- SED_OPT="vrf ${VRF}"
- # generate vtysh option
- VRF_NAME="vrf ${VRF}"
-fi
-
-{% if default_route == 'auto' %}
-# Only insert a new default route if there is no default route configured
-routes=$(vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep ::/0 | wc -l)
-if [ "$routes" -ne 0 ]; then
- exit 1
-fi
-
-{% elif default_route == 'force' %}
-# Retrieve current static default routes and remove it from the routing table
-vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep ::/0 | while read route ; do
- vtysh -c "conf t" ${VTY_OPT} -c "no ${route} ${VRF_NAME}"
-done
-{% endif %}
-
-# Add default route to default or VRF routing table
-vtysh -c "conf t" ${VTY_OPT} -c "ipv6 route ::/0 {{ ifname }} ${VRF_NAME}"
-logger -t pppd[$DIALER_PID] "added default route via {{ ifname }} ${VRF_NAME}"
-{% endif %}
-
diff --git a/data/templates/pppoe/peer.tmpl b/data/templates/pppoe/peer.j2
index d6d63debf..6221abb9b 100644
--- a/data/templates/pppoe/peer.tmpl
+++ b/data/templates/pppoe/peer.j2
@@ -67,14 +67,14 @@ demand
# See T2249. PPP default route options should only be set when in on-demand
# mode. As soon as we are not in on-demand mode the default-route handling is
# passed to the ip-up.d/ip-down.s scripts which is required for VRF support.
-{% if 'auto' in default_route %}
+{% if 'auto' in default_route %}
defaultroute
{{ 'defaultroute6' if ipv6 is vyos_defined }}
-{% elif 'force' in default_route %}
+{% elif 'force' in default_route %}
defaultroute
replacedefaultroute
{{ 'defaultroute6' if ipv6 is vyos_defined }}
-{% endif %}
+{% endif %}
{% else %}
nodefaultroute
noreplacedefaultroute
diff --git a/data/templates/router-advert/radvd.conf.tmpl b/data/templates/router-advert/radvd.conf.j2
index b40ba1ee0..6902dc05a 100644
--- a/data/templates/router-advert/radvd.conf.tmpl
+++ b/data/templates/router-advert/radvd.conf.j2
@@ -1,66 +1,66 @@
### Autogenerated by service_router-advert.py ###
{% if interface is vyos_defined %}
-{% for iface, iface_config in interface.items() %}
+{% for iface, iface_config in interface.items() %}
interface {{ iface }} {
IgnoreIfMissing on;
-{% if iface_config.default_preference is vyos_defined %}
+{% if iface_config.default_preference is vyos_defined %}
AdvDefaultPreference {{ iface_config.default_preference }};
-{% endif %}
-{% if iface_config.managed_flag is vyos_defined %}
+{% endif %}
+{% if iface_config.managed_flag is vyos_defined %}
AdvManagedFlag {{ 'on' if iface_config.managed_flag is vyos_defined else 'off' }};
-{% endif %}
-{% if iface_config.interval.max is vyos_defined %}
+{% endif %}
+{% if iface_config.interval.max is vyos_defined %}
MaxRtrAdvInterval {{ iface_config.interval.max }};
-{% endif %}
-{% if iface_config.interval.min is vyos_defined %}
+{% endif %}
+{% if iface_config.interval.min is vyos_defined %}
MinRtrAdvInterval {{ iface_config.interval.min }};
-{% endif %}
-{% if iface_config.reachable_time is vyos_defined %}
+{% endif %}
+{% if iface_config.reachable_time is vyos_defined %}
AdvReachableTime {{ iface_config.reachable_time }};
-{% endif %}
+{% endif %}
AdvIntervalOpt {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }};
AdvSendAdvert {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }};
-{% if iface_config.default_lifetime is vyos_defined %}
+{% if iface_config.default_lifetime is vyos_defined %}
AdvDefaultLifetime {{ iface_config.default_lifetime }};
-{% endif %}
-{% if iface_config.link_mtu is vyos_defined %}
+{% endif %}
+{% if iface_config.link_mtu is vyos_defined %}
AdvLinkMTU {{ iface_config.link_mtu }};
-{% endif %}
+{% endif %}
AdvOtherConfigFlag {{ 'on' if iface_config.other_config_flag is vyos_defined else 'off' }};
AdvRetransTimer {{ iface_config.retrans_timer }};
AdvCurHopLimit {{ iface_config.hop_limit }};
-{% if iface_config.route is vyos_defined %}
-{% for route, route_options in iface_config.route.items() %}
+{% if iface_config.route is vyos_defined %}
+{% for route, route_options in iface_config.route.items() %}
route {{ route }} {
-{% if route_options.valid_lifetime is vyos_defined %}
+{% if route_options.valid_lifetime is vyos_defined %}
AdvRouteLifetime {{ route_options.valid_lifetime }};
-{% endif %}
-{% if route_options.route_preference is vyos_defined %}
+{% endif %}
+{% if route_options.route_preference is vyos_defined %}
AdvRoutePreference {{ route_options.route_preference }};
-{% endif %}
+{% endif %}
RemoveRoute {{ 'off' if route_options.no_remove_route is vyos_defined else 'on' }};
};
-{% endfor %}
-{% endif %}
-{% if iface_config.prefix is vyos_defined %}
-{% for prefix, prefix_options in iface_config.prefix.items() %}
+{% endfor %}
+{% endif %}
+{% if iface_config.prefix is vyos_defined %}
+{% for prefix, prefix_options in iface_config.prefix.items() %}
prefix {{ prefix }} {
AdvAutonomous {{ 'off' if prefix_options.no_autonomous_flag is vyos_defined else 'on' }};
AdvValidLifetime {{ prefix_options.valid_lifetime }};
AdvOnLink {{ 'off' if prefix_options.no_on_link_flag is vyos_defined else 'on' }};
AdvPreferredLifetime {{ prefix_options.preferred_lifetime }};
};
-{% endfor %}
-{% endif %}
-{% if iface_config.name_server is vyos_defined %}
+{% endfor %}
+{% endif %}
+{% if iface_config.name_server is vyos_defined %}
RDNSS {{ iface_config.name_server | join(" ") }} {
};
-{% endif %}
-{% if iface_config.dnssl is vyos_defined %}
+{% endif %}
+{% if iface_config.dnssl is vyos_defined %}
DNSSL {{ iface_config.dnssl | join(" ") }} {
};
-{% endif %}
+{% endif %}
};
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/snmp/etc.snmp.conf.tmpl b/data/templates/snmp/etc.snmp.conf.j2
index 8012cf6bb..8012cf6bb 100644
--- a/data/templates/snmp/etc.snmp.conf.tmpl
+++ b/data/templates/snmp/etc.snmp.conf.j2
diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2
new file mode 100644
index 000000000..d7dc0ba5d
--- /dev/null
+++ b/data/templates/snmp/etc.snmpd.conf.j2
@@ -0,0 +1,182 @@
+### Autogenerated by snmp.py ###
+
+# non configurable defaults
+sysObjectID 1.3.6.1.4.1.44641
+sysServices 14
+master agentx
+agentXPerms 0777 0777
+pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias
+smuxpeer .1.3.6.1.2.1.83
+smuxpeer .1.3.6.1.2.1.157
+smuxsocket localhost
+
+# linkUp/Down configure the Event MIB tables to monitor
+# the ifTable for network interfaces being taken up or down
+# for making internal queries to retrieve any necessary information
+iquerySecName {{ vyos_user }}
+
+# Modified from the default linkUpDownNotification
+# to include more OIDs and poll more frequently
+notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus
+notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus
+monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2
+monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2
+
+# Remove all old ifTable entries with the same ifName as newly appeared
+# interface (with different ifIndex) - this is the case on e.g. ppp interfaces
+interface_replace_old yes
+
+########################
+# configurable section #
+########################
+
+# Default system description is VyOS version
+sysDescr VyOS {{ version }}
+
+{% if description is vyos_defined %}
+# Description
+SysDescr {{ description }}
+{% endif %}
+
+# Listen
+{% set options = [] %}
+{% if listen_address is vyos_defined %}
+{% for address, address_options in listen_address.items() %}
+{% if address | is_ipv6 %}
+{% set protocol = protocol ~ '6' %}
+{% endif %}
+{% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %}
+{% endfor %}
+{% else %}
+{% set _ = options.append(protocol ~ ':161') %}
+{% set _ = options.append(protocol ~ '6:161') %}
+{% endif %}
+agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }}
+
+# SNMP communities
+{% if community is vyos_defined %}
+{% for comm, comm_config in community.items() %}
+{% if comm_config.client is vyos_defined %}
+{% for client in comm_config.client %}
+{% if client | is_ipv4 %}
+{{ comm_config.authorization }}community {{ comm }} {{ client }}
+{% elif client | is_ipv6 %}
+{{ comm_config.authorization }}community6 {{ comm }} {{ client }}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if comm_config.network is vyos_defined %}
+{% for network in comm_config.network %}
+{% if network | is_ipv4 %}
+{{ comm_config.authorization }}community {{ comm }} {{ network }}
+{% elif client | is_ipv6 %}
+{{ comm_config.authorization }}community6 {{ comm }} {{ network }}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %}
+{{ comm_config.authorization }}community {{ comm }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if contact is vyos_defined %}
+# system contact information
+SysContact {{ contact }}
+{% endif %}
+
+{% if location is vyos_defined %}
+# system location information
+SysLocation {{ location }}
+{% endif %}
+
+{% if smux_peer is vyos_defined %}
+# additional smux peers
+{% for peer in smux_peer %}
+smuxpeer {{ peer }}
+{% endfor %}
+{% endif %}
+
+{% if trap_target is vyos_defined %}
+# if there is a problem - tell someone!
+{% for trap, trap_config in trap_target.items() %}
+trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }}
+{% endfor %}
+{% endif %}
+
+{% if v3 is vyos_defined %}
+#
+# SNMPv3 stuff goes here
+#
+{% if v3.view is vyos_defined %}
+# views
+{% for view, view_config in v3.view.items() %}
+{% if view_config.oid is vyos_defined %}
+{% for oid in view_config.oid %}
+view {{ view }} included .{{ oid }}
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+# access
+{% if v3.group is vyos_defined %}
+# context sec.model sec.level match read write notif
+{% for group, group_config in v3.group.items() %}
+access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {{ 'none' if group_config.mode == 'ro' else group_config.view }} none
+{% endfor %}
+{% endif %}
+
+# trap-target
+{% if v3.trap_target is vyos_defined %}
+{% for trap, trap_config in v3.trap_target.items() %}
+{% set options = '' %}
+{% if trap_config.type == 'inform' %}
+{% set options = options ~ ' -Ci' %}
+{% endif %}
+{% if v3.engineid is vyos_defined %}
+{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %}
+{% endif %}
+{% if trap_config.user is vyos_defined %}
+{% set options = options ~ ' -u ' ~ trap_config.user %}
+{% endif %}
+{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %}
+{% set options = options ~ ' -a ' ~ trap_config.auth.type %}
+{% if trap_config.auth.plaintext_password is vyos_defined %}
+{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %}
+{% elif trap_config.auth.encrypted_password is vyos_defined %}
+{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %}
+{% endif %}
+{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %}
+{% set options = options ~ ' -x ' ~ trap_config.privacy.type %}
+{% if trap_config.privacy.plaintext_password is vyos_defined %}
+{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %}
+{% elif trap_config.privacy.encrypted_password is vyos_defined %}
+{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %}
+{% endif %}
+{% set options = options ~ ' -l authPriv' %}
+{% else %}
+{% set options = options ~ ' -l authNoPriv' %}
+{% endif %}
+{% else %}
+{% set options = options ~ ' -l noAuthNoPriv' %}
+{% endif %}
+trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }}
+{% endfor %}
+{% endif %}
+
+# group
+{% if v3.user is vyos_defined %}
+{% for user, user_config in v3.user.items() %}
+group {{ user_config.group }} usm {{ user }}
+{% endfor %}
+{% endif %}
+{# SNMPv3 end #}
+{% endif %}
+
+{% if script_extensions.extension_name is vyos_defined %}
+# extension scripts
+{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %}
+extend {{ script }} {{ script_config.script }}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/snmp/etc.snmpd.conf.tmpl b/data/templates/snmp/etc.snmpd.conf.tmpl
deleted file mode 100644
index 510b35097..000000000
--- a/data/templates/snmp/etc.snmpd.conf.tmpl
+++ /dev/null
@@ -1,182 +0,0 @@
-### Autogenerated by snmp.py ###
-
-# non configurable defaults
-sysObjectID 1.3.6.1.4.1.44641
-sysServices 14
-master agentx
-agentXPerms 0777 0777
-pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias
-smuxpeer .1.3.6.1.2.1.83
-smuxpeer .1.3.6.1.2.1.157
-smuxsocket localhost
-
-# linkUp/Down configure the Event MIB tables to monitor
-# the ifTable for network interfaces being taken up or down
-# for making internal queries to retrieve any necessary information
-iquerySecName {{ vyos_user }}
-
-# Modified from the default linkUpDownNotification
-# to include more OIDs and poll more frequently
-notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus
-notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus
-monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2
-monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2
-
-# Remove all old ifTable entries with the same ifName as newly appeared
-# interface (with different ifIndex) - this is the case on e.g. ppp interfaces
-interface_replace_old yes
-
-########################
-# configurable section #
-########################
-
-# Default system description is VyOS version
-sysDescr VyOS {{ version }}
-
-{% if description is vyos_defined %}
-# Description
-SysDescr {{ description }}
-{% endif %}
-
-# Listen
-{% set options = [] %}
-{% if listen_address is vyos_defined %}
-{% for address, address_options in listen_address.items() %}
-{% if address | is_ipv6 %}
-{% set protocol = protocol ~ '6' %}
-{% endif %}
-{% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %}
-{% endfor %}
-{% else %}
-{% set _ = options.append(protocol ~ ':161') %}
-{% set _ = options.append(protocol ~ '6:161') %}
-{% endif %}
-agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }}
-
-# SNMP communities
-{% if community is vyos_defined %}
-{% for comm, comm_config in community.items() %}
-{% if comm_config.client is vyos_defined %}
-{% for client in comm_config.client %}
-{% if client | is_ipv4 %}
-{{ comm_config.authorization }}community {{ comm }} {{ client }}
-{% elif client | is_ipv6 %}
-{{ comm_config.authorization }}community6 {{ comm }} {{ client }}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if comm_config.network is vyos_defined %}
-{% for network in comm_config.network %}
-{% if network | is_ipv4 %}
-{{ comm_config.authorization }}community {{ comm }} {{ network }}
-{% elif client | is_ipv6 %}
-{{ comm_config.authorization }}community6 {{ comm }} {{ network }}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %}
-{{ comm_config.authorization }}community {{ comm }}
-{% endif %}
-{% endfor %}
-{% endif %}
-
-{% if contact is vyos_defined %}
-# system contact information
-SysContact {{ contact }}
-{% endif %}
-
-{% if location is vyos_defined %}
-# system location information
-SysLocation {{ location }}
-{% endif %}
-
-{% if smux_peer is vyos_defined %}
-# additional smux peers
-{% for peer in smux_peer %}
-smuxpeer {{ peer }}
-{% endfor %}
-{% endif %}
-
-{% if trap_target is vyos_defined %}
-# if there is a problem - tell someone!
-{% for trap, trap_config in trap_target.items() %}
-trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }}
-{% endfor %}
-{% endif %}
-
-{% if v3 is vyos_defined %}
-#
-# SNMPv3 stuff goes here
-#
-{% if v3.view is vyos_defined %}
-# views
-{% for view, view_config in v3.view.items() %}
-{% if view_config.oid is vyos_defined %}
-{% for oid in view_config.oid %}
-view {{ view }} included .{{ oid }}
-{% endfor %}
-{% endif %}
-{% endfor %}
-{% endif %}
-
-# access
-{% if v3.group is vyos_defined %}
-# context sec.model sec.level match read write notif
-{% for group, group_config in v3.group.items() %}
-access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {% if group_config.mode == 'ro' %}none{% else %}{{ group_config.view }}{% endif %} none
-{% endfor %}
-{% endif %}
-
-# trap-target
-{% if v3.trap_target is vyos_defined %}
-{% for trap, trap_config in v3.trap_target.items() %}
-{% set options = '' %}
-{% if trap_config.type == 'inform' %}
-{% set options = options ~ ' -Ci' %}
-{% endif %}
-{% if v3.engineid is vyos_defined %}
-{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %}
-{% endif %}
-{% if trap_config.user is vyos_defined %}
-{% set options = options ~ ' -u ' ~ trap_config.user %}
-{% endif %}
-{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %}
-{% set options = options ~ ' -a ' ~ trap_config.auth.type %}
-{% if trap_config.auth.plaintext_password is vyos_defined %}
-{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %}
-{% elif trap_config.auth.encrypted_password is vyos_defined %}
-{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %}
-{% endif %}
-{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %}
-{% set options = options ~ ' -x ' ~ trap_config.privacy.type %}
-{% if trap_config.privacy.plaintext_password is vyos_defined %}
-{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %}
-{% elif trap_config.privacy.encrypted_password is vyos_defined %}
-{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %}
-{% endif %}
-{% set options = options ~ ' -l authPriv' %}
-{% else %}
-{% set options = options ~ ' -l authNoPriv' %}
-{% endif %}
-{% else %}
-{% set options = options ~ ' -l noAuthNoPriv' %}
-{% endif %}
-trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }}
-{% endfor %}
-{% endif %}
-
-# group
-{% if v3.user is vyos_defined %}
-{% for user, user_config in v3.user.items() %}
-group {{ user_config.group }} usm {{ user }}
-{% endfor %}
-{% endif %}
-{# SNMPv3 end #}
-{% endif %}
-
-{% if script_extensions.extension_name is vyos_defined %}
-# extension scripts
-{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %}
-extend {{ script }} {{ script_config.script }}
-{% endfor %}
-{% endif %}
diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.j2
index 5d787de86..5d787de86 100644
--- a/data/templates/snmp/override.conf.tmpl
+++ b/data/templates/snmp/override.conf.j2
diff --git a/data/templates/snmp/usr.snmpd.conf.tmpl b/data/templates/snmp/usr.snmpd.conf.j2
index a46b3997f..a713c1cec 100644
--- a/data/templates/snmp/usr.snmpd.conf.tmpl
+++ b/data/templates/snmp/usr.snmpd.conf.j2
@@ -1,8 +1,8 @@
### Autogenerated by snmp.py ###
-{% if v3.user is vyos_defined %}
+{% if v3.user is vyos_defined %}
{% for user, user_config in v3.user.items() %}
{{ user_config.mode }}user {{ user }}
{% endfor %}
-{% endif %}
+{% endif %}
rwuser {{ vyos_user }}
diff --git a/data/templates/snmp/var.snmpd.conf.tmpl b/data/templates/snmp/var.snmpd.conf.j2
index 16d39db89..012f33aeb 100644
--- a/data/templates/snmp/var.snmpd.conf.tmpl
+++ b/data/templates/snmp/var.snmpd.conf.j2
@@ -1,16 +1,16 @@
### Autogenerated by snmp.py ###
# user
{% if v3 is vyos_defined %}
-{% if v3.user is vyos_defined %}
-{% for user, user_config in v3.user.items() %}
+{% if v3.user is vyos_defined %}
+{% for user, user_config in v3.user.items() %}
usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.auth.type | snmp_auth_oid }} 0x{{ user_config.auth.encrypted_password }} {{ user_config.privacy.type | snmp_auth_oid }} 0x{{ user_config.privacy.encrypted_password }} 0x
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
# VyOS default user
createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES
-{% if v3.engineid is vyos_defined %}
+{% if v3.engineid is vyos_defined %}
oldEngineID 0x{{ v3.engineid }}
-{% endif %}
+{% endif %}
{% endif %}
diff --git a/data/templates/squid/sg_acl.conf.tmpl b/data/templates/squid/sg_acl.conf.j2
index ce72b173a..ce72b173a 100644
--- a/data/templates/squid/sg_acl.conf.tmpl
+++ b/data/templates/squid/sg_acl.conf.j2
diff --git a/data/templates/squid/squid.conf.tmpl b/data/templates/squid/squid.conf.j2
index e8627b022..a0fdeb20e 100644
--- a/data/templates/squid/squid.conf.tmpl
+++ b/data/templates/squid/squid.conf.j2
@@ -16,23 +16,23 @@ acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
{% if authentication is vyos_defined %}
-{% if authentication.children is vyos_defined %}
+{% if authentication.children is vyos_defined %}
auth_param basic children {{ authentication.children }}
-{% endif %}
-{% if authentication.credentials_ttl is vyos_defined %}
+{% endif %}
+{% if authentication.credentials_ttl is vyos_defined %}
auth_param basic credentialsttl {{ authentication.credentials_ttl }} minute
-{% endif %}
-{% if authentication.realm is vyos_defined %}
+{% endif %}
+{% if authentication.realm is vyos_defined %}
auth_param basic realm "{{ authentication.realm }}"
-{% endif %}
+{% endif %}
{# LDAP based Authentication #}
-{% if authentication.method is vyos_defined %}
-{% if authentication.ldap is vyos_defined and authentication.method is vyos_defined('ldap') %}
+{% if authentication.method is vyos_defined %}
+{% if authentication.ldap is vyos_defined and authentication.method is vyos_defined('ldap') %}
auth_param basic program /usr/lib/squid/basic_ldap_auth -v {{ authentication.ldap.version }} -b "{{ authentication.ldap.base_dn }}" {{ '-D "' ~ authentication.ldap.bind_dn ~ '"' if authentication.ldap.bind_dn is vyos_defined }} {{ '-w "' ~ authentication.ldap.password ~ '"' if authentication.ldap.password is vyos_defined }} {{ '-f "' ~ authentication.ldap.filter_expression ~ '"' if authentication.ldap.filter_expression is vyos_defined }} {{ '-u "' ~ authentication.ldap.username_attribute ~ '"' if authentication.ldap.username_attribute is vyos_defined }} -p {{ authentication.ldap.port }} {{ '-ZZ' if authentication.ldap.use_ssl is vyos_defined }} -R -h "{{ authentication.ldap.server }}"
-{% endif %}
+{% endif %}
acl auth proxy_auth REQUIRED
http_access allow auth
-{% endif %}
+{% endif %}
{% endif %}
http_access allow manager localhost
@@ -44,18 +44,18 @@ http_access allow net
http_access deny all
{% if reply_block_mime is vyos_defined %}
-{% for mime_type in reply_block_mime %}
+{% for mime_type in reply_block_mime %}
acl BLOCK_MIME rep_mime_type {{ mime_type }}
-{% endfor %}
+{% endfor %}
http_reply_access deny BLOCK_MIME
{% endif %}
{% if cache_size is vyos_defined %}
-{% if cache_size | int > 0 %}
+{% if cache_size | int > 0 %}
cache_dir ufs /var/spool/squid {{ cache_size }} 16 256
-{% else %}
+{% else %}
# disabling disk cache
-{% endif %}
+{% endif %}
{% endif %}
{% if mem_cache_size is vyos_defined %}
cache_mem {{ mem_cache_size }} MB
@@ -87,9 +87,9 @@ tcp_outgoing_address {{ outgoing_address }}
{% if listen_address is vyos_defined %}
-{% for address, config in listen_address.items() %}
+{% for address, config in listen_address.items() %}
http_port {{ address | bracketize_ipv6 }}:{{ config.port if config.port is vyos_defined else default_port }} {{ 'intercept' if config.disable_transparent is not vyos_defined }}
-{% endfor %}
+{% endfor %}
{% endif %}
http_port 127.0.0.1:{{ default_port }}
@@ -104,8 +104,8 @@ url_rewrite_bypass on
{% endif %}
{% if cache_peer is vyos_defined %}
-{% for peer, config in cache_peer.items() %}
+{% for peer, config in cache_peer.items() %}
cache_peer {{ config.address }} {{ config.type }} {{ config.http_port }} {{ config.icp_port }} {{ config.options }}
-{% endfor %}
+{% endfor %}
never_direct allow all
{% endif %}
diff --git a/data/templates/squid/squidGuard.conf.j2 b/data/templates/squid/squidGuard.conf.j2
new file mode 100644
index 000000000..1bc4c984f
--- /dev/null
+++ b/data/templates/squid/squidGuard.conf.j2
@@ -0,0 +1,124 @@
+### generated by service_webproxy.py ###
+
+{% macro sg_rule(category, log, db_dir) %}
+{% set expressions = db_dir + '/' + category + '/expressions' %}
+dest {{ category }}-default {
+ domainlist {{ category }}/domains
+ urllist {{ category }}/urls
+{% if expressions | is_file %}
+ expressionlist {{ category }}/expressions
+{% endif %}
+{% if log is vyos_defined %}
+ log blacklist.log
+{% endif %}
+}
+{% endmacro %}
+
+{% if url_filtering is vyos_defined and url_filtering.disable is not vyos_defined %}
+{% if url_filtering.squidguard is vyos_defined %}
+{% set sg_config = url_filtering.squidguard %}
+{% set acl = namespace(value='local-ok-default') %}
+{% set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %}
+dbhome {{ squidguard_db_dir }}
+logdir /var/log/squid
+
+rewrite safesearch {
+ s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
+ s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
+ s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
+ s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
+ s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
+ s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
+ log rewrite.log
+}
+
+{% if sg_config.local_ok is vyos_defined %}
+{% set acl.value = acl.value + ' local-ok-default' %}
+dest local-ok-default {
+ domainlist local-ok-default/domains
+}
+{% endif %}
+{% if sg_config.local_ok_url is vyos_defined %}
+{% set acl.value = acl.value + ' local-ok-url-default' %}
+dest local-ok-url-default {
+ urllist local-ok-url-default/urls
+}
+{% endif %}
+{% if sg_config.local_block is vyos_defined %}
+{% set acl.value = acl.value + ' !local-block-default' %}
+dest local-block-default {
+ domainlist local-block-default/domains
+}
+{% endif %}
+{% if sg_config.local_block_url is vyos_defined %}
+{% set acl.value = acl.value + ' !local-block-url-default' %}
+dest local-block-url-default {
+ urllist local-block-url-default/urls
+}
+{% endif %}
+{% if sg_config.local_block_keyword is vyos_defined %}
+{% set acl.value = acl.value + ' !local-block-keyword-default' %}
+dest local-block-keyword-default {
+ expressionlist local-block-keyword-default/expressions
+}
+{% endif %}
+
+{% if sg_config.block_category is vyos_defined %}
+{% for category in sg_config.block_category %}
+{{ sg_rule(category, sg_config.log, squidguard_db_dir) }}
+{% set acl.value = acl.value + ' !' + category + '-default' %}
+{% endfor %}
+{% endif %}
+{% if sg_config.allow_category is vyos_defined %}
+{% for category in sg_config.allow_category %}
+{{ sg_rule(category, False, squidguard_db_dir) }}
+{% set acl.value = acl.value + ' ' + category + '-default' %}
+{% endfor %}
+{% endif %}
+{% if sg_config.source_group is vyos_defined %}
+{% for sgroup, sg_config in sg_config.source_group.items() %}
+{% if sg_config.address is vyos_defined %}
+src {{ sgroup }} {
+{% for address in sg_config.address %}
+ ip {{ address }}
+{% endfor %}
+}
+
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if sg_config.rule is vyos_defined %}
+{% for rule, rule_config in sg_config.rule.items() %}
+{% for b_category in rule_config.block_category %}
+dest {{ b_category }} {
+ domainlist {{ b_category }}/domains
+ urllist {{ b_category }}/urls
+}
+{% endfor %}
+
+{% endfor %}
+{% endif %}
+acl {
+{% if sg_config.rule is vyos_defined %}
+{% for rule, rule_config in sg_config.rule.items() %}
+ {{ rule_config.source_group }} {
+{% for b_category in rule_config.block_category %}
+ pass local-ok-1 !in-addr !{{ b_category }} all
+{% endfor %}
+ }
+{% endfor %}
+{% endif %}
+
+ default {
+{% if sg_config.enable_safe_search is vyos_defined %}
+ rewrite safesearch
+{% endif %}
+ pass {{ acl.value }} {{ 'none' if sg_config.default_action is vyos_defined('block') else 'allow' }}
+ redirect 302:http://{{ sg_config.redirect_url }}
+{% if sg_config.log is vyos_defined %}
+ log blacklist.log
+{% endif %}
+ }
+}
+{% endif %}
+{% endif %}
diff --git a/data/templates/squid/squidGuard.conf.tmpl b/data/templates/squid/squidGuard.conf.tmpl
deleted file mode 100644
index 5e877f01f..000000000
--- a/data/templates/squid/squidGuard.conf.tmpl
+++ /dev/null
@@ -1,124 +0,0 @@
-### generated by service_webproxy.py ###
-
-{% macro sg_rule(category, log, db_dir) %}
-{% set expressions = db_dir + '/' + category + '/expressions' %}
-dest {{ category }}-default {
- domainlist {{ category }}/domains
- urllist {{ category }}/urls
-{% if expressions | is_file %}
- expressionlist {{ category }}/expressions
-{% endif %}
-{% if log is vyos_defined %}
- log blacklist.log
-{% endif %}
-}
-{% endmacro %}
-
-{% if url_filtering is vyos_defined and url_filtering.disable is not vyos_defined %}
-{% if url_filtering.squidguard is vyos_defined %}
-{% set sg_config = url_filtering.squidguard %}
-{% set acl = namespace(value='local-ok-default') %}
-{% set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %}
-dbhome {{ squidguard_db_dir }}
-logdir /var/log/squid
-
-rewrite safesearch {
- s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
- s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
- s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
- s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
- s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
- s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
- log rewrite.log
-}
-
-{% if sg_config.local_ok is vyos_defined %}
-{% set acl.value = acl.value + ' local-ok-default' %}
-dest local-ok-default {
- domainlist local-ok-default/domains
-}
-{% endif %}
-{% if sg_config.local_ok_url is vyos_defined %}
-{% set acl.value = acl.value + ' local-ok-url-default' %}
-dest local-ok-url-default {
- urllist local-ok-url-default/urls
-}
-{% endif %}
-{% if sg_config.local_block is vyos_defined %}
-{% set acl.value = acl.value + ' !local-block-default' %}
-dest local-block-default {
- domainlist local-block-default/domains
-}
-{% endif %}
-{% if sg_config.local_block_url is vyos_defined %}
-{% set acl.value = acl.value + ' !local-block-url-default' %}
-dest local-block-url-default {
- urllist local-block-url-default/urls
-}
-{% endif %}
-{% if sg_config.local_block_keyword is vyos_defined %}
-{% set acl.value = acl.value + ' !local-block-keyword-default' %}
-dest local-block-keyword-default {
- expressionlist local-block-keyword-default/expressions
-}
-{% endif %}
-
-{% if sg_config.block_category is vyos_defined %}
-{% for category in sg_config.block_category %}
-{{ sg_rule(category, sg_config.log, squidguard_db_dir) }}
-{% set acl.value = acl.value + ' !' + category + '-default' %}
-{% endfor %}
-{% endif %}
-{% if sg_config.allow_category is vyos_defined %}
-{% for category in sg_config.allow_category %}
-{{ sg_rule(category, False, squidguard_db_dir) }}
-{% set acl.value = acl.value + ' ' + category + '-default' %}
-{% endfor %}
-{% endif %}
-{% if sg_config.source_group is vyos_defined %}
-{% for sgroup, sg_config in sg_config.source_group.items() %}
-{% if sg_config.address is vyos_defined %}
-src {{ sgroup }} {
-{% for address in sg_config.address %}
- ip {{ address }}
-{% endfor %}
-}
-
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if sg_config.rule is vyos_defined %}
-{% for rule, rule_config in sg_config.rule.items() %}
-{% for b_category in rule_config.block_category%}
-dest {{ b_category }} {
- domainlist {{ b_category }}/domains
- urllist {{ b_category }}/urls
-}
-{% endfor %}
-
-{% endfor %}
-{% endif %}
-acl {
-{% if sg_config.rule is vyos_defined %}
-{% for rule, rule_config in sg_config.rule.items() %}
- {{ rule_config.source_group }} {
-{% for b_category in rule_config.block_category%}
- pass local-ok-1 !in-addr !{{ b_category }} all
-{% endfor %}
- }
-{% endfor %}
-{% endif %}
-
- default {
-{% if sg_config.enable_safe_search is vyos_defined %}
- rewrite safesearch
-{% endif %}
- pass {{ acl.value }} {{ 'none' if sg_config.default_action is vyos_defined('block') else 'allow' }}
- redirect 302:http://{{ sg_config.redirect_url }}
-{% if sg_config.log is vyos_defined %}
- log blacklist.log
-{% endif %}
- }
-}
-{% endif %}
-{% endif %}
diff --git a/data/templates/ssh/sshguard_config.j2 b/data/templates/ssh/sshguard_config.j2
new file mode 100644
index 000000000..58c6ad48d
--- /dev/null
+++ b/data/templates/ssh/sshguard_config.j2
@@ -0,0 +1,27 @@
+### Autogenerated by ssh.py ###
+
+{% if dynamic_protection is vyos_defined %}
+# Full path to backend executable (required, no default)
+BACKEND="/usr/libexec/sshguard/sshg-fw-nft-sets"
+
+# Shell command that provides logs on standard output. (optional, no default)
+# Example 1: ssh and sendmail from systemd journal:
+LOGREADER="LANG=C journalctl -afb -p info -n1 -t sshd -o cat"
+
+#### OPTIONS ####
+# Block attackers when their cumulative attack score exceeds THRESHOLD.
+# Most attacks have a score of 10. (optional, default 30)
+THRESHOLD={{ dynamic_protection.threshold }}
+
+# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
+# Subsequent blocks increase by a factor of 1.5. (optional, default 120)
+BLOCK_TIME={{ dynamic_protection.block_time }}
+
+# Remember potential attackers for up to DETECTION_TIME seconds before
+# resetting their score. (optional, default 1800)
+DETECTION_TIME={{ dynamic_protection.detect_time }}
+
+# IP addresses listed in the WHITELIST_FILE are considered to be
+# friendlies and will never be blocked.
+WHITELIST_FILE=/etc/sshguard/whitelist
+{% endif %}
diff --git a/data/templates/ssh/sshguard_whitelist.j2 b/data/templates/ssh/sshguard_whitelist.j2
new file mode 100644
index 000000000..47a950a2b
--- /dev/null
+++ b/data/templates/ssh/sshguard_whitelist.j2
@@ -0,0 +1,7 @@
+### Autogenerated by ssh.py ###
+
+{% if dynamic_protection.allow_from is vyos_defined %}
+{% for address in dynamic_protection.allow_from %}
+{{ address }}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/syslog/logrotate.tmpl b/data/templates/syslog/logrotate.j2
index c1b951e8b..c1b951e8b 100644
--- a/data/templates/syslog/logrotate.tmpl
+++ b/data/templates/syslog/logrotate.j2
diff --git a/data/templates/syslog/rsyslog.conf.tmpl b/data/templates/syslog/rsyslog.conf.j2
index 2fb621760..4445d568b 100644
--- a/data/templates/syslog/rsyslog.conf.tmpl
+++ b/data/templates/syslog/rsyslog.conf.j2
@@ -2,9 +2,9 @@
## file based logging
{% if files['global']['marker'] %}
$ModLoad immark
-{% if files['global']['marker-interval'] %}
-$MarkMessagePeriod {{files['global']['marker-interval']}}
-{% endif %}
+{% if files['global']['marker-interval'] %}
+$MarkMessagePeriod {{ files['global']['marker-interval'] }}
+{% endif %}
{% endif %}
{% if files['global']['preserver_fqdn'] %}
$PreserveFQDN on
@@ -15,40 +15,40 @@ $outchannel {{ file }},{{ file_options['log-file'] }},{{ file_options['max-size'
{% endfor %}
{% if console is defined and console is not none %}
## console logging
-{% for con, con_options in console.items() %}
+{% for con, con_options in console.items() %}
{{ con_options['selectors'] }} /dev/console
-{% endfor %}
+{% endfor %}
{% endif %}
{% if hosts is defined and hosts is not none %}
## remote logging
-{% for host, host_options in hosts.items() %}
-{% if host_options.proto == 'tcp' %}
-{% if host_options.port is defined %}
-{% if host_options.oct_count is defined %}
+{% for host, host_options in hosts.items() %}
+{% if host_options.proto == 'tcp' %}
+{% if host_options.port is defined %}
+{% if host_options.oct_count is defined %}
{{ host_options.selectors }} @@(o){{ host | bracketize_ipv6 }}:{{ host_options.port }};RSYSLOG_SyslogProtocol23Format
-{% else %}
+{% else %}
{{ host_options.selectors }} @@{{ host | bracketize_ipv6 }}:{{ host_options.port }}
-{% endif %}
-{% else %}
+{% endif %}
+{% else %}
{{ host_options.selectors }} @@{{ host | bracketize_ipv6 }}
-{% endif %}
-{% elif host_options.proto == 'udp' %}
-{% if host_options.port is defined %}
+{% endif %}
+{% elif host_options.proto == 'udp' %}
+{% if host_options.port is defined %}
{{ host_options.selectors }} @{{ host | bracketize_ipv6 }}:{{ host_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if host_options.oct_count is sameas true }}
-{% else %}
+{% else %}
{{ host_options.selectors }} @{{ host | bracketize_ipv6 }}
-{% endif %}
-{% else %}
-{% if host_options['port'] %}
+{% endif %}
+{% else %}
+{% if host_options['port'] %}
{{ host_options.selectors }} @{{ host | bracketize_ipv6 }}:{{ host_options.port }}
-{% else %}
+{% else %}
{{ host_options.selectors }} @{{ host | bracketize_ipv6 }}
-{% endif %}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
{% endif %}
{% if user is defined and user is not none %}
-{% for username, user_options in user.items() %}
+{% for username, user_options in user.items() %}
{{ user_options.selectors }} :omusrmsg:{{ username }}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/system/curlrc.tmpl b/data/templates/system/curlrc.j2
index be4efe8ba..be4efe8ba 100644
--- a/data/templates/system/curlrc.tmpl
+++ b/data/templates/system/curlrc.j2
diff --git a/data/templates/system/proxy.j2 b/data/templates/system/proxy.j2
new file mode 100644
index 000000000..215c4c5c2
--- /dev/null
+++ b/data/templates/system/proxy.j2
@@ -0,0 +1,7 @@
+# generated by system-proxy.py
+{% if url is vyos_defined and port is vyos_defined %}
+{# remove http:// prefix so we can inject a username/password if present #}
+export http_proxy=http://{{ username ~ ':' ~ password ~ '@' if username is vyos_defined and password is vyos_defined }}{{ url | replace('http://', '') }}:{{ port }}
+export https_proxy=$http_proxy
+export ftp_proxy=$http_proxy
+{% endif %}
diff --git a/data/templates/system/ssh_config.tmpl b/data/templates/system/ssh_config.j2
index 1449f95b1..1449f95b1 100644
--- a/data/templates/system/ssh_config.tmpl
+++ b/data/templates/system/ssh_config.j2
diff --git a/data/templates/system/sysctl.conf.tmpl b/data/templates/system/sysctl.conf.j2
index 3aa857647..59a19e157 100644
--- a/data/templates/system/sysctl.conf.tmpl
+++ b/data/templates/system/sysctl.conf.j2
@@ -1,7 +1,7 @@
# autogenerated by system_sysctl.py
{% if parameter is vyos_defined %}
-{% for k, v in parameter.items() %}
+{% for k, v in parameter.items() %}
{{ k }} = {{ v.value }}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/tftp-server/default.tmpl b/data/templates/tftp-server/default.j2
index 56784d467..b2676e0aa 100644
--- a/data/templates/tftp-server/default.tmpl
+++ b/data/templates/tftp-server/default.j2
@@ -1,3 +1,4 @@
+{# j2lint: disable=jinja-variable-format #}
### Autogenerated by tftp_server.py ###
DAEMON_ARGS="--listen --user tftp --address {{ listen_address }} {{ "--create --umask 000" if allow_upload is vyos_defined }} --secure {{ directory }}"
{% if vrf is vyos_defined %}
diff --git a/data/templates/vrf/vrf.conf.tmpl b/data/templates/vrf/vrf.conf.j2
index a51e11ddf..d31d23574 100644
--- a/data/templates/vrf/vrf.conf.tmpl
+++ b/data/templates/vrf/vrf.conf.j2
@@ -3,7 +3,7 @@
# Routing table ID to name mapping reference
# id vrf name comment
{% if name is vyos_defined %}
-{% for vrf, vrf_config in name.items() %}
+{% for vrf, vrf_config in name.items() %}
{{ "%-10s" | format(vrf_config.table) }} {{ "%-16s" | format(vrf) }} {{ '# ' ~ vrf_config.description if vrf_config.description is vyos_defined }}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/zone_policy/nftables.tmpl b/data/templates/zone_policy/nftables.j2
index 9e532b79e..e4c4dd7da 100644
--- a/data/templates/zone_policy/nftables.tmpl
+++ b/data/templates/zone_policy/nftables.j2
@@ -1,113 +1,113 @@
#!/usr/sbin/nft -f
{% if cleanup_commands is vyos_defined %}
-{% for command in cleanup_commands %}
+{% for command in cleanup_commands %}
{{ command }}
-{% endfor %}
+{% endfor %}
{% endif %}
{% if zone is vyos_defined %}
table ip filter {
-{% for zone_name, zone_conf in zone.items() if zone_conf.ipv4 %}
-{% if zone_conf.local_zone is vyos_defined %}
+{% for zone_name, zone_conf in zone.items() if zone_conf.ipv4 %}
+{% if zone_conf.local_zone is vyos_defined %}
chain VZONE_{{ zone_name }}_IN {
iifname lo counter return
-{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %}
+{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %}
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
-{% endfor %}
+{% endfor %}
counter {{ zone_conf.default_action }}
}
chain VZONE_{{ zone_name }}_OUT {
oifname lo counter return
-{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.name is vyos_defined %}
+{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.name is vyos_defined %}
oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
-{% endfor %}
+{% endfor %}
counter {{ zone_conf.default_action }}
}
-{% else %}
+{% else %}
chain VZONE_{{ zone_name }} {
iifname { {{ zone_conf.interface | join(",") }} } counter {{ zone_conf | nft_intra_zone_action(ipv6=False) }}
-{% if zone_conf.intra_zone_filtering is vyos_defined %}
+{% if zone_conf.intra_zone_filtering is vyos_defined %}
iifname { {{ zone_conf.interface | join(",") }} } counter return
-{% endif %}
-{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %}
-{% if zone[from_zone].local_zone is not defined %}
+{% endif %}
+{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %}
+{% if zone[from_zone].local_zone is not defined %}
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
counter {{ zone_conf.default_action }}
}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
}
table ip6 filter {
-{% for zone_name, zone_conf in zone.items() if zone_conf.ipv6 %}
-{% if zone_conf.local_zone is vyos_defined %}
+{% for zone_name, zone_conf in zone.items() if zone_conf.ipv6 %}
+{% if zone_conf.local_zone is vyos_defined %}
chain VZONE6_{{ zone_name }}_IN {
iifname lo counter return
-{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %}
+{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %}
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
-{% endfor %}
+{% endfor %}
counter {{ zone_conf.default_action }}
}
chain VZONE6_{{ zone_name }}_OUT {
oifname lo counter return
-{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.ipv6_name is vyos_defined %}
+{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.ipv6_name is vyos_defined %}
oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
-{% endfor %}
+{% endfor %}
counter {{ zone_conf.default_action }}
}
-{% else %}
+{% else %}
chain VZONE6_{{ zone_name }} {
iifname { {{ zone_conf.interface | join(",") }} } counter {{ zone_conf | nft_intra_zone_action(ipv6=True) }}
-{% if zone_conf.intra_zone_filtering is vyos_defined %}
+{% if zone_conf.intra_zone_filtering is vyos_defined %}
iifname { {{ zone_conf.interface | join(",") }} } counter return
-{% endif %}
-{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %}
-{% if zone[from_zone].local_zone is not defined %}
+{% endif %}
+{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %}
+{% if zone[from_zone].local_zone is not defined %}
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
counter {{ zone_conf.default_action }}
}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
}
-{% for zone_name, zone_conf in zone.items() %}
-{% if zone_conf.ipv4 %}
-{% if 'local_zone' in zone_conf %}
+{% for zone_name, zone_conf in zone.items() %}
+{% if zone_conf.ipv4 %}
+{% if 'local_zone' in zone_conf %}
insert rule ip filter VYOS_FW_LOCAL counter jump VZONE_{{ zone_name }}_IN
insert rule ip filter VYOS_FW_OUTPUT counter jump VZONE_{{ zone_name }}_OUT
-{% else %}
+{% else %}
insert rule ip filter VYOS_FW_FORWARD oifname { {{ zone_conf.interface | join(',') }} } counter jump VZONE_{{ zone_name }}
-{% endif %}
-{% endif %}
-{% if zone_conf.ipv6 %}
-{% if 'local_zone' in zone_conf %}
+{% endif %}
+{% endif %}
+{% if zone_conf.ipv6 %}
+{% if 'local_zone' in zone_conf %}
insert rule ip6 filter VYOS_FW6_LOCAL counter jump VZONE6_{{ zone_name }}_IN
insert rule ip6 filter VYOS_FW6_OUTPUT counter jump VZONE6_{{ zone_name }}_OUT
-{% else %}
+{% else %}
insert rule ip6 filter VYOS_FW6_FORWARD oifname { {{ zone_conf.interface | join(',') }} } counter jump VZONE6_{{ zone_name }}
-{% endif %}
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
{# Ensure that state-policy rule is first in the chain #}
-{% if firewall.state_policy is vyos_defined %}
-{% for chain in ['VYOS_FW_FORWARD', 'VYOS_FW_OUTPUT', 'VYOS_FW_LOCAL'] %}
+{% if firewall.state_policy is vyos_defined %}
+{% for chain in ['VYOS_FW_FORWARD', 'VYOS_FW_OUTPUT', 'VYOS_FW_LOCAL'] %}
insert rule ip filter {{ chain }} jump VYOS_STATE_POLICY
-{% endfor %}
-{% for chain in ['VYOS_FW6_FORWARD', 'VYOS_FW6_OUTPUT', 'VYOS_FW6_LOCAL'] %}
+{% endfor %}
+{% for chain in ['VYOS_FW6_FORWARD', 'VYOS_FW6_OUTPUT', 'VYOS_FW6_LOCAL'] %}
insert rule ip6 filter {{ chain }} jump VYOS_STATE_POLICY6
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
{% endif %}
diff --git a/debian/control b/debian/control
index c53e4d3b8..bcd5acfdd 100644
--- a/debian/control
+++ b/debian/control
@@ -147,6 +147,7 @@ Depends:
squid,
squidclient,
squidguard,
+ sshguard,
ssl-cert,
strongswan (>= 5.9),
strongswan-swanctl (>= 5.9),
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/container.xml.in
index 9cd2b0902..51171d881 100644
--- a/interface-definitions/containers.xml.in
+++ b/interface-definitions/container.xml.in
@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<interfaceDefinition>
- <node name="container" owner="${vyos_conf_scripts_dir}/containers.py">
+ <node name="container" owner="${vyos_conf_scripts_dir}/container.py">
<properties>
<help>Container applications</help>
<priority>1280</priority>
@@ -10,7 +10,7 @@
<properties>
<help>Container name</help>
<constraint>
- <regex>^[-a-zA-Z0-9]+$</regex>
+ <regex>[-a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Container name must be alphanumeric and can contain hyphens</constraintErrorMessage>
</properties>
@@ -52,7 +52,7 @@
<description>Permission to set system clock</description>
</valueHelp>
<constraint>
- <regex>^(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-time)$</regex>
+ <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-time)</regex>
</constraint>
<multi/>
</properties>
@@ -88,7 +88,7 @@
<properties>
<help>Add custom environment variables</help>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Environment variable name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
</properties>
@@ -194,7 +194,7 @@
<list>tcp udp</list>
</completionHelp>
<constraint>
- <regex>^(tcp|udp)$</regex>
+ <regex>(tcp|udp)</regex>
</constraint>
</properties>
</leafNode>
@@ -219,7 +219,7 @@
<description>Restart containers when they exit, regardless of status, retrying indefinitely</description>
</valueHelp>
<constraint>
- <regex>^(no|on-failure|always)$</regex>
+ <regex>(no|on-failure|always)</regex>
</constraint>
</properties>
<defaultValue>on-failure</defaultValue>
@@ -283,10 +283,10 @@
</tagNode>
<leafNode name="registry">
<properties>
- <help>Add registry</help>
+ <help>Registry Name</help>
<multi/>
</properties>
- <defaultValue>docker.io</defaultValue>
+ <defaultValue>docker.io quay.io</defaultValue>
</leafNode>
</children>
</node>
diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in
index 339941e65..27d0a3e6c 100644
--- a/interface-definitions/dhcp-relay.xml.in
+++ b/interface-definitions/dhcp-relay.xml.in
@@ -66,7 +66,7 @@
<description>discard packet (default action if giaddr not set in packet)</description>
</valueHelp>
<constraint>
- <regex>^(append|replace|forward|discard)$</regex>
+ <regex>(append|replace|forward|discard)</regex>
</constraint>
</properties>
<defaultValue>forward</defaultValue>
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 4ea2d471d..60e738e01 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -58,7 +58,7 @@
<description>Configure this server to be the secondary node</description>
</valueHelp>
<constraint>
- <regex>^(primary|secondary)$</regex>
+ <regex>(primary|secondary)</regex>
</constraint>
<constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage>
</properties>
@@ -259,7 +259,7 @@
<properties>
<help>DHCP lease range</help>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage>
</properties>
@@ -294,7 +294,7 @@
<properties>
<help>Name of static mapping</help>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Invalid static mapping name, may only be alphanumeric, dot and hyphen</constraintErrorMessage>
</properties>
@@ -374,6 +374,18 @@
<leafNode name="tftp-server-name">
<properties>
<help>TFTP server name</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>TFTP server IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>TFTP server FQDN</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="fqdn"/>
+ </constraint>
</properties>
</leafNode>
<leafNode name="time-offset">
@@ -402,6 +414,32 @@
<multi/>
</properties>
</leafNode>
+ <node name="vendor-option">
+ <properties>
+ <help>Vendor Specific Options</help>
+ </properties>
+ <children>
+ <node name="ubiquiti">
+ <properties>
+ <help>Ubiquiti specific parameters</help>
+ </properties>
+ <children>
+ <leafNode name="unifi-controller">
+ <properties>
+ <help>Address of UniFi controller</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IP address of UniFi controller</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
<leafNode name="wins-server">
<properties>
<help>IP address for Windows Internet Name Service (WINS) server</help>
diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in
index fb96571f5..10335b07e 100644
--- a/interface-definitions/dhcpv6-server.xml.in
+++ b/interface-definitions/dhcpv6-server.xml.in
@@ -338,6 +338,33 @@
</leafNode>
</children>
</tagNode>
+ <node name="vendor-option">
+ <properties>
+ <help>Vendor Specific Options</help>
+ </properties>
+ <children>
+ <node name="cisco">
+ <properties>
+ <help>Cisco specific parameters</help>
+ </properties>
+ <children>
+ <leafNode name="tftp-server">
+ <properties>
+ <help>TFTP server name</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>TFTP server IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in
index 7ae537d00..0d6418272 100644
--- a/interface-definitions/dns-domain-name.xml.in
+++ b/interface-definitions/dns-domain-name.xml.in
@@ -56,7 +56,7 @@
<properties>
<help>DNS domain completion order</help>
<constraint>
- <regex>[-a-zA-Z0-9.]+$</regex>
+ <regex>[-a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Invalid domain name</constraintErrorMessage>
<multi/>
@@ -74,7 +74,7 @@
<properties>
<help>Host name for static address mapping</help>
<constraint>
- <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]$</regex>
+ <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex>
</constraint>
<constraintErrorMessage>invalid hostname</constraintErrorMessage>
</properties>
@@ -83,7 +83,7 @@
<properties>
<help>Alias for this address</help>
<constraint>
- <regex>.{1,63}$</regex>
+ <regex>.{1,63}</regex>
</constraint>
<constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage>
<multi />
diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in
index 64826516e..6bc467b76 100644
--- a/interface-definitions/dns-dynamic.xml.in
+++ b/interface-definitions/dns-dynamic.xml.in
@@ -120,7 +120,7 @@
<description>zoneedit.com Services</description>
</valueHelp>
<constraint>
- <regex>^(custom|afraid|changeip|cloudflare|dnspark|dslreports|dyndns|easydns|namecheap|noip|sitelutions|zoneedit|\w+)$</regex>
+ <regex>(custom|afraid|changeip|cloudflare|dnspark|dslreports|dyndns|easydns|namecheap|noip|sitelutions|zoneedit|\w+)</regex>
</constraint>
<constraintErrorMessage>You can use only predefined list of services or word characters (_, a-z, A-Z, 0-9) as service name</constraintErrorMessage>
</properties>
@@ -232,7 +232,7 @@
<description>Zoneedit protocol</description>
</valueHelp>
<constraint>
- <regex>^(changeip|cloudflare|dnsmadeeasy|dnspark|dondominio|dslreports1|dtdns|duckdns|dyndns2|easydns|freedns|freemyip|googledomains|hammernode1|namecheap|nfsn|noip|sitelutions|woima|yandex|zoneedit1)$</regex>
+ <regex>(changeip|cloudflare|dnsmadeeasy|dnspark|dondominio|dslreports1|dtdns|duckdns|dyndns2|easydns|freedns|freemyip|googledomains|hammernode1|namecheap|nfsn|noip|sitelutions|woima|yandex|zoneedit1)</regex>
</constraint>
<constraintErrorMessage>Please choose from the list of allowed protocols</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
index 08501a4b5..6ead3e199 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -63,7 +63,7 @@
<description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description>
</valueHelp>
<constraint>
- <regex>^(off|process-no-validate|process|log-fail|validate)$</regex>
+ <regex>(off|process-no-validate|process|log-fail|validate)</regex>
</constraint>
</properties>
<defaultValue>process-no-validate</defaultValue>
@@ -113,7 +113,7 @@
<description>An absolute DNS name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]{1,63}$</regex>
+ <regex>[-_a-zA-Z0-9.]{1,63}</regex>
</constraint>
</properties>
<children>
@@ -134,7 +134,7 @@
<description>Root record</description>
</valueHelp>
<constraint>
- <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)$</regex>
+ <regex>([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -167,7 +167,7 @@
<description>Root record</description>
</valueHelp>
<constraint>
- <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)$</regex>
+ <regex>([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -200,7 +200,7 @@
<description>Root record</description>
</valueHelp>
<constraint>
- <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)$</regex>
+ <regex>([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -212,7 +212,7 @@
<description>An absolute DNS name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)$</regex>
+ <regex>[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)</regex>
</constraint>
</properties>
</leafNode>
@@ -232,7 +232,7 @@
<description>Root record</description>
</valueHelp>
<constraint>
- <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)$</regex>
+ <regex>([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -244,7 +244,7 @@
<description>An absolute DNS name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)$</regex>
+ <regex>[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -279,7 +279,7 @@
<description>Root record</description>
</valueHelp>
<constraint>
- <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)$</regex>
+ <regex>([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -291,7 +291,7 @@
<description>An absolute DNS name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)$</regex>
+ <regex>[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)</regex>
</constraint>
</properties>
</leafNode>
@@ -311,7 +311,7 @@
<description>Root record</description>
</valueHelp>
<constraint>
- <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)$</regex>
+ <regex>([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -341,7 +341,7 @@
<description>Root record</description>
</valueHelp>
<constraint>
- <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)$</regex>
+ <regex>([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -370,7 +370,7 @@
<description>Root record</description>
</valueHelp>
<constraint>
- <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)$</regex>
+ <regex>([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -394,7 +394,7 @@
<description>An absolute DNS name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)$</regex>
+ <regex>[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)</regex>
</constraint>
</properties>
</leafNode>
@@ -454,7 +454,7 @@
<description>Root record</description>
</valueHelp>
<constraint>
- <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)$</regex>
+ <regex>([-_a-zA-Z0-9.]{1,63}|@)(?&lt;!\.)</regex>
</constraint>
</properties>
<children>
@@ -523,7 +523,7 @@
<properties>
<help>Service type</help>
<constraint>
- <regex>^[a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})?$</regex>
+ <regex>[a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})?</regex>
</constraint>
</properties>
</leafNode>
@@ -540,7 +540,7 @@
<description>An absolute DNS name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)$</regex>
+ <regex>[-_a-zA-Z0-9.]{1,63}(?&lt;!\.)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index f2aca4b3a..ff8d92a24 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -21,7 +21,7 @@
<description>Disable processing of all IPv4 ICMP echo requests</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>enable</defaultValue>
@@ -41,7 +41,7 @@
<description>Disable processing of broadcast IPv4 ICMP echo/timestamp requests</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>disable</defaultValue>
@@ -61,7 +61,7 @@
<description>Disable sending SNMP trap on firewall configuration change</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>disable</defaultValue>
@@ -75,7 +75,7 @@
<properties>
<help>Firewall address-group</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
</properties>
<children>
@@ -104,7 +104,7 @@
<properties>
<help>Firewall ipv6-address-group</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
</properties>
<children>
@@ -133,7 +133,7 @@
<properties>
<help>Firewall ipv6-network-group</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
</properties>
<children>
@@ -157,7 +157,7 @@
<properties>
<help>Firewall mac-group</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
</properties>
<children>
@@ -181,7 +181,7 @@
<properties>
<help>Firewall network-group</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
</properties>
<children>
@@ -205,7 +205,7 @@
<properties>
<help>Firewall port-group</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
</properties>
<children>
@@ -250,7 +250,7 @@
<description>Disable processing of IPv4 packets with source route option</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>disable</defaultValue>
@@ -259,7 +259,7 @@
<properties>
<help>IPv6 firewall rule-set name</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
</properties>
<children>
@@ -396,7 +396,7 @@
<description>Disable processing of received ICMPv6 redirect messages</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>disable</defaultValue>
@@ -416,7 +416,7 @@
<description>Disable processing of IPv6 packets with routing header</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>disable</defaultValue>
@@ -436,7 +436,7 @@
<description>Disable logging of Ipv4 packets with invalid addresses</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>enable</defaultValue>
@@ -445,7 +445,7 @@
<properties>
<help>IPv4 firewall rule-set name</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
</properties>
<children>
@@ -539,7 +539,7 @@
<description>Disable processing of received IPv4 ICMP redirect messages</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>disable</defaultValue>
@@ -559,7 +559,7 @@
<description>Disable sending IPv4 ICMP redirect messages</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>enable</defaultValue>
@@ -583,7 +583,7 @@
<description>No source validation</description>
</valueHelp>
<constraint>
- <regex>^(strict|loose|disable)$</regex>
+ <regex>(strict|loose|disable)</regex>
</constraint>
</properties>
<defaultValue>disable</defaultValue>
@@ -637,7 +637,7 @@
<description>Disable use of TCP SYN cookies with IPv4</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>enable</defaultValue>
@@ -657,7 +657,7 @@
<description>Disable RFC1337 TIME-WAIT hazards protection</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>disable</defaultValue>
diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in
index 133e45c72..fc59f8ab3 100644
--- a/interface-definitions/flow-accounting-conf.xml.in
+++ b/interface-definitions/flow-accounting-conf.xml.in
@@ -146,7 +146,7 @@
<description>Authentication and authorization</description>
</valueHelp>
<constraint>
- <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex>
+ <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex>
</constraint>
</properties>
</leafNode>
@@ -168,7 +168,7 @@
<description>NetFlow engine-id for v9 / IPFIX</description>
</valueHelp>
<constraint>
- <regex>(\d|[1-9]\d{1,8}|[1-3]\d{9}|4[01]\d{8}|42[0-8]\d{7}|429[0-3]\d{6}|4294[0-8]\d{5}|42949[0-5]\d{4}|429496[0-6]\d{3}|4294967[01]\d{2}|42949672[0-8]\d|429496729[0-5])$|^(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]):(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5])$</regex>
+ <regex>(\d|[1-9]\d{1,8}|[1-3]\d{9}|4[01]\d{8}|42[0-8]\d{7}|429[0-3]\d{6}|4294[0-8]\d{5}|42949[0-5]\d{4}|429496[0-6]\d{3}|4294967[01]\d{2}|42949672[0-8]\d|429496729[0-5])$|^(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]):(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5])</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in
index 662052e12..0631acdda 100644
--- a/interface-definitions/high-availability.xml.in
+++ b/interface-definitions/high-availability.xml.in
@@ -63,7 +63,7 @@
<description>AH - IPSEC (not recommended)</description>
</valueHelp>
<constraint>
- <regex>^(plaintext-password|ah)$</regex>
+ <regex>(plaintext-password|ah)</regex>
</constraint>
<constraintErrorMessage>Authentication type must be plaintext-password or ah</constraintErrorMessage>
</properties>
@@ -323,7 +323,7 @@
<description>Locality-Based least connection</description>
</valueHelp>
<constraint>
- <regex>^(round-robin|weighted-round-robin|least-connection|weighted-least-connection|source-hashing|destination-hashing|locality-based-least-connection)$</regex>
+ <regex>(round-robin|weighted-round-robin|least-connection|weighted-least-connection|source-hashing|destination-hashing|locality-based-least-connection)</regex>
</constraint>
</properties>
<defaultValue>least-connection</defaultValue>
@@ -360,7 +360,7 @@
<description>Tunneling</description>
</valueHelp>
<constraint>
- <regex>^(direct|nat|tunnel)$</regex>
+ <regex>(direct|nat|tunnel)</regex>
</constraint>
</properties>
<defaultValue>nat</defaultValue>
@@ -394,7 +394,7 @@
<description>UDP</description>
</valueHelp>
<constraint>
- <regex>^(tcp|udp)$</regex>
+ <regex>(tcp|udp)</regex>
</constraint>
</properties>
<defaultValue>tcp</defaultValue>
diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in
index 6fea2f1f6..d2c393036 100644
--- a/interface-definitions/https.xml.in
+++ b/interface-definitions/https.xml.in
@@ -38,7 +38,7 @@
<constraint>
<validator name="ipv4-address"/>
<validator name="ipv6-address"/>
- <regex>\*$</regex>
+ <regex>\*</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in
index c7ab60929..8e738fa7f 100644
--- a/interface-definitions/igmp-proxy.xml.in
+++ b/interface-definitions/igmp-proxy.xml.in
@@ -56,7 +56,7 @@
<description>Disabled interface</description>
</valueHelp>
<constraint>
- <regex>^(upstream|downstream|disabled)$</regex>
+ <regex>(upstream|downstream|disabled)</regex>
</constraint>
</properties>
<defaultValue>downstream</defaultValue>
diff --git a/interface-definitions/include/accel-ppp/auth-mode.xml.i b/interface-definitions/include/accel-ppp/auth-mode.xml.i
index a7711b675..c1a87cfe3 100644
--- a/interface-definitions/include/accel-ppp/auth-mode.xml.i
+++ b/interface-definitions/include/accel-ppp/auth-mode.xml.i
@@ -11,7 +11,7 @@
<description>Use RADIUS server for user autentication</description>
</valueHelp>
<constraint>
- <regex>^(local|radius)$</regex>
+ <regex>(local|radius)</regex>
</constraint>
<completionHelp>
<list>local radius</list>
diff --git a/interface-definitions/include/accel-ppp/auth-protocols.xml.i b/interface-definitions/include/accel-ppp/auth-protocols.xml.i
index 480747f53..d43266152 100644
--- a/interface-definitions/include/accel-ppp/auth-protocols.xml.i
+++ b/interface-definitions/include/accel-ppp/auth-protocols.xml.i
@@ -22,7 +22,7 @@
<description>Authentication via MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2)</description>
</valueHelp>
<constraint>
- <regex>^(pap|chap|mschap|mschap-v2)$</regex>
+ <regex>(pap|chap|mschap|mschap-v2)</regex>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/include/accel-ppp/ppp-mppe.xml.i b/interface-definitions/include/accel-ppp/ppp-mppe.xml.i
index e8370180b..4c2e84c25 100644
--- a/interface-definitions/include/accel-ppp/ppp-mppe.xml.i
+++ b/interface-definitions/include/accel-ppp/ppp-mppe.xml.i
@@ -18,7 +18,7 @@
<description>drop all mppe</description>
</valueHelp>
<constraint>
- <regex>^(require|prefer|deny)$</regex>
+ <regex>(require|prefer|deny)</regex>
</constraint>
</properties>
<defaultValue>prefer</defaultValue>
diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i
index 3e065329d..a45390f43 100644
--- a/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i
+++ b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i
@@ -3,7 +3,7 @@
<properties>
<help>IPv4 negotiation algorithm</help>
<constraint>
- <regex>^(deny|allow)$</regex>
+ <regex>(deny|allow)</regex>
</constraint>
<constraintErrorMessage>invalid value</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i
index b9fbac5c6..98abc1111 100644
--- a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i
+++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i
@@ -3,7 +3,7 @@
<properties>
<help>IPv6 (IPCP6) negotiation algorithm</help>
<constraint>
- <regex>^(deny|allow|prefer|require)$</regex>
+ <regex>(deny|allow|prefer|require)</regex>
</constraint>
<constraintErrorMessage>invalid value</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/include/auth-local-users.xml.i b/interface-definitions/include/auth-local-users.xml.i
index cb456eecf..9fb507474 100644
--- a/interface-definitions/include/auth-local-users.xml.i
+++ b/interface-definitions/include/auth-local-users.xml.i
@@ -19,74 +19,6 @@
<help>Password used for authentication</help>
</properties>
</leafNode>
- <node name="otp">
- <properties>
- <help>2FA OTP authentication parameters</help>
- </properties>
- <children>
- <leafNode name="key">
- <properties>
- <help>Token Key Secret key for the token algorithm (see RFC 4226)</help>
- <valueHelp>
- <format>txt</format>
- <description>OTP key in hex-encoded format</description>
- </valueHelp>
- <constraint>
- <regex>[a-fA-F0-9]{20,10000}</regex>
- </constraint>
- <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="otp-length">
- <properties>
- <help>Number of digits in OTP code</help>
- <valueHelp>
- <format>u32:6-8</format>
- <description>Number of digits in OTP code</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 6-8"/>
- </constraint>
- <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage>
- </properties>
- <defaultValue>6</defaultValue>
- </leafNode>
- <leafNode name="interval">
- <properties>
- <help>Time tokens interval in seconds</help>
- <valueHelp>
- <format>u32:5-86400</format>
- <description>Time tokens interval in seconds.</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 5-86400"/>
- </constraint>
- <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage>
- </properties>
- <defaultValue>30</defaultValue>
- </leafNode>
- <leafNode name="token-type">
- <properties>
- <help>Token type</help>
- <valueHelp>
- <format>hotp-time</format>
- <description>Time-based OTP algorithm</description>
- </valueHelp>
- <valueHelp>
- <format>hotp-event</format>
- <description>Event-based OTP algorithm</description>
- </valueHelp>
- <constraint>
- <regex>(hotp-time|hotp-event)</regex>
- </constraint>
- <completionHelp>
- <list>hotp-time hotp-event</list>
- </completionHelp>
- </properties>
- <defaultValue>hotp-time</defaultValue>
- </leafNode>
- </children>
- </node>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i
index de42eeac9..34b5ec7d7 100644
--- a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i
+++ b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i
@@ -15,7 +15,7 @@
<description>Name of IPv4 prefix-list</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
@@ -31,7 +31,7 @@
<description>Name of IPv4 prefix-list</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i
index 2bf4753be..06c661a90 100644
--- a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i
+++ b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i
@@ -15,7 +15,7 @@
<description>Name of IPv6 prefix-list</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
@@ -31,7 +31,7 @@
<description>Name of IPv6 prefix-list</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/bgp/afi-label.xml.i b/interface-definitions/include/bgp/afi-label.xml.i
index f7a1f609f..9535d19e8 100644
--- a/interface-definitions/include/bgp/afi-label.xml.i
+++ b/interface-definitions/include/bgp/afi-label.xml.i
@@ -25,7 +25,7 @@
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-1048575"/>
- <regex>^(auto)$</regex>
+ <regex>(auto)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/bgp/afi-rd.xml.i b/interface-definitions/include/bgp/afi-rd.xml.i
index c4d29268c..767502094 100644
--- a/interface-definitions/include/bgp/afi-rd.xml.i
+++ b/interface-definitions/include/bgp/afi-rd.xml.i
@@ -17,7 +17,7 @@
<description>Route Distinguisher, (x.x.x.x:yyy|xxxx:yyyy)</description>
</valueHelp>
<constraint>
- <regex>^((25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)(\.(25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)){3}|[0-9]{1,10}):[0-9]{1,5}$</regex>
+ <regex>((25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)(\.(25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)){3}|[0-9]{1,10}):[0-9]{1,5}</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i
index eae10d312..c218937c8 100644
--- a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i
+++ b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i
@@ -10,7 +10,7 @@
<description>Route map name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
@@ -26,7 +26,7 @@
<description>Route map name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i
index a56745380..75221a348 100644
--- a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i
+++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i
@@ -27,7 +27,7 @@
<description>Route map name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
@@ -43,7 +43,7 @@
<description>Route map name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
@@ -59,7 +59,7 @@
<description>Route map name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
@@ -177,7 +177,7 @@
<description>Route map name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i b/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i
index 25558cd5c..4399d7988 100644
--- a/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i
+++ b/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i
@@ -18,7 +18,7 @@
<description>Enable BGP graceful restart helper only functionality</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable|restart-helper)$</regex>
+ <regex>(enable|disable|restart-helper)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index b59ff0287..abaff5232 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -1106,7 +1106,7 @@
<description>Ignore paths without link bandwidth for ECMP (if other paths have it)</description>
</valueHelp>
<constraint>
- <regex>^(default-weight-for-missing|ignore|skip-missing)$</regex>
+ <regex>(default-weight-for-missing|ignore|skip-missing)</regex>
</constraint>
</properties>
</leafNode>
@@ -1461,7 +1461,7 @@
<properties>
<help>Name of peer-group</help>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/include/bgp/remote-as.xml.i b/interface-definitions/include/bgp/remote-as.xml.i
index 11eb7c256..58595b3b9 100644
--- a/interface-definitions/include/bgp/remote-as.xml.i
+++ b/interface-definitions/include/bgp/remote-as.xml.i
@@ -19,7 +19,7 @@
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-4294967294"/>
- <regex>^(external|internal)$</regex>
+ <regex>(external|internal)</regex>
</constraint>
<constraintErrorMessage>Invalid AS number</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/firewall/action-accept-drop-reject.xml.i b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i
index 9f8baa884..7fd52319a 100644
--- a/interface-definitions/include/firewall/action-accept-drop-reject.xml.i
+++ b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i
@@ -18,7 +18,7 @@
<description>Action to reject</description>
</valueHelp>
<constraint>
- <regex>^(accept|drop|reject)$</regex>
+ <regex>(accept|drop|reject)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i
index 4ba93e3aa..0f60e3c38 100644
--- a/interface-definitions/include/firewall/action.xml.i
+++ b/interface-definitions/include/firewall/action.xml.i
@@ -18,7 +18,7 @@
<description>Drop matching entries</description>
</valueHelp>
<constraint>
- <regex>^(accept|reject|drop)$</regex>
+ <regex>(accept|reject|drop)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index cd80b7e28..2a5137dbf 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -70,7 +70,7 @@
<description>integer/unit (Example: 5/minute)</description>
</valueHelp>
<constraint>
- <regex>^\d+/(second|minute|hour|day)$</regex>
+ <regex>\d+/(second|minute|hour|day)</regex>
</constraint>
</properties>
</leafNode>
@@ -91,10 +91,36 @@
<description>Disable log</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
+<node name="connection-status">
+ <properties>
+ <help>Connection status</help>
+ </properties>
+ <children>
+ <leafNode name="nat">
+ <properties>
+ <help>NAT connection status</help>
+ <completionHelp>
+ <list>destination source</list>
+ </completionHelp>
+ <valueHelp>
+ <format>destination</format>
+ <description>Match connections that are subject to destination NAT</description>
+ </valueHelp>
+ <valueHelp>
+ <format>source</format>
+ <description>Match connections that are subject to source NAT</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(destination|source)$</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</node>
<leafNode name="protocol">
<properties>
<help>Protocol to match (protocol name, number, or "all")</help>
@@ -163,7 +189,7 @@
<description>Source addresses seen COUNT times in the last hour</description>
</valueHelp>
<constraint>
- <regex>^(second|minute|hour)$</regex>
+ <regex>(second|minute|hour)</regex>
</constraint>
</properties>
</leafNode>
@@ -215,7 +241,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -234,7 +260,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -253,7 +279,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -272,7 +298,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -292,7 +318,7 @@
<description>Enter date using following notation - YYYY-MM-DD</description>
</valueHelp>
<constraint>
- <regex>^(\d{4}\-\d{2}\-\d{2})$</regex>
+ <regex>(\d{4}\-\d{2}\-\d{2})</regex>
</constraint>
</properties>
</leafNode>
@@ -304,7 +330,7 @@
<description>Enter time using using 24 hour notation - hh:mm:ss</description>
</valueHelp>
<constraint>
- <regex>^([0-2][0-9](\:[0-5][0-9]){1,2})$</regex>
+ <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex>
</constraint>
</properties>
</leafNode>
@@ -316,7 +342,7 @@
<description>Enter date using following notation - YYYY-MM-DD</description>
</valueHelp>
<constraint>
- <regex>^(\d{4}\-\d{2}\-\d{2})$</regex>
+ <regex>(\d{4}\-\d{2}\-\d{2})</regex>
</constraint>
</properties>
</leafNode>
@@ -328,7 +354,7 @@
<description>Enter time using using 24 hour notation - hh:mm:ss</description>
</valueHelp>
<constraint>
- <regex>^([0-2][0-9](\:[0-5][0-9]){1,2})$</regex>
+ <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/icmp-type-name.xml.i b/interface-definitions/include/firewall/icmp-type-name.xml.i
index f57def3e1..d4197cf82 100644
--- a/interface-definitions/include/firewall/icmp-type-name.xml.i
+++ b/interface-definitions/include/firewall/icmp-type-name.xml.i
@@ -66,7 +66,7 @@
<description>ICMP type 18: address-mask-reply</description>
</valueHelp>
<constraint>
- <regex>^(echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply)$</regex>
+ <regex>(echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/icmpv6-type-name.xml.i b/interface-definitions/include/firewall/icmpv6-type-name.xml.i
index b13cf02c4..a2e68abfb 100644
--- a/interface-definitions/include/firewall/icmpv6-type-name.xml.i
+++ b/interface-definitions/include/firewall/icmpv6-type-name.xml.i
@@ -66,7 +66,7 @@
<description>ICMPv6 type 138: router-renumbering</description>
</valueHelp>
<constraint>
- <regex>^(destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering)$</regex>
+ <regex>(destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/name-default-action.xml.i b/interface-definitions/include/firewall/name-default-action.xml.i
index 8470a29a9..512b0296f 100644
--- a/interface-definitions/include/firewall/name-default-action.xml.i
+++ b/interface-definitions/include/firewall/name-default-action.xml.i
@@ -18,7 +18,7 @@
<description>Accept if no prior rules are hit</description>
</valueHelp>
<constraint>
- <regex>^(drop|reject|accept)$</regex>
+ <regex>(drop|reject|accept)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i b/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i
index 123590c08..b9dd59bea 100644
--- a/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i
+++ b/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i
@@ -23,7 +23,7 @@
</valueHelp>
<constraint>
<validator name="ip-host"/>
- <regex>^(dhcp|dhcpv6)$</regex>
+ <regex>(dhcp|dhcpv6)</regex>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/include/interface/adjust-mss.xml.i b/interface-definitions/include/interface/adjust-mss.xml.i
index 57019f02c..41140ffe1 100644
--- a/interface-definitions/include/interface/adjust-mss.xml.i
+++ b/interface-definitions/include/interface/adjust-mss.xml.i
@@ -16,7 +16,7 @@
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 500-65535"/>
- <regex>^(clamp-mss-to-pmtu)$</regex>
+ <regex>(clamp-mss-to-pmtu)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/interface/default-route-distance.xml.i b/interface-definitions/include/interface/default-route-distance.xml.i
new file mode 100644
index 000000000..6eda52c91
--- /dev/null
+++ b/interface-definitions/include/interface/default-route-distance.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from interface/default-route-distance.xml.i -->
+<leafNode name="default-route-distance">
+ <properties>
+ <help>Distance for installed default route</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Distance for the default route from DHCP server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ <defaultValue>210</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/interface/description.xml.i b/interface-definitions/include/interface/description.xml.i
index 8579cf7d1..de01d22ca 100644
--- a/interface-definitions/include/interface/description.xml.i
+++ b/interface-definitions/include/interface/description.xml.i
@@ -3,7 +3,7 @@
<properties>
<help>Interface specific description</help>
<constraint>
- <regex>.{1,256}$</regex>
+ <regex>.{1,256}</regex>
</constraint>
<constraintErrorMessage>Description too long (limit 256 characters)</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i
index 098d02919..914b60503 100644
--- a/interface-definitions/include/interface/dhcp-options.xml.i
+++ b/interface-definitions/include/interface/dhcp-options.xml.i
@@ -19,25 +19,8 @@
<help>Identify the vendor client type to the DHCP server</help>
</properties>
</leafNode>
- <leafNode name="no-default-route">
- <properties>
- <help>Do not request routers from DHCP server</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="default-route-distance">
- <properties>
- <help>Distance for the default route from DHCP server</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Distance for the default route from DHCP server</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
- <defaultValue>210</defaultValue>
- </leafNode>
+ #include <include/interface/no-default-route.xml.i>
+ #include <include/interface/default-route-distance.xml.i>
<leafNode name="reject">
<properties>
<help>IP addresses or subnets from which to reject DHCP leases</help>
diff --git a/interface-definitions/include/interface/no-default-route.xml.i b/interface-definitions/include/interface/no-default-route.xml.i
new file mode 100644
index 000000000..307fcff1e
--- /dev/null
+++ b/interface-definitions/include/interface/no-default-route.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from interface/dhcp-options.xml.i -->
+<leafNode name="no-default-route">
+ <properties>
+ <help>Do not install default route to system</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/interface/parameters-flowlabel.xml.i b/interface-definitions/include/interface/parameters-flowlabel.xml.i
index bd0d1e070..b2e88215b 100644
--- a/interface-definitions/include/interface/parameters-flowlabel.xml.i
+++ b/interface-definitions/include/interface/parameters-flowlabel.xml.i
@@ -14,7 +14,7 @@
<description>Tunnel key, or hex value</description>
</valueHelp>
<constraint>
- <regex>^((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)$</regex>
+ <regex>((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)</regex>
</constraint>
<constraintErrorMessage>Must be 'inherit' or a number</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/interface/source-validation.xml.i b/interface-definitions/include/interface/source-validation.xml.i
index f38065f4d..fc9a7d376 100644
--- a/interface-definitions/include/interface/source-validation.xml.i
+++ b/interface-definitions/include/interface/source-validation.xml.i
@@ -18,7 +18,7 @@
<description>No source validation</description>
</valueHelp>
<constraint>
- <regex>^(strict|loose|disable)$</regex>
+ <regex>(strict|loose|disable)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i
index 3b305618e..c1af9f9e3 100644
--- a/interface-definitions/include/interface/vif-s.xml.i
+++ b/interface-definitions/include/interface/vif-s.xml.i
@@ -35,7 +35,7 @@
<description>VLAN-tagged frame (IEEE 802.1q), ethertype 0x8100</description>
</valueHelp>
<constraint>
- <regex>^(802.1q|802.1ad)$</regex>
+ <regex>(802.1q|802.1ad)</regex>
</constraint>
<constraintErrorMessage>Ethertype must be 802.1ad or 802.1q</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i
index 4e7f9b3c2..57ef8d64c 100644
--- a/interface-definitions/include/interface/vif.xml.i
+++ b/interface-definitions/include/interface/vif.xml.i
@@ -28,7 +28,7 @@
<description>Format for qos mapping, e.g.: '0:1 1:6 7:6'</description>
</valueHelp>
<constraint>
- <regex>[:0-7 ]+$</regex>
+ <regex>[:0-7 ]+</regex>
</constraint>
<constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage>
</properties>
@@ -41,7 +41,7 @@
<description>Format for qos mapping, e.g.: '0:1 1:6 7:6'</description>
</valueHelp>
<constraint>
- <regex>[:0-7 ]+$</regex>
+ <regex>[:0-7 ]+</regex>
</constraint>
<constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/ipsec/local-address.xml.i b/interface-definitions/include/ipsec/local-address.xml.i
index 2de6ecb1f..dc5653ce7 100644
--- a/interface-definitions/include/ipsec/local-address.xml.i
+++ b/interface-definitions/include/ipsec/local-address.xml.i
@@ -20,7 +20,7 @@
<constraint>
<validator name="ipv4-address"/>
<validator name="ipv6-address"/>
- <regex>^(any)$</regex>
+ <regex>(any)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i
index 925f90106..6b95de045 100644
--- a/interface-definitions/include/nat-translation-options.xml.i
+++ b/interface-definitions/include/nat-translation-options.xml.i
@@ -19,7 +19,7 @@
<description>Random source or destination address allocation for each connection</description>
</valueHelp>
<constraint>
- <regex>^(persistent|random)$</regex>
+ <regex>(persistent|random)</regex>
</constraint>
</properties>
<defaultValue>random</defaultValue>
@@ -43,7 +43,7 @@
<description>Do not apply port randomization</description>
</valueHelp>
<constraint>
- <regex>^(random|fully-random|none)$</regex>
+ <regex>(random|fully-random|none)</regex>
</constraint>
</properties>
<defaultValue>none</defaultValue>
diff --git a/interface-definitions/include/ospf/authentication.xml.i b/interface-definitions/include/ospf/authentication.xml.i
index 1e6050b97..8e8cad067 100644
--- a/interface-definitions/include/ospf/authentication.xml.i
+++ b/interface-definitions/include/ospf/authentication.xml.i
@@ -29,7 +29,7 @@
<description>MD5 Key (16 characters or less)</description>
</valueHelp>
<constraint>
- <regex>^[^[:space:]]{1,16}$</regex>
+ <regex>[^[:space:]]{1,16}</regex>
</constraint>
<constraintErrorMessage>Password must be 16 characters or less</constraintErrorMessage>
</properties>
@@ -46,7 +46,7 @@
<description>Plain text password (8 characters or less)</description>
</valueHelp>
<constraint>
- <regex>^[^[:space:]]{1,8}$</regex>
+ <regex>[^[:space:]]{1,8}</regex>
</constraint>
<constraintErrorMessage>Password must be 8 characters or less</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i
index 3a3372e47..c156d5b1c 100644
--- a/interface-definitions/include/ospf/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospf/protocol-common-config.xml.i
@@ -45,7 +45,7 @@
<description>Filter static routes</description>
</valueHelp>
<constraint>
- <regex>^(bgp|connected|isis|kernel|rip|static)$</regex>
+ <regex>(bgp|connected|isis|kernel|rip|static)</regex>
</constraint>
<constraintErrorMessage>Must be bgp, connected, kernel, rip, or static</constraintErrorMessage>
<multi/>
@@ -123,7 +123,7 @@
<description>Never translate LSA types</description>
</valueHelp>
<constraint>
- <regex>^(always|candidate|never)$</regex>
+ <regex>(always|candidate|never)</regex>
</constraint>
</properties>
<defaultValue>candidate</defaultValue>
@@ -172,7 +172,7 @@
<description>Use MD5 authentication</description>
</valueHelp>
<constraint>
- <regex>^(plaintext-password|md5)$</regex>
+ <regex>(plaintext-password|md5)</regex>
</constraint>
</properties>
</leafNode>
@@ -252,7 +252,7 @@
<description>Enable shortcutting mode</description>
</valueHelp>
<constraint>
- <regex>^(default|disable|enable)$</regex>
+ <regex>(default|disable|enable)</regex>
</constraint>
</properties>
</leafNode>
@@ -432,7 +432,7 @@
<description>Point-to-point network type</description>
</valueHelp>
<constraint>
- <regex>^(broadcast|non-broadcast|point-to-multipoint|point-to-point)$</regex>
+ <regex>(broadcast|non-broadcast|point-to-multipoint|point-to-point)</regex>
</constraint>
<constraintErrorMessage>Must be broadcast, non-broadcast, point-to-multipoint or point-to-point</constraintErrorMessage>
</properties>
@@ -586,7 +586,7 @@
<description>Standard ABR type</description>
</valueHelp>
<constraint>
- <regex>^(cisco|ibm|shortcut|standard)$</regex>
+ <regex>(cisco|ibm|shortcut|standard)</regex>
</constraint>
</properties>
<defaultValue>cisco</defaultValue>
@@ -617,7 +617,7 @@
<description>Default to suppress routing updates on all interfaces</description>
</valueHelp>
<constraint>
- <regex>^(default)$</regex>
+ <regex>(default)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i
index 792c873c8..630534eea 100644
--- a/interface-definitions/include/ospfv3/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i
@@ -184,7 +184,7 @@
<description>Point-to-point network type</description>
</valueHelp>
<constraint>
- <regex>^(broadcast|point-to-point)$</regex>
+ <regex>(broadcast|point-to-point)</regex>
</constraint>
<constraintErrorMessage>Must be broadcast or point-to-point</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/policy/action.xml.i b/interface-definitions/include/policy/action.xml.i
index 3b9b458d4..0a3dc158a 100644
--- a/interface-definitions/include/policy/action.xml.i
+++ b/interface-definitions/include/policy/action.xml.i
@@ -14,7 +14,7 @@
<description>Deny matching entries</description>
</valueHelp>
<constraint>
- <regex>^(permit|deny)$</regex>
+ <regex>(permit|deny)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
index 406125e55..cfeba1a6c 100644
--- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
+++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
@@ -91,7 +91,7 @@
<description>Disable log</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -196,7 +196,7 @@
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-200"/>
- <regex>^(main)$</regex>
+ <regex>(main)</regex>
</constraint>
</properties>
</leafNode>
@@ -260,7 +260,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -279,7 +279,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -298,7 +298,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -317,7 +317,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -543,7 +543,7 @@
<description>ICMP type/code name</description>
</valueHelp>
<constraint>
- <regex>^(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)$</regex>
+ <regex>(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)</regex>
<validator name="numeric" argument="--range 0-255"/>
</constraint>
</properties>
diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i
index 33c4ba77c..5a17dbc95 100644
--- a/interface-definitions/include/policy/route-common-rule.xml.i
+++ b/interface-definitions/include/policy/route-common-rule.xml.i
@@ -91,7 +91,7 @@
<description>Disable log</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -196,7 +196,7 @@
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-200"/>
- <regex>^(main)$</regex>
+ <regex>(main)</regex>
</constraint>
</properties>
</leafNode>
@@ -260,7 +260,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -279,7 +279,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -298,7 +298,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -317,7 +317,7 @@
<description>Disable</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/policy/route-rule-action.xml.i b/interface-definitions/include/policy/route-rule-action.xml.i
index 9c880579d..1217055f2 100644
--- a/interface-definitions/include/policy/route-rule-action.xml.i
+++ b/interface-definitions/include/policy/route-rule-action.xml.i
@@ -10,7 +10,7 @@
<description>Drop matching entries</description>
</valueHelp>
<constraint>
- <regex>^(drop)$</regex>
+ <regex>(drop)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/route-map.xml.i b/interface-definitions/include/route-map.xml.i
index 88092b7d4..019868373 100644
--- a/interface-definitions/include/route-map.xml.i
+++ b/interface-definitions/include/route-map.xml.i
@@ -10,7 +10,7 @@
<description>Route map name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/routing-passive-interface.xml.i b/interface-definitions/include/routing-passive-interface.xml.i
index 43dfb5e44..095b683de 100644
--- a/interface-definitions/include/routing-passive-interface.xml.i
+++ b/interface-definitions/include/routing-passive-interface.xml.i
@@ -15,7 +15,7 @@
<description>Default to suppress routing updates on all interfaces</description>
</valueHelp>
<constraint>
- <regex>^(default)$</regex>
+ <regex>(default)</regex>
<validator name="interface-name"/>
</constraint>
<multi/>
diff --git a/interface-definitions/include/snmp/access-mode.xml.i b/interface-definitions/include/snmp/access-mode.xml.i
index 71c766774..7469805ac 100644
--- a/interface-definitions/include/snmp/access-mode.xml.i
+++ b/interface-definitions/include/snmp/access-mode.xml.i
@@ -14,7 +14,7 @@
<description>read write</description>
</valueHelp>
<constraint>
- <regex>^(ro|rw)$</regex>
+ <regex>(ro|rw)</regex>
</constraint>
<constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/snmp/authentication-type.xml.i b/interface-definitions/include/snmp/authentication-type.xml.i
index ca0bb10a6..047d8cff4 100644
--- a/interface-definitions/include/snmp/authentication-type.xml.i
+++ b/interface-definitions/include/snmp/authentication-type.xml.i
@@ -14,7 +14,7 @@
<description>Secure Hash Algorithm</description>
</valueHelp>
<constraint>
- <regex>^(md5|sha)$</regex>
+ <regex>(md5|sha)</regex>
</constraint>
</properties>
<defaultValue>md5</defaultValue>
diff --git a/interface-definitions/include/snmp/privacy-type.xml.i b/interface-definitions/include/snmp/privacy-type.xml.i
index 94029a6c6..d5fd1e811 100644
--- a/interface-definitions/include/snmp/privacy-type.xml.i
+++ b/interface-definitions/include/snmp/privacy-type.xml.i
@@ -14,7 +14,7 @@
<description>Advanced Encryption Standard</description>
</valueHelp>
<constraint>
- <regex>^(des|aes)$</regex>
+ <regex>(des|aes)</regex>
</constraint>
</properties>
<defaultValue>des</defaultValue>
diff --git a/interface-definitions/include/snmp/protocol.xml.i b/interface-definitions/include/snmp/protocol.xml.i
index ebdeef87e..d7e6752ad 100644
--- a/interface-definitions/include/snmp/protocol.xml.i
+++ b/interface-definitions/include/snmp/protocol.xml.i
@@ -14,7 +14,7 @@
<description>Listen protocol TCP</description>
</valueHelp>
<constraint>
- <regex>^(udp|tcp)$</regex>
+ <regex>(udp|tcp)</regex>
</constraint>
</properties>
<defaultValue>udp</defaultValue>
diff --git a/interface-definitions/include/ssh-user.xml.i b/interface-definitions/include/ssh-user.xml.i
index 17ba05a90..6ac1f35bc 100644
--- a/interface-definitions/include/ssh-user.xml.i
+++ b/interface-definitions/include/ssh-user.xml.i
@@ -3,7 +3,7 @@
<properties>
<help>Allow specific users to login</help>
<constraint>
- <regex>^[-_a-zA-Z0-9.]{1,100}</regex>
+ <regex>[-_a-zA-Z0-9.]{1,100}</regex>
</constraint>
<constraintErrorMessage>Illegal characters or more than 100 characters</constraintErrorMessage>
<multi/>
diff --git a/interface-definitions/include/static/static-route-vrf.xml.i b/interface-definitions/include/static/static-route-vrf.xml.i
index 69aba253c..e1968f04a 100644
--- a/interface-definitions/include/static/static-route-vrf.xml.i
+++ b/interface-definitions/include/static/static-route-vrf.xml.i
@@ -11,7 +11,7 @@
<description>Name of VRF to leak to</description>
</valueHelp>
<constraint>
- <regex>^(default)$</regex>
+ <regex>(default)</regex>
<validator name="vrf-name"/>
</constraint>
</properties>
diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i
index b97971531..0a209bc3a 100644
--- a/interface-definitions/include/version/interfaces-version.xml.i
+++ b/interface-definitions/include/version/interfaces-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/interfaces-version.xml.i -->
-<syntaxVersion component='interfaces' version='25'></syntaxVersion>
+<syntaxVersion component='interfaces' version='26'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/quagga-version.xml.i b/interface-definitions/include/version/quagga-version.xml.i
index bb8ad7f82..f9944acce 100644
--- a/interface-definitions/include/version/quagga-version.xml.i
+++ b/interface-definitions/include/version/quagga-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/quagga-version.xml.i -->
-<syntaxVersion component='quagga' version='9'></syntaxVersion>
+<syntaxVersion component='quagga' version='10'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i
index 19591256d..3cf92001c 100644
--- a/interface-definitions/include/version/system-version.xml.i
+++ b/interface-definitions/include/version/system-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/system-version.xml.i -->
-<syntaxVersion component='system' version='23'></syntaxVersion>
+<syntaxVersion component='system' version='24'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/vpn-ipsec-encryption.xml.i b/interface-definitions/include/vpn-ipsec-encryption.xml.i
index eb0678aa9..629e6a0b9 100644
--- a/interface-definitions/include/vpn-ipsec-encryption.xml.i
+++ b/interface-definitions/include/vpn-ipsec-encryption.xml.i
@@ -226,7 +226,7 @@
<description>256 bit ChaCha20/Poly1305 with 128 bit ICV</description>
</valueHelp>
<constraint>
- <regex>^(null|aes128|aes192|aes256|aes128ctr|aes192ctr|aes256ctr|aes128ccm64|aes192ccm64|aes256ccm64|aes128ccm96|aes192ccm96|aes256ccm96|aes128ccm128|aes192ccm128|aes256ccm128|aes128gcm64|aes192gcm64|aes256gcm64|aes128gcm96|aes192gcm96|aes256gcm96|aes128gcm128|aes192gcm128|aes256gcm128|aes128gmac|aes192gmac|aes256gmac|3des|blowfish128|blowfish192|blowfish256|camellia128|camellia192|camellia256|camellia128ctr|camellia192ctr|camellia256ctr|camellia128ccm64|camellia192ccm64|camellia256ccm64|camellia128ccm96|camellia192ccm96|camellia256ccm96|camellia128ccm128|camellia192ccm128|camellia256ccm128|serpent128|serpent192|serpent256|twofish128|twofish192|twofish256|cast128|chacha20poly1305)$</regex>
+ <regex>(null|aes128|aes192|aes256|aes128ctr|aes192ctr|aes256ctr|aes128ccm64|aes192ccm64|aes256ccm64|aes128ccm96|aes192ccm96|aes256ccm96|aes128ccm128|aes192ccm128|aes256ccm128|aes128gcm64|aes192gcm64|aes256gcm64|aes128gcm96|aes192gcm96|aes256gcm96|aes128gcm128|aes192gcm128|aes256gcm128|aes128gmac|aes192gmac|aes256gmac|3des|blowfish128|blowfish192|blowfish256|camellia128|camellia192|camellia256|camellia128ctr|camellia192ctr|camellia256ctr|camellia128ccm64|camellia192ccm64|camellia256ccm64|camellia128ccm96|camellia192ccm96|camellia256ccm96|camellia128ccm128|camellia192ccm128|camellia256ccm128|serpent128|serpent192|serpent256|twofish128|twofish192|twofish256|cast128|chacha20poly1305)</regex>
</constraint>
</properties>
<defaultValue>aes128</defaultValue>
diff --git a/interface-definitions/include/vpn-ipsec-hash.xml.i b/interface-definitions/include/vpn-ipsec-hash.xml.i
index d6259574a..73d19c24b 100644
--- a/interface-definitions/include/vpn-ipsec-hash.xml.i
+++ b/interface-definitions/include/vpn-ipsec-hash.xml.i
@@ -58,7 +58,7 @@
<description>256-bit AES-GMAC</description>
</valueHelp>
<constraint>
- <regex>^(md5|md5_128|sha1|sha1_160|sha256|sha256_96|sha384|sha512|aesxcbc|aescmac|aes128gmac|aes192gmac|aes256gmac)$</regex>
+ <regex>(md5|md5_128|sha1|sha1_160|sha256|sha256_96|sha384|sha512|aesxcbc|aescmac|aes128gmac|aes192gmac|aes256gmac)</regex>
</constraint>
</properties>
<defaultValue>sha1</defaultValue>
diff --git a/interface-definitions/include/webproxy-url-filtering.xml.i b/interface-definitions/include/webproxy-url-filtering.xml.i
index 265bbff94..7763cb393 100644
--- a/interface-definitions/include/webproxy-url-filtering.xml.i
+++ b/interface-definitions/include/webproxy-url-filtering.xml.i
@@ -38,7 +38,7 @@
<description>Default filter action is block</description>
</valueHelp>
<constraint>
- <regex>^(allow|block)$</regex>
+ <regex>(allow|block)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in
index 5ae67a672..96dede723 100644
--- a/interface-definitions/interfaces-bonding.xml.in
+++ b/interface-definitions/interfaces-bonding.xml.in
@@ -7,7 +7,7 @@
<help>Bonding Interface/Link Aggregation</help>
<priority>320</priority>
<constraint>
- <regex>^bond[0-9]+$</regex>
+ <regex>bond[0-9]+</regex>
</constraint>
<constraintErrorMessage>Bonding interface must be named bondN</constraintErrorMessage>
<valueHelp>
@@ -85,7 +85,7 @@
<description>combine encapsulated IP address and port to make hash</description>
</valueHelp>
<constraint>
- <regex>^(layer2\+3|layer3\+4|layer2|encap2\+3|encap3\+4)$</regex>
+ <regex>(layer2\+3|layer3\+4|layer2|encap2\+3|encap3\+4)</regex>
</constraint>
<constraintErrorMessage>hash-policy must be layer2 layer2+3 layer3+4 encap2+3 or encap3+4</constraintErrorMessage>
</properties>
@@ -122,7 +122,7 @@
<description>Request partner to transmit LACPDUs every 1 second</description>
</valueHelp>
<constraint>
- <regex>^(slow|fast)$</regex>
+ <regex>(slow|fast)</regex>
</constraint>
</properties>
<defaultValue>slow</defaultValue>
@@ -162,7 +162,7 @@
<description>Distribute based on MAC address</description>
</valueHelp>
<constraint>
- <regex>^(802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)$</regex>
+ <regex>(802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)</regex>
</constraint>
<constraintErrorMessage>mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index be4c92583..60edf3ce2 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -7,7 +7,7 @@
<help>Bridge Interface</help>
<priority>310</priority>
<constraint>
- <regex>^br[0-9]+$</regex>
+ <regex>br[0-9]+</regex>
</constraint>
<constraintErrorMessage>Bridge interface must be named brN</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in
index 7f9ae90e5..01438de31 100644
--- a/interface-definitions/interfaces-dummy.xml.in
+++ b/interface-definitions/interfaces-dummy.xml.in
@@ -7,7 +7,7 @@
<help>Dummy Interface</help>
<priority>300</priority>
<constraint>
- <regex>^dum[0-9]+$</regex>
+ <regex>dum[0-9]+</regex>
</constraint>
<constraintErrorMessage>Dummy interface must be named dumN</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in
index 7fa07e9ec..c821f04b2 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces-ethernet.xml.in
@@ -14,7 +14,7 @@
<description>Ethernet interface name</description>
</valueHelp>
<constraint>
- <regex>^((eth|lan)[0-9]+|(eno|ens|enp|enx).+)$</regex>
+ <regex>((eth|lan)[0-9]+|(eno|ens|enp|enx).+)</regex>
</constraint>
<constraintErrorMessage>Invalid Ethernet interface name</constraintErrorMessage>
</properties>
@@ -52,7 +52,7 @@
<description>Full duplex</description>
</valueHelp>
<constraint>
- <regex>^(auto|half|full)$</regex>
+ <regex>(auto|half|full)</regex>
</constraint>
<constraintErrorMessage>duplex must be auto, half or full</constraintErrorMessage>
</properties>
@@ -159,7 +159,7 @@
<description>100 Gbit/sec</description>
</valueHelp>
<constraint>
- <regex>^(auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000)$</regex>
+ <regex>(auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000)</regex>
</constraint>
<constraintErrorMessage>Speed must be auto, 10, 100, 1000, 2500, 5000, 10000, 25000, 40000, 50000 or 100000</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in
index 9143ba6be..6e8a8fee2 100644
--- a/interface-definitions/interfaces-geneve.xml.in
+++ b/interface-definitions/interfaces-geneve.xml.in
@@ -7,7 +7,7 @@
<help>Generic Network Virtualization Encapsulation (GENEVE) Interface</help>
<priority>460</priority>
<constraint>
- <regex>^gnv[0-9]+$</regex>
+ <regex>gnv[0-9]+</regex>
</constraint>
<constraintErrorMessage>GENEVE interface must be named gnvN</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in
index 1f23a89a5..6a85064cd 100644
--- a/interface-definitions/interfaces-l2tpv3.xml.in
+++ b/interface-definitions/interfaces-l2tpv3.xml.in
@@ -7,7 +7,7 @@
<help>Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface</help>
<priority>485</priority>
<constraint>
- <regex>^l2tpeth[0-9]+$</regex>
+ <regex>l2tpeth[0-9]+</regex>
</constraint>
<constraintErrorMessage>L2TPv3 interface must be named l2tpethN</constraintErrorMessage>
<valueHelp>
@@ -49,7 +49,7 @@
<description>IP encapsulation</description>
</valueHelp>
<constraint>
- <regex>^(udp|ip)$</regex>
+ <regex>(udp|ip)</regex>
</constraint>
<constraintErrorMessage>Encapsulation must be UDP or IP</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in
index 7ac0545c6..7f59db543 100644
--- a/interface-definitions/interfaces-loopback.xml.in
+++ b/interface-definitions/interfaces-loopback.xml.in
@@ -7,7 +7,7 @@
<help>Loopback Interface</help>
<priority>300</priority>
<constraint>
- <regex>^lo$</regex>
+ <regex>lo</regex>
</constraint>
<constraintErrorMessage>Loopback interface must be named lo</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index cb3c489aa..dbb989588 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -7,7 +7,7 @@
<help>MACsec Interface (802.1ae)</help>
<priority>461</priority>
<constraint>
- <regex>^macsec[0-9]+$</regex>
+ <regex>macsec[0-9]+</regex>
</constraint>
<constraintErrorMessage>MACsec interface must be named macsecN</constraintErrorMessage>
<valueHelp>
@@ -44,7 +44,7 @@
<description>Galois/Counter Mode of AES cipher with 256-bit key</description>
</valueHelp>
<constraint>
- <regex>^(gcm-aes-128|gcm-aes-256)$</regex>
+ <regex>(gcm-aes-128|gcm-aes-256)</regex>
</constraint>
</properties>
</leafNode>
@@ -67,7 +67,7 @@
<description>16-byte (128-bit) hex-string (32 hex-digits)</description>
</valueHelp>
<constraint>
- <regex>^[A-Fa-f0-9]{32}$</regex>
+ <regex>[A-Fa-f0-9]{32}</regex>
</constraint>
</properties>
</leafNode>
@@ -79,7 +79,7 @@
<description>32-byte (256-bit) hex-string (64 hex-digits)</description>
</valueHelp>
<constraint>
- <regex>^[A-Fa-f0-9]{64}$</regex>
+ <regex>[A-Fa-f0-9]{64}</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index c917b9312..edcf7b37f 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -7,7 +7,7 @@
<help>OpenVPN Tunnel Interface</help>
<priority>460</priority>
<constraint>
- <regex>^vtun[0-9]+$</regex>
+ <regex>vtun[0-9]+</regex>
</constraint>
<constraintErrorMessage>OpenVPN tunnel interface must be named vtunN</constraintErrorMessage>
<valueHelp>
@@ -51,7 +51,7 @@
<description>TAP device, required for OSI layer 2</description>
</valueHelp>
<constraint>
- <regex>^(tun|tap)$</regex>
+ <regex>(tun|tap)</regex>
</constraint>
</properties>
<defaultValue>tun</defaultValue>
@@ -113,7 +113,7 @@
<description>AES algorithm with 256-bit key GCM</description>
</valueHelp>
<constraint>
- <regex>^(none|des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)$</regex>
+ <regex>(none|des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
</constraint>
</properties>
</leafNode>
@@ -160,7 +160,7 @@
<description>AES algorithm with 256-bit key GCM</description>
</valueHelp>
<constraint>
- <regex>^(none|des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)$</regex>
+ <regex>(none|des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
</constraint>
<multi/>
</properties>
@@ -196,7 +196,7 @@
<description>SHA-512 algorithm</description>
</valueHelp>
<constraint>
- <regex>^(md5|sha1|sha256|sha384|sha512)$</regex>
+ <regex>(md5|sha1|sha256|sha384|sha512)</regex>
</constraint>
</properties>
</leafNode>
@@ -298,7 +298,7 @@
<description>Server in client-server mode</description>
</valueHelp>
<constraint>
- <regex>^(site-to-site|client|server)$</regex>
+ <regex>(site-to-site|client|server)</regex>
</constraint>
</properties>
</leafNode>
@@ -336,7 +336,7 @@
<description>TCP and initiates connections actively</description>
</valueHelp>
<constraint>
- <regex>^(udp|tcp-passive|tcp-active)$</regex>
+ <regex>(udp|tcp-passive|tcp-active)</regex>
</constraint>
</properties>
<defaultValue>udp</defaultValue>
@@ -631,7 +631,7 @@
<description>Subnet topology</description>
</valueHelp>
<constraint>
- <regex>^(subnet|point-to-point|net30)$</regex>
+ <regex>(subnet|point-to-point|net30)</regex>
</constraint>
</properties>
<defaultValue>net30</defaultValue>
@@ -713,7 +713,7 @@
<description>Enable chalenge-response</description>
</valueHelp>
<constraint>
- <regex>^(disable|enable)$</regex>
+ <regex>(disable|enable)</regex>
</constraint>
</properties>
<defaultValue>enable</defaultValue>
@@ -786,7 +786,7 @@
<description>TLS v1.3</description>
</valueHelp>
<constraint>
- <regex>^(1.0|1.1|1.2|1.3)$</regex>
+ <regex>(1.0|1.1|1.2|1.3)</regex>
</constraint>
</properties>
</leafNode>
@@ -805,7 +805,7 @@
<description>Wait for incoming TLS connection</description>
</valueHelp>
<constraint>
- <regex>^(active|passive)$</regex>
+ <regex>(active|passive)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in
index 3a0b7a40c..664914baa 100644
--- a/interface-definitions/interfaces-pppoe.xml.in
+++ b/interface-definitions/interfaces-pppoe.xml.in
@@ -7,7 +7,7 @@
<help>Point-to-Point Protocol over Ethernet (PPPoE)</help>
<priority>322</priority>
<constraint>
- <regex>^pppoe[0-9]+$</regex>
+ <regex>pppoe[0-9]+</regex>
</constraint>
<constraintErrorMessage>PPPoE interface must be named pppoeN</constraintErrorMessage>
<valueHelp>
@@ -21,31 +21,8 @@
#include <include/interface/dial-on-demand.xml.i>
#include <include/interface/interface-firewall.xml.i>
#include <include/interface/interface-policy.xml.i>
- <leafNode name="default-route">
- <properties>
- <help>Default route insertion behaviour</help>
- <completionHelp>
- <list>auto none force</list>
- </completionHelp>
- <constraint>
- <regex>^(auto|none|force)$</regex>
- </constraint>
- <constraintErrorMessage>PPPoE default-route option must be 'auto', 'none', or 'force'</constraintErrorMessage>
- <valueHelp>
- <format>auto</format>
- <description>Automatically install a default route</description>
- </valueHelp>
- <valueHelp>
- <format>none</format>
- <description>Do not install a default route</description>
- </valueHelp>
- <valueHelp>
- <format>force</format>
- <description>Replace existing default route</description>
- </valueHelp>
- </properties>
- <defaultValue>auto</defaultValue>
- </leafNode>
+ #include <include/interface/no-default-route.xml.i>
+ #include <include/interface/default-route-distance.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
#include <include/interface/description.xml.i>
#include <include/interface/disable.xml.i>
@@ -129,7 +106,7 @@
<properties>
<help>Service name, only connect to access concentrators advertising this</help>
<constraint>
- <regex>[a-zA-Z0-9]+$</regex>
+ <regex>[a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Service name must be alphanumeric only</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in
index 5f5e9fdef..6b62f4c61 100644
--- a/interface-definitions/interfaces-pseudo-ethernet.xml.in
+++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in
@@ -7,7 +7,7 @@
<help>Pseudo Ethernet</help>
<priority>321</priority>
<constraint>
- <regex>^peth[0-9]+$</regex>
+ <regex>peth[0-9]+</regex>
</constraint>
<constraintErrorMessage>Pseudo Ethernet interface must be named pethN</constraintErrorMessage>
<valueHelp>
@@ -53,7 +53,7 @@
<description>Promicious mode passthrough of underlying device</description>
</valueHelp>
<constraint>
- <regex>^(private|vepa|bridge|passthru)$</regex>
+ <regex>(private|vepa|bridge|passthru)</regex>
</constraint>
<constraintErrorMessage>mode must be private, vepa, bridge or passthru</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in
index 42ec62775..98ff878ba 100644
--- a/interface-definitions/interfaces-tunnel.xml.in
+++ b/interface-definitions/interfaces-tunnel.xml.in
@@ -7,7 +7,7 @@
<help>Tunnel interface</help>
<priority>380</priority>
<constraint>
- <regex>^tun[0-9]+$</regex>
+ <regex>tun[0-9]+</regex>
</constraint>
<constraintErrorMessage>tunnel interface must be named tunN</constraintErrorMessage>
<valueHelp>
@@ -102,7 +102,7 @@
<description>Simple Internet Transition (IPv6 in IPv4)</description>
</valueHelp>
<constraint>
- <regex>^(erspan|gre|gretap|ip6erspan|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit)$</regex>
+ <regex>(erspan|gre|gretap|ip6erspan|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit)</regex>
</constraint>
<constraintErrorMessage>Invalid encapsulation, must be one of: erspan, gre, gretap, ip6erspan, ip6gre, ip6gretap, ipip, sit, ipip6 or ip6ip6</constraintErrorMessage>
</properties>
@@ -123,7 +123,7 @@
<description>Disable multicast (default)</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
<constraintErrorMessage>Must be 'disable' or 'enable'</constraintErrorMessage>
</properties>
@@ -153,7 +153,7 @@
<description>Mirror egress traffic</description>
</valueHelp>
<constraint>
- <regex>^(ingress|egress)$</regex>
+ <regex>(ingress|egress)</regex>
</constraint>
</properties>
</leafNode>
@@ -248,7 +248,7 @@
<description>Disable encapsulation limit</description>
</valueHelp>
<constraint>
- <regex>^(none)$</regex>
+ <regex>(none)</regex>
<validator name="numeric" argument="--range 0-255"/>
</constraint>
<constraintErrorMessage>Tunnel encaplimit must be 0-255 or none</constraintErrorMessage>
diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces-vti.xml.in
index 5893e4c4c..b471c3b92 100644
--- a/interface-definitions/interfaces-vti.xml.in
+++ b/interface-definitions/interfaces-vti.xml.in
@@ -7,7 +7,7 @@
<help>Virtual Tunnel interface</help>
<priority>381</priority>
<constraint>
- <regex>^vti[0-9]+$</regex>
+ <regex>vti[0-9]+</regex>
</constraint>
<constraintErrorMessage>VTI interface must be named vtiN</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index 8b50fe1b7..faa3dd5e0 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -7,7 +7,7 @@
<help>Virtual Extensible LAN (VXLAN) Interface</help>
<priority>460</priority>
<constraint>
- <regex>^vxlan[0-9]+$</regex>
+ <regex>vxlan[0-9]+</regex>
</constraint>
<constraintErrorMessage>VXLAN interface must be named vxlanN</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in
index eb0892f07..4a1b4ac68 100644
--- a/interface-definitions/interfaces-wireguard.xml.in
+++ b/interface-definitions/interfaces-wireguard.xml.in
@@ -7,7 +7,7 @@
<help>WireGuard Interface</help>
<priority>459</priority>
<constraint>
- <regex>^wg[0-9]+$</regex>
+ <regex>wg[0-9]+</regex>
</constraint>
<constraintErrorMessage>WireGuard interface must be named wgN</constraintErrorMessage>
<valueHelp>
@@ -46,7 +46,7 @@
<properties>
<help>Base64 encoded private key</help>
<constraint>
- <regex>[0-9a-zA-Z\+/]{43}=$</regex>
+ <regex>[0-9a-zA-Z\+/]{43}=</regex>
</constraint>
<constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
</properties>
@@ -55,7 +55,7 @@
<properties>
<help>peer alias</help>
<constraint>
- <regex>[^ ]{1,100}$</regex>
+ <regex>[^ ]{1,100}</regex>
</constraint>
<constraintErrorMessage>peer alias too long (limit 100 characters)</constraintErrorMessage>
</properties>
@@ -65,7 +65,7 @@
<properties>
<help>base64 encoded public key</help>
<constraint>
- <regex>[0-9a-zA-Z\+/]{43}=$</regex>
+ <regex>[0-9a-zA-Z\+/]{43}=</regex>
</constraint>
<constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
</properties>
@@ -74,7 +74,7 @@
<properties>
<help>base64 encoded preshared key</help>
<constraint>
- <regex>[0-9a-zA-Z\+/]{43}=$</regex>
+ <regex>[0-9a-zA-Z\+/]{43}=</regex>
</constraint>
<constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index db01657eb..eb6107303 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -10,7 +10,7 @@
<script>cd /sys/class/net; if compgen -G "wlan*" > /dev/null; then ls -d wlan*; fi</script>
</completionHelp>
<constraint>
- <regex>^wlan[0-9]+$</regex>
+ <regex>wlan[0-9]+</regex>
</constraint>
<constraintErrorMessage>Wireless interface must be named wlanN</constraintErrorMessage>
<valueHelp>
@@ -63,7 +63,7 @@
<description>Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel</description>
</valueHelp>
<constraint>
- <regex>^(ht20|ht40\+|ht40-)$</regex>
+ <regex>(ht20|ht40\+|ht40-)</regex>
</constraint>
<multi/>
</properties>
@@ -113,7 +113,7 @@
<description>Set maximum A-MSDU length to 7935 octets</description>
</valueHelp>
<constraint>
- <regex>^(3839|7935)$</regex>
+ <regex>(3839|7935)</regex>
</constraint>
</properties>
</leafNode>
@@ -132,7 +132,7 @@
<description>Short GI for 40 MHz</description>
</valueHelp>
<constraint>
- <regex>^(20|40)$</regex>
+ <regex>(20|40)</regex>
</constraint>
<multi/>
</properties>
@@ -152,7 +152,7 @@
<description>DYNAMIC Spatial Multiplexing (SM) Power Save</description>
</valueHelp>
<constraint>
- <regex>^(static|dynamic)$</regex>
+ <regex>(static|dynamic)</regex>
</constraint>
</properties>
</leafNode>
@@ -169,7 +169,7 @@
<description>Number of spacial streams that can use RX STBC</description>
</valueHelp>
<constraint>
- <regex>^[1-3]+$</regex>
+ <regex>[1-3]+</regex>
</constraint>
<constraintErrorMessage>Invalid capability item</constraintErrorMessage>
</properties>
@@ -248,7 +248,7 @@
<description>Support for operation as multi user beamformee</description>
</valueHelp>
<constraint>
- <regex>^(single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee)$</regex>
+ <regex>(single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee)</regex>
</constraint>
<multi/>
</properties>
@@ -334,7 +334,7 @@
<description>Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB</description>
</valueHelp>
<constraint>
- <regex>^(unsolicited|both)$</regex>
+ <regex>(unsolicited|both)</regex>
</constraint>
<constraintErrorMessage>Invalid capability item</constraintErrorMessage>
</properties>
@@ -366,7 +366,7 @@
<description>ncrease Maximum MPDU length to 11454 octets</description>
</valueHelp>
<constraint>
- <regex>^(7991|11454)$</regex>
+ <regex>(7991|11454)</regex>
</constraint>
</properties>
</leafNode>
@@ -385,7 +385,7 @@
<description>Short GI for 160 MHz</description>
</valueHelp>
<constraint>
- <regex>^(80|160)$</regex>
+ <regex>(80|160)</regex>
</constraint>
<multi/>
</properties>
@@ -403,7 +403,7 @@
<description>Number of spacial streams that can use RX STBC</description>
</valueHelp>
<constraint>
- <regex>^[1-4]+$</regex>
+ <regex>[1-4]+</regex>
</constraint>
<constraintErrorMessage>Invalid capability item</constraintErrorMessage>
</properties>
@@ -464,7 +464,7 @@
<description>ISO/IEC 3166-1 Country Code</description>
</valueHelp>
<constraint>
- <regex>^[a-z][a-z]$</regex>
+ <regex>[a-z][a-z]</regex>
</constraint>
<constraintErrorMessage>Invalid ISO/IEC 3166-1 Country Code</constraintErrorMessage>
</properties>
@@ -529,7 +529,7 @@
<description>MFP enforced</description>
</valueHelp>
<constraint>
- <regex>^(disabled|optional|required)$</regex>
+ <regex>(disabled|optional|required)</regex>
</constraint>
</properties>
<defaultValue>disabled</defaultValue>
@@ -561,7 +561,7 @@
<description>802.11ac - 1300 Mbits/sec</description>
</valueHelp>
<constraint>
- <regex>^(a|b|g|n|ac)$</regex>
+ <regex>(a|b|g|n|ac)</regex>
</constraint>
</properties>
<defaultValue>g</defaultValue>
@@ -650,7 +650,7 @@
<description>Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]</description>
</valueHelp>
<constraint>
- <regex>^(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)$</regex>
+ <regex>(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)</regex>
</constraint>
<constraintErrorMessage>Invalid cipher selection</constraintErrorMessage>
<multi/>
@@ -683,7 +683,7 @@
<description>Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]</description>
</valueHelp>
<constraint>
- <regex>^(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)$</regex>
+ <regex>(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)</regex>
</constraint>
<constraintErrorMessage>Invalid group cipher selection</constraintErrorMessage>
<multi/>
@@ -708,7 +708,7 @@
<description>Allow both WPA and WPA2</description>
</valueHelp>
<constraint>
- <regex>^(wpa|wpa2|wpa\+wpa2|wpa3)$</regex>
+ <regex>(wpa|wpa2|wpa\+wpa2|wpa3)</regex>
</constraint>
<constraintErrorMessage>Unknown WPA mode</constraintErrorMessage>
</properties>
@@ -724,7 +724,7 @@
<description>Passphrase of at least 8 but not more than 63 printable characters</description>
</valueHelp>
<constraint>
- <regex>.{8,63}$</regex>
+ <regex>.{8,63}</regex>
</constraint>
<constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage>
</properties>
@@ -752,7 +752,7 @@
<properties>
<help>Wireless access-point service set identifier (SSID)</help>
<constraint>
- <regex>.{1,32}$</regex>
+ <regex>.{1,32}</regex>
</constraint>
<constraintErrorMessage>Invalid SSID</constraintErrorMessage>
</properties>
@@ -776,7 +776,7 @@
<description>Passively monitor all packets on the frequency/channel</description>
</valueHelp>
<constraint>
- <regex>^(access-point|station|monitor)$</regex>
+ <regex>(access-point|station|monitor)</regex>
</constraint>
<constraintErrorMessage>Type must be access-point, station or monitor</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/interfaces-wwan.xml.in b/interface-definitions/interfaces-wwan.xml.in
index 3cb1645c4..3071e6091 100644
--- a/interface-definitions/interfaces-wwan.xml.in
+++ b/interface-definitions/interfaces-wwan.xml.in
@@ -10,7 +10,7 @@
<script>cd /sys/class/net; if compgen -G "wwan*" > /dev/null; then ls -d wwan*; fi</script>
</completionHelp>
<constraint>
- <regex>^wwan[0-9]+$</regex>
+ <regex>wwan[0-9]+</regex>
</constraint>
<constraintErrorMessage>Wireless Modem interface must be named wwanN</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in
index f79680947..9295b631f 100644
--- a/interface-definitions/nat.xml.in
+++ b/interface-definitions/nat.xml.in
@@ -98,7 +98,7 @@
<validator name="ipv4-prefix"/>
<validator name="ipv4-address"/>
<validator name="ipv4-range"/>
- <regex>^(masquerade)$</regex>
+ <regex>(masquerade)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in
index 11d986c96..b47f653c6 100644
--- a/interface-definitions/nat66.xml.in
+++ b/interface-definitions/nat66.xml.in
@@ -94,7 +94,7 @@
<constraint>
<validator name="ipv6-address"/>
<validator name="ipv6-prefix"/>
- <regex>^(masquerade)$</regex>
+ <regex>(masquerade)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/netns.xml.in b/interface-definitions/netns.xml.in
index 80de805fb..088985cb6 100644
--- a/interface-definitions/netns.xml.in
+++ b/interface-definitions/netns.xml.in
@@ -10,7 +10,7 @@
<properties>
<help>Network namespace name</help>
<constraint>
- <regex>^[a-zA-Z0-9-_]{1,100}</regex>
+ <regex>[a-zA-Z0-9-_]{1,100}</regex>
</constraint>
<constraintErrorMessage>Netns name must be alphanumeric and can contain hyphens and underscores.</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy-local-route.xml.in
index 573a7963f..d969613b1 100644
--- a/interface-definitions/policy-local-route.xml.in
+++ b/interface-definitions/policy-local-route.xml.in
@@ -146,11 +146,11 @@
<properties>
<help>Source address or prefix</help>
<valueHelp>
- <format>ipv4</format>
+ <format>ipv6</format>
<description>Address to match against</description>
</valueHelp>
<valueHelp>
- <format>ipv4net</format>
+ <format>ipv6net</format>
<description>Prefix to match against</description>
</valueHelp>
<constraint>
diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in
index a1c3b50de..a10c9b08f 100644
--- a/interface-definitions/policy-route.xml.in
+++ b/interface-definitions/policy-route.xml.in
@@ -6,7 +6,7 @@
<properties>
<help>Policy route rule set name for IPv6</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
<priority>201</priority>
</properties>
@@ -55,7 +55,7 @@
<properties>
<help>Policy route rule set name for IPv4</help>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
<priority>201</priority>
</properties>
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index 1a4781397..50b7cbc84 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -242,7 +242,7 @@
<description>BGP extended community-list name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Should be an alphanumeric name</constraintErrorMessage>
</properties>
@@ -291,7 +291,7 @@
<description>BGP large-community-list name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Should be an alphanumeric name</constraintErrorMessage>
</properties>
@@ -340,7 +340,7 @@
<description>Name of IPv4 prefix-list</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
@@ -408,7 +408,7 @@
<description>Name of IPv6 prefix-list</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9]+$</regex>
+ <regex>[-_a-zA-Z0-9]+</regex>
</constraint>
<constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
@@ -476,7 +476,7 @@
<description>Route map name</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9.]+$</regex>
+ <regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
@@ -582,7 +582,7 @@
<description>Prefix route</description>
</valueHelp>
<constraint>
- <regex>^(macip|multicast|prefix)$</regex>
+ <regex>(macip|multicast|prefix)</regex>
</constraint>
</properties>
</leafNode>
@@ -834,7 +834,7 @@
<description>Incomplete origin</description>
</valueHelp>
<constraint>
- <regex>^(egp|igp|incomplete)$</regex>
+ <regex>(egp|igp|incomplete)</regex>
</constraint>
</properties>
</leafNode>
@@ -869,7 +869,7 @@
<description>Match valid entries</description>
</valueHelp>
<constraint>
- <regex>^(invalid|notfound|valid)$</regex>
+ <regex>(invalid|notfound|valid)</regex>
</constraint>
</properties>
</leafNode>
@@ -948,24 +948,49 @@
</leafNode>
</children>
</node>
- <leafNode name="as-path-exclude">
+ <node name="as-path">
<properties>
- <help>Remove ASN(s) from a Border Gateway Protocol (BGP) AS-path attribute</help>
- <valueHelp>
- <format>txt</format>
- <description>BGP AS path exclude string (ex: "456 64500 45001")</description>
- </valueHelp>
- </properties>
- </leafNode>
- <leafNode name="as-path-prepend">
- <properties>
- <help>Prepend string for a Border Gateway Protocol (BGP) AS-path attribute</help>
- <valueHelp>
- <format>txt</format>
- <description>BGP AS path prepend string (ex: "64501 64501")</description>
- </valueHelp>
+ <help>Transform BGP AS_PATH attribute</help>
</properties>
- </leafNode>
+ <children>
+ <leafNode name="exclude">
+ <properties>
+ <help>Remove/exclude from the as-path attribute</help>
+ <valueHelp>
+ <format>u32</format>
+ <description>AS number</description>
+ </valueHelp>
+ <constraint>
+ <validator name="as-number-list"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="prepend">
+ <properties>
+ <help>Prepend to the as-path</help>
+ <valueHelp>
+ <format>u32</format>
+ <description>AS number</description>
+ </valueHelp>
+ <constraint>
+ <validator name="as-number-list"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="prepend-last-as">
+ <properties>
+ <help>Use the last AS-number in the as-path</help>
+ <valueHelp>
+ <format>u32:1-10</format>
+ <description>Number of times to insert</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-10"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<leafNode name="atomic-aggregate">
<properties>
<help>BGP atomic aggregate attribute</help>
@@ -1045,6 +1070,44 @@
</constraint>
</properties>
</leafNode>
+ <node name="evpn">
+ <properties>
+ <help>Ethernet Virtual Private Network</help>
+ </properties>
+ <children>
+ <node name="gateway">
+ <properties>
+ <help>Set gateway IP for prefix advertisement route</help>
+ </properties>
+ <children>
+ <leafNode name="ipv4">
+ <properties>
+ <help>Set gateway IPv4 address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Gateway IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="ipv6">
+ <properties>
+ <help>Set gateway IPv6 address</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Gateway IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
<node name="extcommunity">
<properties>
<help>BGP extended community attribute</help>
@@ -1070,7 +1133,7 @@
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-25600"/>
- <regex>^(cumulative|num-multipaths)$</regex>
+ <regex>(cumulative|num-multipaths)</regex>
</constraint>
</properties>
</leafNode>
@@ -1086,7 +1149,7 @@
<description>Based on a router-id IP address</description>
</valueHelp>
<constraint>
- <regex>^(((\b(?:(?:2(?:[0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9])\.){3}(?:(?:2([0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9]))\b)|(\d+)):(\d+) ?)+$</regex>
+ <regex>(((\b(?:(?:2(?:[0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9])\.){3}(?:(?:2([0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9]))\b)|(\d+)):(\d+) ?)+</regex>
</constraint>
<constraintErrorMessage>Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number</constraintErrorMessage>
</properties>
@@ -1103,7 +1166,7 @@
<description>Based on a router-id IP address</description>
</valueHelp>
<constraint>
- <regex>^((?:[0-9]{1,3}\.){3}[0-9]{1,3}|\d+):\d+$</regex>
+ <regex>((?:[0-9]{1,3}\.){3}[0-9]{1,3}|\d+):\d+</regex>
</constraint>
<constraintErrorMessage>Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number</constraintErrorMessage>
</properties>
@@ -1131,7 +1194,7 @@
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
- <regex>^(unchanged|peer-address)$</regex>
+ <regex>(unchanged|peer-address)</regex>
</constraint>
</properties>
</leafNode>
@@ -1251,7 +1314,7 @@
<description>OSPF external type 2 metric</description>
</valueHelp>
<constraint>
- <regex>^(type-1|type-2)$</regex>
+ <regex>(type-1|type-2)</regex>
</constraint>
</properties>
</leafNode>
@@ -1274,7 +1337,7 @@
<description>Incomplete origin</description>
</valueHelp>
<constraint>
- <regex>^(igp|egp|incomplete)$</regex>
+ <regex>(igp|egp|incomplete)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/protocols-bfd.xml.in b/interface-definitions/protocols-bfd.xml.in
index a9957d884..edbac8d0e 100644
--- a/interface-definitions/protocols-bfd.xml.in
+++ b/interface-definitions/protocols-bfd.xml.in
@@ -73,7 +73,7 @@
<description>Name of BFD profile</description>
</valueHelp>
<constraint>
- <regex>^[-_a-zA-Z0-9]{1,32}$</regex>
+ <regex>[-_a-zA-Z0-9]{1,32}</regex>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/protocols-nhrp.xml.in b/interface-definitions/protocols-nhrp.xml.in
index 9dd9d3389..7de3704ce 100644
--- a/interface-definitions/protocols-nhrp.xml.in
+++ b/interface-definitions/protocols-nhrp.xml.in
@@ -12,7 +12,7 @@
<properties>
<help>Tunnel for NHRP [REQUIRED]</help>
<constraint>
- <regex>^tun[0-9]+$</regex>
+ <regex>tun[0-9]+</regex>
</constraint>
<valueHelp>
<format>tunN</format>
@@ -85,7 +85,7 @@
<list>dynamic nhs</list>
</completionHelp>
<constraint>
- <regex>^(dynamic|nhs)$</regex>
+ <regex>(dynamic|nhs)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols-rip.xml.in
index d3be4e1af..bbb88aef1 100644
--- a/interface-definitions/protocols-rip.xml.in
+++ b/interface-definitions/protocols-rip.xml.in
@@ -78,7 +78,7 @@
<description>MD5 Key (16 characters or less)</description>
</valueHelp>
<constraint>
- <regex>^[^[:space:]]{1,16}$</regex>
+ <regex>[^[:space:]]{1,16}</regex>
</constraint>
<constraintErrorMessage>Password must be 16 characters or less</constraintErrorMessage>
</properties>
@@ -93,7 +93,7 @@
<description>Plain text password (16 characters or less)</description>
</valueHelp>
<constraint>
- <regex>^[^[:space:]]{1,16}$</regex>
+ <regex>[^[:space:]]{1,16}</regex>
</constraint>
<constraintErrorMessage>Password must be 16 characters or less</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/protocols-static-arp.xml.in b/interface-definitions/protocols-static-arp.xml.in
index e5e8a9ad9..8b1b3b5e1 100644
--- a/interface-definitions/protocols-static-arp.xml.in
+++ b/interface-definitions/protocols-static-arp.xml.in
@@ -4,32 +4,46 @@
<children>
<node name="static">
<children>
- <tagNode name="arp" owner="${vyos_conf_scripts_dir}/arp.py">
+ <node name="arp" owner="${vyos_conf_scripts_dir}/arp.py">
<properties>
<help>Static ARP translation</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 destination address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
</properties>
<children>
- <leafNode name="hwaddr">
+ <tagNode name="interface">
<properties>
- <help>Translation MAC address</help>
+ <help>Interface configuration</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
<valueHelp>
- <format>macaddr</format>
- <description>Hardware (MAC) address</description>
+ <format>txt</format>
+ <description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="mac-address"/>
+ <validator name="interface-name"/>
</constraint>
</properties>
- </leafNode>
+ <children>
+ <tagNode name="address">
+ <properties>
+ <help>IP address for static ARP entry</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 destination address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/generic-description.xml.i>
+ #include <include/interface/mac.xml.i>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
</children>
- </tagNode>
+ </node>
</children>
</node>
</children>
diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in
index ff4c1c24e..5e65d3106 100644
--- a/interface-definitions/service-ids-ddos-protection.xml.in
+++ b/interface-definitions/service-ids-ddos-protection.xml.in
@@ -25,7 +25,7 @@
<list>in out</list>
</completionHelp>
<constraint>
- <regex>^(in|out)$</regex>
+ <regex>(in|out)</regex>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in
index 584f687c7..6fa6fc5f9 100644
--- a/interface-definitions/service_conntrack-sync.xml.in
+++ b/interface-definitions/service_conntrack-sync.xml.in
@@ -5,7 +5,8 @@
<node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py">
<properties>
<help>Connection tracking synchronization</help>
- <priority>995</priority>
+ <!-- before VRRP / HA -->
+ <priority>799</priority>
</properties>
<children>
<leafNode name="accept-protocol">
@@ -39,7 +40,7 @@
<description>Sync Datagram Congestion Control Protocol entries</description>
</valueHelp>
<constraint>
- <regex>^(tcp|udp|icmp|icmp6|sctp|dccp)$</regex>
+ <regex>(tcp|udp|icmp|icmp6|sctp|dccp)</regex>
</constraint>
<constraintErrorMessage>Allowed protocols: tcp udp icmp or sctp</constraintErrorMessage>
<multi/>
@@ -68,7 +69,7 @@
<list>all ftp sip h323 nfs sqlnet</list>
</completionHelp>
<constraint>
- <regex>^(all|ftp|sip|h323|nfs|sqlnet)$</regex>
+ <regex>(all|ftp|sip|h323|nfs|sqlnet)</regex>
</constraint>
<constraintErrorMessage>Invalid protocol</constraintErrorMessage>
<multi/>
diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in
index 549edb813..e9591ad87 100644
--- a/interface-definitions/service_console-server.xml.in
+++ b/interface-definitions/service_console-server.xml.in
@@ -23,7 +23,7 @@
<description>USB based serial interface</description>
</valueHelp>
<constraint>
- <regex>^(ttyS\d+|usb\d+b.*p.*)$</regex>
+ <regex>(ttyS\d+|usb\d+b.*p.*)</regex>
</constraint>
</properties>
<children>
@@ -35,7 +35,7 @@
<list>300 1200 2400 4800 9600 19200 38400 57600 115200</list>
</completionHelp>
<constraint>
- <regex>^(300|1200|2400|4800|9600|19200|38400|57600|115200)$</regex>
+ <regex>(300|1200|2400|4800|9600|19200|38400|57600|115200)</regex>
</constraint>
</properties>
</leafNode>
@@ -70,7 +70,7 @@
<list>even odd none</list>
</completionHelp>
<constraint>
- <regex>^(even|odd|none)$</regex>
+ <regex>(even|odd|none)</regex>
</constraint>
</properties>
<defaultValue>none</defaultValue>
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
index 1325ba10d..e222467b1 100644
--- a/interface-definitions/service_ipoe-server.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
@@ -23,7 +23,7 @@
<list>L2 L3</list>
</completionHelp>
<constraint>
- <regex>^(L2|L3)$</regex>
+ <regex>(L2|L3)</regex>
</constraint>
<valueHelp>
<format>L2</format>
@@ -42,7 +42,7 @@
<list>shared vlan</list>
</completionHelp>
<constraint>
- <regex>^(shared|vlan)$</regex>
+ <regex>(shared|vlan)</regex>
</constraint>
<valueHelp>
<format>shared</format>
@@ -141,7 +141,7 @@
<list>local radius noauth</list>
</completionHelp>
<constraint>
- <regex>^(local|radius|noauth)$</regex>
+ <regex>(local|radius|noauth)</regex>
</constraint>
<valueHelp>
<format>local</format>
diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in
index 7db9de9f8..ff4c8c55f 100644
--- a/interface-definitions/service_monitoring_telegraf.xml.in
+++ b/interface-definitions/service_monitoring_telegraf.xml.in
@@ -22,7 +22,7 @@
<properties>
<help>Authentication organization for InfluxDB v2 [REQUIRED]</help>
<constraint>
- <regex>^[a-zA-Z][1-9a-zA-Z@_\-.]{2,50}$</regex>
+ <regex>[a-zA-Z][1-9a-zA-Z@_\-.]{2,50}</regex>
</constraint>
<constraintErrorMessage>Organization name must be alphanumeric and can contain hyphens, underscores and at symbol.</constraintErrorMessage>
</properties>
@@ -35,7 +35,7 @@
<description>Authentication token</description>
</valueHelp>
<constraint>
- <regex>^[a-zA-Z0-9-_]{86}==$</regex>
+ <regex>[a-zA-Z0-9-_]{86}==</regex>
</constraint>
<constraintErrorMessage>Token must be 88 characters long and must contain only [a-zA-Z0-9-_] and '==' characters.</constraintErrorMessage>
</properties>
@@ -79,12 +79,133 @@
<description>Telegraf internal statistics</description>
</valueHelp>
<constraint>
- <regex>^(all|hardware-utilization|logs|network|system|telegraf)$</regex>
+ <regex>(all|hardware-utilization|logs|network|system|telegraf)</regex>
</constraint>
<multi/>
</properties>
<defaultValue>all</defaultValue>
</leafNode>
+ <node name="prometheus-client">
+ <properties>
+ <help>Output plugin Prometheus client</help>
+ </properties>
+ <children>
+ <node name="authentication">
+ <properties>
+ <help>HTTP basic authentication parameters</help>
+ </properties>
+ <children>
+ <leafNode name="username">
+ <properties>
+ <help>Authentication username</help>
+ </properties>
+ </leafNode>
+ <leafNode name="password">
+ <properties>
+ <help>Authentication password</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Authentication password</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="allow-from">
+ <properties>
+ <help>Networks allowed to query this server</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IP address and prefix length</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="ip-prefix"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="listen-address">
+ <properties>
+ <help>Local IP addresses to listen on</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+ </completionHelp>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address to listen for incoming connections</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address to listen for incoming connections</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ <validator name="ipv6-link-local"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="metric-version">
+ <properties>
+ <help>Metric version control mapping from Telegraf to Prometheus format</help>
+ <valueHelp>
+ <format>u32:1-2</format>
+ <description>Metric version (default: 2)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2"/>
+ </constraint>
+ </properties>
+ <defaultValue>2</defaultValue>
+ </leafNode>
+ #include <include/port-number.xml.i>
+ <leafNode name="port">
+ <defaultValue>9273</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ <node name="splunk">
+ <properties>
+ <help>Output plugin Splunk</help>
+ </properties>
+ <children>
+ <node name="authentication">
+ <properties>
+ <help>HTTP basic authentication parameters</help>
+ </properties>
+ <children>
+ <leafNode name="token">
+ <properties>
+ <help>Authorization token</help>
+ </properties>
+ </leafNode>
+ <leafNode name="insecure">
+ <properties>
+ <help>Use TLS but skip host validation</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="url">
+ <properties>
+ <help>Remote URL [REQUIRED]</help>
+ <valueHelp>
+ <format>url</format>
+ <description>Remote URL to Splunk collector</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(http(s?):\/\/.*):(\d*)\/?(.*)</regex>
+ </constraint>
+ <constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<leafNode name="url">
<properties>
<help>Remote URL [REQUIRED]</help>
@@ -93,7 +214,7 @@
<description>Remote URL to InfluxDB v2</description>
</valueHelp>
<constraint>
- <regex>^(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}?(\/.*)?$</regex>
+ <regex>(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}?(\/.*)?</regex>
</constraint>
<constraintErrorMessage>Incorrect URL format.</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in
index 97952d882..50f42849b 100644
--- a/interface-definitions/service_pppoe-server.xml.in
+++ b/interface-definitions/service_pppoe-server.xml.in
@@ -32,7 +32,7 @@
<list>ifname ifname:mac</list>
</completionHelp>
<constraint>
- <regex>^(ifname|ifname:mac)$</regex>
+ <regex>(ifname|ifname:mac)</regex>
</constraint>
<constraintErrorMessage>Invalid Called-Station-Id format</constraintErrorMessage>
<valueHelp>
@@ -108,7 +108,7 @@
<properties>
<help>Acceptable rate of connections (e.g. 1/min, 60/sec)</help>
<constraint>
- <regex>[0-9]+\/(min|sec)$</regex>
+ <regex>[0-9]+\/(min|sec)</regex>
</constraint>
<constraintErrorMessage>illegal value</constraintErrorMessage>
</properties>
@@ -171,7 +171,7 @@
<properties>
<help>IPv4 (IPCP) negotiation algorithm</help>
<constraint>
- <regex>^(deny|allow|prefer|require)$</regex>
+ <regex>(deny|allow|prefer|require)</regex>
</constraint>
<constraintErrorMessage>invalid value</constraintErrorMessage>
<valueHelp>
@@ -276,7 +276,7 @@
<properties>
<help>control sessions count</help>
<constraint>
- <regex>^(deny|disable|replace)$</regex>
+ <regex>(deny|disable|replace)</regex>
</constraint>
<constraintErrorMessage>Invalid value</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in
index ce1da85aa..bb11e9cd0 100644
--- a/interface-definitions/service_router-advert.xml.in
+++ b/interface-definitions/service_router-advert.xml.in
@@ -70,7 +70,7 @@
<description>Default router has high preference</description>
</valueHelp>
<constraint>
- <regex>^(low|medium|high)$</regex>
+ <regex>(low|medium|high)</regex>
</constraint>
<constraintErrorMessage>Default preference must be low, medium or high</constraintErrorMessage>
</properties>
@@ -170,7 +170,7 @@
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
- <regex>^(infinity)$</regex>
+ <regex>(infinity)</regex>
</constraint>
</properties>
<defaultValue>1800</defaultValue>
@@ -194,7 +194,7 @@
<description>Route has high preference</description>
</valueHelp>
<constraint>
- <regex>^(low|medium|high)$</regex>
+ <regex>(low|medium|high)</regex>
</constraint>
<constraintErrorMessage>Route preference must be low, medium or high</constraintErrorMessage>
</properties>
@@ -248,7 +248,7 @@
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
- <regex>^(infinity)$</regex>
+ <regex>(infinity)</regex>
</constraint>
</properties>
<defaultValue>14400</defaultValue>
@@ -269,7 +269,7 @@
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
- <regex>^(infinity)$</regex>
+ <regex>(infinity)</regex>
</constraint>
</properties>
<defaultValue>2592000</defaultValue>
diff --git a/interface-definitions/service_upnp.xml.in b/interface-definitions/service_upnp.xml.in
index 7cfe1f02e..a129b7260 100644
--- a/interface-definitions/service_upnp.xml.in
+++ b/interface-definitions/service_upnp.xml.in
@@ -211,7 +211,7 @@
<list>allow deny</list>
</completionHelp>
<constraint>
- <regex>^(allow|deny)$</regex>
+ <regex>(allow|deny)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in
index 89c4c3910..9a75bc27d 100644
--- a/interface-definitions/service_webproxy.xml.in
+++ b/interface-definitions/service_webproxy.xml.in
@@ -136,7 +136,7 @@
<description>Lightweight Directory Access Protocol</description>
</valueHelp>
<constraint>
- <regex>^(ldap)$</regex>
+ <regex>(ldap)</regex>
</constraint>
<constraintErrorMessage>The only supported method currently is LDAP</constraintErrorMessage>
</properties>
@@ -234,7 +234,7 @@
<description>Peer is a member of a multicast group</description>
</valueHelp>
<constraint>
- <regex>^(parent|sibling|multicast)$</regex>
+ <regex>(parent|sibling|multicast)</regex>
</constraint>
</properties>
<defaultValue>parent</defaultValue>
@@ -368,7 +368,7 @@
<list>image/gif www/mime application/macbinary application/oda application/octet-stream application/pdf application/postscript application/postscript application/postscript text/rtf application/octet-stream application/octet-stream application/x-tar application/x-csh application/x-dvi application/x-hdf application/x-latex text/plain application/x-netcdf application/x-netcdf application/x-sh application/x-tcl application/x-tex application/x-texinfo application/x-texinfo application/x-troff application/x-troff application/x-troff application/x-troff-man application/x-troff-me application/x-troff-ms application/x-wais-source application/zip application/x-bcpio application/x-cpio application/x-gtar application/x-rpm application/x-shar application/x-sv4cpio application/x-sv4crc application/x-tar application/x-ustar audio/basic audio/basic audio/mpeg audio/mpeg audio/mpeg audio/x-aiff audio/x-aiff audio/x-aiff audio/x-wav image/bmp image/ief image/jpeg image/jpeg image/jpeg image/tiff image/tiff image/x-cmu-raster image/x-portable-anymap image/x-portable-bitmap image/x-portable-graymap image/x-portable-pixmap image/x-rgb image/x-xbitmap image/x-xpixmap image/x-xwindowdump text/html text/html text/css application/x-javascript text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/richtext text/tab-separated-values text/x-setext video/mpeg video/mpeg video/mpeg video/quicktime video/quicktime video/x-msvideo video/x-sgi-movie application/mac-compactpro application/mac-binhex40 application/macwriteii application/msword application/msword application/vnd.ms-excel application/vnd.ms-powerpoint application/vnd.lotus-1-2-3 application/vnd.mif application/x-stuffit application/pict application/pict application/x-arj-compressed application/x-lha-compressed application/x-lha-compressed application/x-deflate text/plain application/octet-stream application/octet-stream image/png application/octet-stream application/x-xpinstall application/octet-stream text/plain application/x-director application/x-director application/x-director image/vnd.djvu image/vnd.djvu application/octet-stream application/octet-stream application/andrew-inset x-conference/x-cooltalk model/iges model/iges audio/midi audio/midi audio/midi model/mesh model/mesh video/vnd.mpegurl chemical/x-pdb application/x-chess-pgn audio/x-realaudio audio/x-pn-realaudio audio/x-pn-realaudio text/sgml text/sgml application/x-koan application/x-koan application/x-koan application/x-koan application/smil application/smil application/octet-stream application/x-futuresplash application/x-shockwave-flash application/x-cdlink model/vrml image/vnd.wap.wbmp application/vnd.wap.wbxml application/vnd.wap.wmlc application/vnd.wap.wmlscriptc application/vnd.wap.wmlscript application/xhtml application/xhtml text/xml text/xml chemical/x-xyz text/plain</list>
</completionHelp>
<constraint>
- <regex>^(image/gif|www/mime|application/macbinary|application/oda|application/octet-stream|application/pdf|application/postscript|application/postscript|application/postscript|text/rtf|application/octet-stream|application/octet-stream|application/x-tar|application/x-csh|application/x-dvi|application/x-hdf|application/x-latex|text/plain|application/x-netcdf|application/x-netcdf|application/x-sh|application/x-tcl|application/x-tex|application/x-texinfo|application/x-texinfo|application/x-troff|application/x-troff|application/x-troff|application/x-troff-man|application/x-troff-me|application/x-troff-ms|application/x-wais-source|application/zip|application/x-bcpio|application/x-cpio|application/x-gtar|application/x-rpm|application/x-shar|application/x-sv4cpio|application/x-sv4crc|application/x-tar|application/x-ustar|audio/basic|audio/basic|audio/mpeg|audio/mpeg|audio/mpeg|audio/x-aiff|audio/x-aiff|audio/x-aiff|audio/x-wav|image/bmp|image/ief|image/jpeg|image/jpeg|image/jpeg|image/tiff|image/tiff|image/x-cmu-raster|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-xbitmap|image/x-xpixmap|image/x-xwindowdump|text/html|text/html|text/css|application/x-javascript|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/richtext|text/tab-separated-values|text/x-setext|video/mpeg|video/mpeg|video/mpeg|video/quicktime|video/quicktime|video/x-msvideo|video/x-sgi-movie|application/mac-compactpro|application/mac-binhex40|application/macwriteii|application/msword|application/msword|application/vnd.ms-excel|application/vnd.ms-powerpoint|application/vnd.lotus-1-2-3|application/vnd.mif|application/x-stuffit|application/pict|application/pict|application/x-arj-compressed|application/x-lha-compressed|application/x-lha-compressed|application/x-deflate|text/plain|application/octet-stream|application/octet-stream|image/png|application/octet-stream|application/x-xpinstall|application/octet-stream|text/plain|application/x-director|application/x-director|application/x-director|image/vnd.djvu|image/vnd.djvu|application/octet-stream|application/octet-stream|application/andrew-inset|x-conference/x-cooltalk|model/iges|model/iges|audio/midi|audio/midi|audio/midi|model/mesh|model/mesh|video/vnd.mpegurl|chemical/x-pdb|application/x-chess-pgn|audio/x-realaudio|audio/x-pn-realaudio|audio/x-pn-realaudio|text/sgml|text/sgml|application/x-koan|application/x-koan|application/x-koan|application/x-koan|application/smil|application/smil|application/octet-stream|application/x-futuresplash|application/x-shockwave-flash|application/x-cdlink|model/vrml|image/vnd.wap.wbmp|application/vnd.wap.wbxml|application/vnd.wap.wmlc|application/vnd.wap.wmlscriptc|application/vnd.wap.wmlscript|application/xhtml|application/xhtml|text/xml|text/xml|chemical/x-xyz|text/plain)$</regex>
+ <regex>(image/gif|www/mime|application/macbinary|application/oda|application/octet-stream|application/pdf|application/postscript|application/postscript|application/postscript|text/rtf|application/octet-stream|application/octet-stream|application/x-tar|application/x-csh|application/x-dvi|application/x-hdf|application/x-latex|text/plain|application/x-netcdf|application/x-netcdf|application/x-sh|application/x-tcl|application/x-tex|application/x-texinfo|application/x-texinfo|application/x-troff|application/x-troff|application/x-troff|application/x-troff-man|application/x-troff-me|application/x-troff-ms|application/x-wais-source|application/zip|application/x-bcpio|application/x-cpio|application/x-gtar|application/x-rpm|application/x-shar|application/x-sv4cpio|application/x-sv4crc|application/x-tar|application/x-ustar|audio/basic|audio/basic|audio/mpeg|audio/mpeg|audio/mpeg|audio/x-aiff|audio/x-aiff|audio/x-aiff|audio/x-wav|image/bmp|image/ief|image/jpeg|image/jpeg|image/jpeg|image/tiff|image/tiff|image/x-cmu-raster|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-xbitmap|image/x-xpixmap|image/x-xwindowdump|text/html|text/html|text/css|application/x-javascript|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/richtext|text/tab-separated-values|text/x-setext|video/mpeg|video/mpeg|video/mpeg|video/quicktime|video/quicktime|video/x-msvideo|video/x-sgi-movie|application/mac-compactpro|application/mac-binhex40|application/macwriteii|application/msword|application/msword|application/vnd.ms-excel|application/vnd.ms-powerpoint|application/vnd.lotus-1-2-3|application/vnd.mif|application/x-stuffit|application/pict|application/pict|application/x-arj-compressed|application/x-lha-compressed|application/x-lha-compressed|application/x-deflate|text/plain|application/octet-stream|application/octet-stream|image/png|application/octet-stream|application/x-xpinstall|application/octet-stream|text/plain|application/x-director|application/x-director|application/x-director|image/vnd.djvu|image/vnd.djvu|application/octet-stream|application/octet-stream|application/andrew-inset|x-conference/x-cooltalk|model/iges|model/iges|audio/midi|audio/midi|audio/midi|model/mesh|model/mesh|video/vnd.mpegurl|chemical/x-pdb|application/x-chess-pgn|audio/x-realaudio|audio/x-pn-realaudio|audio/x-pn-realaudio|text/sgml|text/sgml|application/x-koan|application/x-koan|application/x-koan|application/x-koan|application/smil|application/smil|application/octet-stream|application/x-futuresplash|application/x-shockwave-flash|application/x-cdlink|model/vrml|image/vnd.wap.wbmp|application/vnd.wap.wbxml|application/vnd.wap.wmlc|application/vnd.wap.wmlscriptc|application/vnd.wap.wmlscript|application/xhtml|application/xhtml|text/xml|text/xml|chemical/x-xyz|text/plain)</regex>
</constraint>
<multi/>
</properties>
@@ -484,7 +484,7 @@
<description>Name of source group</description>
</valueHelp>
<constraint>
- <regex>^[^0-9]</regex>
+ <regex>[^0-9]</regex>
</constraint>
<constraintErrorMessage>URL-filter source-group cannot start with a number!</constraintErrorMessage>
</properties>
@@ -598,7 +598,7 @@
<description>All days of the week</description>
</valueHelp>
<constraint>
- <regex>^(Sun|Mon|Tue|Wed|Thu|Fri|Sat|weekdays|weekend|all)$</regex>
+ <regex>(Sun|Mon|Tue|Wed|Thu|Fri|Sat|weekdays|weekend|all)</regex>
</constraint>
</properties>
<children>
@@ -611,7 +611,7 @@
</valueHelp>
<constraint>
<!-- time range example: 12:00-13:00 -->
- <regex>^(\d\d:\d\d)-(\d\d:\d\d)$</regex>
+ <regex>(\d\d:\d\d)-(\d\d:\d\d)</regex>
</constraint>
<constraintErrorMessage>Expected time format hh:mm - hh:mm in 24hr time</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in
index b9e0f4cc5..b4f72589e 100644
--- a/interface-definitions/snmp.xml.in
+++ b/interface-definitions/snmp.xml.in
@@ -13,7 +13,7 @@
<properties>
<help>Community name</help>
<constraint>
- <regex>^[a-zA-Z0-9\-_]{1,100}$</regex>
+ <regex>[a-zA-Z0-9\-_]{1,100}</regex>
</constraint>
<constraintErrorMessage>Community string is limited to alphanumerical characters only with a total lenght of 100</constraintErrorMessage>
</properties>
@@ -33,7 +33,7 @@
<description>Read-Write</description>
</valueHelp>
<constraint>
- <regex>^(ro|rw)$</regex>
+ <regex>(ro|rw)</regex>
</constraint>
<constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage>
</properties>
@@ -72,7 +72,7 @@
<properties>
<help>Contact information</help>
<constraint>
- <regex>^.{1,255}$</regex>
+ <regex>.{1,255}</regex>
</constraint>
<constraintErrorMessage>Contact information is limited to 255 characters or less</constraintErrorMessage>
</properties>
@@ -81,7 +81,7 @@
<properties>
<help>Description information</help>
<constraint>
- <regex>^.{1,255}$</regex>
+ <regex>.{1,255}</regex>
</constraint>
<constraintErrorMessage>Description is limited to 255 characters or less</constraintErrorMessage>
</properties>
@@ -116,7 +116,7 @@
<properties>
<help>Location information</help>
<constraint>
- <regex>^.{1,255}$</regex>
+ <regex>.{1,255}</regex>
</constraint>
<constraintErrorMessage>Location is limited to 255 characters or less</constraintErrorMessage>
</properties>
@@ -132,7 +132,7 @@
<description>Enable routing table OIDs (ipCidrRouteTable inetCidrRouteTable)</description>
</valueHelp>
<constraint>
- <regex>^(route-table)$</regex>
+ <regex>(route-table)</regex>
</constraint>
<constraintErrorMessage>OID must be 'route-table'</constraintErrorMessage>
</properties>
@@ -202,7 +202,7 @@
<properties>
<help>Specifies the EngineID that uniquely identify an agent (e.g. 000000000000000000000002)</help>
<constraint>
- <regex>^([0-9a-f][0-9a-f]){1,18}$</regex>
+ <regex>([0-9a-f][0-9a-f]){1,18}</regex>
</constraint>
<constraintErrorMessage>ID must contain an even number (from 2 to 36) of hex digits</constraintErrorMessage>
</properties>
@@ -233,7 +233,7 @@
<description>Messages are authenticated and encrypted (authPriv)</description>
</valueHelp>
<constraint>
- <regex>^(noauth|auth|priv)$</regex>
+ <regex>(noauth|auth|priv)</regex>
</constraint>
</properties>
<defaultValue>auth</defaultValue>
@@ -274,7 +274,7 @@
<properties>
<help>Defines the encrypted key for authentication</help>
<constraint>
- <regex>^[0-9a-f]*$</regex>
+ <regex>[0-9a-f]*</regex>
</constraint>
<constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage>
</properties>
@@ -283,7 +283,7 @@
<properties>
<help>Defines the clear text key for authentication</help>
<constraint>
- <regex>^.{8,}$</regex>
+ <regex>.{8,}</regex>
</constraint>
<constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage>
</properties>
@@ -304,7 +304,7 @@
<properties>
<help>Defines the encrypted key for privacy protocol</help>
<constraint>
- <regex>^[0-9a-f]*$</regex>
+ <regex>[0-9a-f]*</regex>
</constraint>
<constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage>
</properties>
@@ -313,7 +313,7 @@
<properties>
<help>Defines the clear text key for privacy protocol</help>
<constraint>
- <regex>^.{8,}$</regex>
+ <regex>.{8,}</regex>
</constraint>
<constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage>
</properties>
@@ -337,7 +337,7 @@
<description>Use TRAP</description>
</valueHelp>
<constraint>
- <regex>^(inform|trap)$</regex>
+ <regex>(inform|trap)</regex>
</constraint>
</properties>
<defaultValue>inform</defaultValue>
@@ -356,7 +356,7 @@
<properties>
<help>Specifies the user with name username</help>
<constraint>
- <regex>[^\(\)\|\-]+$</regex>
+ <regex>[^\(\)\|\-]+</regex>
</constraint>
<constraintErrorMessage>Illegal characters in name</constraintErrorMessage>
</properties>
@@ -370,7 +370,7 @@
<properties>
<help>Defines the encrypted key for authentication</help>
<constraint>
- <regex>^[0-9a-f]*$</regex>
+ <regex>[0-9a-f]*</regex>
</constraint>
<constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage>
</properties>
@@ -379,7 +379,7 @@
<properties>
<help>Defines the clear text key for authentication</help>
<constraint>
- <regex>^.{8,}$</regex>
+ <regex>.{8,}</regex>
</constraint>
<constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage>
</properties>
@@ -405,7 +405,7 @@
<properties>
<help>Defines the encrypted key for privacy protocol</help>
<constraint>
- <regex>^[0-9a-f]*$</regex>
+ <regex>[0-9a-f]*</regex>
</constraint>
<constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage>
</properties>
@@ -414,7 +414,7 @@
<properties>
<help>Defines the clear text key for privacy protocol</help>
<constraint>
- <regex>^.{8,}$</regex>
+ <regex>.{8,}</regex>
</constraint>
<constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage>
</properties>
@@ -428,7 +428,7 @@
<properties>
<help>Specifies the view with name viewname</help>
<constraint>
- <regex>[^\(\)\|\-]+$</regex>
+ <regex>[^\(\)\|\-]+</regex>
</constraint>
<constraintErrorMessage>Illegal characters in name</constraintErrorMessage>
</properties>
@@ -437,7 +437,7 @@
<properties>
<help>Specifies the oid</help>
<constraint>
- <regex>^[0-9]+(\.[0-9]+)*$</regex>
+ <regex>[0-9]+(\.[0-9]+)*</regex>
</constraint>
<constraintErrorMessage>OID must start from a number</constraintErrorMessage>
</properties>
@@ -451,7 +451,7 @@
<properties>
<help>Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant</help>
<constraint>
- <regex>^[0-9a-f]{2}([\.:][0-9a-f]{2})*$</regex>
+ <regex>[0-9a-f]{2}([\.:][0-9a-f]{2})*</regex>
</constraint>
<constraintErrorMessage>MASK is a list of hex octets, separated by '.' or ':'</constraintErrorMessage>
</properties>
@@ -471,7 +471,7 @@
<properties>
<help>Extension name</help>
<constraint>
- <regex>^[a-z0-9\.\-\_]+</regex>
+ <regex>[a-z0-9\.\-\_]+</regex>
</constraint>
<constraintErrorMessage>Script extension contains invalid characters</constraintErrorMessage>
</properties>
@@ -483,7 +483,7 @@
<script>ls /config/user-data</script>
</completionHelp>
<constraint>
- <regex>^[a-z0-9\.\-\_\/]+</regex>
+ <regex>[a-z0-9\.\-\_\/]+</regex>
</constraint>
<constraintErrorMessage>Script extension contains invalid characters</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in
index 8edbad110..126183162 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/ssh.xml.in
@@ -61,6 +61,78 @@
<valueless/>
</properties>
</leafNode>
+ <node name="dynamic-protection">
+ <properties>
+ <help>Allow dynamic protection</help>
+ </properties>
+ <children>
+ <leafNode name="block-time">
+ <properties>
+ <help>Block source IP in seconds. Subsequent blocks increase by a factor of 1.5</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Time interval in seconds for blocking</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>120</defaultValue>
+ </leafNode>
+ <leafNode name="detect-time">
+ <properties>
+ <help>Remember source IP in seconds before reset their score</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Time interval in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>1800</defaultValue>
+ </leafNode>
+ <leafNode name="threshold">
+ <properties>
+ <help>Block source IP when their cumulative attack score exceeds threshold</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Threshold score</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>30</defaultValue>
+ </leafNode>
+ <leafNode name="allow-from">
+ <properties>
+ <help>Always allow inbound connections from these systems</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Address to match against</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 address and prefix length</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address to match against</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-address"/>
+ <validator name="ip-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<leafNode name="key-exchange">
<properties>
<help>Allowed key exchange (KEX) algorithms</help>
diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in
index 65edab839..14f12b569 100644
--- a/interface-definitions/system-conntrack.xml.in
+++ b/interface-definitions/system-conntrack.xml.in
@@ -252,7 +252,7 @@
<description>Do not allow tracking of previously established connections</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>enable</defaultValue>
diff --git a/interface-definitions/system-console.xml.in b/interface-definitions/system-console.xml.in
index 2897e5e97..5acd3e90b 100644
--- a/interface-definitions/system-console.xml.in
+++ b/interface-definitions/system-console.xml.in
@@ -28,7 +28,7 @@
<description>Xen console</description>
</valueHelp>
<constraint>
- <regex>^(ttyS[0-9]+|hvc[0-9]+|usb[0-9]+b.*)$</regex>
+ <regex>(ttyS[0-9]+|hvc[0-9]+|usb[0-9]+b.*)</regex>
</constraint>
</properties>
<children>
@@ -71,7 +71,7 @@
<description>115200 bps</description>
</valueHelp>
<constraint>
- <regex>^(1200|2400|4800|9600|19200|38400|57600|115200)$</regex>
+ <regex>(1200|2400|4800|9600|19200|38400|57600|115200)</regex>
</constraint>
</properties>
<defaultValue>115200</defaultValue>
diff --git a/interface-definitions/system-lcd.xml.in b/interface-definitions/system-lcd.xml.in
index 4c9d5c92e..9b1a15317 100644
--- a/interface-definitions/system-lcd.xml.in
+++ b/interface-definitions/system-lcd.xml.in
@@ -39,7 +39,7 @@
<description>Lanner, Watchguard, Nexcom NSA, Sophos UTM appliances</description>
</valueHelp>
<constraint>
- <regex>^(cfa-533|cfa-631|cfa-633|cfa-635|hd44780|sdec)$</regex>
+ <regex>(cfa-533|cfa-631|cfa-633|cfa-635|hd44780|sdec)</regex>
</constraint>
</properties>
</leafNode>
@@ -59,7 +59,7 @@
<description>TTY device name, USB based</description>
</valueHelp>
<constraint>
- <regex>^(ttyS[0-9]+|usb[0-9]+b.*)$</regex>
+ <regex>(ttyS[0-9]+|usb[0-9]+b.*)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index a5519ee88..24eeee355 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -12,7 +12,7 @@
<properties>
<help>Local user account information</help>
<constraint>
- <regex>^[-_a-zA-Z0-9.]{1,100}</regex>
+ <regex>[-_a-zA-Z0-9.]{1,100}</regex>
</constraint>
<constraintErrorMessage>Username contains illegal characters or\nexceeds 100 character limitation.</constraintErrorMessage>
</properties>
@@ -27,7 +27,7 @@
<help>Encrypted password</help>
<constraint>
<regex>(\*|\!)</regex>
- <regex>[a-zA-Z0-9\.\/]{13}$</regex>
+ <regex>[a-zA-Z0-9\.\/]{13}</regex>
<regex>\$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22}</regex>
<regex>\$5\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex>
<regex>\$6\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex>
@@ -90,7 +90,7 @@
<description/>
</valueHelp>
<constraint>
- <regex>^(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519)$</regex>
+ <regex>(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519)</regex>
</constraint>
</properties>
</leafNode>
@@ -102,7 +102,7 @@
<properties>
<help>Full name of the user (use quotes for names with spaces)</help>
<constraint>
- <regex>[^:]*$</regex>
+ <regex>[^:]*</regex>
</constraint>
<constraintErrorMessage>Cannot use ':' in full name</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in
index 75fa67271..8cd25799b 100644
--- a/interface-definitions/system-option.xml.in
+++ b/interface-definitions/system-option.xml.in
@@ -27,7 +27,7 @@
<description>Poweroff system</description>
</valueHelp>
<constraint>
- <regex>^(ignore|reboot|poweroff)$</regex>
+ <regex>(ignore|reboot|poweroff)</regex>
</constraint>
<constraintErrorMessage>Must be ignore, reboot, or poweroff</constraintErrorMessage>
</properties>
@@ -84,7 +84,7 @@
<description>Tune for low network latency</description>
</valueHelp>
<constraint>
- <regex>^(throughput|latency)$</regex>
+ <regex>(throughput|latency)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system-proxy.xml.in
index ade168522..1c06b347f 100644
--- a/interface-definitions/system-proxy.xml.in
+++ b/interface-definitions/system-proxy.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Proxy URL</help>
<constraint>
- <regex>http:\/\/[a-z0-9\.]+$</regex>
+ <regex>http:\/\/[a-z0-9\.]+</regex>
</constraint>
</properties>
</leafNode>
@@ -20,7 +20,7 @@
<properties>
<help>Proxy username</help>
<constraint>
- <regex>[a-z0-9-_\.]{1,100}$</regex>
+ <regex>[a-z0-9-_\.]{1,100}</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system-syslog.xml.in
index 9280a43c8..480cb1ca6 100644
--- a/interface-definitions/system-syslog.xml.in
+++ b/interface-definitions/system-syslog.xml.in
@@ -28,7 +28,7 @@
<list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
</completionHelp>
<constraint>
- <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex>
+ <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex>
</constraint>
<constraintErrorMessage>Invalid facility type</constraintErrorMessage>
<valueHelp>
@@ -132,7 +132,7 @@
<list>emerg alert crit err warning notice info debug all</list>
</completionHelp>
<constraint>
- <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex>
+ <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex>
</constraint>
<constraintErrorMessage>Invalid loglevel</constraintErrorMessage>
<valueHelp>
@@ -203,7 +203,7 @@
<list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
</completionHelp>
<constraint>
- <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex>
+ <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex>
</constraint>
<constraintErrorMessage>Invalid facility type</constraintErrorMessage>
<valueHelp>
@@ -315,7 +315,7 @@
<list>udp tcp</list>
</completionHelp>
<constraint>
- <regex>^(udp|tcp)$</regex>
+ <regex>(udp|tcp)</regex>
</constraint>
<constraintErrorMessage>invalid protocol name</constraintErrorMessage>
</properties>
@@ -327,7 +327,7 @@
<list>emerg alert crit err warning notice info debug all</list>
</completionHelp>
<constraint>
- <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex>
+ <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex>
</constraint>
<constraintErrorMessage>Invalid loglevel</constraintErrorMessage>
<valueHelp>
@@ -422,7 +422,7 @@
<list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
</completionHelp>
<constraint>
- <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex>
+ <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex>
</constraint>
<constraintErrorMessage>Invalid facility type</constraintErrorMessage>
<valueHelp>
@@ -526,7 +526,7 @@
<list>emerg alert crit err warning notice info debug all</list>
</completionHelp>
<constraint>
- <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex>
+ <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex>
</constraint>
<constraintErrorMessage>Invalid loglevel</constraintErrorMessage>
<valueHelp>
@@ -633,7 +633,7 @@
<list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
</completionHelp>
<constraint>
- <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex>
+ <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex>
</constraint>
<constraintErrorMessage>Invalid facility type</constraintErrorMessage>
<valueHelp>
@@ -737,7 +737,7 @@
<list>emerg alert crit err warning notice info debug all</list>
</completionHelp>
<constraint>
- <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex>
+ <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex>
</constraint>
<constraintErrorMessage>Invalid loglevel</constraintErrorMessage>
<valueHelp>
@@ -794,7 +794,7 @@
<list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
</completionHelp>
<constraint>
- <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex>
+ <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex>
</constraint>
<constraintErrorMessage>Invalid facility type</constraintErrorMessage>
<valueHelp>
@@ -898,7 +898,7 @@
<list>emerg alert crit err warning notice info debug all</list>
</completionHelp>
<constraint>
- <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex>
+ <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex>
</constraint>
<constraintErrorMessage>Invalid loglevel</constraintErrorMessage>
<valueHelp>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index a86951ce8..555ba689f 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -37,7 +37,7 @@
<description>Enable ESP compression</description>
</valueHelp>
<constraint>
- <regex>^(disable|enable)$</regex>
+ <regex>(disable|enable)</regex>
</constraint>
</properties>
<defaultValue>disable</defaultValue>
@@ -94,7 +94,7 @@
<description>Transport mode</description>
</valueHelp>
<constraint>
- <regex>^(tunnel|transport)$</regex>
+ <regex>(tunnel|transport)</regex>
</constraint>
</properties>
<defaultValue>tunnel</defaultValue>
@@ -202,7 +202,7 @@
<description>Disable PFS</description>
</valueHelp>
<constraint>
- <regex>^(enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable)$</regex>
+ <regex>(enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable)</regex>
</constraint>
</properties>
<defaultValue>enable</defaultValue>
@@ -246,7 +246,7 @@
<description>Attempt to re-negotiate the connection immediately</description>
</valueHelp>
<constraint>
- <regex>^(none|hold|restart)$</regex>
+ <regex>(none|hold|restart)</regex>
</constraint>
</properties>
</leafNode>
@@ -274,7 +274,7 @@
<description>Attempt to re-negotiate the connection immediately</description>
</valueHelp>
<constraint>
- <regex>^(hold|clear|restart)$</regex>
+ <regex>(hold|clear|restart)</regex>
</constraint>
</properties>
</leafNode>
@@ -321,7 +321,7 @@
<description>Disable remote host re-authenticaton during an IKE rekey</description>
</valueHelp>
<constraint>
- <regex>^(yes|no)$</regex>
+ <regex>(yes|no)</regex>
</constraint>
</properties>
</leafNode>
@@ -340,7 +340,7 @@
<description>Use IKEv2 for key exchange</description>
</valueHelp>
<constraint>
- <regex>^(ikev1|ikev2)$</regex>
+ <regex>(ikev1|ikev2)</regex>
</constraint>
</properties>
</leafNode>
@@ -372,7 +372,7 @@
<description>Disable MOBIKE</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
<defaultValue>enable</defaultValue>
@@ -392,7 +392,7 @@
<description>Use the aggressive mode (insecure, not recommended)</description>
</valueHelp>
<constraint>
- <regex>^(main|aggressive)$</regex>
+ <regex>(main|aggressive)</regex>
</constraint>
</properties>
<defaultValue>main</defaultValue>
@@ -501,7 +501,7 @@
<description>Diffie-Hellman group 32 (curve448)</description>
</valueHelp>
<constraint>
- <regex>^(1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32)$</regex>
+ <regex>(1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32)</regex>
</constraint>
</properties>
<defaultValue>2</defaultValue>
@@ -628,7 +628,7 @@
<description>Any subsystem</description>
</valueHelp>
<constraint>
- <regex>^(dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any)$</regex>
+ <regex>(dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any)</regex>
</constraint>
<multi/>
</properties>
@@ -747,7 +747,7 @@
<description>Use EAP-RADIUS authentication</description>
</valueHelp>
<constraint>
- <regex>^(eap-tls|eap-mschapv2|eap-radius)$</regex>
+ <regex>(eap-tls|eap-mschapv2|eap-radius)</regex>
</constraint>
</properties>
<defaultValue>eap-mschapv2</defaultValue>
@@ -768,7 +768,7 @@
<description>Use x.509 certificate</description>
</valueHelp>
<constraint>
- <regex>^(pre-shared-secret|x509)$</regex>
+ <regex>(pre-shared-secret|x509)</regex>
</constraint>
</properties>
<defaultValue>x509</defaultValue>
@@ -840,7 +840,7 @@
<description>Delete any existing connection if a new one for the same user gets established</description>
</valueHelp>
<constraint>
- <regex>^(never|keep|replace)$</regex>
+ <regex>(never|keep|replace)</regex>
</constraint>
</properties>
</leafNode>
@@ -976,7 +976,7 @@
<description>Use x.509 certificate</description>
</valueHelp>
<constraint>
- <regex>^(pre-shared-secret|rsa|x509)$</regex>
+ <regex>(pre-shared-secret|rsa|x509)</regex>
</constraint>
</properties>
</leafNode>
@@ -1017,7 +1017,7 @@
<description>Load the connection only</description>
</valueHelp>
<constraint>
- <regex>^(initiate|respond|none)$</regex>
+ <regex>(initiate|respond|none)</regex>
</constraint>
</properties>
</leafNode>
@@ -1046,7 +1046,7 @@
<description>Do not force UDP encapsulation</description>
</valueHelp>
<constraint>
- <regex>^(enable|disable)$</regex>
+ <regex>(enable|disable)</regex>
</constraint>
</properties>
</leafNode>
@@ -1070,7 +1070,7 @@
<description>Inherit the reauth configuration form your IKE-group</description>
</valueHelp>
<constraint>
- <regex>^(yes|no|inherit)$</regex>
+ <regex>(yes|no|inherit)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index 9ca7b1fad..f734283e7 100644
--- a/interface-definitions/vpn_l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -72,7 +72,7 @@
<description>Use X.509 certificate for IPsec authentication</description>
</valueHelp>
<constraint>
- <regex>^(pre-shared-secret|x509)$</regex>
+ <regex>(pre-shared-secret|x509)</regex>
</constraint>
<completionHelp>
<list>pre-shared-secret x509</list>
@@ -167,7 +167,7 @@
<description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description>
</valueHelp>
<constraint>
- <regex>^(pap|chap|mschap|mschap-v2)$</regex>
+ <regex>(pap|chap|mschap|mschap-v2)</regex>
</constraint>
<completionHelp>
<list>pap chap mschap mschap-v2</list>
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index 05458ed34..21b47125d 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -34,7 +34,7 @@
<description>Password (first) + OTP local authentication</description>
</valueHelp>
<constraint>
- <regex>^(password|otp|password-otp)$</regex>
+ <regex>(password|otp|password-otp)</regex>
</constraint>
<constraintErrorMessage>Invalid authentication mode. Must be one of: password, otp or password-otp </constraintErrorMessage>
<completionHelp>
@@ -51,6 +51,82 @@
</children>
</node>
#include <include/auth-local-users.xml.i>
+ <node name="local-users">
+ <children>
+ <tagNode name="username">
+ <children>
+ <node name="otp">
+ <properties>
+ <help>2FA OTP authentication parameters</help>
+ </properties>
+ <children>
+ <leafNode name="key">
+ <properties>
+ <help>Token Key Secret key for the token algorithm (see RFC 4226)</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>OTP key in hex-encoded format</description>
+ </valueHelp>
+ <constraint>
+ <regex>[a-fA-F0-9]{20,10000}</regex>
+ </constraint>
+ <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="otp-length">
+ <properties>
+ <help>Number of digits in OTP code</help>
+ <valueHelp>
+ <format>u32:6-8</format>
+ <description>Number of digits in OTP code</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 6-8"/>
+ </constraint>
+ <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage>
+ </properties>
+ <defaultValue>6</defaultValue>
+ </leafNode>
+ <leafNode name="interval">
+ <properties>
+ <help>Time tokens interval in seconds</help>
+ <valueHelp>
+ <format>u32:5-86400</format>
+ <description>Time tokens interval in seconds.</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 5-86400"/>
+ </constraint>
+ <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage>
+ </properties>
+ <defaultValue>30</defaultValue>
+ </leafNode>
+ <leafNode name="token-type">
+ <properties>
+ <help>Token type</help>
+ <valueHelp>
+ <format>hotp-time</format>
+ <description>Time-based OTP algorithm</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hotp-event</format>
+ <description>Event-based OTP algorithm</description>
+ </valueHelp>
+ <constraint>
+ <regex>(hotp-time|hotp-event)</regex>
+ </constraint>
+ <completionHelp>
+ <list>hotp-time hotp-event</list>
+ </completionHelp>
+ </properties>
+ <defaultValue>hotp-time</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ </children>
+ </node>
#include <include/radius-server-ipv4.xml.i>
<node name="radius">
<children>
diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in
index 0d1690013..28a53acb9 100644
--- a/interface-definitions/vpn_pptp.xml.in
+++ b/interface-definitions/vpn_pptp.xml.in
@@ -75,7 +75,7 @@
<description>ask client for mppe, if it rejects drop connection</description>
</valueHelp>
<constraint>
- <regex>^(deny|prefer|require)$</regex>
+ <regex>(deny|prefer|require)</regex>
</constraint>
<completionHelp>
<list>deny prefer require</list>
diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in
index 14c31fa8a..25a573887 100644
--- a/interface-definitions/vrf.xml.in
+++ b/interface-definitions/vrf.xml.in
@@ -28,6 +28,22 @@
<children>
#include <include/interface/description.xml.i>
#include <include/interface/disable.xml.i>
+ <node name="ip">
+ <properties>
+ <help>IPv4 routing parameters</help>
+ </properties>
+ <children>
+ #include <include/interface/disable-forwarding.xml.i>
+ </children>
+ </node>
+ <node name="ipv6">
+ <properties>
+ <help>IPv6 routing parameters</help>
+ </properties>
+ <children>
+ #include <include/interface/disable-forwarding.xml.i>
+ </children>
+ </node>
<node name="protocols">
<properties>
<help>Routing protocol parameters</help>
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
index eac63fa6b..8af0dcfb6 100644
--- a/interface-definitions/zone-policy.xml.in
+++ b/interface-definitions/zone-policy.xml.in
@@ -14,7 +14,7 @@
<description>Zone name</description>
</valueHelp>
<constraint>
- <regex>^[a-zA-Z0-9][\w\-\.]*$</regex>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
</constraint>
</properties>
<children>
@@ -34,7 +34,7 @@
<description>Drop and notify source</description>
</valueHelp>
<constraint>
- <regex>^(drop|reject)$</regex>
+ <regex>(drop|reject)</regex>
</constraint>
</properties>
<defaultValue>drop</defaultValue>
@@ -105,7 +105,7 @@
<description>Drop silently</description>
</valueHelp>
<constraint>
- <regex>^(accept|drop)$</regex>
+ <regex>(accept|drop)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/op-mode-definitions/containers.xml.in b/op-mode-definitions/container.xml.in
index b2b318786..fa66402dc 100644
--- a/op-mode-definitions/containers.xml.in
+++ b/op-mode-definitions/container.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Pull a new image for container</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/containers_op.py --pull "${4}"</command>
+ <command>sudo podman image pull "${4}"</command>
</tagNode>
</children>
</node>
@@ -44,7 +44,51 @@
<script>sudo podman image ls -q</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/containers_op.py --remove "${4}"</command>
+ <command>sudo podman image rm --force "${4}"</command>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ <node name="generate">
+ <children>
+ <node name="container">
+ <properties>
+ <help>Generate Container Image</help>
+ </properties>
+ <children>
+ <tagNode name="image">
+ <properties>
+ <help>Name of container image (tag)</help>
+ </properties>
+ <children>
+ <tagNode name="path">
+ <properties>
+ <help>Path to Dockerfile</help>
+ <completionHelp>
+ <list>&lt;filename&gt;</list>
+ </completionHelp>
+ </properties>
+ <command>sudo podman build --layers --force-rm --tag "$4" $6</command>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ <node name="monitor">
+ <children>
+ <node name="log">
+ <children>
+ <tagNode name="container">
+ <properties>
+ <help>Monitor last lines of container logs</help>
+ <completionHelp>
+ <path>container name</path>
+ </completionHelp>
+ </properties>
+ <command>sudo podman logs --follow --names "$4"</command>
</tagNode>
</children>
</node>
@@ -56,13 +100,13 @@
<properties>
<help>Show containers</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/containers_op.py --all</command>
+ <command>sudo podman ps --all</command>
<children>
<leafNode name="image">
<properties>
- <help>Delete container image</help>
+ <help>Show container image</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/containers_op.py --image</command>
+ <command>sudo podman image ls</command>
</leafNode>
<tagNode name="log">
<properties>
@@ -77,7 +121,7 @@
<properties>
<help>Show available container networks</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/containers_op.py --networks</command>
+ <command>sudo podman network ls</command>
</leafNode>
</children>
</node>
@@ -118,12 +162,12 @@
<children>
<tagNode name="image">
<properties>
- <help>Delete container image</help>
+ <help>Update container image</help>
<completionHelp>
<path>container name</path>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/containers_op.py --update "${4}"</command>
+ <command>if cli-shell-api existsActive container name "$4"; then sudo podman pull $(cli-shell-api returnActiveValue container name "$4" image); else echo "Container $4 does not exist"; fi</command>
</tagNode>
</children>
</node>
diff --git a/op-mode-definitions/generate-openconnect-user-key.xml.in b/op-mode-definitions/generate-openconnect-user-key.xml.in
new file mode 100644
index 000000000..80cdfb3d7
--- /dev/null
+++ b/op-mode-definitions/generate-openconnect-user-key.xml.in
@@ -0,0 +1,67 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="generate">
+ <children>
+ <node name="openconnect">
+ <properties>
+ <help>Generate OpenConnect client parameters</help>
+ </properties>
+ <children>
+ <tagNode name="username">
+ <properties>
+ <help>Username used for authentication</help>
+ <completionHelp>
+ <list>&lt;username&gt;</list>
+ </completionHelp>
+ </properties>
+ <children>
+ <node name="otp-key">
+ <properties>
+ <help>Generate OpenConnect OTP token</help>
+ </properties>
+ <children>
+ <node name="hotp-time">
+ <properties>
+ <help>HOTP time-based token</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval 30 --digits 6</command>
+ <children>
+ <tagNode name="interval">
+ <properties>
+ <help>Duration of single time interval</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "$8" --digits 6</command>
+ <children>
+ <tagNode name="digits">
+ <properties>
+ <help>The number of digits in the one-time password</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "$8" --digits "${10}"</command>
+ </tagNode>
+ </children>
+ </tagNode>
+ <tagNode name="digits">
+ <properties>
+ <help>The number of digits in the one-time password</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval 30 --digits "$8"</command>
+ <children>
+ <tagNode name="interval">
+ <properties>
+ <help>Duration of single time interval</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "${10}" --digits $8</command>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in
index cbdf76fc3..6f82ce611 100644
--- a/op-mode-definitions/monitor-log.xml.in
+++ b/op-mode-definitions/monitor-log.xml.in
@@ -6,13 +6,96 @@
<properties>
<help>Monitor last lines of messages file</help>
</properties>
- <command>tail --follow=name /var/log/messages</command>
+ <command>journalctl --no-hostname --follow --boot</command>
<children>
<node name="colored">
<properties>
<help>Output log in a colored fashion</help>
</properties>
- <command>grc tail --follow=name /var/log/messages</command>
+ <command>grc journalctl --no-hostname --follow --boot</command>
+ </node>
+ <node name="dhcp">
+ <properties>
+ <help>Show log for Dynamic Host Control Protocol (DHCP)</help>
+ </properties>
+ <children>
+ <node name="server">
+ <properties>
+ <help>Show log for DHCP server</help>
+ </properties>
+ <command>journalctl --no-hostname --follow --boot --unit isc-dhcp-server.service</command>
+ </node>
+ <node name="client">
+ <properties>
+ <help>Show DHCP client logs</help>
+ </properties>
+ <command>journalctl --no-hostname --follow --boot --unit "dhclient@*.service"</command>
+ <children>
+ <tagNode name="interface">
+ <properties>
+ <help>Show DHCP client log on specific interface</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py --broadcast</script>
+ </completionHelp>
+ </properties>
+ <command>journalctl --no-hostname --follow --boot --unit "dhclient@$6.service"</command>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ <node name="dhcpv6">
+ <properties>
+ <help>Show log for Dynamic Host Control Protocol IPv6 (DHCPv6)</help>
+ </properties>
+ <children>
+ <node name="server">
+ <properties>
+ <help>Show log for DHCPv6 server</help>
+ </properties>
+ <command>journalctl --no-hostname --follow --boot --unit isc-dhcp-server6.service</command>
+ </node>
+ <node name="client">
+ <properties>
+ <help>Show DHCPv6 client logs</help>
+ </properties>
+ <command>journalctl --no-hostname --follow --boot --unit "dhcp6c@*.service"</command>
+ <children>
+ <tagNode name="interface">
+ <properties>
+ <help>Show DHCPv6 client log on specific interface</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+ <command>journalctl --no-hostname --follow --boot --unit "dhcp6c@$6.service"</command>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ <leafNode name="kernel">
+ <properties>
+ <help>Monitor last lines of Linux Kernel log</help>
+ </properties>
+ <command>journalctl --no-hostname --boot --follow --dmesg</command>
+ </leafNode>
+ <node name="pppoe">
+ <properties>
+ <help>Monitor last lines of PPPoE log</help>
+ </properties>
+ <command>journalctl --no-hostname --boot --follow --unit "ppp@pppoe*.service"</command>
+ <children>
+ <tagNode name="interface">
+ <properties>
+ <help>Monitor last lines of PPPoE log for specific interface</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py -t pppoe</script>
+ </completionHelp>
+ </properties>
+ <command>journalctl --no-hostname --boot --follow --unit "ppp@$6.service"</command>
+ </tagNode>
+ </children>
</node>
<node name="protocol">
<properties>
@@ -23,67 +106,67 @@
<properties>
<help>Monitor log for OSPF</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/ospfd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ospfd</command>
</leafNode>
<leafNode name="ospfv3">
<properties>
<help>Monitor log for OSPF for IPv6</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/ospf6d</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ospf6d</command>
</leafNode>
<leafNode name="bgp">
<properties>
<help>Monitor log for BGP</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/bgpd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/bgpd</command>
</leafNode>
<leafNode name="rip">
<properties>
<help>Monitor log for RIP</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/ripd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ripd</command>
</leafNode>
<leafNode name="ripng">
<properties>
<help>Monitor log for RIPng</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/ripngd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ripngd</command>
</leafNode>
<leafNode name="static">
<properties>
<help>Monitor log for static route</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/staticd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/staticd</command>
</leafNode>
<leafNode name="multicast">
<properties>
<help>Monitor log for Multicast protocol</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/pimd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/pimd</command>
</leafNode>
<leafNode name="isis">
<properties>
<help>Monitor log for ISIS</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/isisd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/isisd</command>
</leafNode>
<leafNode name="nhrp">
<properties>
<help>Monitor log for NHRP</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/nhrpd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/nhrpd</command>
</leafNode>
<leafNode name="bfd">
<properties>
<help>Monitor log for BFD</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/bfdd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/bfdd</command>
</leafNode>
<leafNode name="mpls">
<properties>
<help>Monitor log for MPLS</help>
</properties>
- <command>journalctl --follow --boot /usr/lib/frr/ldpd</command>
+ <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ldpd</command>
</leafNode>
</children>
</node>
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index 15bbc7f42..954369712 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -179,9 +179,9 @@
</tagNode>
<leafNode name="kernel">
<properties>
- <help>Show messages in kernel ring buffer</help>
+ <help>Show log for Linux Kernel</help>
</properties>
- <command>sudo dmesg</command>
+ <command>journalctl --no-hostname --boot --dmesg</command>
</leafNode>
<leafNode name="lldp">
<properties>
@@ -212,6 +212,23 @@
</tagNode>
</children>
</node>
+ <node name="pppoe">
+ <properties>
+ <help>Show log for PPPoE</help>
+ </properties>
+ <command>journalctl --no-hostname --boot --unit "ppp@pppoe*.service"</command>
+ <children>
+ <tagNode name="interface">
+ <properties>
+ <help>Show PPPoE log on specific interface</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py -t pppoe</script>
+ </completionHelp>
+ </properties>
+ <command>journalctl --no-hostname --boot --unit "ppp@$6.service"</command>
+ </tagNode>
+ </children>
+ </node>
<node name="protocol">
<properties>
<help>Show log for Routing Protocols</help>
diff --git a/op-mode-definitions/traceroute.xml.in b/op-mode-definitions/traceroute.xml.in
index e3217235c..aba0f45e3 100644
--- a/op-mode-definitions/traceroute.xml.in
+++ b/op-mode-definitions/traceroute.xml.in
@@ -2,226 +2,22 @@
<interfaceDefinition>
<tagNode name="traceroute">
<properties>
- <help>Track network path to node</help>
- <completionHelp>
- <list>&lt;hostname&gt; &lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
- </completionHelp>
- </properties>
- <command>/usr/bin/traceroute "$2"</command>
- </tagNode>
- <node name="traceroute">
- <properties>
- <help>Track network path to node</help>
+ <help>Trace network path to node</help>
<completionHelp>
<list>&lt;hostname&gt; &lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
</completionHelp>
</properties>
+ <command>${vyos_op_scripts_dir}/traceroute.py ${@:2}</command>
<children>
- <tagNode name="ipv4">
+ <leafNode name="node.tag">
<properties>
- <help>Explicitly use IPv4 when tracing the path</help>
+ <help>Traceroute options</help>
<completionHelp>
- <list>&lt;hostname&gt; &lt;x.x.x.x&gt;</list>
+ <script>${vyos_op_scripts_dir}/traceroute.py --get-options "${COMP_WORDS[@]}"</script>
</completionHelp>
</properties>
- <command>/usr/bin/traceroute -4 "$3"</command>
- <children>
- <node name="tcp">
- <properties>
- <help>Route tracing and port detection using TCP</help>
- </properties>
- <command>sudo /usr/bin/tcptraceroute "$3" </command>
- <children>
- <tagNode name="port">
- <properties>
- <help>TCP port to connect to for path tracing</help>
- <completionHelp>
- <list>0-65535</list>
- </completionHelp>
- </properties>
- <command>sudo /usr/bin/tcptraceroute "$3" $6</command>
- </tagNode>
- </children>
- </node>
- </children>
- </tagNode>
- <tagNode name="ipv6">
- <properties>
- <help>Explicitly use IPv6 when tracing the path</help>
- <completionHelp>
- <list>&lt;hostname&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
- </completionHelp>
- </properties>
- <command>/usr/bin/traceroute -6 "$3"</command>
- <children>
- <node name="tcp">
- <properties>
- <help>Use TCP/IPv6 packets to perform a traceroute</help>
- </properties>
- <command>sudo /usr/bin/tcptraceroute6 "$3" </command>
- <children>
- <tagNode name="port">
- <properties>
- <help>TCP port to connect to for path tracing</help>
- <completionHelp>
- <list>0-65535</list>
- </completionHelp>
- </properties>
- <command>sudo /usr/bin/tcptraceroute6 "$3" $6</command>
- </tagNode>
- </children>
- </node>
- </children>
- </tagNode>
- <tagNode name="vrf">
- <properties>
- <help>Track network path to specified node via given VRF</help>
- <completionHelp>
- <path>vrf name</path>
- </completionHelp>
- </properties>
- <children>
- <!-- we need an empty tagNode to pass in a plain fqdn/ip address and
- let traceroute decide how to handle this parameter -->
- <tagNode name="">
- <properties>
- <help>Track network path to specified node via given VRF</help>
- <completionHelp>
- <list>&lt;hostname&gt; &lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
- </completionHelp>
- </properties>
- <command>sudo ip vrf exec "$3" /usr/bin/traceroute "$4"</command>
- </tagNode>
- <tagNode name="ipv4">
- <properties>
- <help>Explicitly use IPv4 when tracing the path via given VRF</help>
- <completionHelp>
- <list>&lt;hostname&gt; &lt;x.x.x.x&gt;</list>
- </completionHelp>
- </properties>
- <command>sudo ip vrf exec "$3" /usr/bin/traceroute -4 "$5"</command>
- <children>
- <node name="tcp">
- <properties>
- <help>Route tracing and port detection using TCP</help>
- </properties>
- <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" </command>
- <children>
- <tagNode name="port">
- <properties>
- <help>TCP port to connect to for path tracing</help>
- <completionHelp>
- <list>0-65535</list>
- </completionHelp>
- </properties>
- <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" $8</command>
- </tagNode>
- </children>
- </node>
- </children>
- </tagNode>
- <tagNode name="ipv6">
- <properties>
- <help>Explicitly use IPv6 when tracing the path via given VRF</help>
- <completionHelp>
- <list>&lt;hostname&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
- </completionHelp>
- </properties>
- <command>sudo ip vrf exec "$3" /usr/bin/traceroute -6 "$5"</command>
- <children>
- <node name="tcp">
- <properties>
- <help>Use TCP/IPv6 packets to perform a traceroute</help>
- </properties>
- <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" </command>
- <children>
- <tagNode name="port">
- <properties>
- <help>TCP port to connect to for path tracing</help>
- <completionHelp>
- <list>0-65535</list>
- </completionHelp>
- </properties>
- <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" $8</command>
- </tagNode>
- </children>
- </node>
- </children>
- </tagNode>
- </children>
- </tagNode>
- </children>
- </node>
- <node name="monitor">
- <children>
- <tagNode name="traceroute">
- <properties>
- <help>Monitor path to destination in realtime</help>
- <completionHelp>
- <list>&lt;hostname&gt; &lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
- </completionHelp>
- </properties>
- <command>/usr/bin/mtr "$3"</command>
- </tagNode>
- <node name="traceroute">
- <children>
- <tagNode name="ipv4">
- <properties>
- <help>IPv4 fully qualified domain name (FQDN)</help>
- <completionHelp>
- <list>&lt;fqdn&gt;</list>
- </completionHelp>
- </properties>
- <command>/usr/bin/mtr -4 "$4"</command>
- </tagNode>
- <tagNode name="ipv6">
- <properties>
- <help>IPv6 fully qualified domain name (FQDN)</help>
- <completionHelp>
- <list>&lt;fqdn&gt;</list>
- </completionHelp>
- </properties>
- <command>/usr/bin/mtr -6 "$4"</command>
- </tagNode>
- <tagNode name="vrf">
- <properties>
- <help>Monitor path to destination in realtime via given VRF</help>
- <completionHelp>
- <path>vrf name</path>
- </completionHelp>
- </properties>
- <children>
- <tagNode name="ipv4">
- <properties>
- <help>IPv4 fully qualified domain name (FQDN)</help>
- <completionHelp>
- <list>&lt;fqdn&gt;</list>
- </completionHelp>
- </properties>
- <command>sudo ip vrf exec "$4" /usr/bin/mtr -4 "$6"</command>
- </tagNode>
- <tagNode name="ipv6">
- <properties>
- <help>IPv6 fully qualified domain name (FQDN)</help>
- <completionHelp>
- <list>&lt;fqdn&gt;</list>
- </completionHelp>
- </properties>
- <command>sudo ip vrf exec "$4" /usr/bin/mtr -6 "$6"</command>
- </tagNode>
- <tagNode name="">
- <properties>
- <help>Track network path to specified node via given VRF</help>
- <completionHelp>
- <list>&lt;hostname&gt; &lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
- </completionHelp>
- </properties>
- <command>sudo ip vrf exec "$4" /usr/bin/mtr "$5"</command>
- </tagNode>
- </children>
- </tagNode>
- </children>
- </node>
+ <command>${vyos_op_scripts_dir}/traceroute.py ${@:2}</command>
+ </leafNode>
</children>
- </node>
+ </tagNode>
</interfaceDefinition>
diff --git a/python/vyos/config.py b/python/vyos/config.py
index 858c7bdd7..287fd2ed1 100644
--- a/python/vyos/config.py
+++ b/python/vyos/config.py
@@ -156,26 +156,28 @@ class Config(object):
"""
if self._session_config is None:
return False
+
+ # Assume the path is a node path first
if self._session_config.exists(self._make_path(path)):
return True
- # libvyosconfig exists() works only for _nodes_, not _values_
- # libvyattacfg also worked for values, so we emulate that case here
- if isinstance(path, str):
- path = re.split(r'\s+', path)
- path_without_value = path[:-1]
- path_str = " ".join(path_without_value)
- try:
- value = self._session_config.return_value(self._make_path(path_str))
- values = self._session_config.return_values(self._make_path(path_str))
- except vyos.configtree.ConfigTreeError:
- # node/value doesn't exist
- return False
- if value and path[-1] == value:
- return True
- if isinstance(values, list) and path[-1] in values:
- return True
+ else:
+ # If that check fails, it may mean the path has a value at the end.
+ # libvyosconfig exists() works only for _nodes_, not _values_
+ # libvyattacfg also worked for values, so we emulate that case here
+ if isinstance(path, str):
+ path = re.split(r'\s+', path)
+ path_without_value = path[:-1]
+ try:
+ # return_values() is safe to use with single-value nodes,
+ # it simply returns a single-item list in that case.
+ values = self._session_config.return_values(self._make_path(path_without_value))
- return False
+ # If we got this far, the node does exist and has values,
+ # so we need to check if it has the value in question among its values.
+ return (path[-1] in values)
+ except vyos.configtree.ConfigTreeError:
+ # Even the parent node doesn't exist at all
+ return False
def session_changed(self):
"""
@@ -402,26 +404,29 @@ class Config(object):
"""
if self._running_config is None:
return False
+
+ # Assume the path is a node path first
if self._running_config.exists(self._make_path(path)):
return True
- # libvyosconfig exists() works only for _nodes_, not _values_
- # libvyattacfg also worked for values, so we emulate that case here
- if isinstance(path, str):
- path = re.split(r'\s+', path)
- path_without_value = path[:-1]
- path_str = " ".join(path_without_value)
- try:
- value = self._running_config.return_value(self._make_path(path_str))
- values = self._running_config.return_values(self._make_path(path_str))
- except vyos.configtree.ConfigTreeError:
- # node/value doesn't exist
- return False
- if value and path[-1] == value:
- return True
- if isinstance(values, list) and path[-1] in values:
- return True
+ else:
+ # If that check fails, it may mean the path has a value at the end.
+ # libvyosconfig exists() works only for _nodes_, not _values_
+ # libvyattacfg also worked for values, so we emulate that case here
+ if isinstance(path, str):
+ path = re.split(r'\s+', path)
+ path_without_value = path[:-1]
+ try:
+ # return_values() is safe to use with single-value nodes,
+ # it simply returns a single-item list in that case.
+ values = self._running_config.return_values(self._make_path(path_without_value))
+
+ # If we got this far, the node does exist and has values,
+ # so we need to check if it has the value in question among its values.
+ return (path[-1] in values)
+ except vyos.configtree.ConfigTreeError:
+ # Even the parent node doesn't exist at all
+ return False
- return False
def return_effective_value(self, path, default=None):
"""
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
index f50db0c99..04ddc10e9 100644
--- a/python/vyos/configdict.py
+++ b/python/vyos/configdict.py
@@ -1,4 +1,4 @@
-# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2019-2022 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -104,6 +104,11 @@ def list_diff(first, second):
second = set(second)
return [item for item in first if item not in second]
+def is_node_changed(conf, path):
+ from vyos.configdiff import get_config_diff
+ D = get_config_diff(conf, key_mangling=('-', '_'))
+ return D.is_node_changed(path)
+
def leaf_node_changed(conf, path):
"""
Check if a leaf node was altered. If it has been altered - values has been
@@ -114,7 +119,6 @@ def leaf_node_changed(conf, path):
"""
from vyos.configdiff import get_config_diff
D = get_config_diff(conf, key_mangling=('-', '_'))
- D.set_level(conf.get_level())
(new, old) = D.get_value_diff(path)
if new != old:
if isinstance(old, dict):
@@ -133,9 +137,6 @@ def leaf_node_changed(conf, path):
elif isinstance(new, type(None)):
new = []
return list_diff(old, new)
- if old is None and new is not None:
- # node was added to the CLI
- return True
return None
@@ -147,12 +148,11 @@ def node_changed(conf, path, key_mangling=None, recursive=False):
"""
from vyos.configdiff import get_config_diff, Diff
D = get_config_diff(conf, key_mangling)
- D.set_level(conf.get_level())
# get_child_nodes() will return dict_keys(), mangle this into a list with PEP448
keys = D.get_child_nodes_diff(path, expand_nodes=Diff.DELETE, recursive=recursive)['delete'].keys()
return list(keys)
-def get_removed_vlans(conf, dict):
+def get_removed_vlans(conf, path, dict):
"""
Common function to parse a dictionary retrieved via get_config_dict() and
determine any added/removed VLAN interfaces - be it 802.1q or Q-in-Q.
@@ -162,16 +162,17 @@ def get_removed_vlans(conf, dict):
# Check vif, vif-s/vif-c VLAN interfaces for removal
D = get_config_diff(conf, key_mangling=('-', '_'))
D.set_level(conf.get_level())
+
# get_child_nodes() will return dict_keys(), mangle this into a list with PEP448
- keys = D.get_child_nodes_diff(['vif'], expand_nodes=Diff.DELETE)['delete'].keys()
+ keys = D.get_child_nodes_diff(path + ['vif'], expand_nodes=Diff.DELETE)['delete'].keys()
if keys: dict['vif_remove'] = [*keys]
# get_child_nodes() will return dict_keys(), mangle this into a list with PEP448
- keys = D.get_child_nodes_diff(['vif-s'], expand_nodes=Diff.DELETE)['delete'].keys()
+ keys = D.get_child_nodes_diff(path + ['vif-s'], expand_nodes=Diff.DELETE)['delete'].keys()
if keys: dict['vif_s_remove'] = [*keys]
for vif in dict.get('vif_s', {}).keys():
- keys = D.get_child_nodes_diff(['vif-s', vif, 'vif-c'], expand_nodes=Diff.DELETE)['delete'].keys()
+ keys = D.get_child_nodes_diff(path + ['vif-s', vif, 'vif-c'], expand_nodes=Diff.DELETE)['delete'].keys()
if keys: dict['vif_s'][vif]['vif_c_remove'] = [*keys]
return dict
@@ -215,10 +216,6 @@ def is_member(conf, interface, intftype=None):
intftype = intftypes if intftype == None else [intftype]
- # set config level to root
- old_level = conf.get_level()
- conf.set_level([])
-
for iftype in intftype:
base = ['interfaces', iftype]
for intf in conf.list_nodes(base):
@@ -228,7 +225,6 @@ def is_member(conf, interface, intftype=None):
get_first_key=True, no_tag_node_value_mangle=True)
ret_val.update({intf : tmp})
- old_level = conf.set_level(old_level)
return ret_val
def is_mirror_intf(conf, interface, direction=None):
@@ -250,8 +246,6 @@ def is_mirror_intf(conf, interface, direction=None):
direction = directions if direction == None else [direction]
ret_val = None
- old_level = conf.get_level()
- conf.set_level([])
base = ['interfaces']
for dir in direction:
@@ -265,7 +259,6 @@ def is_mirror_intf(conf, interface, direction=None):
get_first_key=True)
ret_val = {intf : tmp}
- old_level = conf.set_level(old_level)
return ret_val
def has_vlan_subinterface_configured(conf, intf):
@@ -279,15 +272,11 @@ def has_vlan_subinterface_configured(conf, intf):
from vyos.ifconfig import Section
ret = False
- old_level = conf.get_level()
- conf.set_level([])
-
intfpath = ['interfaces', Section.section(intf), intf]
if ( conf.exists(intfpath + ['vif']) or
conf.exists(intfpath + ['vif-s'])):
ret = True
- conf.set_level(old_level)
return ret
def is_source_interface(conf, interface, intftype=None):
@@ -309,11 +298,6 @@ def is_source_interface(conf, interface, intftype=None):
'have a source-interface')
intftype = intftypes if intftype == None else [intftype]
-
- # set config level to root
- old_level = conf.get_level()
- conf.set_level([])
-
for it in intftype:
base = ['interfaces', it]
for intf in conf.list_nodes(base):
@@ -322,7 +306,6 @@ def is_source_interface(conf, interface, intftype=None):
ret_val = intf
break
- old_level = conf.set_level(old_level)
return ret_val
def get_dhcp_interfaces(conf, vrf=None):
@@ -333,40 +316,67 @@ def get_dhcp_interfaces(conf, vrf=None):
if not dict:
return dhcp_interfaces
- def check_dhcp(config, ifname):
+ def check_dhcp(config):
+ ifname = config['ifname']
tmp = {}
if 'address' in config and 'dhcp' in config['address']:
options = {}
- if 'dhcp_options' in config and 'default_route_distance' in config['dhcp_options']:
- options.update({'distance' : config['dhcp_options']['default_route_distance']})
+ if dict_search('dhcp_options.default_route_distance', config) != None:
+ options.update({'dhcp_options' : config['dhcp_options']})
if 'vrf' in config:
if vrf is config['vrf']: tmp.update({ifname : options})
else: tmp.update({ifname : options})
+
return tmp
for section, interface in dict.items():
for ifname in interface:
+ # always reset config level, as get_interface_dict() will alter it
+ conf.set_level([])
# we already have a dict representation of the config from get_config_dict(),
# but with the extended information from get_interface_dict() we also
# get the DHCP client default-route-distance default option if not specified.
- ifconfig = get_interface_dict(conf, ['interfaces', section], ifname)
+ _, ifconfig = get_interface_dict(conf, ['interfaces', section], ifname)
- tmp = check_dhcp(ifconfig, ifname)
+ tmp = check_dhcp(ifconfig)
dhcp_interfaces.update(tmp)
# check per VLAN interfaces
for vif, vif_config in ifconfig.get('vif', {}).items():
- tmp = check_dhcp(vif_config, f'{ifname}.{vif}')
+ tmp = check_dhcp(vif_config)
dhcp_interfaces.update(tmp)
# check QinQ VLAN interfaces
- for vif_s, vif_s_config in ifconfig.get('vif-s', {}).items():
- tmp = check_dhcp(vif_s_config, f'{ifname}.{vif_s}')
+ for vif_s, vif_s_config in ifconfig.get('vif_s', {}).items():
+ tmp = check_dhcp(vif_s_config)
dhcp_interfaces.update(tmp)
- for vif_c, vif_c_config in vif_s_config.get('vif-c', {}).items():
- tmp = check_dhcp(vif_c_config, f'{ifname}.{vif_s}.{vif_c}')
+ for vif_c, vif_c_config in vif_s_config.get('vif_c', {}).items():
+ tmp = check_dhcp(vif_c_config)
dhcp_interfaces.update(tmp)
return dhcp_interfaces
+def get_pppoe_interfaces(conf, vrf=None):
+ """ Common helper functions to retrieve all interfaces from current CLI
+ sessions that have DHCP configured. """
+ pppoe_interfaces = {}
+ for ifname in conf.list_nodes(['interfaces', 'pppoe']):
+ # always reset config level, as get_interface_dict() will alter it
+ conf.set_level([])
+ # we already have a dict representation of the config from get_config_dict(),
+ # but with the extended information from get_interface_dict() we also
+ # get the DHCP client default-route-distance default option if not specified.
+ ifconfig = get_interface_dict(conf, ['interfaces', 'pppoe'], ifname)
+
+ options = {}
+ if 'default_route_distance' in ifconfig:
+ options.update({'default_route_distance' : ifconfig['default_route_distance']})
+ if 'no_default_route' in ifconfig:
+ options.update({'no_default_route' : {}})
+ if 'vrf' in ifconfig:
+ if vrf is ifconfig['vrf']: pppoe_interfaces.update({ifname : options})
+ else: pppoe_interfaces.update({ifname : options})
+
+ return pppoe_interfaces
+
def get_interface_dict(config, base, ifname=''):
"""
Common utility function to retrieve and mangle the interfaces configuration
@@ -376,7 +386,6 @@ def get_interface_dict(config, base, ifname=''):
Return a dictionary with the necessary interface config keys.
"""
-
if not ifname:
from vyos import ConfigError
# determine tagNode instance
@@ -393,9 +402,8 @@ def get_interface_dict(config, base, ifname=''):
for vif in ['vif', 'vif_s']:
if vif in default_values: del default_values[vif]
- # setup config level which is extracted in get_removed_vlans()
- config.set_level(base + [ifname])
- dict = config.get_config_dict([], key_mangling=('-', '_'), get_first_key=True,
+ dict = config.get_config_dict(base + [ifname], key_mangling=('-', '_'),
+ get_first_key=True,
no_tag_node_value_mangle=True)
# Check if interface has been removed. We must use exists() as
@@ -403,8 +411,8 @@ def get_interface_dict(config, base, ifname=''):
# node like the following exists.
# +macsec macsec1 {
# +}
- if not config.exists([]):
- dict.update({'deleted' : ''})
+ if not config.exists(base + [ifname]):
+ dict.update({'deleted' : {}})
# Add interface instance name into dictionary
dict.update({'ifname': ifname})
@@ -431,7 +439,7 @@ def get_interface_dict(config, base, ifname=''):
# XXX: T2665: blend in proper DHCPv6-PD default values
dict = T2665_set_dhcpv6pd_defaults(dict)
- address = leaf_node_changed(config, ['address'])
+ address = leaf_node_changed(config, base + [ifname, 'address'])
if address: dict.update({'address_old' : address})
# Check if we are a member of a bridge device
@@ -462,10 +470,10 @@ def get_interface_dict(config, base, ifname=''):
tmp = is_member(config, dict['source_interface'], 'bonding')
if tmp: dict.update({'source_interface_is_bond_member' : tmp})
- mac = leaf_node_changed(config, ['mac'])
+ mac = leaf_node_changed(config, base + [ifname, 'mac'])
if mac: dict.update({'mac_old' : mac})
- eui64 = leaf_node_changed(config, ['ipv6', 'address', 'eui64'])
+ eui64 = leaf_node_changed(config, base + [ifname, 'ipv6', 'address', 'eui64'])
if eui64:
tmp = dict_search('ipv6.address', dict)
if not tmp:
@@ -477,6 +485,9 @@ def get_interface_dict(config, base, ifname=''):
# identical for all types of VLAN interfaces as they all include the same
# XML definitions which hold the defaults.
for vif, vif_config in dict.get('vif', {}).items():
+ # Add subinterface name to dictionary
+ dict['vif'][vif].update({'ifname' : f'{ifname}.{vif}'})
+
default_vif_values = defaults(base + ['vif'])
# XXX: T2665: When there is no DHCPv6-PD configuration given, we can safely
# remove the default values from the dict.
@@ -486,7 +497,7 @@ def get_interface_dict(config, base, ifname=''):
# Only add defaults if interface is not about to be deleted - this is
# to keep a cleaner config dict.
if 'deleted' not in dict:
- address = leaf_node_changed(config, ['vif', vif, 'address'])
+ address = leaf_node_changed(config, base + [ifname, 'vif', vif, 'address'])
if address: dict['vif'][vif].update({'address_old' : address})
dict['vif'][vif] = dict_merge(default_vif_values, dict['vif'][vif])
@@ -508,6 +519,9 @@ def get_interface_dict(config, base, ifname=''):
if dhcp: dict['vif'][vif].update({'dhcp_options_changed' : ''})
for vif_s, vif_s_config in dict.get('vif_s', {}).items():
+ # Add subinterface name to dictionary
+ dict['vif_s'][vif_s].update({'ifname' : f'{ifname}.{vif_s}'})
+
default_vif_s_values = defaults(base + ['vif-s'])
# XXX: T2665: we only wan't the vif-s defaults - do not care about vif-c
if 'vif_c' in default_vif_s_values: del default_vif_s_values['vif_c']
@@ -520,7 +534,7 @@ def get_interface_dict(config, base, ifname=''):
# Only add defaults if interface is not about to be deleted - this is
# to keep a cleaner config dict.
if 'deleted' not in dict:
- address = leaf_node_changed(config, ['vif-s', vif_s, 'address'])
+ address = leaf_node_changed(config, base + [ifname, 'vif-s', vif_s, 'address'])
if address: dict['vif_s'][vif_s].update({'address_old' : address})
dict['vif_s'][vif_s] = dict_merge(default_vif_s_values,
@@ -544,6 +558,9 @@ def get_interface_dict(config, base, ifname=''):
if dhcp: dict['vif_s'][vif_s].update({'dhcp_options_changed' : ''})
for vif_c, vif_c_config in vif_s_config.get('vif_c', {}).items():
+ # Add subinterface name to dictionary
+ dict['vif_s'][vif_s]['vif_c'][vif_c].update({'ifname' : f'{ifname}.{vif_s}.{vif_c}'})
+
default_vif_c_values = defaults(base + ['vif-s', 'vif-c'])
# XXX: T2665: When there is no DHCPv6-PD configuration given, we can safely
@@ -554,7 +571,7 @@ def get_interface_dict(config, base, ifname=''):
# Only add defaults if interface is not about to be deleted - this is
# to keep a cleaner config dict.
if 'deleted' not in dict:
- address = leaf_node_changed(config, ['vif-s', vif_s, 'vif-c', vif_c, 'address'])
+ address = leaf_node_changed(config, base + [ifname, 'vif-s', vif_s, 'vif-c', vif_c, 'address'])
if address: dict['vif_s'][vif_s]['vif_c'][vif_c].update(
{'address_old' : address})
@@ -581,8 +598,8 @@ def get_interface_dict(config, base, ifname=''):
if dhcp: dict['vif_s'][vif_s]['vif_c'][vif_c].update({'dhcp_options_changed' : ''})
# Check vif, vif-s/vif-c VLAN interfaces for removal
- dict = get_removed_vlans(config, dict)
- return dict
+ dict = get_removed_vlans(config, base + [ifname], dict)
+ return ifname, dict
def get_vlan_ids(interface):
"""
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 1062d51ee..438485d98 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -1,4 +1,4 @@
-# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2020-2022 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -205,10 +205,10 @@ def verify_mirror_redirect(config):
raise ConfigError(f'Requested redirect interface "{redirect_ifname}" '\
'does not exist!')
- if dict_search('traffic_policy.in', config) != None:
+ if ('mirror' in config or 'redirect' in config) and dict_search('traffic_policy.in', config) is not None:
# XXX: support combination of limiting and redirect/mirror - this is an
# artificial limitation
- raise ConfigError('Can not use ingress policy tigether with mirror or redirect!')
+ raise ConfigError('Can not use ingress policy together with mirror or redirect!')
def verify_authentication(config):
"""
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index ff8623592..04fd44173 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -49,6 +49,15 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
if states:
output.append(f'ct state {{{states}}}')
+ if 'connection_status' in rule_conf and rule_conf['connection_status']:
+ status = rule_conf['connection_status']
+ if status['nat'] == 'destination':
+ nat_status = '{dnat}'
+ output.append(f'ct status {nat_status}')
+ if status['nat'] == 'source':
+ nat_status = '{snat}'
+ output.append(f'ct status {nat_status}')
+
if 'protocol' in rule_conf and rule_conf['protocol'] != 'all':
proto = rule_conf['protocol']
operator = ''
diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index ea7497e92..22441d1d2 100755
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -1587,12 +1587,10 @@ class Interface(Control):
tmp['source_interface'] = ifname
tmp['vlan_id'] = vif_s_id
- vif_s_ifname = f'{ifname}.{vif_s_id}'
- vif_s_config['ifname'] = vif_s_ifname
-
# It is not possible to change the VLAN encapsulation protocol
# "on-the-fly". For this "quirk" we need to actively delete and
# re-create the VIF-S interface.
+ vif_s_ifname = f'{ifname}.{vif_s_id}'
if self.exists(vif_s_ifname):
cur_cfg = get_interface_config(vif_s_ifname)
protocol = dict_search('linkinfo.info_data.protocol', cur_cfg).lower()
@@ -1614,7 +1612,6 @@ class Interface(Control):
tmp['vlan_id'] = vif_c_id
vif_c_ifname = f'{vif_s_ifname}.{vif_c_id}'
- vif_c_config['ifname'] = vif_c_ifname
c_vlan = VLANIf(vif_c_ifname, **tmp)
c_vlan.update(vif_c_config)
@@ -1625,10 +1622,7 @@ class Interface(Control):
# create/update 802.1q VLAN interfaces
for vif_id, vif_config in config.get('vif', {}).items():
-
vif_ifname = f'{ifname}.{vif_id}'
- vif_config['ifname'] = vif_ifname
-
tmp = deepcopy(VLANIf.get_config())
tmp['source_interface'] = ifname
tmp['vlan_id'] = vif_id
diff --git a/python/vyos/ifconfig/pppoe.py b/python/vyos/ifconfig/pppoe.py
index 1d13264bf..63ffc8069 100644
--- a/python/vyos/ifconfig/pppoe.py
+++ b/python/vyos/ifconfig/pppoe.py
@@ -27,12 +27,13 @@ class PPPoEIf(Interface):
},
}
- def _remove_routes(self, vrf=''):
+ def _remove_routes(self, vrf=None):
# Always delete default routes when interface is removed
+ vrf_cmd = ''
if vrf:
- vrf = f'-c "vrf {vrf}"'
- self._cmd(f'vtysh -c "conf t" {vrf} -c "no ip route 0.0.0.0/0 {self.ifname} tag 210"')
- self._cmd(f'vtysh -c "conf t" {vrf} -c "no ipv6 route ::/0 {self.ifname} tag 210"')
+ vrf_cmd = f'-c "vrf {vrf}"'
+ self._cmd(f'vtysh -c "conf t" {vrf_cmd} -c "no ip route 0.0.0.0/0 {self.ifname} tag 210"')
+ self._cmd(f'vtysh -c "conf t" {vrf_cmd} -c "no ipv6 route ::/0 {self.ifname} tag 210"')
def remove(self):
"""
@@ -44,11 +45,11 @@ class PPPoEIf(Interface):
>>> i = Interface('pppoe0')
>>> i.remove()
"""
-
+ vrf = None
tmp = get_interface_config(self.ifname)
- vrf = ''
if 'master' in tmp:
- self._remove_routes(tmp['master'])
+ vrf = tmp['master']
+ self._remove_routes(vrf)
# remove bond master which places members in disabled state
super().remove()
@@ -84,10 +85,12 @@ class PPPoEIf(Interface):
self._config = config
# remove old routes from an e.g. old VRF assignment
- vrf = ''
- if 'vrf_old' in config:
- vrf = config['vrf_old']
- self._remove_routes(vrf)
+ if 'shutdown_required':
+ vrf = None
+ tmp = get_interface_config(self.ifname)
+ if 'master' in tmp:
+ vrf = tmp['master']
+ self._remove_routes(vrf)
# DHCPv6 PD handling is a bit different on PPPoE interfaces, as we do
# not require an 'address dhcpv6' CLI option as with other interfaces
@@ -98,54 +101,15 @@ class PPPoEIf(Interface):
super().update(config)
- if 'default_route' not in config or config['default_route'] == 'none':
- return
-
- #
- # Set default routes pointing to pppoe interface
- #
- vrf = ''
- sed_opt = '^ip route'
-
- install_v4 = True
- install_v6 = True
-
# generate proper configuration string when VRFs are in use
+ vrf = ''
if 'vrf' in config:
tmp = config['vrf']
vrf = f'-c "vrf {tmp}"'
- sed_opt = f'vrf {tmp}'
-
- if config['default_route'] == 'auto':
- # only add route if there is no default route present
- tmp = self._cmd(f'vtysh -c "show running-config staticd no-header" | sed -n "/{sed_opt}/,/!/p"')
- for line in tmp.splitlines():
- line = line.lstrip()
- if line.startswith('ip route 0.0.0.0/0'):
- install_v4 = False
- continue
-
- if 'ipv6' in config and line.startswith('ipv6 route ::/0'):
- install_v6 = False
- continue
-
- elif config['default_route'] == 'force':
- # Force means that all static routes are replaced with the ones from this interface
- tmp = self._cmd(f'vtysh -c "show running-config staticd no-header" | sed -n "/{sed_opt}/,/!/p"')
- for line in tmp.splitlines():
- if self.ifname in line:
- # It makes no sense to remove a route with our interface and the later re-add it.
- # This will only make traffic disappear - which is a no-no!
- continue
-
- line = line.lstrip()
- if line.startswith('ip route 0.0.0.0/0'):
- self._cmd(f'vtysh -c "conf t" {vrf} -c "no {line}"')
-
- if 'ipv6' in config and line.startswith('ipv6 route ::/0'):
- self._cmd(f'vtysh -c "conf t" {vrf} -c "no {line}"')
-
- if install_v4:
- self._cmd(f'vtysh -c "conf t" {vrf} -c "ip route 0.0.0.0/0 {self.ifname} tag 210"')
- if install_v6 and 'ipv6' in config:
- self._cmd(f'vtysh -c "conf t" {vrf} -c "ipv6 route ::/0 {self.ifname} tag 210"')
+
+ if 'no_default_route' not in config:
+ # Set default route(s) pointing to PPPoE interface
+ distance = config['default_route_distance']
+ self._cmd(f'vtysh -c "conf t" {vrf} -c "ip route 0.0.0.0/0 {self.ifname} tag 210 {distance}"')
+ if 'ipv6' in config:
+ self._cmd(f'vtysh -c "conf t" {vrf} -c "ipv6 route ::/0 {self.ifname} tag 210 {distance}"')
diff --git a/smoketest/configs.no-load/firewall-big b/smoketest/configs.no-load/firewall-big
new file mode 100644
index 000000000..94b0c6dd5
--- /dev/null
+++ b/smoketest/configs.no-load/firewall-big
@@ -0,0 +1,43440 @@
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ config-trap disable
+ group {
+ address-group CENTREON_SERVERS {
+ address 109.228.63.82
+ }
+ address-group CLUSTER_ADDRESSES {
+ address 10.255.255.4
+ address 10.255.255.5
+ address 77.68.76.16
+ address 77.68.77.16
+ address 172.16.255.254
+ address 77.68.76.14
+ address 77.68.77.14
+ address 77.68.76.13
+ address 77.68.77.13
+ address 77.68.76.12
+ address 77.68.77.12
+ address 77.68.77.67
+ address 77.68.77.103
+ address 77.68.77.130
+ address 77.68.76.245
+ address 77.68.77.85
+ address 77.68.76.45
+ address 77.68.77.144
+ address 77.68.77.105
+ address 77.68.76.122
+ address 77.68.76.104
+ address 77.68.77.115
+ address 77.68.77.178
+ address 77.68.76.239
+ address 77.68.76.30
+ address 77.68.77.249
+ address 77.68.76.59
+ address 77.68.77.44
+ address 77.68.77.200
+ address 77.68.77.228
+ address 77.68.76.191
+ address 77.68.76.102
+ address 77.68.77.26
+ address 77.68.76.152
+ address 77.68.77.212
+ address 77.68.76.142
+ address 77.68.76.60
+ address 77.68.77.253
+ address 77.68.76.54
+ address 77.68.76.33
+ address 77.68.77.114
+ address 77.68.77.176
+ address 77.68.77.219
+ address 77.68.77.19
+ address 77.68.77.22
+ address 77.68.77.248
+ address 77.68.76.161
+ address 77.68.77.56
+ address 77.68.77.129
+ address 77.68.77.140
+ address 77.68.76.177
+ address 77.68.77.117
+ address 77.68.77.108
+ address 77.68.76.50
+ address 77.68.76.217
+ address 77.68.77.160
+ address 77.68.77.30
+ address 77.68.77.21
+ address 77.68.76.29
+ address 77.68.76.158
+ address 77.68.76.203
+ address 77.68.77.243
+ address 77.68.77.54
+ address 77.68.76.22
+ address 77.68.76.25
+ address 77.68.76.21
+ address 77.68.77.221
+ address 77.68.77.76
+ address 77.68.76.127
+ address 77.68.77.139
+ address 77.68.77.240
+ address 77.68.76.39
+ address 77.68.76.149
+ address 77.68.77.57
+ address 77.68.77.185
+ address 77.68.76.116
+ address 77.68.76.160
+ address 77.68.77.70
+ address 77.68.77.149
+ address 77.68.76.57
+ address 77.68.76.115
+ address 77.68.76.200
+ address 77.68.76.23
+ address 77.68.77.46
+ address 77.68.76.198
+ address 77.68.77.141
+ address 77.68.77.50
+ address 77.68.77.128
+ address 77.68.77.88
+ address 77.68.76.80
+ address 77.68.76.35
+ address 77.68.77.204
+ address 77.68.77.201
+ address 77.68.77.97
+ address 77.68.76.195
+ address 77.68.76.202
+ address 77.68.76.157
+ address 77.68.77.159
+ address 77.68.76.118
+ address 77.68.76.38
+ address 77.68.77.203
+ address 77.68.77.233
+ address 77.68.77.163
+ address 77.68.77.49
+ address 77.68.76.58
+ address 77.68.77.171
+ address 77.68.77.150
+ address 77.68.77.199
+ address 77.68.76.220
+ address 77.68.77.156
+ address 77.68.76.248
+ address 77.68.76.171
+ address 77.68.76.212
+ address 77.68.77.132
+ address 77.68.77.81
+ address 77.68.76.37
+ address 77.68.76.197
+ address 77.68.76.20
+ address 77.68.76.99
+ address 77.68.77.211
+ address 77.68.77.236
+ address 77.68.76.252
+ address 77.68.77.32
+ address 77.68.77.247
+ address 77.68.76.209
+ address 77.68.77.202
+ address 77.68.76.247
+ address 77.68.77.99
+ address 77.68.76.169
+ address 77.68.76.95
+ address 77.68.76.187
+ address 77.68.77.222
+ address 77.68.77.53
+ address 77.68.77.124
+ address 77.68.76.61
+ address 77.68.77.43
+ address 77.68.76.94
+ address 77.68.77.165
+ address 77.68.77.152
+ address 77.68.76.44
+ address 77.68.76.47
+ address 77.68.76.74
+ address 77.68.76.55
+ address 77.68.77.75
+ address 77.68.77.239
+ address 77.68.76.75
+ address 77.68.77.71
+ address 77.68.76.145
+ address 77.68.77.145
+ address 77.68.77.68
+ address 77.68.76.126
+ address 77.68.76.88
+ address 77.68.77.181
+ address 77.68.76.112
+ address 77.68.77.33
+ address 77.68.77.137
+ address 77.68.77.92
+ address 77.68.76.111
+ address 77.68.76.185
+ address 77.68.76.208
+ address 77.68.76.150
+ address 77.68.77.208
+ address 77.68.76.42
+ address 77.68.76.164
+ address 77.68.77.207
+ address 77.68.76.49
+ address 77.68.77.227
+ address 77.68.76.136
+ address 77.68.76.77
+ address 77.68.76.123
+ address 77.68.76.31
+ address 77.68.76.148
+ address 77.68.77.120
+ address 77.68.76.183
+ address 77.68.77.107
+ address 77.68.76.141
+ address 77.68.76.105
+ address 77.68.76.251
+ address 77.68.76.249
+ address 77.68.77.59
+ address 77.68.77.37
+ address 77.68.77.65
+ address 77.68.76.231
+ address 77.68.77.24
+ address 77.68.77.63
+ address 77.68.76.234
+ address 77.68.76.93
+ address 77.68.77.77
+ address 77.68.77.151
+ address 77.68.76.235
+ address 77.68.77.95
+ address 77.68.77.190
+ address 77.68.76.91
+ address 77.68.77.79
+ address 77.68.77.100
+ address 77.68.76.241
+ address 77.68.77.209
+ address 77.68.76.110
+ address 77.68.76.40
+ address 77.68.76.76
+ address 77.68.76.124
+ address 77.68.77.234
+ address 77.68.76.219
+ address 77.68.77.90
+ address 77.68.76.107
+ address 77.68.76.26
+ address 77.68.76.211
+ address 77.68.76.19
+ address 77.68.77.231
+ address 77.68.76.254
+ address 77.68.77.251
+ address 77.68.77.74
+ address 77.68.77.192
+ address 77.68.76.253
+ address 77.68.77.214
+ address 77.68.76.92
+ address 77.68.76.250
+ address 77.68.77.215
+ address 77.68.76.165
+ address 77.68.77.254
+ address 77.68.76.120
+ address 77.68.76.228
+ address 77.68.77.157
+ address 77.68.77.205
+ address 77.68.76.138
+ address 77.68.77.102
+ address 77.68.76.181
+ address 77.68.76.139
+ address 77.68.76.243
+ address 77.68.76.244
+ address 77.68.76.114
+ address 77.68.77.72
+ address 77.68.77.161
+ address 77.68.77.38
+ address 77.68.77.62
+ address 77.68.92.186
+ address 77.68.91.195
+ address 77.68.23.35
+ address 77.68.84.155
+ address 77.68.17.26
+ address 77.68.76.96
+ address 77.68.28.145
+ address 77.68.76.48
+ address 109.228.56.185
+ address 77.68.84.147
+ address 77.68.23.64
+ address 77.68.26.166
+ address 77.68.29.178
+ address 77.68.12.195
+ address 77.68.21.78
+ address 77.68.5.166
+ address 77.68.5.187
+ address 77.68.4.111
+ address 77.68.4.22
+ address 77.68.7.227
+ address 77.68.4.24
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.5.241
+ address 77.68.7.222
+ address 77.68.4.39
+ address 77.68.4.25
+ address 77.68.7.160
+ address 77.68.27.211
+ address 77.68.89.183
+ address 77.68.24.59
+ address 77.68.7.114
+ address 77.68.75.113
+ address 77.68.81.44
+ address 77.68.90.106
+ address 77.68.94.181
+ address 77.68.30.164
+ address 77.68.30.133
+ address 77.68.7.67
+ address 77.68.77.174
+ address 77.68.27.54
+ address 77.68.4.136
+ address 77.68.72.202
+ address 77.68.112.83
+ address 77.68.85.172
+ address 77.68.23.158
+ address 77.68.112.75
+ address 77.68.24.112
+ address 77.68.112.213
+ address 77.68.72.254
+ address 77.68.20.161
+ address 77.68.26.216
+ address 77.68.112.184
+ address 77.68.79.82
+ address 77.68.27.57
+ address 77.68.20.231
+ address 77.68.118.17
+ address 77.68.118.120
+ address 77.68.117.51
+ address 77.68.118.102
+ address 77.68.116.119
+ address 77.68.117.45
+ address 77.68.116.220
+ address 77.68.116.232
+ address 77.68.117.222
+ address 77.68.118.15
+ address 77.68.116.221
+ address 77.68.116.183
+ address 77.68.119.14
+ address 77.68.112.91
+ address 77.68.117.202
+ address 77.68.118.104
+ address 77.68.7.172
+ address 77.68.83.41
+ address 77.68.15.95
+ address 77.68.4.57
+ address 77.68.85.27
+ address 77.68.86.40
+ address 77.68.88.164
+ address 109.228.56.26
+ address 77.68.7.123
+ address 77.68.112.248
+ address 109.228.60.215
+ address 109.228.55.82
+ address 77.68.7.186
+ address 77.68.6.210
+ address 77.68.77.238
+ address 77.68.10.142
+ address 77.68.31.144
+ address 77.68.93.246
+ address 77.68.121.127
+ address 77.68.121.94
+ address 77.68.120.241
+ address 77.68.121.106
+ address 77.68.122.195
+ address 77.68.122.89
+ address 77.68.120.146
+ address 77.68.120.249
+ address 77.68.122.241
+ address 77.68.119.92
+ address 77.68.120.26
+ address 77.68.81.141
+ address 77.68.79.206
+ address 77.68.116.52
+ address 77.68.88.100
+ address 77.68.6.105
+ address 77.68.78.229
+ address 77.68.6.32
+ address 77.68.10.170
+ address 77.68.76.229
+ address 77.68.95.42
+ address 77.68.28.207
+ address 77.68.17.186
+ address 77.68.4.252
+ address 77.68.24.220
+ address 77.68.2.215
+ address 77.68.91.128
+ address 77.68.22.146
+ address 77.68.23.112
+ address 77.68.75.245
+ address 77.68.125.218
+ address 77.68.125.32
+ address 77.68.12.250
+ address 109.228.37.174
+ address 77.68.127.151
+ address 109.228.37.114
+ address 109.228.36.229
+ address 109.228.37.240
+ address 109.228.61.31
+ address 109.228.35.110
+ address 109.228.39.157
+ address 109.228.39.249
+ address 109.228.38.171
+ address 109.228.40.226
+ address 109.228.40.207
+ address 109.228.40.247
+ address 77.68.126.51
+ address 77.68.117.214
+ address 77.68.113.117
+ address 77.68.117.142
+ address 77.68.17.200
+ address 77.68.4.242
+ address 77.68.86.148
+ address 109.228.39.151
+ address 109.228.40.194
+ address 77.68.114.183
+ address 77.68.90.132
+ address 77.68.16.247
+ address 77.68.6.110
+ address 109.228.36.37
+ address 77.68.127.172
+ address 77.68.14.88
+ address 77.68.120.229
+ address 213.171.212.203
+ address 213.171.213.41
+ address 213.171.213.175
+ address 213.171.213.97
+ address 213.171.212.171
+ address 213.171.212.89
+ address 213.171.214.96
+ address 213.171.212.172
+ address 213.171.215.252
+ address 213.171.213.242
+ address 213.171.213.31
+ address 213.171.212.71
+ address 213.171.208.58
+ address 77.68.25.130
+ address 213.171.215.184
+ address 77.68.13.76
+ address 109.228.56.242
+ address 77.68.25.146
+ address 109.228.46.81
+ address 77.68.77.69
+ address 213.171.210.19
+ address 77.68.120.45
+ address 77.68.116.36
+ address 213.171.211.128
+ address 77.68.25.124
+ address 109.228.48.249
+ address 213.171.210.59
+ address 213.171.215.43
+ address 109.228.40.195
+ address 109.228.52.186
+ address 77.68.113.164
+ address 77.68.114.93
+ address 77.68.75.253
+ address 109.228.53.243
+ address 109.228.36.194
+ address 77.68.28.147
+ address 77.68.123.250
+ address 185.132.36.24
+ address 185.132.39.129
+ address 185.132.36.142
+ address 185.132.39.68
+ address 185.132.36.17
+ address 185.132.36.148
+ address 185.132.37.101
+ address 185.132.39.44
+ address 185.132.39.37
+ address 185.132.37.102
+ address 185.132.38.142
+ address 185.132.38.114
+ address 185.132.38.95
+ address 185.132.37.83
+ address 185.132.36.7
+ address 109.228.40.222
+ address 77.68.119.188
+ address 77.68.74.85
+ address 77.68.91.22
+ address 213.171.212.136
+ address 185.132.38.216
+ address 77.68.120.31
+ address 77.68.95.212
+ address 109.228.42.232
+ address 77.68.13.137
+ address 77.68.85.73
+ address 77.68.85.115
+ address 109.228.36.174
+ address 77.68.9.186
+ address 77.68.27.18
+ address 77.68.27.27
+ address 77.68.27.28
+ address 77.68.3.80
+ address 77.68.3.121
+ address 77.68.3.144
+ address 77.68.3.161
+ address 77.68.3.194
+ address 77.68.3.247
+ address 77.68.28.139
+ address 77.68.81.218
+ address 77.68.93.125
+ address 77.68.74.39
+ address 77.68.78.73
+ address 77.68.5.95
+ address 77.68.74.152
+ address 77.68.87.212
+ address 77.68.3.52
+ address 77.68.114.136
+ address 77.68.125.60
+ address 213.171.214.167
+ address 77.68.114.234
+ address 213.171.213.42
+ address 109.228.59.247
+ address 185.132.39.99
+ address 185.132.39.145
+ address 109.228.35.84
+ address 185.132.36.60
+ address 185.132.40.11
+ address 185.132.39.219
+ address 77.68.26.221
+ address 185.132.40.56
+ address 77.68.117.29
+ address 185.132.40.90
+ address 109.228.38.201
+ address 185.132.40.244
+ address 77.68.11.140
+ address 213.171.210.155
+ address 185.132.37.23
+ address 213.171.214.234
+ address 77.68.77.29
+ address 77.68.20.217
+ address 185.132.40.152
+ address 77.68.9.75
+ address 213.171.210.177
+ address 185.132.41.72
+ address 185.132.41.73
+ address 77.68.5.155
+ address 185.132.43.6
+ address 77.68.75.45
+ address 109.228.46.196
+ address 185.132.43.28
+ address 77.68.89.72
+ address 185.132.43.98
+ address 77.68.76.176
+ address 185.132.43.164
+ address 185.132.43.157
+ address 77.68.6.119
+ address 77.68.92.92
+ address 77.68.10.152
+ address 77.68.73.73
+ address 77.68.32.43
+ address 185.132.38.248
+ address 77.68.120.218
+ address 77.68.32.31
+ address 77.68.32.254
+ address 77.68.32.118
+ address 77.68.82.157
+ address 77.68.121.119
+ address 77.68.74.209
+ address 77.68.33.68
+ address 77.68.24.172
+ address 77.68.33.197
+ address 77.68.33.48
+ address 77.68.34.26
+ address 77.68.34.28
+ address 77.68.79.89
+ address 77.68.76.137
+ address 77.68.33.216
+ address 77.68.32.83
+ address 77.68.32.86
+ address 77.68.32.89
+ address 77.68.34.138
+ address 77.68.34.139
+ address 77.68.123.177
+ address 77.68.35.116
+ address 77.68.33.171
+ address 213.171.208.40
+ address 77.68.118.86
+ address 77.68.48.81
+ address 77.68.48.89
+ address 77.68.48.105
+ address 77.68.85.18
+ address 77.68.26.228
+ address 77.68.49.4
+ address 77.68.80.26
+ address 77.68.80.97
+ address 77.68.126.101
+ address 77.68.126.14
+ address 77.68.49.12
+ address 77.68.117.173
+ address 77.68.8.144
+ address 77.68.82.147
+ address 77.68.24.134
+ address 77.68.112.167
+ address 77.68.49.126
+ address 77.68.49.178
+ address 77.68.50.91
+ address 77.68.50.90
+ address 77.68.24.63
+ address 109.228.37.187
+ address 77.68.50.193
+ address 77.68.50.198
+ address 77.68.50.142
+ address 77.68.114.237
+ address 77.68.115.17
+ address 77.68.49.159
+ address 77.68.49.160
+ address 213.171.208.176
+ address 77.68.116.84
+ address 77.68.126.160
+ address 185.132.36.56
+ address 77.68.49.161
+ address 77.68.34.50
+ address 185.132.41.240
+ address 77.68.51.214
+ address 77.68.51.202
+ address 185.132.37.133
+ address 77.68.77.42
+ address 77.68.100.132
+ address 77.68.100.134
+ address 77.68.100.150
+ address 185.132.41.148
+ address 77.68.101.64
+ address 213.171.210.25
+ address 77.68.101.124
+ address 77.68.101.125
+ address 77.68.89.247
+ address 185.132.39.109
+ address 77.68.100.167
+ address 77.68.5.125
+ address 77.68.4.80
+ address 77.68.49.152
+ address 77.68.12.45
+ address 77.68.4.180
+ address 213.171.214.102
+ address 77.68.126.22
+ address 77.68.114.205
+ address 109.228.36.119
+ address 213.171.212.90
+ address 77.68.33.37
+ address 185.132.43.71
+ address 185.132.43.113
+ address 77.68.48.202
+ address 185.132.40.166
+ address 77.68.112.90
+ address 77.68.112.175
+ address 77.68.103.19
+ address 77.68.103.120
+ address 77.68.33.24
+ address 77.68.103.147
+ address 109.228.47.223
+ address 109.228.58.134
+ address 109.228.56.97
+ address 77.68.31.96
+ address 77.68.103.227
+ address 88.208.196.91
+ address 88.208.196.92
+ address 88.208.196.154
+ address 88.208.197.10
+ address 77.68.87.164
+ address 77.68.93.164
+ address 185.132.37.47
+ address 77.68.75.64
+ address 88.208.197.118
+ address 88.208.197.135
+ address 88.208.197.150
+ address 88.208.197.155
+ address 88.208.197.160
+ address 88.208.197.60
+ address 109.228.37.10
+ address 88.208.215.61
+ address 77.68.102.129
+ address 88.208.196.123
+ address 109.228.36.79
+ address 185.132.38.182
+ address 88.208.215.62
+ address 88.208.215.157
+ address 88.208.198.251
+ address 88.208.215.19
+ address 88.208.198.39
+ address 109.228.38.117
+ address 77.68.29.65
+ address 88.208.215.121
+ address 77.68.115.142
+ address 77.68.76.108
+ address 88.208.198.64
+ address 88.208.198.66
+ address 77.68.3.61
+ address 88.208.198.92
+ address 77.68.74.232
+ address 77.68.118.88
+ address 77.68.100.77
+ address 77.68.48.14
+ address 88.208.198.69
+ address 88.208.197.23
+ address 88.208.199.249
+ address 213.171.212.114
+ address 109.228.39.41
+ address 88.208.199.141
+ address 77.68.21.171
+ address 88.208.199.233
+ address 88.208.212.31
+ address 77.68.102.5
+ address 88.208.212.94
+ address 109.228.61.37
+ address 88.208.199.46
+ address 77.68.78.113
+ address 88.208.212.182
+ address 88.208.212.188
+ address 185.132.40.124
+ address 213.171.209.217
+ address 77.68.103.56
+ address 88.208.197.208
+ address 88.208.197.129
+ }
+ address-group CMK_SATELLITES {
+ address 82.223.144.252
+ address 109.228.63.67
+ address 109.228.63.66
+ address 82.223.200.61
+ address 195.20.253.14
+ address 217.72.206.27
+ }
+ address-group DHCP_SERVERS {
+ address 10.255.241.13
+ address 10.255.241.14
+ address 10.255.242.13
+ address 10.255.242.14
+ address 10.255.243.13
+ address 10.255.243.14
+ address 10.255.244.13
+ address 10.255.244.14
+ address 10.255.245.13
+ address 10.255.245.14
+ address 10.255.246.13
+ address 10.255.246.14
+ address 10.255.247.13
+ address 10.255.247.14
+ address 10.255.248.13
+ address 10.255.248.14
+ address 10.255.249.13
+ address 10.255.249.14
+ address 77.68.76.14
+ address 77.68.77.14
+ address 77.68.76.13
+ address 77.68.77.13
+ }
+ address-group DNSCACHE_SERVERS {
+ address 10.255.255.4
+ address 10.255.255.5
+ address 77.68.76.12
+ address 77.68.77.12
+ }
+ address-group DT_BLOCKED {
+ address 172.16.255.254
+ }
+ address-group DT_FW0A5C4_1 {
+ address 185.132.40.56
+ }
+ address-group DT_FW0B352_1 {
+ address 77.68.77.238
+ }
+ address-group DT_FW0BB22_1 {
+ address 77.68.16.247
+ }
+ address-group DT_FW0BD92_3 {
+ address 109.228.36.79
+ }
+ address-group DT_FW0C2E6_4 {
+ address 77.68.76.110
+ }
+ address-group DT_FW0C8E1_1 {
+ address 77.68.77.103
+ }
+ address-group DT_FW0C25B_1 {
+ address 77.68.86.148
+ }
+ address-group DT_FW00D98_1 {
+ address 77.68.76.88
+ }
+ address-group DT_FW0E2EE_1 {
+ address 213.171.211.128
+ }
+ address-group DT_FW0E383_9 {
+ address 77.68.77.114
+ }
+ address-group DT_FW0EA3F_1 {
+ address 77.68.49.159
+ }
+ address-group DT_FW1ACD9_2 {
+ address 77.68.76.108
+ }
+ address-group DT_FW1C8F2_1 {
+ address 185.132.37.83
+ }
+ address-group DT_FW1CB16_1 {
+ address 77.68.29.178
+ }
+ address-group DT_FW1CC15_2 {
+ address 77.68.77.248
+ }
+ address-group DT_FW1D511_2 {
+ address 213.171.213.175
+ }
+ address-group DT_FW1F3D0_6 {
+ address 77.68.76.250
+ }
+ address-group DT_FW1F126_1 {
+ address 77.68.76.137
+ }
+ address-group DT_FW1FA8E_1 {
+ address 185.132.37.101
+ }
+ address-group DT_FW1FA9E_1 {
+ address 77.68.118.104
+ }
+ address-group DT_FW2ACFF_1 {
+ address 77.68.24.220
+ }
+ address-group DT_FW2B4BA_1 {
+ address 77.68.33.68
+ }
+ address-group DT_FW2B279_4 {
+ address 77.68.77.204
+ }
+ address-group DT_FW2BB8D_1 {
+ address 77.68.77.181
+ }
+ address-group DT_FW2BF20_3 {
+ address 77.68.76.187
+ }
+ address-group DT_FW2C5AE_1 {
+ address 77.68.76.228
+ }
+ address-group DT_FW2E8D4_1 {
+ address 77.68.77.249
+ }
+ address-group DT_FW2E060_1 {
+ address 77.68.77.215
+ }
+ address-group DT_FW2ED4D_2 {
+ address 109.228.39.151
+ }
+ address-group DT_FW2EF2C_1 {
+ address 77.68.11.140
+ }
+ address-group DT_FW2F868_6 {
+ address 77.68.76.254
+ }
+ address-group DT_FW2FB61_1 {
+ address 109.228.38.117
+ }
+ address-group DT_FW3A12F_1 {
+ address 77.68.5.95
+ }
+ address-group DT_FW3AD6F_1 {
+ address 77.68.120.241
+ }
+ address-group DT_FW03B35_1 {
+ address 77.68.125.60
+ }
+ address-group DT_FW3B068_2 {
+ address 77.68.77.63
+ }
+ address-group DT_FW3CAAB_1 {
+ address 77.68.76.234
+ }
+ address-group DT_FW3DBF8_9 {
+ address 77.68.76.198
+ }
+ address-group DT_FW3EBC8_1 {
+ address 77.68.13.76
+ }
+ address-group DT_FW03F2E_1 {
+ address 77.68.102.5
+ }
+ address-group DT_FW3F465_1 {
+ address 109.228.36.119
+ }
+ address-group DT_FW4AE7D_1 {
+ address 77.68.76.60
+ }
+ address-group DT_FW4C136_1 {
+ address 77.68.76.50
+ }
+ address-group DT_FW4D3E6_1 {
+ address 77.68.100.77
+ }
+ address-group DT_FW4DB0A_1 {
+ address 77.68.49.161
+ }
+ address-group DT_FW4E314_1 {
+ address 109.228.40.222
+ }
+ address-group DT_FW4E399_1 {
+ address 213.171.214.96
+ }
+ address-group DT_FW4F5EE_10 {
+ address 77.68.116.220
+ }
+ address-group DT_FW4F81F_4 {
+ address 77.68.77.43
+ }
+ address-group DT_FW5A5D7_3 {
+ address 77.68.77.205
+ }
+ address-group DT_FW5A77C_16 {
+ address 77.68.76.202
+ }
+ address-group DT_FW5A521_3 {
+ address 77.68.79.89
+ }
+ address-group DT_FW05AD0_2 {
+ address 77.68.77.72
+ }
+ address-group DT_FW5AE10_1 {
+ address 109.228.37.114
+ }
+ address-group DT_FW5CBB2_1 {
+ address 77.68.77.150
+ }
+ address-group DT_FW5D0FA_1 {
+ address 185.132.43.157
+ }
+ address-group DT_FW6A684_1 {
+ address 77.68.116.119
+ }
+ address-group DT_FW6B9B9_1 {
+ address 185.132.41.72
+ }
+ address-group DT_FW6B39D_1 {
+ address 77.68.4.111
+ address 77.68.77.174
+ }
+ address-group DT_FW6C992_1 {
+ address 77.68.85.27
+ }
+ address-group DT_FW6CD7E_2 {
+ address 77.68.76.148
+ }
+ address-group DT_FW6D0CD_1 {
+ address 77.68.76.241
+ }
+ address-group DT_FW6ECA4_1 {
+ address 77.68.117.51
+ }
+ address-group DT_FW6EFD7_1 {
+ address 77.68.84.147
+ }
+ address-group DT_FW6F539_1 {
+ address 77.68.76.217
+ }
+ address-group DT_FW7A9B0_9 {
+ address 77.68.76.47
+ }
+ address-group DT_FW7C4D9_14 {
+ address 109.228.36.37
+ }
+ address-group DT_FW7DAE2_3 {
+ address 185.132.38.216
+ }
+ address-group DT_FW7F28A_1 {
+ address 77.68.76.31
+ }
+ address-group DT_FW8A3FC_3 {
+ address 77.68.77.132
+ address 77.68.76.185
+ address 77.68.77.90
+ }
+ address-group DT_FW8A49A_1 {
+ address 77.68.77.85
+ }
+ address-group DT_FW8A57A_1 {
+ address 77.68.77.222
+ address 77.68.112.83
+ }
+ address-group DT_FW8AFF1_7 {
+ address 77.68.76.118
+ }
+ address-group DT_FW8B21D_1 {
+ address 77.68.23.64
+ }
+ address-group DT_FW8C72E_1 {
+ address 77.68.27.54
+ }
+ address-group DT_FW8C927_1 {
+ address 77.68.7.160
+ }
+ address-group DT_FW8EA04_1 {
+ address 77.68.20.161
+ }
+ address-group DT_FW8ECF4_1 {
+ address 77.68.2.215
+ }
+ address-group DT_FW9B6FB_1 {
+ address 77.68.4.242
+ }
+ address-group DT_FW9C682_3 {
+ address 213.171.212.203
+ }
+ address-group DT_FW9D5C7_1 {
+ address 77.68.115.17
+ }
+ address-group DT_FW9E550_1 {
+ address 213.171.212.71
+ }
+ address-group DT_FW9EEDD_1 {
+ address 77.68.4.80
+ address 77.68.49.152
+ }
+ address-group DT_FW10C3D_19 {
+ address 77.68.25.124
+ }
+ address-group DT_FW10FEE_1 {
+ address 77.68.122.89
+ }
+ address-group DT_FW12C32_1 {
+ address 77.68.4.25
+ address 77.68.7.114
+ }
+ address-group DT_FW013EF_2 {
+ address 77.68.77.26
+ }
+ address-group DT_FW15C99_6 {
+ address 77.68.114.237
+ }
+ address-group DT_FW18E6E_3 {
+ address 77.68.76.112
+ }
+ address-group DT_FW21A75_2 {
+ address 88.208.198.66
+ }
+ address-group DT_FW24AB7_1 {
+ address 213.171.213.242
+ }
+ address-group DT_FW26F0A_1 {
+ address 77.68.78.73
+ }
+ address-group DT_FW27A8F_1 {
+ address 77.68.76.219
+ }
+ address-group DT_FW028C0_2 {
+ address 77.68.26.221
+ }
+ address-group DT_FW28EC8_1 {
+ address 77.68.76.93
+ }
+ address-group DT_FW30D21_1 {
+ address 77.68.95.42
+ }
+ address-group DT_FW32EFF_16 {
+ address 77.68.118.120
+ }
+ address-group DT_FW32EFF_25 {
+ address 77.68.27.211
+ }
+ address-group DT_FW32EFF_49 {
+ address 109.228.37.187
+ }
+ address-group DT_FW34C91_3 {
+ address 77.68.76.142
+ }
+ address-group DT_FW35F7B_1 {
+ address 77.68.30.164
+ }
+ address-group DT_FW37E59_5 {
+ address 77.68.76.37
+ }
+ address-group DT_FW40AE4_1 {
+ address 77.68.79.206
+ }
+ address-group DT_FW42BC7_1 {
+ address 77.68.76.95
+ }
+ address-group DT_FW44BF9_1 {
+ address 77.68.77.200
+ }
+ address-group DT_FW45BEB_1 {
+ address 77.68.75.245
+ }
+ address-group DT_FW45F3D_1 {
+ address 109.228.40.247
+ }
+ address-group DT_FW45F87_1 {
+ address 77.68.77.207
+ }
+ address-group DT_FW46F4A_1 {
+ address 88.208.197.135
+ }
+ address-group DT_FW48A55_2 {
+ address 109.228.39.157
+ }
+ address-group DT_FW49C3D_4 {
+ address 77.68.76.149
+ }
+ address-group DT_FW49C3D_6 {
+ address 77.68.76.160
+ }
+ address-group DT_FW050AC_1 {
+ address 77.68.77.214
+ }
+ address-group DT_FW52F6F_1 {
+ address 77.68.82.147
+ }
+ address-group DT_FW53C72_1 {
+ address 88.208.197.118
+ }
+ address-group DT_FW58C69_4 {
+ address 77.68.76.141
+ }
+ address-group DT_FW59F39_1 {
+ address 77.68.87.212
+ }
+ address-group DT_FW60FD6_5 {
+ address 77.68.92.92
+ }
+ address-group DT_FW69D6D_2 {
+ address 77.68.77.221
+ }
+ address-group DT_FW72F37_1 {
+ address 77.68.77.100
+ }
+ address-group DT_FW73A64_1 {
+ address 77.68.118.15
+ }
+ address-group DT_FW75CA4_6 {
+ address 77.68.4.22
+ }
+ address-group DT_FW85A7C_1 {
+ address 77.68.6.210
+ }
+ address-group DT_FW85E02_11 {
+ address 77.68.77.233
+ }
+ address-group DT_FW90AE3_1 {
+ address 77.68.88.100
+ }
+ address-group DT_FW91B7A_1 {
+ address 77.68.76.40
+ }
+ address-group DT_FW138F8_1 {
+ address 77.68.50.193
+ }
+ address-group DT_FW0192C_1 {
+ address 185.132.39.68
+ }
+ address-group DT_FW197DB_1 {
+ address 77.68.77.240
+ }
+ address-group DT_FW210E2_8 {
+ address 77.68.94.181
+ }
+ address-group DT_FW274FD_1 {
+ address 185.132.36.24
+ }
+ address-group DT_FW310C6_3 {
+ address 88.208.198.39
+ }
+ address-group DT_FW364CF_1 {
+ address 77.68.76.203
+ address 77.68.77.97
+ }
+ address-group DT_FW406AB_1 {
+ address 109.228.47.223
+ }
+ address-group DT_FW444AF_1 {
+ address 185.132.37.102
+ }
+ address-group DT_FW481D7_1 {
+ address 77.68.76.243
+ }
+ address-group DT_FW539FB_1 {
+ address 77.68.21.171
+ }
+ address-group DT_FW578BE_1 {
+ address 109.228.56.185
+ }
+ address-group DT_FW597A6_1 {
+ address 77.68.5.125
+ address 88.208.196.123
+ address 88.208.212.31
+ }
+ address-group DT_FW608FA_1 {
+ address 77.68.74.232
+ }
+ address-group DT_FW633DD_1 {
+ address 77.68.121.119
+ }
+ address-group DT_FW672AB_1 {
+ address 213.171.213.41
+ }
+ address-group DT_FW0745F_5 {
+ address 77.68.117.222
+ }
+ address-group DT_FW748B7_1 {
+ address 77.68.120.249
+ }
+ address-group DT_FW825C8_19 {
+ address 77.68.76.111
+ address 77.68.76.42
+ }
+ address-group DT_FW825C8_24 {
+ address 77.68.77.120
+ address 77.68.76.183
+ }
+ address-group DT_FW826BA_3 {
+ address 77.68.77.152
+ }
+ address-group DT_FW856FA_1 {
+ address 77.68.77.151
+ }
+ address-group DT_FW883EB_1 {
+ address 77.68.76.152
+ }
+ address-group DT_FW930F3_1 {
+ address 77.68.85.73
+ }
+ address-group DT_FW930F3_3 {
+ address 77.68.114.234
+ }
+ address-group DT_FW934AE_1 {
+ address 77.68.5.166
+ }
+ address-group DT_FW0937A_1 {
+ address 77.68.6.119
+ }
+ address-group DT_FW0952B_1 {
+ address 77.68.93.125
+ }
+ address-group DT_FW996B4_2 {
+ address 77.68.76.157
+ }
+ address-group DT_FW1208C_1 {
+ address 77.68.77.33
+ }
+ address-group DT_FW1226C_3 {
+ address 77.68.117.45
+ }
+ address-group DT_FW1271A_2 {
+ address 77.68.76.102
+ }
+ address-group DT_FW2379F_14 {
+ address 213.171.212.89
+ address 77.68.76.44
+ address 77.68.77.239
+ address 213.171.212.114
+ address 77.68.103.56
+ }
+ address-group DT_FW4293B_1 {
+ address 77.68.76.57
+ }
+ address-group DT_FW4513E_1 {
+ address 77.68.77.75
+ }
+ address-group DT_FW4735F_1 {
+ address 77.68.77.74
+ }
+ address-group DT_FW05064_1 {
+ address 213.171.210.19
+ }
+ address-group DT_FW05339_1 {
+ address 185.132.40.152
+ }
+ address-group DT_FW5658C_1 {
+ address 77.68.77.185
+ }
+ address-group DT_FW5858F_1 {
+ address 77.68.121.127
+ }
+ address-group DT_FW06176_1 {
+ address 77.68.77.38
+ }
+ address-group DT_FW6187E_1 {
+ address 77.68.103.147
+ }
+ address-group DT_FW6863A_4 {
+ address 77.68.7.222
+ }
+ address-group DT_FW6906B_1 {
+ address 185.132.43.28
+ }
+ address-group DT_FW06940_3 {
+ address 77.68.33.216
+ address 77.68.33.37
+ address 77.68.50.90
+ }
+ address-group DT_FW7648D_1 {
+ address 77.68.76.77
+ }
+ address-group DT_FW08061_1 {
+ address 77.68.76.45
+ }
+ address-group DT_FW8428B_1 {
+ address 77.68.33.24
+ }
+ address-group DT_FW8871B_1 {
+ address 77.68.78.113
+ }
+ address-group DT_FW11082_1 {
+ address 77.68.113.117
+ }
+ address-group DT_FW16375_5 {
+ address 77.68.77.171
+ }
+ address-group DT_FW19987_4 {
+ address 77.68.77.54
+ }
+ address-group DT_FW20449_2 {
+ address 77.68.126.101
+ }
+ address-group DT_FW25843_1 {
+ address 77.68.24.59
+ }
+ address-group DT_FW26846_1 {
+ address 88.208.197.10
+ }
+ address-group DT_FW27947_1 {
+ address 77.68.77.102
+ }
+ address-group DT_FW27949_2 {
+ address 77.68.117.214
+ }
+ address-group DT_FW28892_1 {
+ address 77.68.77.144
+ }
+ address-group DT_FW31525_6 {
+ address 77.68.77.46
+ }
+ address-group DT_FW36425_1 {
+ address 77.68.119.14
+ }
+ address-group DT_FW40416_1 {
+ address 77.68.121.94
+ }
+ address-group DT_FW42661_3 {
+ address 77.68.77.202
+ }
+ address-group DT_FW44217_2 {
+ address 77.68.89.247
+ }
+ address-group DT_FW45000_1 {
+ address 77.68.24.172
+ }
+ address-group DT_FW48814_3 {
+ address 77.68.77.219
+ }
+ address-group DT_FW49897_1 {
+ address 185.132.36.7
+ }
+ address-group DT_FW56335_2 {
+ address 88.208.198.92
+ }
+ address-group DT_FW56496_1 {
+ address 77.68.51.202
+ address 77.68.101.64
+ }
+ address-group DT_FW62858_12 {
+ address 77.68.77.145
+ }
+ address-group DT_FW63230_1 {
+ address 77.68.76.220
+ }
+ address-group DT_FW66347_1 {
+ address 77.68.92.186
+ }
+ address-group DT_FW73215_1 {
+ address 213.171.209.217
+ }
+ address-group DT_FW73573_1 {
+ address 77.68.76.249
+ }
+ address-group DT_FW73573_2 {
+ address 77.68.77.62
+ }
+ address-group DT_FW78137_1 {
+ address 77.68.34.50
+ }
+ address-group DT_FW81138_1 {
+ address 77.68.77.59
+ }
+ address-group DT_FW81286_1 {
+ address 77.68.77.243
+ }
+ address-group DT_FW85040_1 {
+ address 77.68.5.187
+ }
+ address-group DT_FW85619_1 {
+ address 77.68.127.172
+ }
+ address-group DT_FW89619_1 {
+ address 77.68.76.253
+ }
+ address-group DT_FW98818_1 {
+ address 88.208.197.129
+ }
+ address-group DT_FWA0AA0_1 {
+ address 77.68.113.164
+ }
+ address-group DT_FWA0B7F_1 {
+ address 185.132.39.44
+ }
+ address-group DT_FWA2FF8_4 {
+ address 77.68.76.231
+ }
+ address-group DT_FWA3EA3_1 {
+ address 77.68.77.42
+ }
+ address-group DT_FWA4BC8_1 {
+ address 77.68.112.75
+ }
+ address-group DT_FWA5D67_1 {
+ address 185.132.37.133
+ }
+ address-group DT_FWA7A50_1 {
+ address 77.68.27.57
+ address 77.68.118.102
+ }
+ address-group DT_FWA69A0_1 {
+ address 213.171.212.90
+ }
+ address-group DT_FWA076E_1 {
+ address 77.68.76.19
+ }
+ address-group DT_FWA83DF_1 {
+ address 77.68.7.123
+ }
+ address-group DT_FWA86A4_1 {
+ address 109.228.56.97
+ }
+ address-group DT_FWA86ED_101 {
+ address 77.68.85.172
+ address 109.228.38.171
+ address 88.208.199.233
+ }
+ address-group DT_FWA373F_1 {
+ address 77.68.76.171
+ }
+ address-group DT_FWA0531_1 {
+ address 213.171.215.252
+ }
+ address-group DT_FWA884B_5 {
+ address 88.208.199.249
+ }
+ address-group DT_FWA7625_1 {
+ address 213.171.215.43
+ }
+ address-group DT_FWAA38E_1 {
+ address 77.68.93.164
+ }
+ address-group DT_FWAB44B_1 {
+ address 185.132.37.47
+ }
+ address-group DT_FWAE88B_1 {
+ address 77.68.125.218
+ }
+ address-group DT_FWAF6E8_1 {
+ address 77.68.76.115
+ }
+ address-group DT_FWAFF0A_1 {
+ address 77.68.91.195
+ }
+ address-group DT_FWB2CD2_1 {
+ address 77.68.72.254
+ }
+ address-group DT_FWB28B6_5 {
+ address 77.68.77.209
+ }
+ address-group DT_FWB36A0_1 {
+ address 77.68.77.108
+ }
+ address-group DT_FWB118A_1 {
+ address 77.68.48.14
+ }
+ address-group DT_FWB4438_2 {
+ address 88.208.215.61
+ }
+ address-group DT_FWB6101_1 {
+ address 88.208.215.62
+ }
+ address-group DT_FWB9699_7 {
+ address 77.68.76.123
+ }
+ address-group DT_FWB9699_11 {
+ address 77.68.77.165
+ }
+ address-group DT_FWBB718_1 {
+ address 77.68.77.71
+ }
+ address-group DT_FWBC8A6_1 {
+ address 77.68.112.175
+ }
+ address-group DT_FWBC280_1 {
+ address 77.68.100.167
+ }
+ address-group DT_FWBD9D0_1 {
+ address 77.68.120.31
+ }
+ address-group DT_FWBE878_1 {
+ address 213.171.212.172
+ }
+ address-group DT_FWBED52_1 {
+ address 77.68.112.213
+ }
+ address-group DT_FWBF494_1 {
+ address 77.68.76.209
+ }
+ address-group DT_FWBFC02_1 {
+ address 77.68.112.90
+ }
+ address-group DT_FWBFDED_1 {
+ address 77.68.76.30
+ }
+ address-group DT_FWC0CE0_1 {
+ address 77.68.112.184
+ }
+ address-group DT_FWC1ACD_1 {
+ address 77.68.85.18
+ }
+ address-group DT_FWC2D30_1 {
+ address 77.68.76.48
+ }
+ address-group DT_FWC2EF2_1 {
+ address 77.68.17.200
+ }
+ address-group DT_FWC2EF2_2 {
+ address 77.68.17.200
+ }
+ address-group DT_FWC7D36_1 {
+ address 77.68.76.126
+ }
+ address-group DT_FWC8E8E_1 {
+ address 77.68.28.207
+ }
+ address-group DT_FWC32BE_1 {
+ address 77.68.117.173
+ }
+ address-group DT_FWC37B9_1 {
+ address 77.68.28.139
+ }
+ address-group DT_FWC055A_1 {
+ address 77.68.77.30
+ }
+ address-group DT_FWC72E5_1 {
+ address 77.68.103.227
+ }
+ address-group DT_FWC96A1_1 {
+ address 77.68.75.253
+ }
+ address-group DT_FWC1315_1 {
+ address 77.68.4.57
+ }
+ address-group DT_FWC3921_1 {
+ address 77.68.76.164
+ }
+ address-group DT_FWC6301_1 {
+ address 77.68.34.26
+ }
+ address-group DT_FWCA628_1 {
+ address 185.132.39.99
+ }
+ address-group DT_FWCB0CF_7 {
+ address 77.68.77.163
+ }
+ address-group DT_FWCB29D_1 {
+ address 88.208.197.23
+ }
+ address-group DT_FWCC18F_2 {
+ address 77.68.76.59
+ }
+ address-group DT_FWCD7CE_1 {
+ address 77.68.77.56
+ }
+ address-group DT_FWCDBC7_1 {
+ address 77.68.77.141
+ }
+ address-group DT_FWCDD8B_1 {
+ address 185.132.37.23
+ }
+ address-group DT_FWCE020_1 {
+ address 77.68.48.202
+ }
+ address-group DT_FWD0E22_4 {
+ address 77.68.77.99
+ }
+ address-group DT_FWD4A27_1 {
+ address 77.68.76.244
+ }
+ address-group DT_FWD7EAB_1 {
+ address 77.68.7.67
+ }
+ address-group DT_FWD8DD1_2 {
+ address 213.171.210.155
+ }
+ address-group DT_FWD42CF_1 {
+ address 185.132.38.114
+ }
+ address-group DT_FWD56A2_1 {
+ address 213.171.213.31
+ }
+ address-group DT_FWD61BF_1 {
+ address 88.208.199.46
+ }
+ address-group DT_FWD338A_1 {
+ address 77.68.77.69
+ }
+ address-group DT_FWD498E_1 {
+ address 109.228.39.41
+ }
+ address-group DT_FWD2082_1 {
+ address 77.68.76.94
+ }
+ address-group DT_FWD2440_1 {
+ address 77.68.114.136
+ }
+ address-group DT_FWD3431_2 {
+ address 77.68.77.105
+ }
+ address-group DT_FWD7382_1 {
+ address 185.132.40.11
+ }
+ address-group DT_FWDA443_6 {
+ address 77.68.34.28
+ }
+ address-group DT_FWDAA4F_1 {
+ address 77.68.76.124
+ }
+ address-group DT_FWDAF47_1 {
+ address 77.68.23.35
+ }
+ address-group DT_FWDCA36_3 {
+ address 77.68.77.81
+ }
+ address-group DT_FWDD089_5 {
+ address 77.68.77.21
+ }
+ address-group DT_FWDEDB9_1 {
+ address 77.68.22.146
+ }
+ address-group DT_FWE2AB5_8 {
+ address 77.68.26.166
+ }
+ address-group DT_FWE3E77_1 {
+ address 77.68.76.49
+ }
+ address-group DT_FWE6AB2_1 {
+ address 185.132.40.166
+ }
+ address-group DT_FWE9F7D_1 {
+ address 77.68.32.118
+ }
+ address-group DT_FWE012D_1 {
+ address 77.68.77.190
+ }
+ address-group DT_FWE30A1_4 {
+ address 77.68.33.48
+ }
+ address-group DT_FWE32F2_8 {
+ address 77.68.82.157
+ }
+ address-group DT_FWE47DA_1 {
+ address 77.68.91.128
+ }
+ address-group DT_FWE57AD_1 {
+ address 109.228.56.26
+ }
+ address-group DT_FWE928F_1 {
+ address 77.68.77.129
+ }
+ address-group DT_FWE7180_1 {
+ address 77.68.123.177
+ }
+ address-group DT_FWEAE53_1 {
+ address 77.68.26.216
+ }
+ address-group DT_FWEB321_1 {
+ address 77.68.4.74
+ }
+ address-group DT_FWECBFB_14 {
+ address 77.68.77.44
+ }
+ address-group DT_FWEE03C_1 {
+ address 77.68.116.232
+ }
+ address-group DT_FWEEC75_1 {
+ address 77.68.76.29
+ }
+ address-group DT_FWEF92E_5 {
+ address 77.68.77.57
+ }
+ address-group DT_FWEF92E_6 {
+ address 77.68.77.70
+ }
+ address-group DT_FWEF92E_7 {
+ address 77.68.77.149
+ }
+ address-group DT_FWF3A1B_1 {
+ address 109.228.52.186
+ }
+ address-group DT_FWF7B68_1 {
+ address 77.68.77.231
+ }
+ address-group DT_FWF7BFA_1 {
+ address 77.68.120.45
+ }
+ address-group DT_FWF8E67_1 {
+ address 77.68.85.115
+ }
+ address-group DT_FWF8F85_1 {
+ address 109.228.36.229
+ }
+ address-group DT_FWF9C28_2 {
+ address 77.68.84.155
+ }
+ address-group DT_FWF9C28_4 {
+ address 77.68.28.145
+ }
+ address-group DT_FWF19FB_2 {
+ address 77.68.76.212
+ }
+ address-group DT_FWF30BD_1 {
+ address 77.68.14.88
+ }
+ address-group DT_FWF48EB_1 {
+ address 77.68.76.21
+ }
+ address-group DT_FWF0221_1 {
+ address 185.132.36.60
+ address 185.132.40.244
+ }
+ address-group DT_FWF323F_1 {
+ address 185.132.39.109
+ }
+ address-group DT_FWF699D_4 {
+ address 185.132.40.90
+ }
+ address-group DT_FWF791C_1 {
+ address 77.68.90.132
+ }
+ address-group DT_FWF879C_1 {
+ address 77.68.76.169
+ }
+ address-group DT_FWF3574_1 {
+ address 77.68.76.191
+ }
+ address-group DT_FWF4063_1 {
+ address 77.68.32.254
+ }
+ address-group DT_FWFD9AF_9 {
+ address 77.68.77.24
+ }
+ address-group DT_FWFDCC7_1 {
+ address 109.228.59.247
+ }
+ address-group DT_FWFDD94_15 {
+ address 77.68.76.161
+ }
+ address-group DT_FWFDE34_1 {
+ address 185.132.38.182
+ }
+ address-group DT_FWFEF05_1 {
+ address 88.208.197.150
+ }
+ address-group DT_H71F96 {
+ address 77.68.23.112
+ }
+ address-group DT_SMTP_BLOCKED {
+ address 172.16.255.254
+ address 77.68.77.209
+ address 77.68.76.148
+ address 77.68.77.211
+ address 77.68.21.78
+ address 77.68.77.247
+ address 77.68.77.203
+ address 77.68.77.68
+ address 77.68.77.43
+ address 77.68.77.165
+ address 77.68.76.145
+ address 77.68.76.239
+ address 77.68.77.67
+ address 77.68.76.177
+ address 77.68.77.117
+ address 77.68.76.50
+ address 77.68.76.158
+ address 77.68.76.22
+ address 77.68.76.123
+ address 77.68.76.251
+ address 77.68.77.63
+ address 77.68.7.186
+ address 77.68.93.246
+ address 77.68.4.252
+ address 77.68.76.30
+ address 77.68.76.77
+ address 77.68.76.31
+ address 77.68.77.248
+ address 77.68.3.52
+ address 77.68.76.88
+ address 213.171.214.234
+ address 185.132.39.219
+ address 77.68.5.155
+ address 77.68.80.97
+ address 77.68.101.124
+ address 77.68.76.111
+ address 77.68.76.42
+ address 77.68.77.120
+ address 77.68.76.183
+ address 88.208.197.160
+ address 88.208.197.10
+ address 77.68.76.250
+ address 77.68.77.219
+ address 77.68.77.152
+ address 77.68.76.60
+ }
+ address-group DT_VPN-2661 {
+ address 185.132.40.90
+ }
+ address-group DT_VPN-3575 {
+ address 77.68.77.202
+ }
+ address-group DT_VPN-6103 {
+ address 77.68.77.21
+ }
+ address-group DT_VPN-7030 {
+ address 77.68.77.44
+ }
+ address-group DT_VPN-7902 {
+ address 77.68.77.43
+ }
+ address-group DT_VPN-8159 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-8203 {
+ address 77.68.77.202
+ }
+ address-group DT_VPN-8625 {
+ address 77.68.94.181
+ }
+ address-group DT_VPN-9415 {
+ address 77.68.76.114
+ }
+ address-group DT_VPN-9484 {
+ address 77.68.77.76
+ address 77.68.76.120
+ }
+ address-group DT_VPN-9727 {
+ address 185.132.40.90
+ }
+ address-group DT_VPN-9749 {
+ address 213.171.212.89
+ address 77.68.76.44
+ address 77.68.77.239
+ address 213.171.212.114
+ address 77.68.103.56
+ }
+ address-group DT_VPN-9765 {
+ address 77.68.76.50
+ }
+ address-group DT_VPN-10131 {
+ address 77.68.76.110
+ }
+ address-group DT_VPN-11083 {
+ address 213.171.212.89
+ address 77.68.76.44
+ address 77.68.77.239
+ address 213.171.212.114
+ address 77.68.103.56
+ }
+ address-group DT_VPN-11913 {
+ address 77.68.76.60
+ }
+ address-group DT_VPN-12870 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-12899 {
+ address 77.68.77.95
+ }
+ address-group DT_VPN-13261 {
+ address 77.68.77.76
+ address 77.68.76.120
+ }
+ address-group DT_VPN-13983 {
+ address 77.68.3.52
+ }
+ address-group DT_VPN-14649 {
+ address 77.68.76.161
+ }
+ address-group DT_VPN-14657 {
+ address 77.68.76.161
+ }
+ address-group DT_VPN-14658 {
+ address 77.68.76.161
+ }
+ address-group DT_VPN-14673 {
+ address 77.68.76.161
+ }
+ address-group DT_VPN-15625 {
+ address 77.68.77.44
+ }
+ address-group DT_VPN-15950 {
+ address 77.68.101.124
+ }
+ address-group DT_VPN-15951 {
+ address 77.68.118.120
+ address 77.68.27.211
+ address 109.228.37.187
+ }
+ address-group DT_VPN-15960 {
+ address 77.68.101.124
+ }
+ address-group DT_VPN-16402 {
+ address 109.228.39.151
+ }
+ address-group DT_VPN-16450 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-17207 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-17558 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-18646 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-18647 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-18830 {
+ address 77.68.118.120
+ address 77.68.27.211
+ address 109.228.37.187
+ }
+ address-group DT_VPN-19135 {
+ address 109.228.39.151
+ }
+ address-group DT_VPN-19474 {
+ address 77.68.118.120
+ address 77.68.27.211
+ address 109.228.37.187
+ }
+ address-group DT_VPN-19807 {
+ address 77.68.76.198
+ }
+ address-group DT_VPN-19992 {
+ address 77.68.25.124
+ }
+ address-group DT_VPN-20306 {
+ address 77.68.77.248
+ }
+ address-group DT_VPN-21673 {
+ address 77.68.15.95
+ address 77.68.75.64
+ }
+ address-group DT_VPN-21821 {
+ address 77.68.15.95
+ address 77.68.75.64
+ }
+ address-group DT_VPN-21822 {
+ address 77.68.15.95
+ address 77.68.75.64
+ }
+ address-group DT_VPN-21876 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-21982 {
+ address 77.68.15.95
+ address 77.68.75.64
+ }
+ address-group DT_VPN-23209 {
+ address 77.68.77.24
+ }
+ address-group DT_VPN-23729 {
+ address 77.68.118.120
+ address 77.68.27.211
+ address 109.228.37.187
+ }
+ address-group DT_VPN-23733 {
+ address 77.68.118.120
+ address 77.68.27.211
+ address 109.228.37.187
+ }
+ address-group DT_VPN-23734 {
+ address 77.68.118.120
+ address 77.68.27.211
+ address 109.228.37.187
+ }
+ address-group DT_VPN-23738 {
+ address 77.68.118.120
+ address 77.68.27.211
+ address 109.228.37.187
+ }
+ address-group DT_VPN-23946 {
+ address 77.68.77.44
+ }
+ address-group DT_VPN-24398 {
+ address 77.68.76.118
+ }
+ address-group DT_VPN-24589 {
+ address 77.68.76.118
+ }
+ address-group DT_VPN-24591 {
+ address 77.68.76.118
+ }
+ address-group DT_VPN-24592 {
+ address 77.68.76.118
+ }
+ address-group DT_VPN-24593 {
+ address 77.68.76.118
+ }
+ address-group DT_VPN-24594 {
+ address 77.68.76.118
+ }
+ address-group DT_VPN-24595 {
+ address 77.68.76.118
+ }
+ address-group DT_VPN-25822 {
+ address 77.68.15.95
+ address 77.68.75.64
+ }
+ address-group DT_VPN-26124 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-26157 {
+ address 77.68.77.205
+ }
+ address-group DT_VPN-26772 {
+ address 185.132.40.90
+ }
+ address-group DT_VPN-28031 {
+ address 77.68.77.44
+ }
+ address-group DT_VPN-28484 {
+ address 77.68.118.120
+ address 77.68.27.211
+ address 109.228.37.187
+ }
+ address-group DT_VPN-28515 {
+ address 77.68.82.157
+ }
+ address-group DT_VPN-29631 {
+ address 77.68.77.44
+ }
+ address-group DT_VPN-30261 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-30262 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-30679 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-30791 {
+ address 77.68.118.120
+ address 77.68.27.211
+ address 109.228.37.187
+ }
+ address-group DT_VPN-31002 {
+ address 109.228.36.119
+ }
+ address-group DT_VPN-31301 {
+ address 88.208.197.10
+ }
+ address-group DT_VPN-32528 {
+ address 77.68.76.118
+ }
+ address-group DT_VPN-33204 {
+ address 77.68.77.163
+ }
+ address-group DT_VPN-34006 {
+ address 77.68.33.216
+ address 77.68.33.37
+ address 77.68.50.90
+ }
+ address-group DT_VPN-34122 {
+ address 77.68.114.237
+ }
+ address-group DT_VPN-34309 {
+ address 77.68.77.44
+ }
+ address-group DT_VPN-34501 {
+ address 77.68.50.142
+ }
+ address-group DT_VPN-34583 {
+ address 77.68.77.145
+ }
+ address-group G-ALL_OPEN {
+ address 172.16.255.254
+ address 77.68.76.208
+ address 77.68.77.251
+ address 109.228.36.174
+ address 77.68.89.72
+ address 77.68.77.29
+ address 185.132.43.6
+ address 109.228.46.196
+ address 185.132.43.98
+ address 185.132.41.148
+ address 77.68.49.126
+ address 77.68.49.178
+ address 77.68.116.84
+ address 185.132.36.56
+ address 77.68.126.160
+ address 213.171.208.176
+ address 88.208.197.155
+ address 88.208.198.69
+ address 77.68.29.65
+ }
+ address-group G-ICMP {
+ address 172.16.255.254
+ address 77.68.76.141
+ address 77.68.76.16
+ address 77.68.76.22
+ address 77.68.76.241
+ address 77.68.77.128
+ address 77.68.77.130
+ address 77.68.77.16
+ address 77.68.77.201
+ address 77.68.77.22
+ address 77.68.77.71
+ address 77.68.76.254
+ address 77.68.5.187
+ address 77.68.94.181
+ address 77.68.76.243
+ address 77.68.92.186
+ address 77.68.76.23
+ address 77.68.26.216
+ address 77.68.76.157
+ address 77.68.76.102
+ address 77.68.76.169
+ address 77.68.76.30
+ address 109.228.39.157
+ address 77.68.76.77
+ address 77.68.7.67
+ address 109.228.55.82
+ address 77.68.95.212
+ address 77.68.85.73
+ address 77.68.117.222
+ address 77.68.125.60
+ address 185.132.43.157
+ address 77.68.114.136
+ address 77.68.77.105
+ address 77.68.33.197
+ address 77.68.23.64
+ address 77.68.112.184
+ address 77.68.49.161
+ address 77.68.76.191
+ address 109.228.56.97
+ address 185.132.37.101
+ address 77.68.76.112
+ address 77.68.117.173
+ address 77.68.33.216
+ address 77.68.33.37
+ address 77.68.50.90
+ address 77.68.16.247
+ address 77.68.76.212
+ address 77.68.77.185
+ address 77.68.77.238
+ }
+ address-group G-20-TCP {
+ address 172.16.255.254
+ address 77.68.76.80
+ address 77.68.77.253
+ address 77.68.86.148
+ address 77.68.77.248
+ address 77.68.79.206
+ address 109.228.40.222
+ address 77.68.24.172
+ address 77.68.77.144
+ address 77.68.76.112
+ }
+ address-group G-21-TCP {
+ address 172.16.255.254
+ address 77.68.76.104
+ address 77.68.76.127
+ address 77.68.76.136
+ address 77.68.76.141
+ address 77.68.76.187
+ address 77.68.76.195
+ address 77.68.76.203
+ address 77.68.76.209
+ address 77.68.76.217
+ address 77.68.76.22
+ address 77.68.76.220
+ address 77.68.76.235
+ address 77.68.76.245
+ address 77.68.76.38
+ address 77.68.76.54
+ address 77.68.76.75
+ address 77.68.76.80
+ address 77.68.76.91
+ address 77.68.76.94
+ address 77.68.77.107
+ address 77.68.77.128
+ address 77.68.77.137
+ address 77.68.77.150
+ address 77.68.77.151
+ address 77.68.77.171
+ address 77.68.77.200
+ address 77.68.77.201
+ address 77.68.77.207
+ address 77.68.77.22
+ address 77.68.77.236
+ address 77.68.77.240
+ address 77.68.77.253
+ address 77.68.77.32
+ address 77.68.77.49
+ address 77.68.77.50
+ address 77.68.77.56
+ address 77.68.77.63
+ address 77.68.77.71
+ address 77.68.77.81
+ address 77.68.77.85
+ address 77.68.77.92
+ address 77.68.77.97
+ address 77.68.77.99
+ address 77.68.77.190
+ address 77.68.77.103
+ address 77.68.76.26
+ address 77.68.76.107
+ address 77.68.76.148
+ address 77.68.76.19
+ address 77.68.77.192
+ address 77.68.77.157
+ address 77.68.91.195
+ address 77.68.77.211
+ address 109.228.56.185
+ address 77.68.84.147
+ address 77.68.77.74
+ address 77.68.4.74
+ address 77.68.30.133
+ address 77.68.28.145
+ address 77.68.26.216
+ address 77.68.77.130
+ address 77.68.116.119
+ address 77.68.116.220
+ address 109.228.56.26
+ address 77.68.7.123
+ address 77.68.84.155
+ address 77.68.86.40
+ address 77.68.120.241
+ address 77.68.122.89
+ address 77.68.10.142
+ address 77.68.122.241
+ address 77.68.6.105
+ address 77.68.17.186
+ address 77.68.95.42
+ address 77.68.22.146
+ address 77.68.4.252
+ address 109.228.36.229
+ address 109.228.40.207
+ address 77.68.31.144
+ address 109.228.37.174
+ address 109.228.37.114
+ address 77.68.112.75
+ address 77.68.77.160
+ address 77.68.76.152
+ address 77.68.7.67
+ address 77.68.113.117
+ address 77.68.86.148
+ address 77.68.23.35
+ address 109.228.40.194
+ address 77.68.90.132
+ address 77.68.77.26
+ address 77.68.76.95
+ address 77.68.120.26
+ address 109.228.61.31
+ address 77.68.120.249
+ address 77.68.6.210
+ address 213.171.213.41
+ address 77.68.77.248
+ address 213.171.215.184
+ address 77.68.25.146
+ address 213.171.210.19
+ address 213.171.213.242
+ address 109.228.48.249
+ address 109.228.40.195
+ address 77.68.127.172
+ address 77.68.79.206
+ address 77.68.28.147
+ address 185.132.36.148
+ address 185.132.37.83
+ address 77.68.117.51
+ address 77.68.25.124
+ address 77.68.13.137
+ address 109.228.52.186
+ address 185.132.36.24
+ address 77.68.77.69
+ address 109.228.40.222
+ address 77.68.87.212
+ address 185.132.39.99
+ address 109.228.38.201
+ address 185.132.39.219
+ address 77.68.28.139
+ address 77.68.81.218
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 185.132.41.73
+ address 77.68.76.45
+ address 77.68.77.215
+ address 77.68.77.214
+ address 77.68.79.89
+ address 77.68.76.21
+ address 77.68.33.68
+ address 77.68.80.97
+ address 77.68.77.65
+ address 185.132.41.148
+ address 77.68.24.172
+ address 77.68.5.95
+ address 77.68.5.125
+ address 213.171.208.40
+ address 77.68.76.40
+ address 77.68.113.164
+ address 77.68.114.93
+ address 185.132.36.60
+ address 185.132.40.244
+ address 213.171.214.102
+ address 88.208.197.160
+ address 88.208.196.123
+ address 77.68.77.144
+ address 77.68.126.14
+ address 77.68.76.171
+ address 88.208.198.69
+ address 77.68.34.139
+ address 88.208.212.31
+ address 77.68.76.112
+ address 77.68.76.228
+ address 77.68.77.75
+ address 88.208.198.66
+ address 77.68.77.219
+ address 77.68.77.204
+ address 77.68.4.25
+ address 77.68.7.114
+ address 77.68.123.177
+ address 77.68.114.237
+ address 77.68.77.222
+ address 77.68.112.83
+ address 185.132.37.47
+ address 77.68.77.238
+ }
+ address-group G-22-TCP {
+ address 172.16.255.254
+ address 77.68.76.104
+ address 77.68.76.105
+ address 77.68.76.115
+ address 77.68.76.122
+ address 77.68.76.126
+ address 77.68.76.127
+ address 77.68.76.136
+ address 77.68.76.141
+ address 77.68.76.145
+ address 77.68.76.148
+ address 77.68.76.158
+ address 77.68.76.164
+ address 77.68.76.177
+ address 77.68.76.187
+ address 77.68.76.195
+ address 77.68.76.197
+ address 77.68.76.20
+ address 77.68.76.200
+ address 77.68.76.209
+ address 77.68.76.217
+ address 77.68.76.22
+ address 77.68.76.235
+ address 77.68.76.239
+ address 77.68.76.245
+ address 77.68.76.247
+ address 77.68.76.25
+ address 77.68.76.251
+ address 77.68.76.252
+ address 77.68.76.33
+ address 77.68.76.37
+ address 77.68.76.38
+ address 77.68.76.49
+ address 77.68.76.54
+ address 77.68.76.55
+ address 77.68.76.57
+ address 77.68.76.61
+ address 77.68.76.74
+ address 77.68.76.80
+ address 77.68.76.99
+ address 77.68.77.100
+ address 77.68.77.103
+ address 77.68.77.107
+ address 77.68.77.108
+ address 77.68.77.117
+ address 77.68.77.124
+ address 77.68.77.128
+ address 77.68.77.129
+ address 77.68.77.130
+ address 77.68.77.137
+ address 77.68.77.139
+ address 77.68.77.140
+ address 77.68.77.141
+ address 77.68.77.150
+ address 77.68.77.151
+ address 77.68.77.159
+ address 77.68.77.171
+ address 77.68.77.176
+ address 77.68.77.19
+ address 77.68.77.190
+ address 77.68.77.200
+ address 77.68.77.201
+ address 77.68.77.203
+ address 77.68.77.207
+ address 77.68.77.211
+ address 77.68.77.212
+ address 77.68.77.22
+ address 77.68.77.221
+ address 77.68.77.227
+ address 77.68.77.240
+ address 77.68.77.243
+ address 77.68.77.247
+ address 77.68.77.253
+ address 77.68.77.32
+ address 77.68.77.33
+ address 77.68.77.37
+ address 77.68.77.43
+ address 77.68.77.49
+ address 77.68.77.50
+ address 77.68.77.53
+ address 77.68.77.56
+ address 77.68.77.67
+ address 77.68.77.68
+ address 77.68.77.77
+ address 77.68.77.79
+ address 77.68.77.81
+ address 77.68.77.85
+ address 77.68.77.88
+ address 77.68.77.92
+ address 77.68.77.99
+ address 77.68.76.110
+ address 77.68.76.76
+ address 77.68.76.211
+ address 77.68.76.19
+ address 77.68.77.74
+ address 77.68.76.165
+ address 77.68.77.254
+ address 77.68.77.157
+ address 77.68.76.138
+ address 77.68.76.139
+ address 77.68.76.124
+ address 77.68.76.243
+ address 77.68.76.114
+ address 77.68.76.244
+ address 77.68.77.192
+ address 77.68.77.161
+ address 77.68.91.195
+ address 77.68.17.26
+ address 77.68.28.145
+ address 77.68.84.147
+ address 109.228.56.185
+ address 77.68.26.166
+ address 77.68.12.195
+ address 77.68.29.178
+ address 77.68.5.187
+ address 77.68.7.227
+ address 77.68.4.24
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.5.241
+ address 77.68.4.39
+ address 77.68.81.44
+ address 77.68.90.106
+ address 77.68.27.54
+ address 77.68.30.133
+ address 77.68.4.136
+ address 77.68.24.112
+ address 77.68.92.186
+ address 77.68.20.161
+ address 77.68.26.216
+ address 77.68.20.231
+ address 77.68.118.17
+ address 77.68.116.119
+ address 77.68.116.232
+ address 77.68.7.172
+ address 77.68.116.221
+ address 77.68.89.183
+ address 77.68.83.41
+ address 77.68.86.40
+ address 77.68.88.164
+ address 109.228.56.26
+ address 77.68.7.123
+ address 77.68.112.248
+ address 109.228.60.215
+ address 77.68.7.186
+ address 77.68.93.246
+ address 77.68.120.241
+ address 77.68.121.106
+ address 77.68.122.195
+ address 77.68.122.89
+ address 77.68.122.241
+ address 77.68.81.141
+ address 77.68.116.52
+ address 77.68.6.32
+ address 77.68.76.229
+ address 77.68.28.207
+ address 77.68.4.252
+ address 77.68.17.186
+ address 77.68.24.220
+ address 77.68.22.146
+ address 77.68.23.112
+ address 77.68.125.32
+ address 77.68.72.202
+ address 109.228.36.229
+ address 77.68.31.144
+ address 77.68.2.215
+ address 77.68.117.142
+ address 77.68.5.166
+ address 77.68.76.102
+ address 109.228.37.174
+ address 109.228.37.114
+ address 77.68.76.169
+ address 109.228.37.240
+ address 77.68.112.75
+ address 77.68.77.160
+ address 109.228.39.249
+ address 77.68.76.77
+ address 109.228.40.226
+ address 77.68.7.67
+ address 77.68.126.51
+ address 77.68.75.113
+ address 77.68.86.148
+ address 77.68.23.35
+ address 77.68.114.183
+ address 109.228.40.194
+ address 77.68.76.31
+ address 77.68.90.132
+ address 77.68.77.26
+ address 77.68.76.96
+ address 77.68.77.30
+ address 77.68.76.95
+ address 77.68.10.170
+ address 77.68.120.26
+ address 109.228.61.31
+ address 77.68.76.59
+ address 213.171.213.41
+ address 77.68.77.248
+ address 213.171.212.171
+ address 77.68.4.22
+ address 77.68.119.14
+ address 213.171.215.184
+ address 77.68.77.202
+ address 77.68.25.146
+ address 213.171.213.31
+ address 77.68.78.229
+ address 77.68.77.102
+ address 213.171.210.19
+ address 77.68.24.59
+ address 213.171.213.97
+ address 213.171.213.242
+ address 109.228.48.249
+ address 109.228.40.195
+ address 77.68.120.229
+ address 77.68.79.206
+ address 77.68.123.250
+ address 77.68.28.147
+ address 185.132.36.142
+ address 213.171.212.172
+ address 185.132.36.148
+ address 213.171.208.58
+ address 77.68.25.130
+ address 185.132.38.142
+ address 109.228.56.242
+ address 109.228.46.81
+ address 185.132.38.95
+ address 185.132.37.83
+ address 77.68.117.51
+ address 77.68.116.36
+ address 77.68.120.45
+ address 213.171.210.59
+ address 213.171.215.43
+ address 185.132.37.102
+ address 109.228.42.232
+ address 109.228.52.186
+ address 77.68.9.186
+ address 77.68.13.76
+ address 109.228.36.194
+ address 185.132.36.24
+ address 77.68.77.69
+ address 185.132.39.129
+ address 185.132.36.17
+ address 109.228.40.222
+ address 77.68.74.39
+ address 77.68.118.104
+ address 213.171.212.136
+ address 77.68.120.31
+ address 77.68.74.152
+ address 185.132.39.37
+ address 77.68.87.212
+ address 77.68.119.188
+ address 77.68.74.85
+ address 77.68.91.22
+ address 77.68.76.88
+ address 77.68.4.242
+ address 77.68.76.181
+ address 77.68.76.161
+ address 109.228.35.84
+ address 185.132.39.99
+ address 77.68.95.212
+ address 77.68.85.73
+ address 77.68.76.219
+ address 77.68.27.27
+ address 77.68.3.194
+ address 77.68.3.144
+ address 77.68.3.80
+ address 77.68.27.28
+ address 77.68.3.247
+ address 77.68.3.161
+ address 77.68.27.18
+ address 77.68.3.121
+ address 213.171.214.234
+ address 185.132.39.219
+ address 77.68.28.139
+ address 77.68.81.218
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 213.171.211.128
+ address 77.68.5.155
+ address 185.132.41.73
+ address 213.171.214.167
+ address 185.132.43.28
+ address 213.171.213.42
+ address 77.68.76.45
+ address 185.132.41.72
+ address 185.132.43.157
+ address 185.132.40.56
+ address 185.132.37.23
+ address 77.68.117.29
+ address 77.68.75.253
+ address 77.68.11.140
+ address 77.68.77.215
+ address 77.68.20.217
+ address 77.68.76.198
+ address 77.68.77.214
+ address 213.171.210.177
+ address 185.132.38.114
+ address 77.68.33.48
+ address 77.68.32.89
+ address 77.68.32.86
+ address 77.68.34.138
+ address 77.68.32.83
+ address 77.68.75.45
+ address 77.68.76.176
+ address 185.132.43.164
+ address 77.68.76.137
+ address 185.132.40.152
+ address 77.68.33.68
+ address 77.68.93.125
+ address 77.68.24.134
+ address 185.132.38.248
+ address 77.68.32.43
+ address 77.68.120.218
+ address 77.68.112.167
+ address 77.68.32.31
+ address 77.68.32.254
+ address 77.68.80.26
+ address 77.68.80.97
+ address 77.68.121.119
+ address 77.68.74.209
+ address 77.68.77.65
+ address 185.132.43.6
+ address 109.228.46.196
+ address 185.132.43.98
+ address 185.132.41.148
+ address 77.68.24.172
+ address 77.68.33.197
+ address 213.171.210.25
+ address 77.68.5.95
+ address 77.68.23.64
+ address 77.68.101.125
+ address 77.68.5.125
+ address 77.68.100.167
+ address 109.228.59.247
+ address 77.68.35.116
+ address 77.68.33.171
+ address 77.68.48.105
+ address 77.68.48.81
+ address 77.68.49.4
+ address 109.228.36.119
+ address 77.68.121.127
+ address 77.68.82.147
+ address 77.68.49.12
+ address 77.68.8.144
+ address 77.68.116.183
+ address 77.68.103.19
+ address 77.68.50.91
+ address 77.68.24.63
+ address 77.68.118.15
+ address 77.68.50.198
+ address 77.68.49.160
+ address 77.68.49.161
+ address 77.68.76.191
+ address 77.68.76.40
+ address 77.68.113.164
+ address 77.68.77.42
+ address 77.68.100.134
+ address 77.68.100.132
+ address 77.68.114.93
+ address 185.132.36.60
+ address 185.132.40.244
+ address 77.68.85.18
+ address 77.68.50.193
+ address 77.68.89.247
+ address 88.208.197.10
+ address 77.68.102.129
+ address 109.228.36.79
+ address 185.132.38.182
+ address 185.132.41.240
+ address 77.68.51.214
+ address 88.208.196.123
+ address 77.68.126.22
+ address 213.171.212.90
+ address 77.68.114.205
+ address 77.68.48.202
+ address 77.68.112.175
+ address 77.68.112.90
+ address 185.132.40.166
+ address 77.68.103.120
+ address 77.68.103.147
+ address 77.68.33.24
+ address 109.228.58.134
+ address 109.228.47.223
+ address 109.228.56.97
+ address 77.68.103.227
+ address 88.208.196.92
+ address 88.208.196.154
+ address 185.132.39.44
+ address 77.68.76.248
+ address 88.208.198.92
+ address 77.68.77.144
+ address 77.68.126.14
+ address 88.208.196.91
+ address 77.68.100.77
+ address 185.132.37.101
+ address 77.68.87.164
+ address 77.68.76.120
+ address 77.68.93.164
+ address 77.68.76.171
+ address 88.208.197.135
+ address 88.208.197.118
+ address 88.208.197.150
+ address 77.68.34.139
+ address 213.171.213.175
+ address 77.68.21.171
+ address 88.208.197.60
+ address 109.228.37.10
+ address 88.208.215.61
+ address 88.208.212.31
+ address 109.228.53.243
+ address 77.68.48.89
+ address 88.208.212.188
+ address 88.208.198.251
+ address 88.208.215.19
+ address 77.68.76.228
+ address 109.228.39.41
+ address 77.68.115.142
+ address 77.68.78.73
+ address 213.171.214.96
+ address 88.208.198.66
+ address 77.68.3.61
+ address 77.68.77.219
+ address 77.68.26.228
+ address 77.68.4.25
+ address 77.68.7.114
+ address 77.68.123.177
+ address 77.68.77.222
+ address 77.68.112.83
+ address 77.68.117.214
+ address 88.208.199.141
+ address 185.132.39.109
+ address 185.132.37.47
+ address 77.68.102.5
+ address 77.68.16.247
+ address 88.208.212.94
+ address 77.68.72.254
+ address 109.228.61.37
+ address 77.68.50.142
+ address 77.68.78.113
+ address 88.208.212.182
+ address 185.132.40.124
+ address 88.208.197.208
+ address 88.208.197.129
+ address 77.68.77.238
+ address 77.68.79.82
+ address 185.132.38.216
+ }
+ address-group G-25-TCP {
+ address 172.16.255.254
+ address 77.68.76.115
+ address 77.68.76.141
+ address 77.68.76.187
+ address 77.68.76.195
+ address 77.68.76.197
+ address 77.68.76.203
+ address 77.68.76.209
+ address 77.68.76.55
+ address 77.68.76.57
+ address 77.68.76.75
+ address 77.68.76.91
+ address 77.68.76.99
+ address 77.68.77.107
+ address 77.68.77.129
+ address 77.68.77.130
+ address 77.68.77.141
+ address 77.68.77.150
+ address 77.68.77.159
+ address 77.68.77.171
+ address 77.68.77.176
+ address 77.68.77.207
+ address 77.68.77.22
+ address 77.68.77.236
+ address 77.68.77.240
+ address 77.68.77.243
+ address 77.68.77.32
+ address 77.68.77.33
+ address 77.68.77.49
+ address 77.68.77.50
+ address 77.68.77.56
+ address 77.68.77.63
+ address 77.68.77.81
+ address 77.68.77.85
+ address 77.68.77.92
+ address 77.68.77.97
+ address 77.68.77.99
+ address 77.68.77.77
+ address 77.68.76.19
+ address 77.68.77.192
+ address 77.68.77.254
+ address 77.68.76.139
+ address 77.68.84.147
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.81.44
+ address 77.68.30.133
+ address 77.68.77.74
+ address 77.68.77.100
+ address 77.68.92.186
+ address 77.68.76.114
+ address 77.68.116.119
+ address 77.68.116.221
+ address 77.68.116.220
+ address 109.228.56.26
+ address 77.68.7.123
+ address 77.68.120.241
+ address 109.228.60.215
+ address 77.68.7.172
+ address 77.68.116.52
+ address 77.68.91.128
+ address 77.68.24.112
+ address 77.68.76.94
+ address 109.228.37.114
+ address 77.68.112.75
+ address 77.68.77.160
+ address 77.68.7.67
+ address 77.68.113.117
+ address 77.68.126.51
+ address 77.68.86.148
+ address 77.68.23.35
+ address 77.68.77.30
+ address 77.68.76.95
+ address 77.68.10.170
+ address 213.171.213.41
+ address 213.171.215.184
+ address 77.68.25.146
+ address 213.171.213.31
+ address 77.68.78.229
+ address 213.171.210.19
+ address 77.68.79.206
+ address 213.171.215.252
+ address 109.228.52.186
+ address 77.68.77.69
+ address 109.228.40.222
+ address 77.68.87.212
+ address 185.132.39.99
+ address 77.68.85.73
+ address 77.68.28.139
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 185.132.43.28
+ address 185.132.37.23
+ address 77.68.77.215
+ address 77.68.77.214
+ address 185.132.38.114
+ address 77.68.33.48
+ address 77.68.79.89
+ address 77.68.76.21
+ address 77.68.76.137
+ address 77.68.80.26
+ address 77.68.5.95
+ address 77.68.100.167
+ address 77.68.4.80
+ address 77.68.49.152
+ address 213.171.208.40
+ address 77.68.112.184
+ address 77.68.115.17
+ address 77.68.82.147
+ address 77.68.118.15
+ address 77.68.76.191
+ address 77.68.50.193
+ address 77.68.102.129
+ address 77.68.76.118
+ address 88.208.198.69
+ address 77.68.34.139
+ address 88.208.197.60
+ address 88.208.212.188
+ address 77.68.76.112
+ address 77.68.77.75
+ address 213.171.214.96
+ address 88.208.198.66
+ address 77.68.77.219
+ address 77.68.77.204
+ address 77.68.76.202
+ address 77.68.123.177
+ address 77.68.77.222
+ address 77.68.112.83
+ address 185.132.37.47
+ address 77.68.77.152
+ address 77.68.77.181
+ address 77.68.77.185
+ address 77.68.77.238
+ address 77.68.79.82
+ }
+ address-group G-53-TCP {
+ address 172.16.255.254
+ address 77.68.94.181
+ address 77.68.28.145
+ address 77.68.84.155
+ address 77.68.78.229
+ address 185.132.39.99
+ address 185.132.43.28
+ address 77.68.77.215
+ address 185.132.40.152
+ address 77.68.49.161
+ address 77.68.76.118
+ }
+ address-group G-53-UDP {
+ address 172.16.255.254
+ address 77.68.76.235
+ address 77.68.76.93
+ address 77.68.77.107
+ address 77.68.77.151
+ address 77.68.77.37
+ address 77.68.76.139
+ address 77.68.81.44
+ address 77.68.94.181
+ address 77.68.28.145
+ address 77.68.81.141
+ address 77.68.4.252
+ address 77.68.125.32
+ address 77.68.86.148
+ address 77.68.78.229
+ address 185.132.43.28
+ address 77.68.75.45
+ address 185.132.40.152
+ address 77.68.4.80
+ address 77.68.49.152
+ address 77.68.49.161
+ address 77.68.34.50
+ }
+ address-group G-80-TCP {
+ address 172.16.255.254
+ address 77.68.76.104
+ address 77.68.76.105
+ address 77.68.76.115
+ address 77.68.76.116
+ address 77.68.76.122
+ address 77.68.76.126
+ address 77.68.76.127
+ address 77.68.76.136
+ address 77.68.76.141
+ address 77.68.76.145
+ address 77.68.76.148
+ address 77.68.76.150
+ address 77.68.76.158
+ address 77.68.76.164
+ address 77.68.76.177
+ address 77.68.76.187
+ address 77.68.76.195
+ address 77.68.76.197
+ address 77.68.76.20
+ address 77.68.76.200
+ address 77.68.76.203
+ address 77.68.76.209
+ address 77.68.76.217
+ address 77.68.76.22
+ address 77.68.76.220
+ address 77.68.76.23
+ address 77.68.76.231
+ address 77.68.76.235
+ address 77.68.76.239
+ address 77.68.76.241
+ address 77.68.76.245
+ address 77.68.76.247
+ address 77.68.76.25
+ address 77.68.76.251
+ address 77.68.76.252
+ address 77.68.76.33
+ address 77.68.76.35
+ address 77.68.76.37
+ address 77.68.76.38
+ address 77.68.76.39
+ address 77.68.76.49
+ address 77.68.76.50
+ address 77.68.76.54
+ address 77.68.76.55
+ address 77.68.76.57
+ address 77.68.76.58
+ address 77.68.76.61
+ address 77.68.76.74
+ address 77.68.76.75
+ address 77.68.76.80
+ address 77.68.76.91
+ address 77.68.76.93
+ address 77.68.76.94
+ address 77.68.76.99
+ address 77.68.77.100
+ address 77.68.77.103
+ address 77.68.77.107
+ address 77.68.77.108
+ address 77.68.77.115
+ address 77.68.77.117
+ address 77.68.77.124
+ address 77.68.77.128
+ address 77.68.77.129
+ address 77.68.77.130
+ address 77.68.77.137
+ address 77.68.77.139
+ address 77.68.77.140
+ address 77.68.77.141
+ address 77.68.77.150
+ address 77.68.77.151
+ address 77.68.77.156
+ address 77.68.77.159
+ address 77.68.77.171
+ address 77.68.77.176
+ address 77.68.77.178
+ address 77.68.77.19
+ address 77.68.77.190
+ address 77.68.77.199
+ address 77.68.77.200
+ address 77.68.77.201
+ address 77.68.77.203
+ address 77.68.77.207
+ address 77.68.77.211
+ address 77.68.77.212
+ address 77.68.77.22
+ address 77.68.77.227
+ address 77.68.77.228
+ address 77.68.77.236
+ address 77.68.77.240
+ address 77.68.77.243
+ address 77.68.77.247
+ address 77.68.77.253
+ address 77.68.77.32
+ address 77.68.77.33
+ address 77.68.77.37
+ address 77.68.77.49
+ address 77.68.77.50
+ address 77.68.77.53
+ address 77.68.77.56
+ address 77.68.77.63
+ address 77.68.77.67
+ address 77.68.77.68
+ address 77.68.77.71
+ address 77.68.77.77
+ address 77.68.77.79
+ address 77.68.77.81
+ address 77.68.77.85
+ address 77.68.77.88
+ address 77.68.77.92
+ address 77.68.77.97
+ address 77.68.77.99
+ address 77.68.76.76
+ address 77.68.76.124
+ address 77.68.76.211
+ address 77.68.76.19
+ address 77.68.77.74
+ address 77.68.77.192
+ address 77.68.76.92
+ address 77.68.76.165
+ address 77.68.77.254
+ address 77.68.77.157
+ address 77.68.76.138
+ address 77.68.76.139
+ address 77.68.76.114
+ address 77.68.76.244
+ address 77.68.77.161
+ address 77.68.77.62
+ address 77.68.77.38
+ address 77.68.91.195
+ address 77.68.17.26
+ address 77.68.28.145
+ address 109.228.56.185
+ address 77.68.84.147
+ address 77.68.12.195
+ address 77.68.21.78
+ address 77.68.5.187
+ address 77.68.7.227
+ address 77.68.4.24
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.5.241
+ address 77.68.4.39
+ address 77.68.81.44
+ address 77.68.90.106
+ address 77.68.94.181
+ address 77.68.30.164
+ address 77.68.30.133
+ address 77.68.4.136
+ address 77.68.23.158
+ address 77.68.92.186
+ address 77.68.24.112
+ address 77.68.112.213
+ address 77.68.20.161
+ address 77.68.26.216
+ address 77.68.20.231
+ address 77.68.118.17
+ address 77.68.116.119
+ address 77.68.116.220
+ address 77.68.116.232
+ address 77.68.76.142
+ address 77.68.117.202
+ address 77.68.7.172
+ address 77.68.116.221
+ address 77.68.89.183
+ address 77.68.83.41
+ address 77.68.86.40
+ address 77.68.88.164
+ address 109.228.56.26
+ address 77.68.7.123
+ address 77.68.112.248
+ address 109.228.60.215
+ address 77.68.7.186
+ address 77.68.93.246
+ address 77.68.84.155
+ address 77.68.120.241
+ address 77.68.121.106
+ address 77.68.122.195
+ address 77.68.122.89
+ address 77.68.120.146
+ address 77.68.122.241
+ address 77.68.119.92
+ address 77.68.81.141
+ address 77.68.10.142
+ address 77.68.116.52
+ address 77.68.6.105
+ address 77.68.76.229
+ address 77.68.95.42
+ address 77.68.28.207
+ address 77.68.4.252
+ address 77.68.17.186
+ address 77.68.91.128
+ address 77.68.22.146
+ address 77.68.23.112
+ address 77.68.24.220
+ address 77.68.125.32
+ address 77.68.76.243
+ address 77.68.12.250
+ address 77.68.72.202
+ address 109.228.36.229
+ address 109.228.40.207
+ address 77.68.31.144
+ address 77.68.2.215
+ address 77.68.117.142
+ address 77.68.5.166
+ address 109.228.37.174
+ address 109.228.37.114
+ address 77.68.76.169
+ address 109.228.37.240
+ address 77.68.112.75
+ address 77.68.76.30
+ address 109.228.35.110
+ address 77.68.77.160
+ address 77.68.77.208
+ address 77.68.76.152
+ address 109.228.39.249
+ address 77.68.76.77
+ address 109.228.40.226
+ address 77.68.7.67
+ address 77.68.113.117
+ address 77.68.126.51
+ address 77.68.75.113
+ address 77.68.86.148
+ address 77.68.23.35
+ address 77.68.114.183
+ address 109.228.40.194
+ address 77.68.76.31
+ address 77.68.77.72
+ address 77.68.90.132
+ address 77.68.6.110
+ address 77.68.76.96
+ address 77.68.77.30
+ address 77.68.76.95
+ address 77.68.10.170
+ address 77.68.120.26
+ address 109.228.61.31
+ address 77.68.76.59
+ address 77.68.120.249
+ address 77.68.6.210
+ address 213.171.213.41
+ address 77.68.77.248
+ address 213.171.212.171
+ address 77.68.4.22
+ address 77.68.119.14
+ address 213.171.215.184
+ address 77.68.77.202
+ address 77.68.25.146
+ address 213.171.213.31
+ address 77.68.78.229
+ address 77.68.77.102
+ address 213.171.210.19
+ address 77.68.24.59
+ address 213.171.213.97
+ address 213.171.213.242
+ address 77.68.77.205
+ address 109.228.48.249
+ address 109.228.40.195
+ address 77.68.120.229
+ address 77.68.127.172
+ address 77.68.79.206
+ address 77.68.123.250
+ address 77.68.28.147
+ address 213.171.212.172
+ address 185.132.36.148
+ address 213.171.208.58
+ address 77.68.25.130
+ address 109.228.56.242
+ address 109.228.46.81
+ address 185.132.38.95
+ address 185.132.37.83
+ address 77.68.117.51
+ address 77.68.116.36
+ address 77.68.120.45
+ address 77.68.25.124
+ address 213.171.210.59
+ address 213.171.215.43
+ address 213.171.215.252
+ address 185.132.37.102
+ address 109.228.42.232
+ address 109.228.52.186
+ address 77.68.9.186
+ address 77.68.13.76
+ address 109.228.36.194
+ address 185.132.36.7
+ address 185.132.36.24
+ address 77.68.77.69
+ address 185.132.39.129
+ address 185.132.36.17
+ address 109.228.40.222
+ address 77.68.118.104
+ address 77.68.120.31
+ address 77.68.74.152
+ address 185.132.39.37
+ address 77.68.3.52
+ address 77.68.87.212
+ address 77.68.76.29
+ address 77.68.119.188
+ address 77.68.74.85
+ address 77.68.91.22
+ address 77.68.76.88
+ address 77.68.4.242
+ address 77.68.76.181
+ address 77.68.76.161
+ address 185.132.39.99
+ address 77.68.95.212
+ address 77.68.85.73
+ address 77.68.76.219
+ address 77.68.27.27
+ address 77.68.3.194
+ address 77.68.3.144
+ address 77.68.3.80
+ address 77.68.27.28
+ address 77.68.3.247
+ address 77.68.3.161
+ address 77.68.27.18
+ address 77.68.3.121
+ address 213.171.214.234
+ address 109.228.38.201
+ address 185.132.39.219
+ address 77.68.28.139
+ address 77.68.81.218
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 213.171.211.128
+ address 77.68.5.155
+ address 185.132.41.73
+ address 77.68.77.231
+ address 213.171.214.167
+ address 185.132.43.28
+ address 213.171.213.42
+ address 77.68.76.45
+ address 185.132.41.72
+ address 77.68.92.92
+ address 185.132.40.56
+ address 185.132.37.23
+ address 77.68.117.29
+ address 77.68.75.253
+ address 77.68.11.140
+ address 77.68.77.215
+ address 77.68.20.217
+ address 77.68.10.152
+ address 77.68.73.73
+ address 77.68.76.198
+ address 77.68.77.214
+ address 77.68.9.75
+ address 213.171.210.177
+ address 77.68.76.160
+ address 185.132.38.114
+ address 77.68.33.48
+ address 185.132.40.90
+ address 77.68.79.89
+ address 77.68.34.28
+ address 77.68.76.21
+ address 77.68.75.45
+ address 77.68.76.176
+ address 77.68.77.95
+ address 185.132.39.68
+ address 185.132.43.164
+ address 77.68.76.137
+ address 185.132.40.152
+ address 77.68.77.249
+ address 77.68.33.68
+ address 77.68.24.134
+ address 185.132.38.248
+ address 77.68.32.43
+ address 77.68.120.218
+ address 77.68.112.167
+ address 77.68.32.31
+ address 77.68.32.118
+ address 77.68.32.254
+ address 77.68.80.26
+ address 77.68.17.200
+ address 77.68.80.97
+ address 77.68.121.119
+ address 77.68.74.209
+ address 77.68.77.65
+ address 185.132.43.6
+ address 109.228.46.196
+ address 185.132.43.98
+ address 77.68.100.150
+ address 185.132.41.148
+ address 77.68.24.172
+ address 77.68.33.197
+ address 77.68.5.95
+ address 77.68.23.64
+ address 77.68.101.124
+ address 77.68.5.125
+ address 77.68.100.167
+ address 77.68.4.80
+ address 77.68.49.152
+ address 109.228.59.247
+ address 213.171.208.40
+ address 77.68.112.184
+ address 77.68.35.116
+ address 77.68.33.171
+ address 77.68.76.111
+ address 77.68.76.42
+ address 77.68.77.120
+ address 77.68.76.183
+ address 77.68.118.86
+ address 77.68.48.105
+ address 77.68.48.81
+ address 77.68.49.4
+ address 109.228.36.119
+ address 77.68.34.26
+ address 77.68.115.17
+ address 77.68.121.127
+ address 77.68.82.147
+ address 77.68.49.12
+ address 77.68.8.144
+ address 77.68.116.183
+ address 213.171.212.89
+ address 77.68.76.44
+ address 77.68.77.239
+ address 77.68.51.202
+ address 77.68.101.64
+ address 77.68.103.19
+ address 77.68.50.91
+ address 77.68.24.63
+ address 77.68.118.15
+ address 77.68.50.198
+ address 77.68.77.59
+ address 77.68.49.160
+ address 77.68.76.191
+ address 77.68.126.101
+ address 77.68.113.164
+ address 77.68.77.42
+ address 77.68.100.134
+ address 77.68.100.132
+ address 77.68.114.93
+ address 185.132.36.60
+ address 185.132.40.244
+ address 77.68.85.18
+ address 213.171.214.102
+ address 77.68.50.193
+ address 88.208.197.160
+ address 88.208.197.10
+ address 77.68.102.129
+ address 109.228.36.79
+ address 185.132.38.182
+ address 185.132.41.240
+ address 77.68.51.214
+ address 88.208.196.123
+ address 88.208.215.157
+ address 77.68.126.22
+ address 77.68.4.180
+ address 213.171.212.90
+ address 77.68.114.205
+ address 185.132.43.71
+ address 77.68.77.114
+ address 77.68.48.202
+ address 77.68.112.175
+ address 77.68.112.90
+ address 185.132.40.166
+ address 77.68.76.118
+ address 77.68.103.120
+ address 77.68.33.24
+ address 109.228.58.134
+ address 109.228.47.223
+ address 77.68.31.96
+ address 77.68.103.227
+ address 77.68.76.250
+ address 213.171.212.203
+ address 88.208.196.92
+ address 88.208.196.154
+ address 185.132.39.44
+ address 77.68.76.248
+ address 88.208.198.92
+ address 109.228.36.37
+ address 77.68.77.144
+ address 77.68.126.14
+ address 88.208.196.91
+ address 77.68.100.77
+ address 185.132.37.101
+ address 77.68.87.164
+ address 77.68.77.76
+ address 77.68.76.120
+ address 77.68.82.157
+ address 77.68.93.164
+ address 77.68.76.171
+ address 88.208.197.135
+ address 88.208.197.118
+ address 88.208.197.150
+ address 213.171.212.114
+ address 88.208.198.69
+ address 77.68.34.139
+ address 77.68.21.171
+ address 88.208.197.60
+ address 77.68.85.27
+ address 109.228.37.10
+ address 88.208.215.61
+ address 88.208.199.249
+ address 88.208.212.31
+ address 109.228.53.243
+ address 77.68.48.89
+ address 88.208.212.188
+ address 88.208.198.251
+ address 77.68.76.112
+ address 77.68.48.14
+ address 88.208.215.19
+ address 77.68.103.56
+ address 77.68.76.228
+ address 77.68.77.75
+ address 77.68.117.173
+ address 88.208.215.121
+ address 109.228.39.41
+ address 77.68.88.100
+ address 77.68.76.108
+ address 77.68.115.142
+ address 213.171.214.96
+ address 88.208.198.66
+ address 88.208.198.64
+ address 77.68.3.61
+ address 77.68.77.219
+ address 77.68.77.204
+ address 77.68.26.228
+ address 77.68.74.232
+ address 77.68.118.88
+ address 77.68.76.48
+ address 77.68.76.202
+ address 77.68.4.25
+ address 77.68.7.114
+ address 77.68.123.177
+ address 88.208.197.23
+ address 77.68.114.237
+ address 77.68.77.222
+ address 77.68.112.83
+ address 88.208.199.141
+ address 77.68.77.163
+ address 185.132.39.109
+ address 77.68.77.44
+ address 185.132.37.47
+ address 77.68.102.5
+ address 77.68.16.247
+ address 88.208.212.94
+ address 77.68.72.254
+ address 77.68.77.152
+ address 77.68.50.142
+ address 88.208.199.46
+ address 77.68.78.113
+ address 88.208.212.182
+ address 77.68.77.181
+ address 77.68.15.95
+ address 77.68.75.64
+ address 213.171.212.71
+ address 185.132.40.124
+ address 88.208.197.208
+ address 88.208.197.129
+ address 77.68.76.60
+ address 77.68.6.119
+ address 77.68.77.185
+ address 77.68.77.238
+ address 77.68.79.82
+ address 109.228.39.151
+ }
+ address-group G-110-TCP {
+ address 172.16.255.254
+ address 77.68.76.187
+ address 77.68.77.107
+ address 77.68.77.128
+ address 77.68.77.129
+ address 77.68.77.171
+ address 77.68.77.176
+ address 77.68.77.190
+ address 77.68.77.207
+ address 77.68.77.22
+ address 77.68.77.33
+ address 77.68.77.49
+ address 77.68.77.92
+ address 77.68.77.77
+ address 77.68.76.19
+ address 77.68.77.192
+ address 77.68.84.147
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.116.119
+ address 77.68.116.221
+ address 77.68.120.241
+ address 109.228.60.215
+ address 77.68.116.52
+ address 77.68.126.51
+ address 77.68.23.35
+ address 77.68.76.95
+ address 213.171.215.184
+ address 77.68.25.146
+ address 77.68.79.206
+ address 213.171.215.252
+ address 109.228.52.186
+ address 109.228.40.222
+ address 185.132.39.99
+ address 77.68.77.214
+ address 185.132.38.114
+ address 77.68.79.89
+ address 77.68.5.95
+ address 77.68.100.167
+ address 77.68.4.80
+ address 77.68.49.152
+ address 213.171.208.40
+ address 77.68.50.193
+ address 77.68.102.129
+ address 88.208.198.69
+ address 88.208.212.188
+ address 88.208.198.66
+ address 77.68.4.25
+ address 77.68.7.114
+ address 77.68.123.177
+ address 77.68.77.185
+ address 77.68.77.238
+ }
+ address-group G-143-TCP {
+ address 172.16.255.254
+ address 77.68.76.115
+ address 77.68.76.123
+ address 77.68.76.187
+ address 77.68.77.129
+ address 77.68.77.130
+ address 77.68.77.141
+ address 77.68.77.171
+ address 77.68.77.176
+ address 77.68.77.207
+ address 77.68.77.22
+ address 77.68.77.33
+ address 77.68.77.49
+ address 77.68.77.50
+ address 77.68.77.92
+ address 77.68.77.77
+ address 77.68.77.192
+ address 77.68.84.147
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.81.44
+ address 77.68.92.186
+ address 77.68.116.119
+ address 77.68.116.221
+ address 109.228.60.215
+ address 77.68.7.172
+ address 77.68.116.52
+ address 77.68.24.112
+ address 77.68.77.107
+ address 77.68.112.75
+ address 77.68.7.67
+ address 77.68.126.51
+ address 77.68.23.35
+ address 77.68.76.95
+ address 213.171.215.184
+ address 77.68.25.146
+ address 213.171.213.31
+ address 213.171.210.19
+ address 77.68.79.206
+ address 77.68.77.69
+ address 109.228.40.222
+ address 185.132.39.99
+ address 77.68.117.222
+ address 77.68.33.48
+ address 77.68.79.89
+ address 77.68.5.95
+ address 77.68.100.167
+ address 77.68.4.80
+ address 77.68.49.152
+ address 213.171.208.40
+ address 77.68.115.17
+ address 77.68.102.129
+ address 88.208.198.69
+ address 77.68.34.139
+ address 88.208.212.188
+ address 88.208.198.66
+ address 77.68.77.204
+ address 77.68.4.25
+ address 77.68.7.114
+ address 77.68.123.177
+ address 77.68.77.222
+ address 77.68.112.83
+ }
+ address-group G-443-TCP {
+ address 172.16.255.254
+ address 77.68.76.104
+ address 77.68.76.105
+ address 77.68.76.115
+ address 77.68.76.116
+ address 77.68.76.122
+ address 77.68.76.126
+ address 77.68.76.127
+ address 77.68.76.136
+ address 77.68.76.141
+ address 77.68.76.145
+ address 77.68.76.148
+ address 77.68.76.150
+ address 77.68.76.158
+ address 77.68.76.164
+ address 77.68.76.177
+ address 77.68.76.187
+ address 77.68.76.195
+ address 77.68.76.197
+ address 77.68.76.20
+ address 77.68.76.200
+ address 77.68.76.203
+ address 77.68.76.209
+ address 77.68.76.217
+ address 77.68.76.22
+ address 77.68.76.220
+ address 77.68.76.23
+ address 77.68.76.231
+ address 77.68.76.235
+ address 77.68.76.239
+ address 77.68.76.241
+ address 77.68.76.245
+ address 77.68.76.25
+ address 77.68.76.252
+ address 77.68.76.33
+ address 77.68.76.35
+ address 77.68.76.37
+ address 77.68.76.38
+ address 77.68.76.39
+ address 77.68.76.49
+ address 77.68.76.50
+ address 77.68.76.54
+ address 77.68.76.55
+ address 77.68.76.57
+ address 77.68.76.58
+ address 77.68.76.61
+ address 77.68.76.74
+ address 77.68.76.75
+ address 77.68.76.80
+ address 77.68.76.91
+ address 77.68.76.93
+ address 77.68.76.94
+ address 77.68.76.99
+ address 77.68.77.100
+ address 77.68.77.103
+ address 77.68.77.107
+ address 77.68.77.108
+ address 77.68.77.117
+ address 77.68.77.124
+ address 77.68.77.128
+ address 77.68.77.129
+ address 77.68.77.130
+ address 77.68.77.137
+ address 77.68.77.139
+ address 77.68.77.140
+ address 77.68.77.141
+ address 77.68.77.150
+ address 77.68.77.151
+ address 77.68.77.156
+ address 77.68.77.159
+ address 77.68.77.171
+ address 77.68.77.176
+ address 77.68.77.178
+ address 77.68.77.19
+ address 77.68.77.190
+ address 77.68.77.199
+ address 77.68.77.200
+ address 77.68.77.201
+ address 77.68.77.203
+ address 77.68.77.207
+ address 77.68.77.211
+ address 77.68.77.212
+ address 77.68.77.22
+ address 77.68.77.221
+ address 77.68.77.227
+ address 77.68.77.228
+ address 77.68.77.236
+ address 77.68.77.240
+ address 77.68.77.243
+ address 77.68.77.247
+ address 77.68.77.253
+ address 77.68.77.32
+ address 77.68.77.33
+ address 77.68.77.37
+ address 77.68.77.49
+ address 77.68.77.50
+ address 77.68.77.53
+ address 77.68.77.56
+ address 77.68.77.63
+ address 77.68.77.67
+ address 77.68.77.68
+ address 77.68.77.71
+ address 77.68.77.77
+ address 77.68.77.79
+ address 77.68.77.81
+ address 77.68.77.85
+ address 77.68.77.88
+ address 77.68.77.92
+ address 77.68.77.97
+ address 77.68.77.99
+ address 77.68.76.76
+ address 77.68.76.124
+ address 77.68.76.211
+ address 77.68.76.19
+ address 77.68.76.110
+ address 77.68.77.74
+ address 77.68.77.192
+ address 77.68.76.92
+ address 77.68.76.165
+ address 77.68.77.254
+ address 77.68.77.157
+ address 77.68.76.138
+ address 77.68.76.139
+ address 77.68.76.114
+ address 77.68.76.244
+ address 77.68.77.161
+ address 77.68.77.38
+ address 77.68.91.195
+ address 77.68.17.26
+ address 77.68.28.145
+ address 109.228.56.185
+ address 77.68.84.147
+ address 77.68.12.195
+ address 77.68.21.78
+ address 77.68.5.187
+ address 77.68.7.227
+ address 77.68.4.24
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.5.241
+ address 77.68.4.39
+ address 77.68.81.44
+ address 77.68.90.106
+ address 77.68.94.181
+ address 77.68.30.164
+ address 77.68.30.133
+ address 77.68.4.136
+ address 77.68.23.158
+ address 77.68.24.112
+ address 77.68.92.186
+ address 77.68.20.161
+ address 77.68.112.213
+ address 77.68.26.216
+ address 77.68.20.231
+ address 77.68.118.17
+ address 77.68.116.119
+ address 77.68.116.220
+ address 77.68.116.232
+ address 77.68.76.142
+ address 77.68.117.202
+ address 77.68.7.172
+ address 77.68.116.221
+ address 77.68.89.183
+ address 77.68.83.41
+ address 77.68.86.40
+ address 77.68.88.164
+ address 109.228.56.26
+ address 77.68.7.123
+ address 77.68.112.248
+ address 109.228.60.215
+ address 77.68.7.186
+ address 77.68.93.246
+ address 77.68.84.155
+ address 77.68.120.241
+ address 77.68.121.106
+ address 77.68.122.195
+ address 77.68.122.89
+ address 77.68.120.146
+ address 77.68.122.241
+ address 77.68.81.141
+ address 77.68.116.52
+ address 77.68.6.105
+ address 77.68.76.229
+ address 77.68.95.42
+ address 77.68.28.207
+ address 77.68.4.252
+ address 77.68.17.186
+ address 77.68.91.128
+ address 77.68.22.146
+ address 77.68.23.112
+ address 77.68.24.220
+ address 77.68.125.32
+ address 77.68.12.250
+ address 77.68.76.243
+ address 77.68.72.202
+ address 109.228.36.229
+ address 109.228.40.207
+ address 77.68.31.144
+ address 77.68.2.215
+ address 77.68.117.142
+ address 77.68.5.166
+ address 77.68.76.102
+ address 109.228.37.174
+ address 109.228.37.114
+ address 109.228.37.240
+ address 77.68.112.75
+ address 77.68.76.30
+ address 109.228.35.110
+ address 77.68.77.160
+ address 77.68.77.208
+ address 77.68.76.152
+ address 109.228.39.249
+ address 77.68.76.77
+ address 77.68.7.160
+ address 109.228.40.226
+ address 77.68.7.67
+ address 77.68.113.117
+ address 77.68.126.51
+ address 77.68.75.113
+ address 77.68.86.148
+ address 77.68.114.183
+ address 109.228.40.194
+ address 77.68.76.31
+ address 77.68.77.72
+ address 77.68.90.132
+ address 77.68.6.110
+ address 77.68.77.26
+ address 77.68.76.96
+ address 77.68.77.30
+ address 77.68.76.95
+ address 77.68.10.170
+ address 77.68.76.234
+ address 77.68.120.26
+ address 109.228.61.31
+ address 77.68.76.59
+ address 77.68.120.249
+ address 77.68.6.210
+ address 213.171.213.41
+ address 77.68.77.248
+ address 213.171.212.171
+ address 77.68.4.22
+ address 77.68.119.14
+ address 213.171.215.184
+ address 77.68.77.202
+ address 77.68.25.146
+ address 213.171.213.31
+ address 77.68.78.229
+ address 77.68.77.102
+ address 213.171.210.19
+ address 77.68.24.59
+ address 213.171.213.97
+ address 213.171.213.242
+ address 77.68.77.205
+ address 109.228.48.249
+ address 109.228.40.195
+ address 77.68.120.229
+ address 77.68.127.172
+ address 77.68.79.206
+ address 77.68.123.250
+ address 77.68.28.147
+ address 213.171.212.172
+ address 185.132.36.148
+ address 213.171.208.58
+ address 77.68.25.130
+ address 109.228.56.242
+ address 109.228.46.81
+ address 185.132.38.95
+ address 185.132.37.83
+ address 77.68.117.51
+ address 77.68.116.36
+ address 77.68.120.45
+ address 77.68.25.124
+ address 213.171.210.59
+ address 213.171.215.43
+ address 213.171.215.252
+ address 185.132.37.102
+ address 109.228.42.232
+ address 109.228.52.186
+ address 77.68.9.186
+ address 77.68.13.76
+ address 109.228.36.194
+ address 185.132.36.7
+ address 185.132.36.24
+ address 77.68.77.69
+ address 185.132.39.129
+ address 185.132.36.17
+ address 109.228.40.222
+ address 77.68.118.104
+ address 77.68.120.31
+ address 77.68.74.152
+ address 185.132.39.37
+ address 77.68.3.52
+ address 77.68.87.212
+ address 77.68.76.29
+ address 77.68.119.188
+ address 77.68.74.85
+ address 77.68.91.22
+ address 77.68.76.88
+ address 77.68.4.242
+ address 77.68.76.181
+ address 77.68.76.161
+ address 185.132.39.99
+ address 77.68.95.212
+ address 77.68.76.219
+ address 77.68.27.27
+ address 77.68.3.194
+ address 77.68.3.144
+ address 77.68.3.80
+ address 77.68.27.28
+ address 77.68.3.247
+ address 77.68.3.161
+ address 77.68.27.18
+ address 77.68.3.121
+ address 213.171.214.234
+ address 109.228.38.201
+ address 185.132.39.219
+ address 77.68.28.139
+ address 77.68.81.218
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 213.171.211.128
+ address 77.68.5.155
+ address 77.68.77.231
+ address 213.171.214.167
+ address 185.132.43.28
+ address 213.171.213.42
+ address 77.68.76.45
+ address 77.68.92.92
+ address 77.68.77.233
+ address 185.132.40.56
+ address 185.132.37.23
+ address 77.68.117.29
+ address 77.68.75.253
+ address 77.68.11.140
+ address 77.68.77.215
+ address 77.68.20.217
+ address 77.68.10.152
+ address 77.68.73.73
+ address 77.68.76.198
+ address 77.68.77.214
+ address 77.68.9.75
+ address 213.171.210.177
+ address 77.68.77.70
+ address 77.68.77.149
+ address 77.68.76.160
+ address 185.132.38.114
+ address 77.68.33.48
+ address 185.132.40.90
+ address 77.68.79.89
+ address 77.68.34.28
+ address 77.68.76.21
+ address 77.68.75.45
+ address 77.68.76.176
+ address 77.68.77.95
+ address 185.132.39.68
+ address 185.132.43.164
+ address 77.68.76.137
+ address 185.132.40.152
+ address 77.68.77.249
+ address 77.68.24.134
+ address 185.132.38.248
+ address 77.68.32.43
+ address 77.68.120.218
+ address 77.68.112.167
+ address 77.68.32.31
+ address 77.68.32.118
+ address 77.68.32.254
+ address 77.68.80.26
+ address 77.68.17.200
+ address 77.68.80.97
+ address 77.68.121.119
+ address 77.68.74.209
+ address 77.68.77.65
+ address 185.132.43.6
+ address 109.228.46.196
+ address 185.132.43.98
+ address 77.68.100.150
+ address 185.132.41.148
+ address 77.68.24.172
+ address 77.68.33.197
+ address 77.68.5.95
+ address 77.68.23.64
+ address 77.68.101.124
+ address 77.68.5.125
+ address 77.68.100.167
+ address 77.68.4.80
+ address 77.68.49.152
+ address 109.228.59.247
+ address 213.171.208.40
+ address 77.68.112.184
+ address 77.68.35.116
+ address 185.132.40.11
+ address 77.68.33.171
+ address 77.68.76.111
+ address 77.68.76.42
+ address 77.68.77.120
+ address 77.68.76.183
+ address 77.68.118.86
+ address 77.68.48.105
+ address 77.68.48.81
+ address 77.68.49.4
+ address 109.228.36.119
+ address 77.68.34.26
+ address 77.68.115.17
+ address 77.68.82.147
+ address 77.68.49.12
+ address 77.68.8.144
+ address 77.68.51.202
+ address 77.68.101.64
+ address 77.68.103.19
+ address 77.68.50.91
+ address 77.68.24.63
+ address 77.68.118.15
+ address 77.68.50.198
+ address 77.68.77.59
+ address 77.68.49.160
+ address 77.68.76.191
+ address 77.68.126.101
+ address 77.68.76.40
+ address 77.68.77.42
+ address 77.68.100.134
+ address 77.68.100.132
+ address 77.68.114.93
+ address 185.132.36.60
+ address 185.132.40.244
+ address 77.68.85.18
+ address 213.171.214.102
+ address 77.68.50.193
+ address 88.208.197.160
+ address 88.208.197.10
+ address 77.68.102.129
+ address 109.228.36.79
+ address 185.132.38.182
+ address 185.132.41.240
+ address 77.68.51.214
+ address 88.208.196.123
+ address 88.208.215.157
+ address 77.68.126.22
+ address 77.68.4.180
+ address 213.171.212.90
+ address 77.68.114.205
+ address 185.132.43.71
+ address 88.208.215.62
+ address 77.68.77.114
+ address 77.68.48.202
+ address 77.68.112.175
+ address 77.68.112.90
+ address 185.132.40.166
+ address 77.68.76.118
+ address 77.68.103.120
+ address 77.68.33.24
+ address 109.228.58.134
+ address 109.228.47.223
+ address 77.68.31.96
+ address 77.68.103.227
+ address 213.171.212.203
+ address 88.208.196.92
+ address 88.208.196.154
+ address 185.132.39.44
+ address 77.68.76.248
+ address 88.208.198.92
+ address 109.228.36.37
+ address 77.68.77.144
+ address 77.68.126.14
+ address 88.208.196.91
+ address 77.68.100.77
+ address 185.132.37.101
+ address 77.68.87.164
+ address 77.68.77.76
+ address 77.68.76.120
+ address 77.68.82.157
+ address 77.68.93.164
+ address 77.68.76.171
+ address 88.208.197.135
+ address 88.208.197.118
+ address 88.208.197.150
+ address 88.208.198.69
+ address 77.68.34.139
+ address 77.68.21.171
+ address 88.208.197.60
+ address 77.68.85.27
+ address 109.228.37.10
+ address 88.208.215.61
+ address 88.208.199.249
+ address 88.208.212.31
+ address 109.228.53.243
+ address 77.68.48.89
+ address 88.208.212.188
+ address 88.208.198.251
+ address 77.68.76.112
+ address 77.68.48.14
+ address 88.208.215.19
+ address 77.68.77.75
+ address 77.68.117.173
+ address 88.208.215.121
+ address 109.228.39.41
+ address 77.68.88.100
+ address 77.68.76.108
+ address 77.68.115.142
+ address 77.68.33.216
+ address 77.68.33.37
+ address 77.68.50.90
+ address 213.171.214.96
+ address 88.208.198.66
+ address 88.208.198.64
+ address 77.68.3.61
+ address 77.68.77.219
+ address 77.68.77.204
+ address 77.68.26.228
+ address 77.68.74.232
+ address 77.68.118.88
+ address 77.68.77.46
+ address 77.68.76.48
+ address 77.68.76.202
+ address 77.68.4.25
+ address 77.68.7.114
+ address 88.208.197.23
+ address 77.68.114.237
+ address 77.68.77.222
+ address 77.68.112.83
+ address 77.68.117.214
+ address 88.208.199.141
+ address 77.68.77.163
+ address 185.132.39.109
+ address 77.68.77.44
+ address 185.132.37.47
+ address 77.68.102.5
+ address 77.68.16.247
+ address 88.208.212.94
+ address 77.68.72.254
+ address 77.68.76.212
+ address 77.68.77.152
+ address 77.68.50.142
+ address 88.208.199.46
+ address 77.68.78.113
+ address 88.208.212.182
+ address 77.68.77.181
+ address 77.68.15.95
+ address 77.68.75.64
+ address 213.171.212.71
+ address 185.132.40.124
+ address 88.208.197.208
+ address 88.208.197.129
+ address 77.68.76.60
+ address 77.68.6.119
+ address 77.68.77.185
+ address 77.68.77.238
+ address 77.68.27.57
+ address 77.68.118.102
+ address 77.68.79.82
+ address 109.228.39.151
+ }
+ address-group G-465-TCP {
+ address 172.16.255.254
+ address 77.68.76.115
+ address 77.68.76.141
+ address 77.68.76.187
+ address 77.68.76.197
+ address 77.68.76.209
+ address 77.68.76.99
+ address 77.68.77.107
+ address 77.68.77.129
+ address 77.68.77.130
+ address 77.68.77.141
+ address 77.68.77.150
+ address 77.68.77.171
+ address 77.68.77.176
+ address 77.68.77.190
+ address 77.68.77.207
+ address 77.68.77.22
+ address 77.68.77.32
+ address 77.68.77.33
+ address 77.68.77.63
+ address 77.68.77.92
+ address 77.68.77.99
+ address 77.68.77.77
+ address 77.68.77.192
+ address 77.68.84.147
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.77.74
+ address 77.68.77.100
+ address 77.68.116.221
+ address 109.228.60.215
+ address 77.68.116.52
+ address 77.68.7.172
+ address 77.68.95.42
+ address 77.68.91.128
+ address 77.68.24.112
+ address 109.228.37.114
+ address 77.68.112.75
+ address 77.68.7.67
+ address 77.68.113.117
+ address 77.68.126.51
+ address 77.68.23.35
+ address 77.68.10.170
+ address 77.68.76.234
+ address 213.171.213.31
+ address 77.68.78.229
+ address 213.171.210.19
+ address 109.228.52.186
+ address 77.68.77.69
+ address 109.228.40.222
+ address 77.68.87.212
+ address 77.68.28.139
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 185.132.43.28
+ address 77.68.77.214
+ address 185.132.38.114
+ address 77.68.33.48
+ address 77.68.79.89
+ address 77.68.76.21
+ address 77.68.80.26
+ address 77.68.5.95
+ address 77.68.100.167
+ address 77.68.4.80
+ address 77.68.49.152
+ address 77.68.112.184
+ address 77.68.115.17
+ address 77.68.82.147
+ address 77.68.50.193
+ address 88.208.215.61
+ address 213.171.214.96
+ address 88.208.198.66
+ address 77.68.77.204
+ address 77.68.123.177
+ address 77.68.77.222
+ address 77.68.112.83
+ address 77.68.77.185
+ address 77.68.79.82
+ }
+ address-group G-587-TCP {
+ address 172.16.255.254
+ address 77.68.76.141
+ address 77.68.76.187
+ address 77.68.76.197
+ address 77.68.76.209
+ address 77.68.77.128
+ address 77.68.77.129
+ address 77.68.77.141
+ address 77.68.77.171
+ address 77.68.77.190
+ address 77.68.77.207
+ address 77.68.77.32
+ address 77.68.77.33
+ address 77.68.77.63
+ address 77.68.77.85
+ address 77.68.77.92
+ address 77.68.77.99
+ address 77.68.77.77
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.81.44
+ address 77.68.77.100
+ address 77.68.92.186
+ address 77.68.116.119
+ address 77.68.116.221
+ address 77.68.120.241
+ address 109.228.60.215
+ address 77.68.122.241
+ address 77.68.116.52
+ address 77.68.91.128
+ address 77.68.24.112
+ address 77.68.77.107
+ address 109.228.37.114
+ address 77.68.112.75
+ address 77.68.77.160
+ address 77.68.113.117
+ address 77.68.126.51
+ address 77.68.23.35
+ address 77.68.76.95
+ address 77.68.10.170
+ address 77.68.76.234
+ address 213.171.213.41
+ address 213.171.213.31
+ address 77.68.78.229
+ address 213.171.210.19
+ address 109.228.52.186
+ address 109.228.40.222
+ address 77.68.87.212
+ address 185.132.39.219
+ address 77.68.28.139
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 185.132.43.28
+ address 77.68.77.215
+ address 77.68.77.214
+ address 185.132.38.114
+ address 77.68.33.48
+ address 77.68.76.21
+ address 77.68.100.167
+ address 77.68.4.80
+ address 77.68.49.152
+ address 77.68.112.184
+ address 77.68.115.17
+ address 77.68.82.147
+ address 77.68.76.191
+ address 77.68.50.193
+ address 77.68.77.114
+ address 88.208.215.61
+ address 77.68.76.112
+ address 77.68.33.216
+ address 77.68.33.37
+ address 77.68.50.90
+ address 88.208.198.66
+ address 77.68.77.219
+ address 77.68.123.177
+ address 77.68.77.222
+ address 77.68.112.83
+ address 77.68.77.152
+ address 77.68.79.82
+ }
+ address-group G-993-TCP {
+ address 172.16.255.254
+ address 77.68.76.115
+ address 77.68.77.129
+ address 77.68.77.130
+ address 77.68.77.141
+ address 77.68.77.150
+ address 77.68.77.171
+ address 77.68.77.176
+ address 77.68.77.190
+ address 77.68.77.207
+ address 77.68.77.22
+ address 77.68.77.33
+ address 77.68.77.49
+ address 77.68.77.56
+ address 77.68.77.77
+ address 77.68.77.192
+ address 77.68.84.147
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.81.44
+ address 77.68.77.74
+ address 77.68.77.100
+ address 77.68.92.186
+ address 77.68.116.119
+ address 77.68.116.221
+ address 77.68.120.241
+ address 77.68.7.172
+ address 77.68.91.128
+ address 77.68.23.112
+ address 77.68.24.112
+ address 77.68.77.107
+ address 109.228.37.114
+ address 77.68.112.75
+ address 77.68.7.67
+ address 77.68.113.117
+ address 77.68.126.51
+ address 77.68.86.148
+ address 77.68.23.35
+ address 77.68.76.95
+ address 213.171.215.184
+ address 77.68.25.146
+ address 213.171.213.31
+ address 213.171.210.19
+ address 77.68.79.206
+ address 77.68.123.250
+ address 77.68.77.69
+ address 109.228.40.222
+ address 77.68.87.212
+ address 77.68.91.22
+ address 185.132.39.99
+ address 77.68.28.139
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 77.68.5.155
+ address 185.132.43.28
+ address 77.68.77.215
+ address 77.68.10.152
+ address 77.68.73.73
+ address 77.68.77.214
+ address 185.132.38.114
+ address 77.68.33.48
+ address 77.68.79.89
+ address 77.68.5.95
+ address 77.68.4.80
+ address 77.68.49.152
+ address 213.171.208.40
+ address 77.68.115.17
+ address 77.68.103.19
+ address 185.132.36.60
+ address 185.132.40.244
+ address 88.208.197.10
+ address 77.68.102.129
+ address 88.208.215.157
+ address 88.208.198.69
+ address 88.208.212.188
+ address 213.171.214.96
+ address 88.208.198.66
+ address 77.68.77.204
+ address 77.68.74.232
+ address 77.68.4.25
+ address 77.68.7.114
+ address 77.68.123.177
+ address 77.68.77.222
+ address 77.68.112.83
+ address 77.68.79.82
+ }
+ address-group G-995-TCP {
+ address 172.16.255.254
+ address 77.68.76.115
+ address 77.68.77.129
+ address 77.68.77.171
+ address 77.68.77.176
+ address 77.68.77.190
+ address 77.68.77.22
+ address 77.68.77.33
+ address 77.68.77.92
+ address 77.68.77.77
+ address 77.68.84.147
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.77.74
+ address 77.68.77.100
+ address 77.68.116.221
+ address 77.68.120.241
+ address 77.68.7.172
+ address 77.68.95.42
+ address 77.68.91.128
+ address 77.68.23.112
+ address 77.68.24.112
+ address 77.68.77.107
+ address 109.228.37.114
+ address 77.68.7.67
+ address 77.68.126.51
+ address 77.68.79.206
+ address 77.68.123.250
+ address 109.228.52.186
+ address 109.228.40.222
+ address 77.68.91.22
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.5.155
+ address 185.132.43.28
+ address 77.68.77.214
+ address 185.132.38.114
+ address 77.68.79.89
+ address 77.68.80.26
+ address 77.68.4.80
+ address 77.68.49.152
+ address 77.68.103.19
+ address 77.68.50.193
+ address 88.208.197.10
+ address 213.171.214.96
+ address 88.208.198.66
+ address 77.68.74.232
+ address 77.68.4.25
+ address 77.68.7.114
+ address 77.68.77.185
+ }
+ address-group G-1433-TCP {
+ address 172.16.255.254
+ address 77.68.76.94
+ address 77.68.30.164
+ address 77.68.10.142
+ address 77.68.77.95
+ address 77.68.126.101
+ address 77.68.76.118
+ address 77.68.77.75
+ }
+ address-group G-3306-TCP {
+ address 172.16.255.254
+ address 77.68.76.127
+ address 77.68.76.187
+ address 77.68.76.252
+ address 77.68.76.55
+ address 77.68.76.80
+ address 77.68.77.21
+ address 77.68.77.63
+ address 77.68.77.81
+ address 77.68.77.85
+ address 77.68.77.92
+ address 77.68.76.241
+ address 109.228.56.185
+ address 77.68.28.145
+ address 77.68.76.114
+ address 77.68.17.26
+ address 77.68.120.241
+ address 77.68.6.32
+ address 77.68.91.128
+ address 109.228.37.114
+ address 77.68.76.169
+ address 77.68.76.77
+ address 77.68.113.117
+ address 77.68.86.148
+ address 77.68.76.234
+ address 77.68.76.59
+ address 77.68.77.202
+ address 77.68.28.147
+ address 109.228.52.186
+ address 77.68.117.222
+ address 213.171.213.42
+ address 77.68.75.253
+ address 77.68.77.215
+ address 77.68.79.89
+ address 77.68.118.15
+ address 109.228.36.79
+ address 77.68.33.216
+ address 77.68.33.37
+ address 77.68.50.90
+ address 77.68.76.48
+ address 77.68.77.222
+ address 77.68.112.83
+ address 77.68.77.44
+ address 88.208.212.94
+ }
+ address-group G-3389-TCP {
+ address 172.16.255.254
+ address 77.68.76.116
+ address 77.68.76.150
+ address 77.68.76.203
+ address 77.68.76.220
+ address 77.68.76.23
+ address 77.68.76.241
+ address 77.68.76.35
+ address 77.68.76.39
+ address 77.68.76.47
+ address 77.68.76.49
+ address 77.68.76.50
+ address 77.68.76.58
+ address 77.68.76.75
+ address 77.68.76.91
+ address 77.68.76.93
+ address 77.68.76.94
+ address 77.68.76.99
+ address 77.68.77.115
+ address 77.68.77.156
+ address 77.68.77.178
+ address 77.68.77.199
+ address 77.68.77.236
+ address 77.68.77.63
+ address 77.68.77.71
+ address 77.68.77.97
+ address 77.68.77.99
+ address 77.68.76.107
+ address 77.68.76.26
+ address 77.68.76.92
+ address 77.68.77.38
+ address 77.68.21.78
+ address 77.68.94.181
+ address 77.68.30.164
+ address 77.68.23.158
+ address 77.68.27.54
+ address 77.68.76.142
+ address 77.68.117.202
+ address 77.68.116.220
+ address 77.68.84.155
+ address 77.68.120.146
+ address 77.68.119.92
+ address 77.68.10.142
+ address 77.68.6.105
+ address 77.68.4.252
+ address 77.68.127.151
+ address 77.68.77.228
+ address 109.228.40.207
+ address 77.68.77.24
+ address 109.228.35.110
+ address 77.68.76.152
+ address 77.68.76.77
+ address 77.68.113.117
+ address 77.68.6.110
+ address 77.68.76.96
+ address 77.68.127.172
+ address 185.132.37.83
+ address 77.68.25.124
+ address 77.68.3.52
+ address 77.68.114.234
+ address 77.68.85.73
+ address 109.228.38.201
+ address 77.68.26.221
+ address 77.68.10.152
+ address 77.68.73.73
+ address 77.68.76.198
+ address 77.68.9.75
+ address 77.68.79.89
+ address 77.68.77.95
+ address 77.68.77.65
+ address 77.68.100.150
+ address 77.68.101.125
+ address 77.68.101.124
+ address 213.171.208.40
+ address 77.68.12.45
+ address 77.68.118.86
+ address 77.68.77.59
+ address 77.68.126.101
+ address 213.171.214.102
+ address 88.208.197.160
+ address 88.208.215.157
+ address 77.68.4.180
+ address 185.132.43.71
+ address 77.68.31.96
+ address 109.228.36.37
+ address 77.68.77.76
+ address 77.68.82.157
+ address 109.228.37.10
+ address 77.68.77.75
+ address 77.68.117.173
+ address 88.208.215.121
+ address 77.68.115.142
+ address 77.68.33.216
+ address 77.68.33.37
+ address 77.68.50.90
+ address 88.208.198.64
+ address 77.68.118.88
+ address 77.68.114.237
+ address 77.68.50.142
+ address 77.68.15.95
+ address 77.68.75.64
+ address 77.68.77.238
+ }
+ address-group G-8080-TCP {
+ address 172.16.255.254
+ address 77.68.76.57
+ address 77.68.76.243
+ address 77.68.28.145
+ address 77.68.76.114
+ address 77.68.76.157
+ address 77.68.77.248
+ address 77.68.77.202
+ address 77.68.24.59
+ address 77.68.81.218
+ address 77.68.77.105
+ address 185.132.40.152
+ address 109.228.36.119
+ address 77.68.121.127
+ address 77.68.116.183
+ address 77.68.34.139
+ address 77.68.88.100
+ address 77.68.77.222
+ address 77.68.112.83
+ address 77.68.77.163
+ address 88.208.212.94
+ address 77.68.78.113
+ address 77.68.15.95
+ address 213.171.212.71
+ }
+ address-group G-8443-TCP {
+ address 172.16.255.254
+ address 77.68.76.104
+ address 77.68.76.105
+ address 77.68.76.127
+ address 77.68.76.136
+ address 77.68.76.141
+ address 77.68.76.148
+ address 77.68.76.150
+ address 77.68.76.158
+ address 77.68.76.187
+ address 77.68.76.195
+ address 77.68.76.197
+ address 77.68.76.20
+ address 77.68.76.200
+ address 77.68.76.209
+ address 77.68.76.217
+ address 77.68.76.22
+ address 77.68.76.231
+ address 77.68.76.235
+ address 77.68.76.239
+ address 77.68.76.245
+ address 77.68.76.247
+ address 77.68.76.249
+ address 77.68.76.25
+ address 77.68.76.251
+ address 77.68.76.252
+ address 77.68.76.33
+ address 77.68.76.37
+ address 77.68.76.57
+ address 77.68.76.61
+ address 77.68.76.74
+ address 77.68.76.80
+ address 77.68.76.93
+ address 77.68.77.100
+ address 77.68.77.103
+ address 77.68.77.107
+ address 77.68.77.108
+ address 77.68.77.115
+ address 77.68.77.117
+ address 77.68.77.128
+ address 77.68.77.130
+ address 77.68.77.137
+ address 77.68.77.139
+ address 77.68.77.140
+ address 77.68.77.141
+ address 77.68.77.151
+ address 77.68.77.159
+ address 77.68.77.176
+ address 77.68.77.190
+ address 77.68.77.200
+ address 77.68.77.201
+ address 77.68.77.207
+ address 77.68.77.211
+ address 77.68.77.22
+ address 77.68.77.227
+ address 77.68.77.240
+ address 77.68.77.247
+ address 77.68.77.253
+ address 77.68.77.32
+ address 77.68.77.37
+ address 77.68.77.49
+ address 77.68.77.50
+ address 77.68.77.56
+ address 77.68.77.68
+ address 77.68.77.81
+ address 77.68.77.85
+ address 77.68.77.88
+ address 77.68.77.92
+ address 77.68.77.99
+ address 77.68.76.211
+ address 77.68.76.19
+ address 77.68.77.192
+ address 77.68.77.254
+ address 77.68.77.157
+ address 77.68.76.138
+ address 77.68.76.139
+ address 77.68.76.243
+ address 77.68.77.38
+ address 77.68.77.62
+ address 77.68.91.195
+ address 77.68.17.26
+ address 77.68.84.147
+ address 109.228.56.185
+ address 77.68.5.187
+ address 77.68.4.24
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.5.241
+ address 77.68.77.74
+ address 77.68.76.115
+ address 77.68.81.44
+ address 77.68.90.106
+ address 77.68.94.181
+ address 77.68.30.133
+ address 77.68.4.136
+ address 77.68.28.145
+ address 77.68.24.112
+ address 77.68.92.186
+ address 77.68.26.216
+ address 77.68.20.231
+ address 77.68.118.17
+ address 77.68.116.119
+ address 77.68.76.142
+ address 77.68.7.172
+ address 77.68.116.221
+ address 77.68.89.183
+ address 77.68.83.41
+ address 77.68.86.40
+ address 77.68.88.164
+ address 109.228.56.26
+ address 77.68.7.123
+ address 77.68.116.220
+ address 109.228.60.215
+ address 77.68.7.186
+ address 77.68.93.246
+ address 77.68.120.241
+ address 77.68.122.195
+ address 77.68.122.89
+ address 77.68.81.141
+ address 77.68.116.52
+ address 77.68.6.105
+ address 77.68.76.229
+ address 77.68.4.252
+ address 77.68.17.186
+ address 77.68.91.128
+ address 77.68.22.146
+ address 77.68.125.32
+ address 109.228.36.229
+ address 77.68.31.144
+ address 77.68.117.142
+ address 109.228.37.174
+ address 109.228.37.114
+ address 77.68.76.169
+ address 77.68.112.75
+ address 77.68.77.160
+ address 109.228.39.249
+ address 77.68.7.67
+ address 77.68.113.117
+ address 77.68.126.51
+ address 77.68.86.148
+ address 77.68.114.183
+ address 109.228.40.194
+ address 77.68.90.132
+ address 77.68.77.26
+ address 77.68.76.96
+ address 77.68.77.30
+ address 77.68.76.95
+ address 77.68.10.170
+ address 77.68.120.26
+ address 109.228.61.31
+ address 77.68.76.59
+ address 77.68.120.249
+ address 213.171.213.41
+ address 77.68.119.14
+ address 213.171.215.184
+ address 77.68.77.202
+ address 77.68.25.146
+ address 213.171.213.31
+ address 77.68.77.102
+ address 213.171.210.19
+ address 213.171.213.97
+ address 109.228.48.249
+ address 109.228.40.195
+ address 77.68.127.172
+ address 77.68.79.206
+ address 109.228.56.242
+ address 109.228.46.81
+ address 185.132.38.95
+ address 77.68.116.36
+ address 77.68.120.45
+ address 185.132.37.102
+ address 77.68.13.137
+ address 109.228.36.194
+ address 185.132.36.7
+ address 185.132.36.24
+ address 77.68.77.69
+ address 185.132.39.129
+ address 77.68.87.212
+ address 77.68.76.29
+ address 77.68.76.88
+ address 77.68.76.181
+ address 77.68.76.161
+ address 77.68.85.73
+ address 77.68.76.219
+ address 109.228.38.201
+ address 185.132.39.219
+ address 77.68.28.139
+ address 77.68.81.218
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 77.68.76.45
+ address 185.132.40.56
+ address 77.68.75.253
+ address 77.68.10.152
+ address 77.68.73.73
+ address 77.68.77.214
+ address 185.132.38.114
+ address 185.132.40.90
+ address 77.68.79.89
+ address 77.68.76.21
+ address 77.68.75.45
+ address 77.68.24.134
+ address 77.68.32.43
+ address 77.68.80.26
+ address 77.68.17.200
+ address 77.68.80.97
+ address 77.68.74.209
+ address 77.68.77.65
+ address 77.68.33.197
+ address 77.68.5.95
+ address 77.68.23.64
+ address 77.68.5.125
+ address 77.68.100.167
+ address 77.68.4.80
+ address 77.68.49.152
+ address 77.68.48.105
+ address 77.68.48.81
+ address 77.68.49.12
+ address 213.171.212.89
+ address 77.68.76.44
+ address 77.68.77.239
+ address 77.68.77.59
+ address 77.68.126.101
+ address 77.68.76.40
+ address 77.68.114.93
+ address 77.68.50.193
+ address 88.208.197.160
+ address 109.228.36.79
+ address 185.132.38.182
+ address 88.208.196.123
+ address 88.208.215.157
+ address 77.68.76.118
+ address 77.68.103.227
+ address 88.208.196.92
+ address 185.132.39.44
+ address 88.208.198.92
+ address 77.68.126.14
+ address 88.208.196.91
+ address 77.68.100.77
+ address 185.132.37.101
+ address 77.68.76.120
+ address 213.171.212.114
+ address 77.68.34.139
+ address 88.208.215.61
+ address 88.208.212.31
+ address 109.228.53.243
+ address 77.68.103.56
+ address 213.171.214.96
+ address 88.208.198.66
+ address 77.68.77.219
+ address 77.68.4.25
+ address 77.68.7.114
+ address 77.68.77.222
+ address 77.68.112.83
+ address 77.68.77.44
+ address 77.68.72.254
+ address 77.68.78.113
+ address 213.171.212.71
+ address 185.132.40.124
+ address 88.208.197.208
+ address 77.68.77.238
+ address 77.68.79.82
+ }
+ address-group G-8447-TCP {
+ address 172.16.255.254
+ address 77.68.76.104
+ address 77.68.76.105
+ address 77.68.76.127
+ address 77.68.76.136
+ address 77.68.76.141
+ address 77.68.76.148
+ address 77.68.76.150
+ address 77.68.76.158
+ address 77.68.76.187
+ address 77.68.76.195
+ address 77.68.76.197
+ address 77.68.76.20
+ address 77.68.76.209
+ address 77.68.76.22
+ address 77.68.76.231
+ address 77.68.76.235
+ address 77.68.76.239
+ address 77.68.76.245
+ address 77.68.76.25
+ address 77.68.76.252
+ address 77.68.76.33
+ address 77.68.76.37
+ address 77.68.76.57
+ address 77.68.76.61
+ address 77.68.76.74
+ address 77.68.76.93
+ address 77.68.77.100
+ address 77.68.77.103
+ address 77.68.77.107
+ address 77.68.77.108
+ address 77.68.77.117
+ address 77.68.77.128
+ address 77.68.77.130
+ address 77.68.77.137
+ address 77.68.77.139
+ address 77.68.77.141
+ address 77.68.77.151
+ address 77.68.77.159
+ address 77.68.77.176
+ address 77.68.77.190
+ address 77.68.77.200
+ address 77.68.77.201
+ address 77.68.77.207
+ address 77.68.77.211
+ address 77.68.77.22
+ address 77.68.77.227
+ address 77.68.77.240
+ address 77.68.77.247
+ address 77.68.77.253
+ address 77.68.77.32
+ address 77.68.77.37
+ address 77.68.77.49
+ address 77.68.77.50
+ address 77.68.77.56
+ address 77.68.77.68
+ address 77.68.77.81
+ address 77.68.77.85
+ address 77.68.77.88
+ address 77.68.77.92
+ address 77.68.77.99
+ address 77.68.76.211
+ address 77.68.76.19
+ address 77.68.77.192
+ address 77.68.77.254
+ address 77.68.77.157
+ address 77.68.76.138
+ address 77.68.76.139
+ address 77.68.91.195
+ address 77.68.17.26
+ address 109.228.56.185
+ address 77.68.84.147
+ address 77.68.5.187
+ address 77.68.4.24
+ address 77.68.4.74
+ address 77.68.6.202
+ address 77.68.5.241
+ address 77.68.77.74
+ address 77.68.81.44
+ address 77.68.90.106
+ address 77.68.94.181
+ address 77.68.4.136
+ address 77.68.28.145
+ address 77.68.24.112
+ address 77.68.92.186
+ address 77.68.26.216
+ address 77.68.20.231
+ address 77.68.118.17
+ address 77.68.116.119
+ address 77.68.76.142
+ address 77.68.7.172
+ address 77.68.83.41
+ address 77.68.116.221
+ address 77.68.86.40
+ address 77.68.88.164
+ address 109.228.56.26
+ address 77.68.7.123
+ address 77.68.116.220
+ address 109.228.60.215
+ address 77.68.7.186
+ address 77.68.93.246
+ address 77.68.120.241
+ address 77.68.122.195
+ address 77.68.122.89
+ address 77.68.81.141
+ address 77.68.116.52
+ address 77.68.6.105
+ address 77.68.76.229
+ address 77.68.4.252
+ address 77.68.17.186
+ address 77.68.91.128
+ address 77.68.22.146
+ address 77.68.125.32
+ address 109.228.36.229
+ address 77.68.31.144
+ address 77.68.117.142
+ address 109.228.37.174
+ address 109.228.37.114
+ address 77.68.112.75
+ address 77.68.77.160
+ address 109.228.39.249
+ address 77.68.7.67
+ address 77.68.113.117
+ address 77.68.126.51
+ address 77.68.86.148
+ address 77.68.114.183
+ address 109.228.40.194
+ address 77.68.90.132
+ address 77.68.76.96
+ address 77.68.77.30
+ address 77.68.76.95
+ address 77.68.10.170
+ address 109.228.61.31
+ address 77.68.76.59
+ address 77.68.120.249
+ address 213.171.213.41
+ address 213.171.215.184
+ address 77.68.25.146
+ address 213.171.213.31
+ address 77.68.77.102
+ address 213.171.210.19
+ address 213.171.213.97
+ address 109.228.48.249
+ address 77.68.127.172
+ address 77.68.79.206
+ address 109.228.56.242
+ address 109.228.46.81
+ address 185.132.38.95
+ address 77.68.116.36
+ address 109.228.36.194
+ address 185.132.36.7
+ address 185.132.36.24
+ address 77.68.77.69
+ address 185.132.39.129
+ address 77.68.87.212
+ address 77.68.76.88
+ address 77.68.76.181
+ address 77.68.76.219
+ address 185.132.39.219
+ address 77.68.28.139
+ address 77.68.4.111
+ address 77.68.77.174
+ address 77.68.117.222
+ address 77.68.77.231
+ address 77.68.76.45
+ address 185.132.40.56
+ address 77.68.10.152
+ address 77.68.73.73
+ address 77.68.77.214
+ address 185.132.38.114
+ address 185.132.40.90
+ address 77.68.79.89
+ address 77.68.76.21
+ address 77.68.75.45
+ address 77.68.24.134
+ address 77.68.32.43
+ address 77.68.80.26
+ address 77.68.17.200
+ address 77.68.80.97
+ address 77.68.74.209
+ address 77.68.33.197
+ address 77.68.5.95
+ address 77.68.5.125
+ address 77.68.100.167
+ address 77.68.4.80
+ address 77.68.49.152
+ address 77.68.48.105
+ address 77.68.48.81
+ address 77.68.49.12
+ address 213.171.212.89
+ address 77.68.76.44
+ address 77.68.77.239
+ address 77.68.77.59
+ address 77.68.126.101
+ address 77.68.114.93
+ address 77.68.50.193
+ address 88.208.197.160
+ address 109.228.36.79
+ address 185.132.38.182
+ address 88.208.196.123
+ address 88.208.215.157
+ address 77.68.76.118
+ address 77.68.103.227
+ address 88.208.196.92
+ address 185.132.39.44
+ address 88.208.198.92
+ address 77.68.126.14
+ address 88.208.196.91
+ address 77.68.100.77
+ address 185.132.37.101
+ address 77.68.76.120
+ address 213.171.212.114
+ address 77.68.34.139
+ address 88.208.215.61
+ address 88.208.212.31
+ address 109.228.53.243
+ address 77.68.103.56
+ address 213.171.214.96
+ address 88.208.198.66
+ address 77.68.77.219
+ address 77.68.77.204
+ address 77.68.76.48
+ address 77.68.4.25
+ address 77.68.7.114
+ address 77.68.77.222
+ address 77.68.112.83
+ address 77.68.72.254
+ address 77.68.78.113
+ address 213.171.212.71
+ address 185.132.40.124
+ address 88.208.197.208
+ address 77.68.79.82
+ }
+ address-group G-10000-TCP {
+ address 172.16.255.254
+ address 77.68.76.177
+ address 77.68.76.54
+ address 77.68.30.133
+ address 77.68.76.114
+ address 77.68.11.140
+ address 77.68.76.112
+ address 77.68.78.113
+ }
+ address-group LAN_ADDRESSES {
+ address 10.255.255.2
+ address 10.255.255.3
+ }
+ address-group MANAGEMENT_ADDRESSES {
+ address 82.223.200.175
+ address 82.223.200.177
+ }
+ address-group NAGIOS_PROBES {
+ address 77.68.76.16
+ address 77.68.77.16
+ }
+ address-group NAS_ARRAYS {
+ address 10.7.197.251
+ address 10.7.197.252
+ address 10.7.197.253
+ address 10.7.197.254
+ }
+ address-group NAS_DOMAIN_CONTROLLERS {
+ address 10.7.197.16
+ address 10.7.197.17
+ }
+ address-group NLB_ADDRESSES {
+ address 109.228.63.15
+ address 109.228.63.16
+ address 109.228.63.132
+ address 109.228.63.133
+ }
+ network-group NAS_NETWORKS {
+ network 10.7.197.0/24
+ }
+ network-group RFC1918 {
+ network 10.0.0.0/8
+ network 172.16.0.0/12
+ network 192.168.0.0/16
+ }
+ network-group TRANSFER_NETS {
+ network 109.228.63.128/25
+ }
+ }
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians enable
+ name LAN-INBOUND {
+ default-action drop
+ rule 10 {
+ action drop
+ description "Anti-spoofing non-cluster addresses"
+ source {
+ group {
+ address-group !CLUSTER_ADDRESSES
+ }
+ }
+ }
+ rule 20 {
+ action drop
+ description "Drop traffic to datacenter transfer net"
+ destination {
+ group {
+ network-group TRANSFER_NETS
+ }
+ }
+ source {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ }
+ rule 400 {
+ action drop
+ description Anti-spoofing_10.255.255.2
+ source {
+ address 10.255.255.2
+ mac-address !00:50:56:af:61:20
+ }
+ }
+ rule 401 {
+ action drop
+ description Anti-spoofing_77.68.126.51
+ source {
+ address 77.68.126.51
+ mac-address !00:50:56:03:df:06
+ }
+ }
+ rule 402 {
+ action drop
+ description Anti-spoofing_109.228.36.37
+ source {
+ address 109.228.36.37
+ mac-address !00:50:56:38:c4:2c
+ }
+ }
+ rule 403 {
+ action drop
+ description Anti-spoofing_77.68.117.214
+ source {
+ address 77.68.117.214
+ mac-address !00:50:56:00:28:c3
+ }
+ }
+ rule 404 {
+ action drop
+ description Anti-spoofing_77.68.127.172
+ source {
+ address 77.68.127.172
+ mac-address !00:50:56:08:ce:ec
+ }
+ }
+ rule 405 {
+ action drop
+ description Anti-spoofing_77.68.117.142
+ source {
+ address 77.68.117.142
+ mac-address !00:50:56:1a:02:40
+ }
+ }
+ rule 406 {
+ action drop
+ description Anti-spoofing_77.68.14.88
+ source {
+ address 77.68.14.88
+ mac-address !00:50:56:3c:79:85
+ }
+ }
+ rule 407 {
+ action drop
+ description Anti-spoofing_77.68.17.200
+ source {
+ address 77.68.17.200
+ mac-address !00:50:56:0c:1b:57
+ }
+ }
+ rule 408 {
+ action drop
+ description Anti-spoofing_77.68.120.229
+ source {
+ address 77.68.120.229
+ mac-address !00:50:56:18:af:65
+ }
+ }
+ rule 410 {
+ action drop
+ description Anti-spoofing_10.255.255.3
+ source {
+ address 10.255.255.3
+ mac-address !00:50:56:af:cd:42
+ }
+ }
+ rule 411 {
+ action drop
+ description Anti-spoofing_77.68.4.242
+ source {
+ address 77.68.4.242
+ mac-address !00:50:56:25:d9:34
+ }
+ }
+ rule 412 {
+ action drop
+ description Anti-spoofing_77.68.113.117
+ source {
+ address 77.68.113.117
+ mac-address !00:50:56:36:ea:1d
+ }
+ }
+ rule 413 {
+ action drop
+ description Anti-spoofing_213.171.213.242
+ source {
+ address 213.171.213.242
+ mac-address !00:50:56:29:dd:5c
+ }
+ }
+ rule 414 {
+ action drop
+ description Anti-spoofing_77.68.86.148
+ source {
+ address 77.68.86.148
+ mac-address !00:50:56:01:91:19
+ }
+ }
+ rule 418 {
+ action drop
+ description Anti-spoofing_213.171.212.203
+ source {
+ address 213.171.212.203
+ mac-address !00:50:56:01:c3:39
+ }
+ }
+ rule 419 {
+ action drop
+ description Anti-spoofing_77.68.114.234
+ source {
+ address 77.68.114.234
+ mac-address !00:50:56:1b:72:cd
+ }
+ }
+ rule 420 {
+ action drop
+ description Anti-spoofing_10.255.255.4
+ source {
+ address 10.255.255.4
+ mac-address !00:50:56:af:09:7d
+ }
+ }
+ rule 421 {
+ action drop
+ description Anti-spoofing_213.171.212.171
+ source {
+ address 213.171.212.171
+ mac-address !00:50:56:12:54:58
+ }
+ }
+ rule 422 {
+ action drop
+ description Anti-spoofing_77.68.114.183
+ source {
+ address 77.68.114.183
+ mac-address !00:50:56:3d:9b:eb
+ }
+ }
+ rule 423 {
+ action drop
+ description Anti-spoofing_213.171.213.41
+ source {
+ address 213.171.213.41
+ mac-address !00:50:56:2a:ef:a2
+ }
+ }
+ rule 424 {
+ action drop
+ description Anti-spoofing_77.68.90.132
+ source {
+ address 77.68.90.132
+ mac-address !00:50:56:28:04:1e
+ }
+ }
+ rule 425 {
+ action drop
+ description Anti-spoofing_10.255.255.5
+ source {
+ address 10.255.255.5
+ mac-address !00:50:56:af:3b:bb
+ }
+ }
+ rule 426 {
+ action drop
+ description Anti-spoofing_213.171.213.175
+ source {
+ address 213.171.213.175
+ mac-address !00:50:56:0d:d4:b1
+ }
+ }
+ rule 427 {
+ action drop
+ description Anti-spoofing_109.228.39.151
+ source {
+ address 109.228.39.151
+ mac-address !00:50:56:39:67:8d
+ }
+ }
+ rule 428 {
+ action drop
+ description Anti-spoofing_77.68.112.167
+ source {
+ address 77.68.112.167
+ mac-address !00:50:56:32:24:c9
+ }
+ }
+ rule 429 {
+ action drop
+ description Anti-spoofing_109.228.40.194
+ source {
+ address 109.228.40.194
+ mac-address !00:50:56:19:49:71
+ }
+ }
+ rule 430 {
+ action drop
+ description Anti-spoofing_77.68.76.12
+ source {
+ address 77.68.76.12
+ mac-address !00:50:56:af:09:7d
+ }
+ }
+ rule 431 {
+ action drop
+ description Anti-spoofing_213.171.213.97
+ source {
+ address 213.171.213.97
+ mac-address !00:50:56:15:d9:89
+ }
+ }
+ rule 432 {
+ action drop
+ description Anti-spoofing_77.68.16.247
+ source {
+ address 77.68.16.247
+ mac-address !00:50:56:01:49:07
+ }
+ }
+ rule 433 {
+ action drop
+ description Anti-spoofing_77.68.33.48
+ source {
+ address 77.68.33.48
+ mac-address !00:50:56:11:0e:07
+ }
+ }
+ rule 434 {
+ action drop
+ description Anti-spoofing_77.68.6.110
+ source {
+ address 77.68.6.110
+ mac-address !00:50:56:31:76:8a
+ }
+ }
+ rule 435 {
+ action drop
+ description Anti-spoofing_77.68.77.12
+ source {
+ address 77.68.77.12
+ mac-address !00:50:56:af:3b:bb
+ }
+ }
+ rule 436 {
+ action drop
+ description Anti-spoofing_213.171.215.252
+ source {
+ address 213.171.215.252
+ mac-address !00:50:56:11:88:0a
+ }
+ }
+ rule 437 {
+ action drop
+ description Anti-spoofing_88.208.197.208
+ source {
+ address 88.208.197.208
+ mac-address !00:50:56:1d:97:93
+ }
+ }
+ rule 438 {
+ action drop
+ description Anti-spoofing_213.171.212.89
+ source {
+ address 213.171.212.89
+ mac-address !00:50:56:36:8d:bf
+ }
+ }
+ rule 439 {
+ action drop
+ description Anti-spoofing_77.68.93.125
+ source {
+ address 77.68.93.125
+ mac-address !00:50:56:19:f1:6f
+ }
+ }
+ rule 440 {
+ action drop
+ description Anti-spoofing_probe_77.68.76.16
+ source {
+ address 77.68.76.16
+ mac-address !00:50:56:aa:48:d4
+ }
+ }
+ rule 441 {
+ action drop
+ description Anti-spoofing_213.171.214.96
+ source {
+ address 213.171.214.96
+ mac-address !00:50:56:0c:45:b5
+ }
+ }
+ rule 442 {
+ action drop
+ description Anti-spoofing_77.68.76.176
+ source {
+ address 77.68.76.176
+ mac-address !00:50:56:2b:e6:f7
+ }
+ }
+ rule 444 {
+ action drop
+ description Anti-spoofing_213.171.212.172
+ source {
+ address 213.171.212.172
+ mac-address !00:50:56:35:ab:43
+ }
+ }
+ rule 446 {
+ action drop
+ description Anti-spoofing_185.132.38.95
+ source {
+ address 185.132.38.95
+ mac-address !00:50:56:07:a6:f7
+ }
+ }
+ rule 447 {
+ action drop
+ description Anti-spoofing_185.132.38.248
+ source {
+ address 185.132.38.248
+ mac-address !00:50:56:19:e5:16
+ }
+ }
+ rule 448 {
+ action drop
+ description Anti-spoofing_109.228.52.186
+ source {
+ address 109.228.52.186
+ mac-address !00:50:56:20:80:4f
+ }
+ }
+ rule 449 {
+ action drop
+ description Anti-spoofing_213.171.213.31
+ source {
+ address 213.171.213.31
+ mac-address !00:50:56:34:e3:61
+ }
+ }
+ rule 450 {
+ action drop
+ description Anti-spoofing_probe_77.68.77.16
+ source {
+ address 77.68.77.16
+ mac-address !00:50:56:aa:4a:32
+ }
+ }
+ rule 451 {
+ action drop
+ description Anti-spoofing_213.171.210.59
+ source {
+ address 213.171.210.59
+ mac-address !00:50:56:10:74:b6
+ }
+ }
+ rule 452 {
+ action drop
+ description Anti-spoofing_185.132.36.7
+ source {
+ address 185.132.36.7
+ mac-address !00:50:56:17:24:16
+ }
+ }
+ rule 453 {
+ action drop
+ description Anti-spoofing_213.171.212.71
+ source {
+ address 213.171.212.71
+ mac-address !00:50:56:1d:50:e0
+ }
+ }
+ rule 454 {
+ action drop
+ description Anti-spoofing_213.171.208.58
+ source {
+ address 213.171.208.58
+ mac-address !00:50:56:05:1c:70
+ }
+ }
+ rule 455 {
+ action drop
+ description Anti-spoofing_77.68.77.69
+ source {
+ address 77.68.77.69
+ mac-address !00:50:56:17:f9:d1
+ }
+ }
+ rule 456 {
+ action drop
+ description Anti-spoofing_77.68.25.130
+ source {
+ address 77.68.25.130
+ mac-address !00:50:56:3c:92:ff
+ }
+ }
+ rule 457 {
+ action drop
+ description Anti-spoofing_213.171.215.184
+ source {
+ address 213.171.215.184
+ mac-address !00:50:56:18:84:ff
+ }
+ }
+ rule 458 {
+ action drop
+ description Anti-spoofing_77.68.74.39
+ source {
+ address 77.68.74.39
+ mac-address !00:50:56:0a:41:ee
+ }
+ }
+ rule 459 {
+ action drop
+ description Anti-spoofing_109.228.56.242
+ source {
+ address 109.228.56.242
+ mac-address !00:50:56:28:8c:ff
+ }
+ }
+ rule 460 {
+ action drop
+ description Anti-spoofing_77.68.76.13
+ source {
+ address 77.68.76.13
+ mac-address !00:50:56:8f:62:1e
+ }
+ }
+ rule 461 {
+ action drop
+ description Anti-spoofing_77.68.13.76
+ source {
+ address 77.68.13.76
+ mac-address !00:50:56:2c:c7:38
+ }
+ }
+ rule 462 {
+ action drop
+ description Anti-spoofing_77.68.119.188
+ source {
+ address 77.68.119.188
+ mac-address !00:50:56:02:1c:16
+ }
+ }
+ rule 463 {
+ action drop
+ description Anti-spoofing_109.228.46.81
+ source {
+ address 109.228.46.81
+ mac-address !00:50:56:31:1f:8a
+ }
+ }
+ rule 464 {
+ action drop
+ description Anti-spoofing_77.68.25.146
+ source {
+ address 77.68.25.146
+ mac-address !00:50:56:07:cc:76
+ }
+ }
+ rule 465 {
+ action drop
+ description Anti-spoofing_77.68.76.14
+ source {
+ address 77.68.76.14
+ mac-address !00:50:56:8f:6a:24
+ }
+ }
+ rule 466 {
+ action drop
+ description Anti-spoofing_77.68.116.36
+ source {
+ address 77.68.116.36
+ mac-address !00:50:56:1c:c9:83
+ }
+ }
+ rule 467 {
+ action drop
+ description Anti-spoofing_185.132.43.113
+ source {
+ address 185.132.43.113
+ mac-address !00:50:56:22:79:ac
+ }
+ }
+ rule 468 {
+ action drop
+ description Anti-spoofing_213.171.210.19
+ source {
+ address 213.171.210.19
+ mac-address !00:50:56:32:6c:19
+ }
+ }
+ rule 469 {
+ action drop
+ description Anti-spoofing_77.68.113.164
+ source {
+ address 77.68.113.164
+ mac-address !00:50:56:07:28:41
+ }
+ }
+ rule 470 {
+ action drop
+ description Anti-spoofing_77.68.77.13
+ source {
+ address 77.68.77.13
+ mac-address !00:50:56:8f:62:1e
+ }
+ }
+ rule 471 {
+ action drop
+ description Anti-spoofing_213.171.211.128
+ source {
+ address 213.171.211.128
+ mac-address !00:50:56:37:b2:85
+ }
+ }
+ rule 472 {
+ action drop
+ description Anti-spoofing_77.68.120.45
+ source {
+ address 77.68.120.45
+ mac-address !00:50:56:13:5e:ca
+ }
+ }
+ rule 473 {
+ action drop
+ description Anti-spoofing_77.68.25.124
+ source {
+ address 77.68.25.124
+ mac-address !00:50:56:2f:27:08
+ }
+ }
+ rule 474 {
+ action drop
+ description Anti-spoofing_77.68.33.68
+ source {
+ address 77.68.33.68
+ mac-address !00:50:56:1c:96:48
+ }
+ }
+ rule 475 {
+ action drop
+ description Anti-spoofing_77.68.77.14
+ source {
+ address 77.68.77.14
+ mac-address !00:50:56:8f:6a:24
+ }
+ }
+ rule 476 {
+ action drop
+ description Anti-spoofing_109.228.48.249
+ source {
+ address 109.228.48.249
+ mac-address !00:50:56:06:32:ac
+ }
+ }
+ rule 477 {
+ action drop
+ description Anti-spoofing_109.228.40.195
+ source {
+ address 109.228.40.195
+ mac-address !00:50:56:21:46:3e
+ }
+ }
+ rule 478 {
+ action drop
+ description Anti-spoofing_213.171.215.43
+ source {
+ address 213.171.215.43
+ mac-address !00:50:56:24:c0:53
+ }
+ }
+ rule 479 {
+ action drop
+ description Anti-spoofing_185.132.37.101
+ source {
+ address 185.132.37.101
+ mac-address !00:50:56:2c:08:73
+ }
+ }
+ rule 480 {
+ action drop
+ description Anti-spoofing_109.228.53.243
+ source {
+ address 109.228.53.243
+ mac-address !00:50:56:31:d1:1a
+ }
+ }
+ rule 481 {
+ action drop
+ description Anti-spoofing_77.68.81.218
+ source {
+ address 77.68.81.218
+ mac-address !00:50:56:03:e1:62
+ }
+ }
+ rule 482 {
+ action drop
+ description Anti-spoofing_77.68.102.5
+ source {
+ address 77.68.102.5
+ mac-address !00:50:56:12:a3:05
+ }
+ }
+ rule 483 {
+ action drop
+ description Anti-spoofing_77.68.114.93
+ source {
+ address 77.68.114.93
+ mac-address !00:50:56:3c:d8:18
+ }
+ }
+ rule 485 {
+ action drop
+ description Anti-spoofing_77.68.76.137
+ source {
+ address 77.68.76.137
+ mac-address !00:50:56:25:38:78
+ }
+ }
+ rule 486 {
+ action drop
+ description Anti-spoofing_77.68.75.253
+ source {
+ address 77.68.75.253
+ mac-address !00:50:56:32:f9:d7
+ }
+ }
+ rule 487 {
+ action drop
+ description Anti-spoofing_77.68.6.119
+ source {
+ address 77.68.6.119
+ mac-address !00:50:56:2a:06:e0
+ }
+ }
+ rule 488 {
+ action drop
+ description Anti-spoofing_185.132.39.68
+ source {
+ address 185.132.39.68
+ mac-address !00:50:56:22:2e:b5
+ }
+ }
+ rule 489 {
+ action drop
+ description Anti-spoofing_77.68.5.95
+ source {
+ address 77.68.5.95
+ mac-address !00:50:56:34:d6:94
+ }
+ }
+ rule 490 {
+ action drop
+ description Anti-spoofing_109.228.36.194
+ source {
+ address 109.228.36.194
+ mac-address !00:50:56:02:d4:bb
+ }
+ }
+ rule 491 {
+ action drop
+ description Anti-spoofing_77.68.34.50
+ source {
+ address 77.68.34.50
+ mac-address !00:50:56:07:df:24
+ }
+ }
+ rule 492 {
+ action drop
+ description Anti-spoofing_77.68.27.18
+ source {
+ address 77.68.27.18
+ mac-address !00:50:56:1c:9d:9e
+ }
+ }
+ rule 493 {
+ action drop
+ description Anti-spoofing_77.68.28.147
+ source {
+ address 77.68.28.147
+ mac-address !00:50:56:29:e0:70
+ }
+ }
+ rule 494 {
+ action drop
+ description Anti-spoofing_77.68.123.250
+ source {
+ address 77.68.123.250
+ mac-address !00:50:56:0d:49:c0
+ }
+ }
+ rule 495 {
+ action drop
+ description Anti-spoofing_185.132.39.129
+ source {
+ address 185.132.39.129
+ mac-address !00:50:56:29:5a:4c
+ }
+ }
+ rule 496 {
+ action drop
+ description Anti-spoofing_185.132.36.24
+ source {
+ address 185.132.36.24
+ mac-address !00:50:56:12:df:2d
+ }
+ }
+ rule 497 {
+ action drop
+ description Anti-spoofing_185.132.38.114
+ source {
+ address 185.132.38.114
+ mac-address !00:50:56:1d:ce:df
+ }
+ }
+ rule 498 {
+ action drop
+ description Anti-spoofing_185.132.36.148
+ source {
+ address 185.132.36.148
+ mac-address !00:50:56:04:d1:7e
+ }
+ }
+ rule 499 {
+ action drop
+ description Anti-spoofing_185.132.36.142
+ source {
+ address 185.132.36.142
+ mac-address !00:50:56:13:22:d1
+ }
+ }
+ rule 500 {
+ action drop
+ description Anti-spoofing_77.68.77.67
+ source {
+ address 77.68.77.67
+ mac-address !00:50:56:26:3e:0a
+ }
+ }
+ rule 501 {
+ action drop
+ description Anti-spoofing_185.132.39.44
+ source {
+ address 185.132.39.44
+ mac-address !00:50:56:32:a0:22
+ }
+ }
+ rule 502 {
+ action drop
+ description Anti-spoofing_77.68.76.114
+ source {
+ address 77.68.76.114
+ mac-address !00:50:56:32:42:42
+ }
+ }
+ rule 503 {
+ action drop
+ description Anti-spoofing_77.68.77.103
+ source {
+ address 77.68.77.103
+ mac-address !00:50:56:1e:6d:9b
+ }
+ }
+ rule 504 {
+ action drop
+ description Anti-spoofing_77.68.77.130
+ source {
+ address 77.68.77.130
+ mac-address !00:50:56:24:79:76
+ }
+ }
+ rule 505 {
+ action drop
+ description Anti-spoofing_77.68.76.245
+ source {
+ address 77.68.76.245
+ mac-address !00:50:56:1d:0f:83
+ }
+ }
+ rule 506 {
+ action drop
+ description Anti-spoofing_77.68.118.17
+ source {
+ address 77.68.118.17
+ mac-address !00:50:56:18:d3:d1
+ }
+ }
+ rule 507 {
+ action drop
+ description Anti-spoofing_77.68.79.82
+ source {
+ address 77.68.79.82
+ mac-address !00:50:56:22:e9:9e
+ }
+ }
+ rule 509 {
+ action drop
+ description Anti-spoofing_77.68.77.85
+ source {
+ address 77.68.77.85
+ mac-address !00:50:56:1d:40:33
+ }
+ }
+ rule 510 {
+ action drop
+ description Anti-spoofing_77.68.76.45
+ source {
+ address 77.68.76.45
+ mac-address !00:50:56:18:dc:fe
+ }
+ }
+ rule 511 {
+ action drop
+ description Anti-spoofing_77.68.77.144
+ source {
+ address 77.68.77.144
+ mac-address !00:50:56:3c:9a:1a
+ }
+ }
+ rule 512 {
+ action drop
+ description Anti-spoofing_77.68.77.105
+ source {
+ address 77.68.77.105
+ mac-address !00:50:56:1f:f9:c9
+ }
+ }
+ rule 513 {
+ action drop
+ description Anti-spoofing_77.68.12.250
+ source {
+ address 77.68.12.250
+ mac-address !00:50:56:3e:06:ca
+ }
+ }
+ rule 514 {
+ action drop
+ description Anti-spoofing_77.68.76.76
+ source {
+ address 77.68.76.76
+ mac-address !00:50:56:03:1f:db
+ }
+ }
+ rule 515 {
+ action drop
+ description Anti-spoofing_185.132.36.17
+ source {
+ address 185.132.36.17
+ mac-address !00:50:56:36:7a:94
+ }
+ }
+ rule 516 {
+ action drop
+ description Anti-spoofing_77.68.76.122
+ source {
+ address 77.68.76.122
+ mac-address !00:50:56:20:3d:43
+ }
+ }
+ rule 517 {
+ action drop
+ description Anti-spoofing_77.68.76.104
+ source {
+ address 77.68.76.104
+ mac-address !00:50:56:3c:80:ff
+ }
+ }
+ rule 518 {
+ action drop
+ description Anti-spoofing_77.68.114.136
+ source {
+ address 77.68.114.136
+ mac-address !00:50:56:38:34:6e
+ }
+ }
+ rule 519 {
+ action drop
+ description Anti-spoofing_77.68.77.115
+ source {
+ address 77.68.77.115
+ mac-address !00:50:56:2c:ad:ee
+ }
+ }
+ rule 520 {
+ action drop
+ description Anti-spoofing_77.68.77.178
+ source {
+ address 77.68.77.178
+ mac-address !00:50:56:14:c1:42
+ }
+ }
+ rule 521 {
+ action drop
+ description Anti-spoofing_77.68.76.239
+ source {
+ address 77.68.76.239
+ mac-address !00:50:56:0d:5a:47
+ }
+ }
+ rule 522 {
+ action drop
+ description Anti-spoofing_77.68.87.164
+ source {
+ address 77.68.87.164
+ mac-address !00:50:56:11:19:46
+ }
+ }
+ rule 523 {
+ action drop
+ description Anti-spoofing_77.68.15.95
+ source {
+ address 77.68.15.95
+ mac-address !00:50:56:16:04:4e
+ }
+ }
+ rule 524 {
+ action drop
+ description Anti-spoofing_77.68.4.39
+ source {
+ address 77.68.4.39
+ mac-address !00:50:56:06:57:b6
+ }
+ }
+ rule 525 {
+ action drop
+ description Anti-spoofing_77.68.76.30
+ source {
+ address 77.68.76.30
+ mac-address !00:50:56:25:b8:e3
+ }
+ }
+ rule 526 {
+ action drop
+ description Anti-spoofing_77.68.77.249
+ source {
+ address 77.68.77.249
+ mac-address !00:50:56:36:5f:b3
+ }
+ }
+ rule 527 {
+ action drop
+ description Anti-spoofing_77.68.76.59
+ source {
+ address 77.68.76.59
+ mac-address !00:50:56:06:e8:bb
+ }
+ }
+ rule 528 {
+ action drop
+ description Anti-spoofing_77.68.8.144
+ source {
+ address 77.68.8.144
+ mac-address !00:50:56:28:58:e5
+ }
+ }
+ rule 529 {
+ action drop
+ description Anti-spoofing_77.68.77.44
+ source {
+ address 77.68.77.44
+ mac-address !00:50:56:31:c0:9d
+ }
+ }
+ rule 530 {
+ action drop
+ description Anti-spoofing_77.68.77.200
+ source {
+ address 77.68.77.200
+ mac-address !00:50:56:15:2e:a4
+ }
+ }
+ rule 531 {
+ action drop
+ description Anti-spoofing_77.68.77.228
+ source {
+ address 77.68.77.228
+ mac-address !00:50:56:23:e4:44
+ }
+ }
+ rule 532 {
+ action drop
+ description Anti-spoofing_77.68.4.25
+ source {
+ address 77.68.4.25
+ mac-address !00:50:56:33:0d:5e
+ }
+ }
+ rule 534 {
+ action drop
+ description Anti-spoofing_77.68.76.191
+ source {
+ address 77.68.76.191
+ mac-address !00:50:56:10:72:7c
+ }
+ }
+ rule 535 {
+ action drop
+ description Anti-spoofing_77.68.117.29
+ source {
+ address 77.68.117.29
+ mac-address !00:50:56:0c:e4:e3
+ }
+ }
+ rule 536 {
+ action drop
+ description Anti-spoofing_213.171.212.90
+ source {
+ address 213.171.212.90
+ mac-address !00:50:56:35:fc:da
+ }
+ }
+ rule 537 {
+ action drop
+ description Anti-spoofing_77.68.76.102
+ source {
+ address 77.68.76.102
+ mac-address !00:50:56:35:87:43
+ }
+ }
+ rule 538 {
+ action drop
+ description Anti-spoofing_185.132.39.37
+ source {
+ address 185.132.39.37
+ mac-address !00:50:56:21:72:64
+ }
+ }
+ rule 539 {
+ action drop
+ description Anti-spoofing_185.132.38.142
+ source {
+ address 185.132.38.142
+ mac-address !00:50:56:09:e8:30
+ }
+ }
+ rule 540 {
+ action drop
+ description Anti-spoofing_77.68.77.26
+ source {
+ address 77.68.77.26
+ mac-address !00:50:56:10:ec:c2
+ }
+ }
+ rule 541 {
+ action drop
+ description Anti-spoofing_77.68.76.152
+ source {
+ address 77.68.76.152
+ mac-address !00:50:56:2b:79:48
+ }
+ }
+ rule 542 {
+ action drop
+ description Anti-spoofing_185.132.37.83
+ source {
+ address 185.132.37.83
+ mac-address !00:50:56:09:b3:41
+ }
+ }
+ rule 543 {
+ action drop
+ description Anti-spoofing_77.68.77.212
+ source {
+ address 77.68.77.212
+ mac-address !00:50:56:07:ab:f2
+ }
+ }
+ rule 544 {
+ action drop
+ description Anti-spoofing_77.68.75.64
+ source {
+ address 77.68.75.64
+ mac-address !00:50:56:07:e2:85
+ }
+ }
+ rule 546 {
+ action drop
+ description Anti-spoofing_77.68.85.73
+ source {
+ address 77.68.85.73
+ mac-address !00:50:56:14:68:9c
+ }
+ }
+ rule 547 {
+ action drop
+ description Anti-spoofing_77.68.116.119
+ source {
+ address 77.68.116.119
+ mac-address !00:50:56:0f:68:91
+ }
+ }
+ rule 548 {
+ action drop
+ description Anti-spoofing_77.68.76.142
+ source {
+ address 77.68.76.142
+ mac-address !50:9a:4c:74:07:ea
+ }
+ }
+ rule 549 {
+ action drop
+ description Anti-spoofing_77.68.76.211
+ source {
+ address 77.68.76.211
+ mac-address !00:50:56:18:9d:15
+ }
+ }
+ rule 550 {
+ action drop
+ description Anti-spoofing_77.68.76.60
+ source {
+ address 77.68.76.60
+ mac-address !00:50:56:2b:07:02
+ }
+ }
+ rule 551 {
+ action drop
+ description Anti-spoofing_77.68.77.253
+ source {
+ address 77.68.77.253
+ mac-address !00:50:56:30:a5:77
+ }
+ }
+ rule 552 {
+ action drop
+ description Anti-spoofing_77.68.75.245
+ source {
+ address 77.68.75.245
+ mac-address !00:50:56:12:00:e9
+ }
+ }
+ rule 553 {
+ action drop
+ description Anti-spoofing_185.132.37.102
+ source {
+ address 185.132.37.102
+ mac-address !00:50:56:3d:ae:26
+ }
+ }
+ rule 554 {
+ action drop
+ description Anti-spoofing_77.68.120.31
+ source {
+ address 77.68.120.31
+ mac-address !00:50:56:1f:29:84
+ }
+ }
+ rule 555 {
+ action drop
+ description Anti-spoofing_77.68.76.54
+ source {
+ address 77.68.76.54
+ mac-address !00:50:56:30:b4:74
+ }
+ }
+ rule 556 {
+ action drop
+ description Anti-spoofing_88.208.196.154
+ source {
+ address 88.208.196.154
+ mac-address !00:50:56:14:6f:a8
+ }
+ }
+ rule 557 {
+ action drop
+ description Anti-spoofing_185.132.40.152
+ source {
+ address 185.132.40.152
+ mac-address !00:50:56:24:25:3c
+ }
+ }
+ rule 558 {
+ action drop
+ description Anti-spoofing_77.68.76.33
+ source {
+ address 77.68.76.33
+ mac-address !00:50:56:3c:9b:bc
+ }
+ }
+ rule 559 {
+ action drop
+ description Anti-spoofing_77.68.12.195
+ source {
+ address 77.68.12.195
+ mac-address !00:50:56:3d:52:1a
+ }
+ }
+ rule 560 {
+ action drop
+ description Anti-spoofing_77.68.77.114
+ source {
+ address 77.68.77.114
+ mac-address !00:50:56:06:80:89
+ }
+ }
+ rule 561 {
+ action drop
+ description Anti-spoofing_77.68.77.176
+ source {
+ address 77.68.77.176
+ mac-address !00:50:56:3e:2b:da
+ }
+ }
+ rule 562 {
+ action drop
+ description Anti-spoofing_109.228.40.222
+ source {
+ address 109.228.40.222
+ mac-address !00:50:56:0a:dc:63
+ }
+ }
+ rule 563 {
+ action drop
+ description Anti-spoofing_77.68.77.219
+ source {
+ address 77.68.77.219
+ mac-address !00:50:56:13:82:67
+ }
+ }
+ rule 564 {
+ action drop
+ description Anti-spoofing_77.68.77.19
+ source {
+ address 77.68.77.19
+ mac-address !00:50:56:36:e3:b1
+ }
+ }
+ rule 565 {
+ action drop
+ description Anti-spoofing_77.68.74.85
+ source {
+ address 77.68.74.85
+ mac-address !00:50:56:13:b7:2d
+ }
+ }
+ rule 566 {
+ action drop
+ description Anti-spoofing_77.68.116.221
+ source {
+ address 77.68.116.221
+ mac-address !00:50:56:24:67:bd
+ }
+ }
+ rule 567 {
+ action drop
+ description Anti-spoofing_77.68.77.22
+ source {
+ address 77.68.77.22
+ mac-address !00:50:56:07:09:ae
+ }
+ }
+ rule 568 {
+ action drop
+ description Anti-spoofing_77.68.112.184
+ source {
+ address 77.68.112.184
+ mac-address !00:50:56:2a:db:d3
+ }
+ }
+ rule 569 {
+ action drop
+ description Anti-spoofing_77.68.77.248
+ source {
+ address 77.68.77.248
+ mac-address !00:50:56:18:03:92
+ }
+ }
+ rule 570 {
+ action drop
+ description Anti-spoofing_77.68.76.161
+ source {
+ address 77.68.76.161
+ mac-address !00:50:56:34:57:75
+ }
+ }
+ rule 571 {
+ action drop
+ description Anti-spoofing_77.68.77.56
+ source {
+ address 77.68.77.56
+ mac-address !00:50:56:38:22:ae
+ }
+ }
+ rule 572 {
+ action drop
+ description Anti-spoofing_77.68.77.129
+ source {
+ address 77.68.77.129
+ mac-address !00:50:56:08:d9:20
+ }
+ }
+ rule 573 {
+ action drop
+ description Anti-spoofing_77.68.77.205
+ source {
+ address 77.68.77.205
+ mac-address !00:50:56:35:f1:c3
+ }
+ }
+ rule 574 {
+ action drop
+ description Anti-spoofing_77.68.77.140
+ source {
+ address 77.68.77.140
+ mac-address !00:50:56:1b:2d:c7
+ }
+ }
+ rule 575 {
+ action drop
+ description Anti-spoofing_77.68.120.146
+ source {
+ address 77.68.120.146
+ mac-address !00:50:56:0d:fb:7b
+ }
+ }
+ rule 576 {
+ action drop
+ description Anti-spoofing_77.68.78.73
+ source {
+ address 77.68.78.73
+ mac-address !00:50:56:14:4b:f4
+ }
+ }
+ rule 577 {
+ action drop
+ description Anti-spoofing_77.68.76.177
+ source {
+ address 77.68.76.177
+ mac-address !00:50:56:26:ac:11
+ }
+ }
+ rule 578 {
+ action drop
+ description Anti-spoofing_77.68.77.117
+ source {
+ address 77.68.77.117
+ mac-address !00:50:56:09:4d:ce
+ }
+ }
+ rule 579 {
+ action drop
+ description Anti-spoofing_77.68.77.108
+ source {
+ address 77.68.77.108
+ mac-address !00:50:56:3a:b7:59
+ }
+ }
+ rule 580 {
+ action drop
+ description Anti-spoofing_77.68.7.222
+ source {
+ address 77.68.7.222
+ mac-address !00:50:56:36:cc:37
+ }
+ }
+ rule 581 {
+ action drop
+ description Anti-spoofing_77.68.76.50
+ source {
+ address 77.68.76.50
+ mac-address !00:50:56:34:78:88
+ }
+ }
+ rule 582 {
+ action drop
+ description Anti-spoofing_77.68.77.192
+ source {
+ address 77.68.77.192
+ mac-address !00:50:56:0f:eb:a4
+ }
+ }
+ rule 583 {
+ action drop
+ description Anti-spoofing_77.68.76.217
+ source {
+ address 77.68.76.217
+ mac-address !00:50:56:29:6d:a9
+ }
+ }
+ rule 584 {
+ action drop
+ description Anti-spoofing_77.68.92.186
+ source {
+ address 77.68.92.186
+ mac-address !00:50:56:08:8b:d0
+ }
+ }
+ rule 585 {
+ action drop
+ description Anti-spoofing_77.68.76.165
+ source {
+ address 77.68.76.165
+ mac-address !00:50:56:19:74:17
+ }
+ }
+ rule 586 {
+ action drop
+ description Anti-spoofing_77.68.91.22
+ source {
+ address 77.68.91.22
+ mac-address !00:50:56:2e:2c:cb
+ }
+ }
+ rule 587 {
+ action drop
+ description Anti-spoofing_77.68.77.160
+ source {
+ address 77.68.77.160
+ mac-address !00:50:56:27:75:65
+ }
+ }
+ rule 588 {
+ action drop
+ description Anti-spoofing_77.68.77.30
+ source {
+ address 77.68.77.30
+ mac-address !00:50:56:3b:95:8f
+ }
+ }
+ rule 589 {
+ action drop
+ description Anti-spoofing_77.68.77.21
+ source {
+ address 77.68.77.21
+ mac-address !00:50:56:34:cd:82
+ }
+ }
+ rule 590 {
+ action drop
+ description Anti-spoofing_77.68.76.29
+ source {
+ address 77.68.76.29
+ mac-address !00:50:56:2f:a3:ef
+ }
+ }
+ rule 591 {
+ action drop
+ description Anti-spoofing_213.171.212.136
+ source {
+ address 213.171.212.136
+ mac-address !00:50:56:19:fb:be
+ }
+ }
+ rule 592 {
+ action drop
+ description Anti-spoofing_77.68.76.158
+ source {
+ address 77.68.76.158
+ mac-address !00:50:56:36:97:69
+ }
+ }
+ rule 593 {
+ action drop
+ description Anti-spoofing_77.68.76.203
+ source {
+ address 77.68.76.203
+ mac-address !00:50:56:2f:48:47
+ }
+ }
+ rule 594 {
+ action drop
+ description Anti-spoofing_77.68.77.243
+ source {
+ address 77.68.77.243
+ mac-address !00:50:56:20:1f:c4
+ }
+ }
+ rule 595 {
+ action drop
+ description Anti-spoofing_77.68.77.54
+ source {
+ address 77.68.77.54
+ mac-address !00:50:56:0e:da:e1
+ }
+ }
+ rule 596 {
+ action drop
+ description Anti-spoofing_77.68.76.22
+ source {
+ address 77.68.76.22
+ mac-address !00:50:56:1b:a3:e6
+ }
+ }
+ rule 597 {
+ action drop
+ description Anti-spoofing_77.68.103.120
+ source {
+ address 77.68.103.120
+ mac-address !00:50:56:1f:cb:8e
+ }
+ }
+ rule 598 {
+ action drop
+ description Anti-spoofing_109.228.37.174
+ source {
+ address 109.228.37.174
+ mac-address !00:50:56:1d:0f:a0
+ }
+ }
+ rule 599 {
+ action drop
+ description Anti-spoofing_77.68.17.26
+ source {
+ address 77.68.17.26
+ mac-address !00:50:56:13:4a:e1
+ }
+ }
+ rule 600 {
+ action drop
+ description Anti-spoofing_77.68.76.25
+ source {
+ address 77.68.76.25
+ mac-address !00:50:56:1f:54:d9
+ }
+ }
+ rule 601 {
+ action drop
+ description Anti-spoofing_77.68.76.21
+ source {
+ address 77.68.76.21
+ mac-address !00:50:56:15:a8:33
+ }
+ }
+ rule 602 {
+ action drop
+ description Anti-spoofing_77.68.77.221
+ source {
+ address 77.68.77.221
+ mac-address !00:50:56:06:2a:ae
+ }
+ }
+ rule 603 {
+ action drop
+ description Anti-spoofing_77.68.77.76
+ source {
+ address 77.68.77.76
+ mac-address !00:50:56:18:01:78
+ }
+ }
+ rule 604 {
+ action drop
+ description Anti-spoofing_77.68.76.127
+ source {
+ address 77.68.76.127
+ mac-address !00:50:56:24:a4:85
+ }
+ }
+ rule 605 {
+ action drop
+ description Anti-spoofing_77.68.77.139
+ source {
+ address 77.68.77.139
+ mac-address !00:50:56:3b:1e:be
+ }
+ }
+ rule 606 {
+ action drop
+ description Anti-spoofing_77.68.77.240
+ source {
+ address 77.68.77.240
+ mac-address !00:50:56:2b:d5:dd
+ }
+ }
+ rule 607 {
+ action drop
+ description Anti-spoofing_185.132.38.216
+ source {
+ address 185.132.38.216
+ mac-address !00:50:56:26:a7:47
+ }
+ }
+ rule 608 {
+ action drop
+ description Anti-spoofing_77.68.76.39
+ source {
+ address 77.68.76.39
+ mac-address !00:50:56:1e:0d:c1
+ }
+ }
+ rule 609 {
+ action drop
+ description Anti-spoofing_77.68.76.149
+ source {
+ address 77.68.76.149
+ mac-address !00:50:56:32:30:e7
+ }
+ }
+ rule 610 {
+ action drop
+ description Anti-spoofing_77.68.77.57
+ source {
+ address 77.68.77.57
+ mac-address !00:50:56:26:33:75
+ }
+ }
+ rule 611 {
+ action drop
+ description Anti-spoofing_77.68.77.185
+ source {
+ address 77.68.77.185
+ mac-address !00:50:56:22:72:c9
+ }
+ }
+ rule 612 {
+ action drop
+ description Anti-spoofing_77.68.76.116
+ source {
+ address 77.68.76.116
+ mac-address !00:50:56:09:f2:df
+ }
+ }
+ rule 613 {
+ action drop
+ description Anti-spoofing_77.68.95.212
+ source {
+ address 77.68.95.212
+ mac-address !00:50:56:21:4b:e6
+ }
+ }
+ rule 614 {
+ action drop
+ description Anti-spoofing_77.68.76.160
+ source {
+ address 77.68.76.160
+ mac-address !00:50:56:3a:fa:b3
+ }
+ }
+ rule 615 {
+ action drop
+ description Anti-spoofing_77.68.77.70
+ source {
+ address 77.68.77.70
+ mac-address !00:50:56:37:9d:47
+ }
+ }
+ rule 616 {
+ action drop
+ description Anti-spoofing_77.68.77.149
+ source {
+ address 77.68.77.149
+ mac-address !00:50:56:2c:f8:51
+ }
+ }
+ rule 617 {
+ action drop
+ description Anti-spoofing_77.68.76.57
+ source {
+ address 77.68.76.57
+ mac-address !00:50:56:32:d9:0f
+ }
+ }
+ rule 618 {
+ action drop
+ description Anti-spoofing_77.68.76.115
+ source {
+ address 77.68.76.115
+ mac-address !00:50:56:09:67:90
+ }
+ }
+ rule 619 {
+ action drop
+ description Anti-spoofing_185.132.41.72
+ source {
+ address 185.132.41.72
+ mac-address !00:50:56:2b:aa:79
+ }
+ }
+ rule 620 {
+ action drop
+ description Anti-spoofing_77.68.84.155
+ source {
+ address 77.68.84.155
+ mac-address !00:50:56:05:52:76
+ }
+ }
+ rule 621 {
+ action drop
+ description Anti-spoofing_77.68.76.200
+ source {
+ address 77.68.76.200
+ mac-address !00:50:56:00:5f:48
+ }
+ }
+ rule 622 {
+ action drop
+ description Anti-spoofing_77.68.76.23
+ source {
+ address 77.68.76.23
+ mac-address !00:50:56:27:eb:9b
+ }
+ }
+ rule 623 {
+ action drop
+ description Anti-spoofing_77.68.77.46
+ source {
+ address 77.68.77.46
+ mac-address !00:50:56:22:73:37
+ }
+ }
+ rule 624 {
+ action drop
+ description Anti-spoofing_77.68.91.195
+ source {
+ address 77.68.91.195
+ mac-address !00:50:56:09:f1:74
+ }
+ }
+ rule 625 {
+ action drop
+ description Anti-spoofing_77.68.76.198
+ source {
+ address 77.68.76.198
+ mac-address !00:50:56:05:4b:16
+ }
+ }
+ rule 626 {
+ action drop
+ description Anti-spoofing_77.68.77.141
+ source {
+ address 77.68.77.141
+ mac-address !00:50:56:0c:04:05
+ }
+ }
+ rule 627 {
+ action drop
+ description Anti-spoofing_77.68.77.50
+ source {
+ address 77.68.77.50
+ mac-address !00:50:56:2d:5b:c6
+ }
+ }
+ rule 628 {
+ action drop
+ description Anti-spoofing_77.68.77.128
+ source {
+ address 77.68.77.128
+ mac-address !00:50:56:27:0f:74
+ }
+ }
+ rule 629 {
+ action drop
+ description Anti-spoofing_77.68.115.142
+ source {
+ address 77.68.115.142
+ mac-address !00:50:56:1b:e1:25
+ }
+ }
+ rule 630 {
+ action drop
+ description Anti-spoofing_77.68.77.88
+ source {
+ address 77.68.77.88
+ mac-address !00:50:56:2b:db:7e
+ }
+ }
+ rule 631 {
+ action drop
+ description Anti-spoofing_77.68.4.74
+ source {
+ address 77.68.4.74
+ mac-address !00:50:56:0f:22:a5
+ }
+ }
+ rule 632 {
+ action drop
+ description Anti-spoofing_77.68.76.80
+ source {
+ address 77.68.76.80
+ mac-address !00:50:56:1f:17:01
+ }
+ }
+ rule 633 {
+ action drop
+ description Anti-spoofing_77.68.76.35
+ source {
+ address 77.68.76.35
+ mac-address !00:50:56:30:e3:a1
+ }
+ }
+ rule 634 {
+ action drop
+ description Anti-spoofing_77.68.77.204
+ source {
+ address 77.68.77.204
+ mac-address !00:50:56:23:70:3a
+ }
+ }
+ rule 635 {
+ action drop
+ description Anti-spoofing_77.68.77.201
+ source {
+ address 77.68.77.201
+ mac-address !50:9a:4c:74:06:06
+ }
+ }
+ rule 636 {
+ action drop
+ description Anti-spoofing_77.68.77.97
+ source {
+ address 77.68.77.97
+ mac-address !00:50:56:2f:48:47
+ }
+ }
+ rule 637 {
+ action drop
+ description Anti-spoofing_77.68.76.195
+ source {
+ address 77.68.76.195
+ mac-address !00:50:56:14:c5:49
+ }
+ }
+ rule 638 {
+ action drop
+ description Anti-spoofing_77.68.76.202
+ source {
+ address 77.68.76.202
+ mac-address !00:50:56:07:3c:3c
+ }
+ }
+ rule 640 {
+ action drop
+ description Anti-spoofing_77.68.76.157
+ source {
+ address 77.68.76.157
+ mac-address !00:50:56:35:c8:20
+ }
+ }
+ rule 641 {
+ action drop
+ description Anti-spoofing_213.171.212.114
+ source {
+ address 213.171.212.114
+ mac-address !00:50:56:11:7f:32
+ }
+ }
+ rule 642 {
+ action drop
+ description Anti-spoofing_77.68.77.159
+ source {
+ address 77.68.77.159
+ mac-address !00:50:56:14:d8:f0
+ }
+ }
+ rule 643 {
+ action drop
+ description Anti-spoofing_213.171.214.234
+ source {
+ address 213.171.214.234
+ mac-address !00:50:56:29:94:38
+ }
+ }
+ rule 644 {
+ action drop
+ description Anti-spoofing_77.68.76.48
+ source {
+ address 77.68.76.48
+ mac-address !00:50:56:33:38:d6
+ }
+ }
+ rule 645 {
+ action drop
+ description Anti-spoofing_77.68.76.118
+ source {
+ address 77.68.76.118
+ mac-address !00:50:56:1c:cd:d3
+ }
+ }
+ rule 646 {
+ action drop
+ description Anti-spoofing_77.68.76.38
+ source {
+ address 77.68.76.38
+ mac-address !00:50:56:01:59:2a
+ }
+ }
+ rule 647 {
+ action drop
+ description Anti-spoofing_77.68.31.144
+ source {
+ address 77.68.31.144
+ mac-address !00:50:56:01:89:fb
+ }
+ }
+ rule 648 {
+ action drop
+ description Anti-spoofing_77.68.23.35
+ source {
+ address 77.68.23.35
+ mac-address !00:50:56:3b:1f:ee
+ }
+ }
+ rule 649 {
+ action drop
+ description Anti-spoofing_77.68.4.80
+ source {
+ address 77.68.4.80
+ mac-address !00:50:56:1a:06:95
+ }
+ }
+ rule 650 {
+ action drop
+ description Anti-spoofing_77.68.127.151
+ source {
+ address 77.68.127.151
+ mac-address !00:50:56:32:48:a6
+ }
+ }
+ rule 651 {
+ action drop
+ description Anti-spoofing_77.68.77.203
+ source {
+ address 77.68.77.203
+ mac-address !00:50:56:11:05:40
+ }
+ }
+ rule 652 {
+ action drop
+ description Anti-spoofing_77.68.77.233
+ source {
+ address 77.68.77.233
+ mac-address !00:50:56:37:0e:b3
+ }
+ }
+ rule 653 {
+ action drop
+ description Anti-spoofing_77.68.77.163
+ source {
+ address 77.68.77.163
+ mac-address !00:50:56:08:a3:b4
+ }
+ }
+ rule 654 {
+ action drop
+ description Anti-spoofing_77.68.77.49
+ source {
+ address 77.68.77.49
+ mac-address !00:50:56:03:ba:26
+ }
+ }
+ rule 655 {
+ action drop
+ description Anti-spoofing_77.68.76.58
+ source {
+ address 77.68.76.58
+ mac-address !00:50:56:03:bd:d2
+ }
+ }
+ rule 656 {
+ action drop
+ description Anti-spoofing_77.68.77.171
+ source {
+ address 77.68.77.171
+ mac-address !00:50:56:22:3d:21
+ }
+ }
+ rule 657 {
+ action drop
+ description Anti-spoofing_77.68.116.220
+ source {
+ address 77.68.116.220
+ mac-address !00:50:56:2e:06:02
+ }
+ }
+ rule 658 {
+ action drop
+ description Anti-spoofing_77.68.77.150
+ source {
+ address 77.68.77.150
+ mac-address !00:50:56:23:ac:01
+ }
+ }
+ rule 659 {
+ action drop
+ description Anti-spoofing_77.68.121.106
+ source {
+ address 77.68.121.106
+ mac-address !00:50:56:38:2f:3f
+ }
+ }
+ rule 660 {
+ action drop
+ description Anti-spoofing_77.68.77.199
+ source {
+ address 77.68.77.199
+ mac-address !00:50:56:37:e8:23
+ }
+ }
+ rule 661 {
+ action drop
+ description Anti-spoofing_77.68.76.220
+ source {
+ address 77.68.76.220
+ mac-address !00:50:56:26:27:93
+ }
+ }
+ rule 662 {
+ action drop
+ description Anti-spoofing_77.68.85.172
+ source {
+ address 77.68.85.172
+ mac-address !00:50:56:24:a5:72
+ }
+ }
+ rule 663 {
+ action drop
+ description Anti-spoofing_109.228.42.232
+ source {
+ address 109.228.42.232
+ mac-address !00:50:56:2c:34:e5
+ }
+ }
+ rule 664 {
+ action drop
+ description Anti-spoofing_77.68.33.216
+ source {
+ address 77.68.33.216
+ mac-address !00:50:56:08:a3:d8
+ }
+ }
+ rule 665 {
+ action drop
+ description Anti-spoofing_109.228.35.110
+ source {
+ address 109.228.35.110
+ mac-address !00:50:56:20:bc:f6
+ }
+ }
+ rule 666 {
+ action drop
+ description Anti-spoofing_77.68.87.212
+ source {
+ address 77.68.87.212
+ mac-address !00:50:56:20:7a:5b
+ }
+ }
+ rule 667 {
+ action drop
+ description Anti-spoofing_109.228.36.174
+ source {
+ address 109.228.36.174
+ mac-address !00:50:56:05:73:0a
+ }
+ }
+ rule 668 {
+ action drop
+ description Anti-spoofing_77.68.122.241
+ source {
+ address 77.68.122.241
+ mac-address !00:50:56:3d:34:86
+ }
+ }
+ rule 669 {
+ action drop
+ description Anti-spoofing_77.68.10.170
+ source {
+ address 77.68.10.170
+ mac-address !00:50:56:2e:a7:d6
+ }
+ }
+ rule 670 {
+ action drop
+ description Anti-spoofing_109.228.59.247
+ source {
+ address 109.228.59.247
+ mac-address !00:50:56:11:77:61
+ }
+ }
+ rule 671 {
+ action drop
+ description Anti-spoofing_77.68.77.156
+ source {
+ address 77.68.77.156
+ mac-address !00:50:56:37:e8:23
+ }
+ }
+ rule 672 {
+ action drop
+ description Anti-spoofing_77.68.76.248
+ source {
+ address 77.68.76.248
+ mac-address !00:50:56:22:40:ae
+ }
+ }
+ rule 673 {
+ action drop
+ description Anti-spoofing_77.68.76.19
+ source {
+ address 77.68.76.19
+ mac-address !00:50:56:26:ce:06
+ }
+ }
+ rule 674 {
+ action drop
+ description Anti-spoofing_77.68.77.29
+ source {
+ address 77.68.77.29
+ mac-address !00:50:56:11:83:b8
+ }
+ }
+ rule 675 {
+ action drop
+ description Anti-spoofing_77.68.76.250
+ source {
+ address 77.68.76.250
+ mac-address !00:50:56:2d:ca:5b
+ }
+ }
+ rule 676 {
+ action drop
+ description Anti-spoofing_77.68.76.110
+ source {
+ address 77.68.76.110
+ mac-address !00:50:56:1e:db:08
+ }
+ }
+ rule 677 {
+ action drop
+ description Anti-spoofing_77.68.76.171
+ source {
+ address 77.68.76.171
+ mac-address !00:50:56:01:8b:92
+ }
+ }
+ rule 678 {
+ action drop
+ description Anti-spoofing_77.68.76.212
+ source {
+ address 77.68.76.212
+ mac-address !00:50:56:2b:28:99
+ }
+ }
+ rule 679 {
+ action drop
+ description Anti-spoofing_77.68.112.248
+ source {
+ address 77.68.112.248
+ mac-address !00:50:56:35:e3:48
+ }
+ }
+ rule 680 {
+ action drop
+ description Anti-spoofing_77.68.77.132
+ source {
+ address 77.68.77.132
+ mac-address !00:50:56:21:ab:ff
+ }
+ }
+ rule 681 {
+ action drop
+ description Anti-spoofing_77.68.120.218
+ source {
+ address 77.68.120.218
+ mac-address !00:50:56:10:a8:be
+ }
+ }
+ rule 682 {
+ action drop
+ description Anti-spoofing_77.68.120.249
+ source {
+ address 77.68.120.249
+ mac-address !00:50:56:2f:70:ed
+ }
+ }
+ rule 683 {
+ action drop
+ description Anti-spoofing_77.68.77.81
+ source {
+ address 77.68.77.81
+ mac-address !00:50:56:1e:9f:f8
+ }
+ }
+ rule 684 {
+ action drop
+ description Anti-spoofing_77.68.76.37
+ source {
+ address 77.68.76.37
+ mac-address !00:50:56:07:f8:48
+ }
+ }
+ rule 685 {
+ action drop
+ description Anti-spoofing_77.68.76.197
+ source {
+ address 77.68.76.197
+ mac-address !00:50:56:31:a0:ee
+ }
+ }
+ rule 686 {
+ action drop
+ description Anti-spoofing_77.68.76.20
+ source {
+ address 77.68.76.20
+ mac-address !00:50:56:18:a2:03
+ }
+ }
+ rule 687 {
+ action drop
+ description Anti-spoofing_77.68.76.108
+ source {
+ address 77.68.76.108
+ mac-address !00:50:56:0d:4d:25
+ }
+ }
+ rule 688 {
+ action drop
+ description Anti-spoofing_77.68.76.139
+ source {
+ address 77.68.76.139
+ mac-address !00:50:56:1c:52:a8
+ }
+ }
+ rule 689 {
+ action drop
+ description Anti-spoofing_77.68.76.99
+ source {
+ address 77.68.76.99
+ mac-address !00:50:56:2e:8d:48
+ }
+ }
+ rule 690 {
+ action drop
+ description Anti-spoofing_77.68.77.211
+ source {
+ address 77.68.77.211
+ mac-address !00:50:56:30:37:77
+ }
+ }
+ rule 691 {
+ action drop
+ description Anti-spoofing_77.68.77.236
+ source {
+ address 77.68.77.236
+ mac-address !00:50:56:18:13:8b
+ }
+ }
+ rule 692 {
+ action drop
+ description Anti-spoofing_77.68.76.252
+ source {
+ address 77.68.76.252
+ mac-address !00:50:56:16:03:6e
+ }
+ }
+ rule 693 {
+ action drop
+ description Anti-spoofing_77.68.122.89
+ source {
+ address 77.68.122.89
+ mac-address !00:50:56:25:66:5d
+ }
+ }
+ rule 694 {
+ action drop
+ description Anti-spoofing_77.68.76.120
+ source {
+ address 77.68.76.120
+ mac-address !00:50:56:39:de:31
+ }
+ }
+ rule 695 {
+ action drop
+ description Anti-spoofing_77.68.77.234
+ source {
+ address 77.68.77.234
+ mac-address !00:50:56:26:a1:9a
+ }
+ }
+ rule 696 {
+ action drop
+ description Anti-spoofing_77.68.77.32
+ source {
+ address 77.68.77.32
+ mac-address !00:50:56:38:e8:59
+ }
+ }
+ rule 697 {
+ action drop
+ description Anti-spoofing_77.68.77.247
+ source {
+ address 77.68.77.247
+ mac-address !00:50:56:27:8a:8b
+ }
+ }
+ rule 698 {
+ action drop
+ description Anti-spoofing_77.68.76.229
+ source {
+ address 77.68.76.229
+ mac-address !00:50:56:16:56:30
+ }
+ }
+ rule 699 {
+ action drop
+ description Anti-spoofing_77.68.76.209
+ source {
+ address 77.68.76.209
+ mac-address !00:50:56:19:24:73
+ }
+ }
+ rule 700 {
+ action drop
+ description Anti-spoofing_77.68.125.32
+ source {
+ address 77.68.125.32
+ mac-address !00:50:56:00:07:47
+ }
+ }
+ rule 701 {
+ action drop
+ description Anti-spoofing_77.68.76.219
+ source {
+ address 77.68.76.219
+ mac-address !00:50:56:2d:04:90
+ }
+ }
+ rule 702 {
+ action drop
+ description Anti-spoofing_77.68.76.253
+ source {
+ address 77.68.76.253
+ mac-address !00:50:56:12:7b:d8
+ }
+ }
+ rule 703 {
+ action drop
+ description Anti-spoofing_77.68.13.137
+ source {
+ address 77.68.13.137
+ mac-address !00:50:56:16:c6:86
+ }
+ }
+ rule 704 {
+ action drop
+ description Anti-spoofing_77.68.85.115
+ source {
+ address 77.68.85.115
+ mac-address !00:50:56:3c:51:df
+ }
+ }
+ rule 705 {
+ action drop
+ description Anti-spoofing_77.68.77.202
+ source {
+ address 77.68.77.202
+ mac-address !00:50:56:0c:94:82
+ }
+ }
+ rule 706 {
+ action drop
+ description Anti-spoofing_77.68.76.247
+ source {
+ address 77.68.76.247
+ mac-address !00:50:56:1b:f1:83
+ }
+ }
+ rule 707 {
+ action drop
+ description Anti-spoofing_77.68.9.75
+ source {
+ address 77.68.9.75
+ mac-address !00:50:56:21:9b:fe
+ }
+ }
+ rule 708 {
+ action drop
+ description Anti-spoofing_109.228.39.157
+ source {
+ address 109.228.39.157
+ mac-address !00:50:56:2b:55:32
+ }
+ }
+ rule 709 {
+ action drop
+ description Anti-spoofing_77.68.77.99
+ source {
+ address 77.68.77.99
+ mac-address !00:50:56:09:d5:e8
+ }
+ }
+ rule 710 {
+ action drop
+ description Anti-spoofing_77.68.23.158
+ source {
+ address 77.68.23.158
+ mac-address !00:50:56:15:8f:75
+ }
+ }
+ rule 711 {
+ action drop
+ description Anti-spoofing_77.68.76.169
+ source {
+ address 77.68.76.169
+ mac-address !00:50:56:0b:6d:e4
+ }
+ }
+ rule 712 {
+ action drop
+ description Anti-spoofing_77.68.76.95
+ source {
+ address 77.68.76.95
+ mac-address !00:50:56:17:08:c9
+ }
+ }
+ rule 713 {
+ action drop
+ description Anti-spoofing_77.68.76.187
+ source {
+ address 77.68.76.187
+ mac-address !00:50:56:14:79:08
+ }
+ }
+ rule 714 {
+ action drop
+ description Anti-spoofing_109.228.37.114
+ source {
+ address 109.228.37.114
+ mac-address !00:50:56:15:3d:4b
+ }
+ }
+ rule 715 {
+ action drop
+ description Anti-spoofing_77.68.5.187
+ source {
+ address 77.68.5.187
+ mac-address !00:50:56:07:60:de
+ }
+ }
+ rule 716 {
+ action drop
+ description Anti-spoofing_77.68.77.222
+ source {
+ address 77.68.77.222
+ mac-address !00:50:56:38:03:ce
+ }
+ }
+ rule 717 {
+ action drop
+ description Anti-spoofing_77.68.77.53
+ source {
+ address 77.68.77.53
+ mac-address !00:50:56:18:cc:5a
+ }
+ }
+ rule 718 {
+ action drop
+ description Anti-spoofing_77.68.77.124
+ source {
+ address 77.68.77.124
+ mac-address !00:50:56:21:67:74
+ }
+ }
+ rule 719 {
+ action drop
+ description Anti-spoofing_77.68.76.61
+ source {
+ address 77.68.76.61
+ mac-address !00:50:56:10:fa:46
+ }
+ }
+ rule 720 {
+ action drop
+ description Anti-spoofing_109.228.37.240
+ source {
+ address 109.228.37.240
+ mac-address !00:50:56:0a:d3:2d
+ }
+ }
+ rule 721 {
+ action drop
+ description Anti-spoofing_77.68.27.27
+ source {
+ address 77.68.27.27
+ mac-address !00:50:56:14:b0:2a
+ }
+ }
+ rule 722 {
+ action drop
+ description Anti-spoofing_77.68.77.43
+ source {
+ address 77.68.77.43
+ mac-address !00:50:56:30:92:94
+ }
+ }
+ rule 723 {
+ action drop
+ description Anti-spoofing_77.68.76.94
+ source {
+ address 77.68.76.94
+ mac-address !00:50:56:00:10:ce
+ }
+ }
+ rule 724 {
+ action drop
+ description Anti-spoofing_77.68.77.165
+ source {
+ address 77.68.77.165
+ mac-address !00:50:56:26:5f:42
+ }
+ }
+ rule 725 {
+ action drop
+ description Anti-spoofing_77.68.77.251
+ source {
+ address 77.68.77.251
+ mac-address !00:50:56:39:db:9e
+ }
+ }
+ rule 726 {
+ action drop
+ description Anti-spoofing_77.68.77.152
+ source {
+ address 77.68.77.152
+ mac-address !00:50:56:12:68:ca
+ }
+ }
+ rule 727 {
+ action drop
+ description Anti-spoofing_185.132.43.164
+ source {
+ address 185.132.43.164
+ mac-address !00:50:56:2f:98:9b
+ }
+ }
+ rule 728 {
+ action drop
+ description Anti-spoofing_77.68.9.186
+ source {
+ address 77.68.9.186
+ mac-address !00:50:56:06:07:22
+ }
+ }
+ rule 729 {
+ action drop
+ description Anti-spoofing_77.68.27.28
+ source {
+ address 77.68.27.28
+ mac-address !00:50:56:27:c6:2d
+ }
+ }
+ rule 730 {
+ action drop
+ description Anti-spoofing_77.68.84.147
+ source {
+ address 77.68.84.147
+ mac-address !00:50:56:28:d5:4d
+ }
+ }
+ rule 731 {
+ action drop
+ description Anti-spoofing_77.68.3.80
+ source {
+ address 77.68.3.80
+ mac-address !00:50:56:35:66:85
+ }
+ }
+ rule 732 {
+ action drop
+ description Anti-spoofing_77.68.76.44
+ source {
+ address 77.68.76.44
+ mac-address !00:50:56:2b:8f:62
+ }
+ }
+ rule 733 {
+ action drop
+ description Anti-spoofing_77.68.76.47
+ source {
+ address 77.68.76.47
+ mac-address !50:9a:4c:74:52:56
+ }
+ }
+ rule 734 {
+ action drop
+ description Anti-spoofing_77.68.76.74
+ source {
+ address 77.68.76.74
+ mac-address !00:50:56:30:a0:57
+ }
+ }
+ rule 735 {
+ action drop
+ description Anti-spoofing_77.68.5.166
+ source {
+ address 77.68.5.166
+ mac-address !00:50:56:17:e2:18
+ }
+ }
+ rule 736 {
+ action drop
+ description Anti-spoofing_77.68.76.55
+ source {
+ address 77.68.76.55
+ mac-address !00:50:56:0f:46:86
+ }
+ }
+ rule 737 {
+ action drop
+ description Anti-spoofing_77.68.10.142
+ source {
+ address 77.68.10.142
+ mac-address !00:50:56:19:04:d3
+ }
+ }
+ rule 738 {
+ action drop
+ description Anti-spoofing_77.68.77.75
+ source {
+ address 77.68.77.75
+ mac-address !00:50:56:0e:a6:a8
+ }
+ }
+ rule 739 {
+ action drop
+ description Anti-spoofing_77.68.77.239
+ source {
+ address 77.68.77.239
+ mac-address !00:50:56:26:f4:c8
+ }
+ }
+ rule 740 {
+ action drop
+ description Anti-spoofing_213.171.208.176
+ source {
+ address 213.171.208.176
+ mac-address !00:50:56:34:50:f7
+ }
+ }
+ rule 741 {
+ action drop
+ description Anti-spoofing_77.68.4.111
+ source {
+ address 77.68.4.111
+ mac-address !00:50:56:2a:61:0b
+ }
+ }
+ rule 742 {
+ action drop
+ description Anti-spoofing_77.68.118.120
+ source {
+ address 77.68.118.120
+ mac-address !00:50:56:3c:35:39
+ }
+ }
+ rule 743 {
+ action drop
+ description Anti-spoofing_77.68.76.75
+ source {
+ address 77.68.76.75
+ mac-address !00:50:56:2a:42:ca
+ }
+ }
+ rule 744 {
+ action drop
+ description Anti-spoofing_77.68.77.71
+ source {
+ address 77.68.77.71
+ mac-address !00:50:56:38:ae:bf
+ }
+ }
+ rule 745 {
+ action drop
+ description Anti-spoofing_77.68.76.138
+ source {
+ address 77.68.76.138
+ mac-address !00:50:56:14:c0:d8
+ }
+ }
+ rule 746 {
+ action drop
+ description Anti-spoofing_77.68.76.145
+ source {
+ address 77.68.76.145
+ mac-address !00:50:56:3b:e8:48
+ }
+ }
+ rule 747 {
+ action drop
+ description Anti-spoofing_77.68.77.145
+ source {
+ address 77.68.77.145
+ mac-address !00:50:56:12:b0:43
+ }
+ }
+ rule 748 {
+ action drop
+ description Anti-spoofing_77.68.3.121
+ source {
+ address 77.68.3.121
+ mac-address !00:50:56:03:7b:9d
+ }
+ }
+ rule 749 {
+ action drop
+ description Anti-spoofing_77.68.3.144
+ source {
+ address 77.68.3.144
+ mac-address !00:50:56:18:a0:ed
+ }
+ }
+ rule 750 {
+ action drop
+ description Anti-spoofing_77.68.77.68
+ source {
+ address 77.68.77.68
+ mac-address !00:50:56:3c:dc:4f
+ }
+ }
+ rule 751 {
+ action drop
+ description Anti-spoofing_77.68.76.126
+ source {
+ address 77.68.76.126
+ mac-address !00:50:56:0f:d0:ae
+ }
+ }
+ rule 752 {
+ action drop
+ description Anti-spoofing_77.68.76.88
+ source {
+ address 77.68.76.88
+ mac-address !00:50:56:15:d6:12
+ }
+ }
+ rule 753 {
+ action drop
+ description Anti-spoofing_77.68.77.254
+ source {
+ address 77.68.77.254
+ mac-address !00:50:56:0e:5e:74
+ }
+ }
+ rule 754 {
+ action drop
+ description Anti-spoofing_185.132.40.124
+ source {
+ address 185.132.40.124
+ mac-address !00:50:56:08:f8:6a
+ }
+ }
+ rule 755 {
+ action drop
+ description Anti-spoofing_77.68.20.231
+ source {
+ address 77.68.20.231
+ mac-address !00:50:56:05:35:ce
+ }
+ }
+ rule 756 {
+ action drop
+ description Anti-spoofing_77.68.77.181
+ source {
+ address 77.68.77.181
+ mac-address !00:50:56:20:03:6f
+ }
+ }
+ rule 757 {
+ action drop
+ description Anti-spoofing_77.68.22.146
+ source {
+ address 77.68.22.146
+ mac-address !00:50:56:0e:85:95
+ }
+ }
+ rule 758 {
+ action drop
+ description Anti-spoofing_77.68.112.75
+ source {
+ address 77.68.112.75
+ mac-address !00:50:56:09:33:e6
+ }
+ }
+ rule 759 {
+ action drop
+ description Anti-spoofing_77.68.4.22
+ source {
+ address 77.68.4.22
+ mac-address !00:50:56:14:be:3f
+ }
+ }
+ rule 760 {
+ action drop
+ description Anti-spoofing_77.68.76.96
+ source {
+ address 77.68.76.96
+ mac-address !00:50:56:32:91:fb
+ }
+ }
+ rule 761 {
+ action drop
+ description Anti-spoofing_77.68.3.161
+ source {
+ address 77.68.3.161
+ mac-address !00:50:56:12:82:40
+ }
+ }
+ rule 762 {
+ action drop
+ description Anti-spoofing_109.228.37.10
+ source {
+ address 109.228.37.10
+ mac-address !00:50:56:0a:ef:ab
+ }
+ }
+ rule 763 {
+ action drop
+ description Anti-spoofing_77.68.76.228
+ source {
+ address 77.68.76.228
+ mac-address !00:50:56:2b:39:b1
+ }
+ }
+ rule 764 {
+ action drop
+ description Anti-spoofing_77.68.121.94
+ source {
+ address 77.68.121.94
+ mac-address !00:50:56:0a:d7:68
+ }
+ }
+ rule 765 {
+ action drop
+ description Anti-spoofing_77.68.3.194
+ source {
+ address 77.68.3.194
+ mac-address !00:50:56:10:90:6a
+ }
+ }
+ rule 766 {
+ action drop
+ description Anti-spoofing_77.68.76.112
+ source {
+ address 77.68.76.112
+ mac-address !00:50:56:24:e2:52
+ }
+ }
+ rule 767 {
+ action drop
+ description Anti-spoofing_77.68.100.77
+ source {
+ address 77.68.100.77
+ mac-address !00:50:56:0e:f3:7a
+ }
+ }
+ rule 768 {
+ action drop
+ description Anti-spoofing_77.68.3.247
+ source {
+ address 77.68.3.247
+ mac-address !00:50:56:29:30:8a
+ }
+ }
+ rule 769 {
+ action drop
+ description Anti-spoofing_77.68.77.157
+ source {
+ address 77.68.77.157
+ mac-address !00:50:56:36:39:a5
+ }
+ }
+ rule 770 {
+ action drop
+ description Anti-spoofing_77.68.29.65
+ source {
+ address 77.68.29.65
+ mac-address !00:50:56:2e:1b:f9
+ }
+ }
+ rule 771 {
+ action drop
+ description Anti-spoofing_77.68.74.152
+ source {
+ address 77.68.74.152
+ mac-address !00:50:56:16:1d:31
+ }
+ }
+ rule 772 {
+ action drop
+ description Anti-spoofing_185.132.39.145
+ source {
+ address 185.132.39.145
+ mac-address !00:50:56:03:77:75
+ }
+ }
+ rule 773 {
+ action drop
+ description Anti-spoofing_77.68.28.139
+ source {
+ address 77.68.28.139
+ mac-address !00:50:56:25:a9:de
+ }
+ }
+ rule 774 {
+ action drop
+ description Anti-spoofing_77.68.77.33
+ source {
+ address 77.68.77.33
+ mac-address !00:50:56:09:16:76
+ }
+ }
+ rule 775 {
+ action drop
+ description Anti-spoofing_77.68.77.137
+ source {
+ address 77.68.77.137
+ mac-address !00:50:56:15:b6:84
+ }
+ }
+ rule 776 {
+ action drop
+ description Anti-spoofing_77.68.76.244
+ source {
+ address 77.68.76.244
+ mac-address !00:50:56:21:11:27
+ }
+ }
+ rule 777 {
+ action drop
+ description Anti-spoofing_77.68.77.92
+ source {
+ address 77.68.77.92
+ mac-address !00:50:56:11:58:f5
+ }
+ }
+ rule 778 {
+ action drop
+ description Anti-spoofing_77.68.7.227
+ source {
+ address 77.68.7.227
+ mac-address !00:50:56:34:a8:22
+ }
+ }
+ rule 779 {
+ action drop
+ description Anti-spoofing_77.68.76.111
+ source {
+ address 77.68.76.111
+ mac-address !00:50:56:3e:44:ea
+ }
+ }
+ rule 780 {
+ action drop
+ description Anti-spoofing_77.68.76.185
+ source {
+ address 77.68.76.185
+ mac-address !00:50:56:1b:75:e8
+ }
+ }
+ rule 781 {
+ action drop
+ description Anti-spoofing_77.68.76.208
+ source {
+ address 77.68.76.208
+ mac-address !50:9a:4c:98:c2:68
+ }
+ }
+ rule 782 {
+ action drop
+ description Anti-spoofing_77.68.76.150
+ source {
+ address 77.68.76.150
+ mac-address !50:9a:4c:98:5c:c0
+ }
+ }
+ rule 783 {
+ action drop
+ description Anti-spoofing_77.68.77.208
+ source {
+ address 77.68.77.208
+ mac-address !50:9a:4c:98:5c:c0
+ }
+ }
+ rule 784 {
+ action drop
+ description Anti-spoofing_77.68.103.56
+ source {
+ address 77.68.103.56
+ mac-address !00:50:56:05:2f:9e
+ }
+ }
+ rule 785 {
+ action drop
+ description Anti-spoofing_77.68.125.60
+ source {
+ address 77.68.125.60
+ mac-address !00:50:56:2a:4a:20
+ }
+ }
+ rule 786 {
+ action drop
+ description Anti-spoofing_77.68.76.42
+ source {
+ address 77.68.76.42
+ mac-address !00:50:56:3e:44:ea
+ }
+ }
+ rule 787 {
+ action drop
+ description Anti-spoofing_77.68.26.216
+ source {
+ address 77.68.26.216
+ mac-address !00:50:56:07:56:c4
+ }
+ }
+ rule 788 {
+ action drop
+ description Anti-spoofing_77.68.76.164
+ source {
+ address 77.68.76.164
+ mac-address !00:50:56:1c:df:57
+ }
+ }
+ rule 789 {
+ action drop
+ description Anti-spoofing_77.68.89.72
+ source {
+ address 77.68.89.72
+ mac-address !00:50:56:1b:84:5c
+ }
+ }
+ rule 790 {
+ action drop
+ description Anti-spoofing_77.68.76.181
+ source {
+ address 77.68.76.181
+ mac-address !00:50:56:36:5d:1e
+ }
+ }
+ rule 791 {
+ action drop
+ description Anti-spoofing_77.68.3.52
+ source {
+ address 77.68.3.52
+ mac-address !00:50:56:12:e2:00
+ }
+ }
+ rule 792 {
+ action drop
+ description Anti-spoofing_77.68.77.207
+ source {
+ address 77.68.77.207
+ mac-address !00:50:56:16:24:34
+ }
+ }
+ rule 793 {
+ action drop
+ description Anti-spoofing_77.68.81.44
+ source {
+ address 77.68.81.44
+ mac-address !00:50:56:1a:2f:81
+ }
+ }
+ rule 794 {
+ action drop
+ description Anti-spoofing_77.68.28.145
+ source {
+ address 77.68.28.145
+ mac-address !00:50:56:39:78:a6
+ }
+ }
+ rule 795 {
+ action drop
+ description Anti-spoofing_77.68.76.49
+ source {
+ address 77.68.76.49
+ mac-address !00:50:56:08:ae:5e
+ }
+ }
+ rule 796 {
+ action drop
+ description Anti-spoofing_77.68.77.227
+ source {
+ address 77.68.77.227
+ mac-address !ac:1f:6b:93:59:d4
+ }
+ }
+ rule 797 {
+ action drop
+ description Anti-spoofing_77.68.76.136
+ source {
+ address 77.68.76.136
+ mac-address !00:50:56:0b:b2:b0
+ }
+ }
+ rule 798 {
+ action drop
+ description Anti-spoofing_77.68.77.102
+ source {
+ address 77.68.77.102
+ mac-address !00:50:56:3d:91:75
+ }
+ }
+ rule 799 {
+ action drop
+ description Anti-spoofing_77.68.5.155
+ source {
+ address 77.68.5.155
+ mac-address !00:50:56:13:33:02
+ }
+ }
+ rule 801 {
+ action drop
+ description Anti-spoofing_77.68.88.100
+ source {
+ address 77.68.88.100
+ mac-address !00:50:56:08:dc:d0
+ }
+ }
+ rule 802 {
+ action drop
+ description Anti-spoofing_77.68.72.254
+ source {
+ address 77.68.72.254
+ mac-address !00:50:56:0c:c2:8d
+ }
+ }
+ rule 803 {
+ action drop
+ description Anti-spoofing_77.68.77.74
+ source {
+ address 77.68.77.74
+ mac-address !00:50:56:18:d8:12
+ }
+ }
+ rule 804 {
+ action drop
+ description Anti-spoofing_77.68.76.77
+ source {
+ address 77.68.76.77
+ mac-address !ac:1f:6b:4d:bd:60
+ }
+ }
+ rule 805 {
+ action drop
+ description Anti-spoofing_77.68.76.123
+ source {
+ address 77.68.76.123
+ mac-address !00:50:56:38:5b:9d
+ }
+ }
+ rule 806 {
+ action drop
+ description Anti-spoofing_77.68.4.24
+ source {
+ address 77.68.4.24
+ mac-address !00:50:56:16:54:a8
+ }
+ }
+ rule 807 {
+ action drop
+ description Anti-spoofing_213.171.214.167
+ source {
+ address 213.171.214.167
+ mac-address !00:50:56:13:7d:80
+ }
+ }
+ rule 808 {
+ action drop
+ description Anti-spoofing_77.68.112.213
+ source {
+ address 77.68.112.213
+ mac-address !00:50:56:0b:ec:f2
+ }
+ }
+ rule 809 {
+ action drop
+ description Anti-spoofing_185.132.40.166
+ source {
+ address 185.132.40.166
+ mac-address !00:50:56:22:c7:e0
+ }
+ }
+ rule 810 {
+ action drop
+ description Anti-spoofing_77.68.76.31
+ source {
+ address 77.68.76.31
+ mac-address !00:50:56:38:22:33
+ }
+ }
+ rule 811 {
+ action drop
+ description Anti-spoofing_77.68.76.148
+ source {
+ address 77.68.76.148
+ mac-address !00:50:56:16:6c:9c
+ }
+ }
+ rule 812 {
+ action drop
+ description Anti-spoofing_77.68.93.246
+ source {
+ address 77.68.93.246
+ mac-address !00:50:56:29:2c:65
+ }
+ }
+ rule 813 {
+ action drop
+ description Anti-spoofing_77.68.77.120
+ source {
+ address 77.68.77.120
+ mac-address !00:50:56:39:92:1c
+ }
+ }
+ rule 814 {
+ action drop
+ description Anti-spoofing_77.68.7.123
+ source {
+ address 77.68.7.123
+ mac-address !00:50:56:33:46:a6
+ }
+ }
+ rule 815 {
+ action drop
+ description Anti-spoofing_77.68.76.183
+ source {
+ address 77.68.76.183
+ mac-address !00:50:56:39:92:1c
+ }
+ }
+ rule 816 {
+ action drop
+ description Anti-spoofing_77.68.112.90
+ source {
+ address 77.68.112.90
+ mac-address !00:50:56:29:f8:91
+ }
+ }
+ rule 817 {
+ action drop
+ description Anti-spoofing_77.68.50.90
+ source {
+ address 77.68.50.90
+ mac-address !00:50:56:11:d5:cb
+ }
+ }
+ rule 818 {
+ action drop
+ description Anti-spoofing_77.68.3.61
+ source {
+ address 77.68.3.61
+ mac-address !00:50:56:03:0b:87
+ }
+ }
+ rule 819 {
+ action drop
+ description Anti-spoofing_213.171.213.42
+ source {
+ address 213.171.213.42
+ mac-address !00:50:56:37:90:bd
+ }
+ }
+ rule 820 {
+ action drop
+ description Anti-spoofing_77.68.77.107
+ source {
+ address 77.68.77.107
+ mac-address !00:50:56:1e:74:40
+ }
+ }
+ rule 821 {
+ action drop
+ description Anti-spoofing_77.68.89.183
+ source {
+ address 77.68.89.183
+ mac-address !00:50:56:04:b9:ce
+ }
+ }
+ rule 822 {
+ action drop
+ description Anti-spoofing_77.68.112.83
+ source {
+ address 77.68.112.83
+ mac-address !00:50:56:38:03:ce
+ }
+ }
+ rule 823 {
+ action drop
+ description Anti-spoofing_77.68.76.141
+ source {
+ address 77.68.76.141
+ mac-address !00:50:56:12:2e:7c
+ }
+ }
+ rule 825 {
+ action drop
+ description Anti-spoofing_77.68.76.105
+ source {
+ address 77.68.76.105
+ mac-address !00:50:56:00:0b:f6
+ }
+ }
+ rule 826 {
+ action drop
+ description Anti-spoofing_77.68.76.251
+ source {
+ address 77.68.76.251
+ mac-address !00:50:56:34:1e:f4
+ }
+ }
+ rule 827 {
+ action drop
+ description Anti-spoofing_77.68.6.202
+ source {
+ address 77.68.6.202
+ mac-address !00:50:56:17:65:5f
+ }
+ }
+ rule 828 {
+ action drop
+ description Anti-spoofing_88.208.198.92
+ source {
+ address 88.208.198.92
+ mac-address !00:50:56:0c:5d:98
+ }
+ }
+ rule 829 {
+ action drop
+ description Anti-spoofing_77.68.76.249
+ source {
+ address 77.68.76.249
+ mac-address !00:50:56:01:18:09
+ }
+ }
+ rule 830 {
+ action drop
+ description Anti-spoofing_77.68.30.164
+ source {
+ address 77.68.30.164
+ mac-address !00:50:56:3c:2a:3a
+ }
+ }
+ rule 831 {
+ action drop
+ description Anti-spoofing_77.68.77.59
+ source {
+ address 77.68.77.59
+ mac-address !00:50:56:18:09:81
+ }
+ }
+ rule 832 {
+ action drop
+ description Anti-spoofing_77.68.76.40
+ source {
+ address 77.68.76.40
+ mac-address !00:50:56:13:e6:96
+ }
+ }
+ rule 833 {
+ action drop
+ description Anti-spoofing_77.68.88.164
+ source {
+ address 77.68.88.164
+ mac-address !00:50:56:07:f9:c8
+ }
+ }
+ rule 834 {
+ action drop
+ description Anti-spoofing_77.68.77.37
+ source {
+ address 77.68.77.37
+ mac-address !00:50:56:2f:1e:7b
+ }
+ }
+ rule 835 {
+ action drop
+ description Anti-spoofing_185.132.39.99
+ source {
+ address 185.132.39.99
+ mac-address !00:50:56:1d:4e:dd
+ }
+ }
+ rule 836 {
+ action drop
+ description Anti-spoofing_77.68.121.127
+ source {
+ address 77.68.121.127
+ mac-address !00:50:56:29:fd:29
+ }
+ }
+ rule 837 {
+ action drop
+ description Anti-spoofing_77.68.77.65
+ source {
+ address 77.68.77.65
+ mac-address !00:50:56:30:1f:8b
+ }
+ }
+ rule 838 {
+ action drop
+ description Anti-spoofing_77.68.27.211
+ source {
+ address 77.68.27.211
+ mac-address !00:50:56:25:b4:d1
+ }
+ }
+ rule 839 {
+ action drop
+ description Anti-spoofing_77.68.24.112
+ source {
+ address 77.68.24.112
+ mac-address !00:50:56:06:50:e8
+ }
+ }
+ rule 840 {
+ action drop
+ description Anti-spoofing_109.228.38.201
+ source {
+ address 109.228.38.201
+ mac-address !00:50:56:36:33:0c
+ }
+ }
+ rule 841 {
+ action drop
+ description Anti-spoofing_77.68.115.17
+ source {
+ address 77.68.115.17
+ mac-address !00:50:56:16:da:60
+ }
+ }
+ rule 842 {
+ action drop
+ description Anti-spoofing_185.132.36.60
+ source {
+ address 185.132.36.60
+ mac-address !00:50:56:14:a7:b2
+ }
+ }
+ rule 843 {
+ action drop
+ description Anti-spoofing_77.68.76.231
+ source {
+ address 77.68.76.231
+ mac-address !00:50:56:03:c5:bc
+ }
+ }
+ rule 844 {
+ action drop
+ description Anti-spoofing_185.132.37.23
+ source {
+ address 185.132.37.23
+ mac-address !00:50:56:27:46:b8
+ }
+ }
+ rule 845 {
+ action drop
+ description Anti-spoofing_109.228.35.84
+ source {
+ address 109.228.35.84
+ mac-address !00:50:56:17:74:b7
+ }
+ }
+ rule 846 {
+ action drop
+ description Anti-spoofing_77.68.11.140
+ source {
+ address 77.68.11.140
+ mac-address !00:50:56:08:ce:61
+ }
+ }
+ rule 848 {
+ action drop
+ description Anti-spoofing_77.68.77.24
+ source {
+ address 77.68.77.24
+ mac-address !00:50:56:28:65:cb
+ }
+ }
+ rule 849 {
+ action drop
+ description Anti-spoofing_77.68.78.113
+ source {
+ address 77.68.78.113
+ mac-address !00:50:56:2c:5a:e3
+ }
+ }
+ rule 850 {
+ action drop
+ description Anti-spoofing_185.132.39.219
+ source {
+ address 185.132.39.219
+ mac-address !00:50:56:11:0d:fd
+ }
+ }
+ rule 851 {
+ action drop
+ description Anti-spoofing_185.132.40.11
+ source {
+ address 185.132.40.11
+ mac-address !00:50:56:27:50:a3
+ }
+ }
+ rule 852 {
+ action drop
+ description Anti-spoofing_77.68.23.64
+ source {
+ address 77.68.23.64
+ mac-address !00:50:56:0a:b2:3c
+ }
+ }
+ rule 853 {
+ action drop
+ description Anti-spoofing_185.132.37.133
+ source {
+ address 185.132.37.133
+ mac-address !00:50:56:0b:0a:21
+ }
+ }
+ rule 854 {
+ action drop
+ description Anti-spoofing_77.68.85.27
+ source {
+ address 77.68.85.27
+ mac-address !00:50:56:34:82:24
+ }
+ }
+ rule 855 {
+ action drop
+ description Anti-spoofing_77.68.26.221
+ source {
+ address 77.68.26.221
+ mac-address !00:50:56:30:56:a2
+ }
+ }
+ rule 856 {
+ action drop
+ description Anti-spoofing_77.68.76.243
+ source {
+ address 77.68.76.243
+ mac-address !00:50:56:1c:a0:2d
+ }
+ }
+ rule 857 {
+ action drop
+ description Anti-spoofing_77.68.116.52
+ source {
+ address 77.68.116.52
+ mac-address !00:50:56:2b:59:35
+ }
+ }
+ rule 858 {
+ action drop
+ description Anti-spoofing_77.68.120.26
+ source {
+ address 77.68.120.26
+ mac-address !00:50:56:07:3b:2b
+ }
+ }
+ rule 859 {
+ action drop
+ description Anti-spoofing_185.132.40.56
+ source {
+ address 185.132.40.56
+ mac-address !00:50:56:21:cb:e3
+ }
+ }
+ rule 860 {
+ action drop
+ description Anti-spoofing_213.171.210.155
+ source {
+ address 213.171.210.155
+ mac-address !00:50:56:2a:53:9f
+ }
+ }
+ rule 861 {
+ action drop
+ description Anti-spoofing_185.132.43.157
+ source {
+ address 185.132.43.157
+ mac-address !00:50:56:27:e6:d5
+ }
+ }
+ rule 862 {
+ action drop
+ description Anti-spoofing_77.68.4.252
+ source {
+ address 77.68.4.252
+ mac-address !00:50:56:08:ff:66
+ }
+ }
+ rule 863 {
+ action drop
+ description Anti-spoofing_77.68.77.63
+ source {
+ address 77.68.77.63
+ mac-address !00:50:56:10:9c:ca
+ }
+ }
+ rule 864 {
+ action drop
+ description Anti-spoofing_77.68.20.161
+ source {
+ address 77.68.20.161
+ mac-address !00:50:56:0d:06:6f
+ }
+ }
+ rule 865 {
+ action drop
+ description Anti-spoofing_77.68.117.45
+ source {
+ address 77.68.117.45
+ mac-address !00:50:56:05:e0:11
+ }
+ }
+ rule 866 {
+ action drop
+ description Anti-spoofing_77.68.76.234
+ source {
+ address 77.68.76.234
+ mac-address !00:50:56:3a:d3:9e
+ }
+ }
+ rule 867 {
+ action drop
+ description Anti-spoofing_185.132.40.90
+ source {
+ address 185.132.40.90
+ mac-address !00:50:56:2c:90:4f
+ }
+ }
+ rule 868 {
+ action drop
+ description Anti-spoofing_77.68.77.90
+ source {
+ address 77.68.77.90
+ mac-address !00:50:56:1d:ec:a2
+ }
+ }
+ rule 869 {
+ action drop
+ description Anti-spoofing_77.68.76.93
+ source {
+ address 77.68.76.93
+ mac-address !00:50:56:19:cb:e8
+ }
+ }
+ rule 870 {
+ action drop
+ description Anti-spoofing_77.68.26.166
+ source {
+ address 77.68.26.166
+ mac-address !00:50:56:1e:34:14
+ }
+ }
+ rule 871 {
+ action drop
+ description Anti-spoofing_185.132.40.244
+ source {
+ address 185.132.40.244
+ mac-address !00:50:56:14:a7:b2
+ }
+ }
+ rule 872 {
+ action drop
+ description Anti-spoofing_77.68.77.77
+ source {
+ address 77.68.77.77
+ mac-address !00:50:56:0c:9b:e1
+ }
+ }
+ rule 873 {
+ action drop
+ description Anti-spoofing_77.68.27.57
+ source {
+ address 77.68.27.57
+ mac-address !00:50:56:3e:06:ca
+ }
+ }
+ rule 874 {
+ action drop
+ description Anti-spoofing_77.68.7.114
+ source {
+ address 77.68.7.114
+ mac-address !00:50:56:33:0d:5e
+ }
+ }
+ rule 875 {
+ action drop
+ description Anti-spoofing_109.228.36.229
+ source {
+ address 109.228.36.229
+ mac-address !00:50:56:32:a6:83
+ }
+ }
+ rule 876 {
+ action drop
+ description Anti-spoofing_77.68.77.151
+ source {
+ address 77.68.77.151
+ mac-address !00:50:56:0a:e4:20
+ }
+ }
+ rule 877 {
+ action drop
+ description Anti-spoofing_77.68.76.92
+ source {
+ address 77.68.76.92
+ mac-address !00:50:56:2b:a5:38
+ }
+ }
+ rule 878 {
+ action drop
+ description Anti-spoofing_77.68.49.159
+ source {
+ address 77.68.49.159
+ mac-address !00:50:56:16:4f:24
+ }
+ }
+ rule 879 {
+ action drop
+ description Anti-spoofing_77.68.77.38
+ source {
+ address 77.68.77.38
+ mac-address !00:50:56:2c:fe:a1
+ }
+ }
+ rule 880 {
+ action drop
+ description Anti-spoofing_77.68.20.217
+ source {
+ address 77.68.20.217
+ mac-address !00:50:56:3a:61:47
+ }
+ }
+ rule 881 {
+ action drop
+ description Anti-spoofing_77.68.92.92
+ source {
+ address 77.68.92.92
+ mac-address !00:50:56:1b:64:85
+ }
+ }
+ rule 882 {
+ action drop
+ description Anti-spoofing_77.68.76.124
+ source {
+ address 77.68.76.124
+ mac-address !00:50:56:0e:c1:e4
+ }
+ }
+ rule 884 {
+ action drop
+ description Anti-spoofing_77.68.126.101
+ source {
+ address 77.68.126.101
+ mac-address !00:50:56:31:d1:a3
+ }
+ }
+ rule 885 {
+ action drop
+ description Anti-spoofing_77.68.76.235
+ source {
+ address 77.68.76.235
+ mac-address !00:50:56:15:d1:66
+ }
+ }
+ rule 886 {
+ action drop
+ description Anti-spoofing_77.68.77.95
+ source {
+ address 77.68.77.95
+ mac-address !00:50:56:39:c6:52
+ }
+ }
+ rule 887 {
+ action drop
+ description Anti-spoofing_77.68.26.228
+ source {
+ address 77.68.26.228
+ mac-address !00:50:56:03:ab:9e
+ }
+ }
+ rule 888 {
+ action drop
+ description Anti-spoofing_77.68.32.118
+ source {
+ address 77.68.32.118
+ mac-address !00:50:56:0e:db:9d
+ }
+ }
+ rule 889 {
+ action drop
+ description Anti-spoofing_77.68.24.172
+ source {
+ address 77.68.24.172
+ mac-address !00:50:56:0e:2a:9c
+ }
+ }
+ rule 891 {
+ action drop
+ description Anti-spoofing_77.68.77.190
+ source {
+ address 77.68.77.190
+ mac-address !00:50:56:31:e8:fb
+ }
+ }
+ rule 892 {
+ action drop
+ description Anti-spoofing_77.68.33.197
+ source {
+ address 77.68.33.197
+ mac-address !00:50:56:2b:27:c4
+ }
+ }
+ rule 893 {
+ action drop
+ description Anti-spoofing_213.171.210.177
+ source {
+ address 213.171.210.177
+ mac-address !00:50:56:04:96:31
+ }
+ }
+ rule 894 {
+ action drop
+ description Anti-spoofing_185.132.41.73
+ source {
+ address 185.132.41.73
+ mac-address !00:50:56:35:b4:a5
+ }
+ }
+ rule 895 {
+ action drop
+ description Anti-spoofing_77.68.21.78
+ source {
+ address 77.68.21.78
+ mac-address !00:50:56:23:87:f2
+ }
+ }
+ rule 896 {
+ action drop
+ description Anti-spoofing_77.68.77.209
+ source {
+ address 77.68.77.209
+ mac-address !00:50:56:3b:95:06
+ }
+ }
+ rule 897 {
+ action drop
+ description Anti-spoofing_88.208.215.19
+ source {
+ address 88.208.215.19
+ mac-address !00:50:56:1f:e1:4b
+ }
+ }
+ rule 898 {
+ action drop
+ description Anti-spoofing_77.68.77.214
+ source {
+ address 77.68.77.214
+ mac-address !00:50:56:2b:03:2b
+ }
+ }
+ rule 899 {
+ action drop
+ description Anti-spoofing_77.68.76.91
+ source {
+ address 77.68.76.91
+ mac-address !00:50:56:3b:3c:fb
+ }
+ }
+ rule 900 {
+ action drop
+ description Anti-spoofing_77.68.119.92
+ source {
+ address 77.68.119.92
+ mac-address !00:50:56:25:ba:8c
+ }
+ }
+ rule 901 {
+ action drop
+ description Anti-spoofing_77.68.77.79
+ source {
+ address 77.68.77.79
+ mac-address !00:50:56:28:f5:72
+ }
+ }
+ rule 902 {
+ action drop
+ description Anti-spoofing_77.68.75.45
+ source {
+ address 77.68.75.45
+ mac-address !00:50:56:04:51:74
+ }
+ }
+ rule 903 {
+ action drop
+ description Anti-spoofing_109.228.56.185
+ source {
+ address 109.228.56.185
+ mac-address !00:50:56:13:e5:07
+ }
+ }
+ rule 904 {
+ action drop
+ description Anti-spoofing_185.132.43.6
+ source {
+ address 185.132.43.6
+ mac-address !00:50:56:38:d1:d5
+ }
+ }
+ rule 905 {
+ action drop
+ description Anti-spoofing_77.68.117.202
+ source {
+ address 77.68.117.202
+ mac-address !00:50:56:01:b2:9f
+ }
+ }
+ rule 906 {
+ action drop
+ description Anti-spoofing_77.68.86.40
+ source {
+ address 77.68.86.40
+ mac-address !00:50:56:03:e2:49
+ }
+ }
+ rule 907 {
+ action drop
+ description Anti-spoofing_77.68.49.126
+ source {
+ address 77.68.49.126
+ mac-address !00:50:56:3b:47:f3
+ }
+ }
+ rule 909 {
+ action drop
+ description Anti-spoofing_77.68.77.100
+ source {
+ address 77.68.77.100
+ mac-address !00:50:56:34:d7:5b
+ }
+ }
+ rule 910 {
+ action drop
+ description Anti-spoofing_109.228.46.196
+ source {
+ address 109.228.46.196
+ mac-address !00:50:56:1a:a0:0e
+ }
+ }
+ rule 911 {
+ action drop
+ description Anti-spoofing_77.68.77.72
+ source {
+ address 77.68.77.72
+ mac-address !00:50:56:1e:67:f7
+ }
+ }
+ rule 912 {
+ action drop
+ description Anti-spoofing_185.132.43.28
+ source {
+ address 185.132.43.28
+ mac-address !00:50:56:35:a5:36
+ }
+ }
+ rule 913 {
+ action drop
+ description Anti-spoofing_77.68.103.19
+ source {
+ address 77.68.103.19
+ mac-address !00:50:56:27:34:a3
+ }
+ }
+ rule 914 {
+ action drop
+ description Anti-spoofing_77.68.118.104
+ source {
+ address 77.68.118.104
+ mac-address !00:50:56:2d:f8:d7
+ }
+ }
+ rule 915 {
+ action drop
+ description Anti-spoofing_77.68.116.183
+ source {
+ address 77.68.116.183
+ mac-address !00:50:56:17:23:d4
+ }
+ }
+ rule 916 {
+ action drop
+ description Anti-spoofing_77.68.76.107
+ source {
+ address 77.68.76.107
+ mac-address !00:50:56:36:c0:da
+ }
+ }
+ rule 917 {
+ action drop
+ description Anti-spoofing_77.68.93.164
+ source {
+ address 77.68.93.164
+ mac-address !00:50:56:36:cd:1a
+ }
+ }
+ rule 918 {
+ action drop
+ description Anti-spoofing_77.68.5.241
+ source {
+ address 77.68.5.241
+ mac-address !00:50:56:11:2d:22
+ }
+ }
+ rule 919 {
+ action drop
+ description Anti-spoofing_185.132.43.98
+ source {
+ address 185.132.43.98
+ mac-address !00:50:56:20:7b:87
+ }
+ }
+ rule 920 {
+ action drop
+ description Anti-spoofing_77.68.76.241
+ source {
+ address 77.68.76.241
+ mac-address !00:50:56:00:50:f6
+ }
+ }
+ rule 921 {
+ action drop
+ description Anti-spoofing_77.68.74.232
+ source {
+ address 77.68.74.232
+ mac-address !00:50:56:19:df:41
+ }
+ }
+ rule 922 {
+ action drop
+ description Anti-spoofing_77.68.76.26
+ source {
+ address 77.68.76.26
+ mac-address !00:50:56:36:c0:da
+ }
+ }
+ rule 923 {
+ action drop
+ description Anti-spoofing_77.68.28.207
+ source {
+ address 77.68.28.207
+ mac-address !00:50:56:36:41:da
+ }
+ }
+ rule 924 {
+ action drop
+ description Anti-spoofing_77.68.29.178
+ source {
+ address 77.68.29.178
+ mac-address !00:50:56:21:81:be
+ }
+ }
+ rule 925 {
+ action drop
+ description Anti-spoofing_77.68.121.119
+ source {
+ address 77.68.121.119
+ mac-address !00:50:56:0b:d8:e1
+ }
+ }
+ rule 926 {
+ action drop
+ description Anti-spoofing_77.68.126.22
+ source {
+ address 77.68.126.22
+ mac-address !00:50:56:32:62:56
+ }
+ }
+ rule 927 {
+ action drop
+ description Anti-spoofing_109.228.61.31
+ source {
+ address 109.228.61.31
+ mac-address !00:50:56:21:a0:04
+ }
+ }
+ rule 928 {
+ action drop
+ description Anti-spoofing_77.68.114.205
+ source {
+ address 77.68.114.205
+ mac-address !00:50:56:2a:f1:3f
+ }
+ }
+ rule 929 {
+ action drop
+ description Anti-spoofing_77.68.75.113
+ source {
+ address 77.68.75.113
+ mac-address !00:50:56:33:6c:b9
+ }
+ }
+ rule 930 {
+ action drop
+ description Anti-spoofing_77.68.79.206
+ source {
+ address 77.68.79.206
+ mac-address !00:50:56:36:86:66
+ }
+ }
+ rule 931 {
+ action drop
+ description Anti-spoofing_88.208.198.64
+ source {
+ address 88.208.198.64
+ mac-address !00:50:56:39:2c:fe
+ }
+ }
+ rule 932 {
+ action drop
+ description Anti-spoofing_77.68.77.161
+ source {
+ address 77.68.77.161
+ mac-address !00:50:56:0a:7e:6c
+ }
+ }
+ rule 933 {
+ action drop
+ description Anti-spoofing_77.68.114.237
+ source {
+ address 77.68.114.237
+ mac-address !00:50:56:16:f4:39
+ }
+ }
+ rule 934 {
+ action drop
+ description Anti-spoofing_109.228.36.119
+ source {
+ address 109.228.36.119
+ mac-address !00:50:56:28:63:37
+ }
+ }
+ rule 935 {
+ action drop
+ description Anti-spoofing_77.68.76.254
+ source {
+ address 77.68.76.254
+ mac-address !00:50:56:3b:49:08
+ }
+ }
+ rule 936 {
+ action drop
+ description Anti-spoofing_77.68.77.231
+ source {
+ address 77.68.77.231
+ mac-address !00:50:56:36:78:72
+ }
+ }
+ rule 937 {
+ action drop
+ description Anti-spoofing_77.68.7.172
+ source {
+ address 77.68.7.172
+ mac-address !00:50:56:19:39:45
+ }
+ }
+ rule 938 {
+ action drop
+ description Anti-spoofing_77.68.77.62
+ source {
+ address 77.68.77.62
+ mac-address !00:50:56:04:8c:b4
+ }
+ }
+ rule 939 {
+ action drop
+ description Anti-spoofing_77.68.77.215
+ source {
+ address 77.68.77.215
+ mac-address !00:50:56:35:f3:5a
+ }
+ }
+ rule 940 {
+ action drop
+ description Anti-spoofing_77.68.6.105
+ source {
+ address 77.68.6.105
+ mac-address !00:50:56:03:0e:07
+ }
+ }
+ rule 941 {
+ action drop
+ description Anti-spoofing_77.68.33.37
+ source {
+ address 77.68.33.37
+ mac-address !00:50:56:00:6b:a3
+ }
+ }
+ rule 942 {
+ action drop
+ description Anti-spoofing_77.68.4.180
+ source {
+ address 77.68.4.180
+ mac-address !00:50:56:11:6c:dc
+ }
+ }
+ rule 943 {
+ action drop
+ description Anti-spoofing_77.68.78.229
+ source {
+ address 77.68.78.229
+ mac-address !00:50:56:1e:58:2f
+ }
+ }
+ rule 944 {
+ action drop
+ description Anti-spoofing_77.68.73.73
+ source {
+ address 77.68.73.73
+ mac-address !00:50:56:38:d7:1a
+ }
+ }
+ rule 945 {
+ action drop
+ description Anti-spoofing_77.68.2.215
+ source {
+ address 77.68.2.215
+ mac-address !00:50:56:31:3c:87
+ }
+ }
+ rule 946 {
+ action drop
+ description Anti-spoofing_77.68.48.81
+ source {
+ address 77.68.48.81
+ mac-address !00:50:56:3a:13:df
+ }
+ }
+ rule 947 {
+ action drop
+ description Anti-spoofing_213.171.214.102
+ source {
+ address 213.171.214.102
+ mac-address !00:50:56:00:60:5a
+ }
+ }
+ rule 948 {
+ action drop
+ description Anti-spoofing_77.68.123.177
+ source {
+ address 77.68.123.177
+ mac-address !00:50:56:3c:07:ef
+ }
+ }
+ rule 949 {
+ action drop
+ description Anti-spoofing_77.68.7.160
+ source {
+ address 77.68.7.160
+ mac-address !00:50:56:09:6e:79
+ }
+ }
+ rule 950 {
+ action drop
+ description Anti-spoofing_77.68.24.59
+ source {
+ address 77.68.24.59
+ mac-address !00:50:56:3c:b7:c1
+ }
+ }
+ rule 951 {
+ action drop
+ description Anti-spoofing_77.68.80.97
+ source {
+ address 77.68.80.97
+ mac-address !00:50:56:15:cc:c6
+ }
+ }
+ rule 952 {
+ action drop
+ description Anti-spoofing_77.68.7.67
+ source {
+ address 77.68.7.67
+ mac-address !00:50:56:13:92:b7
+ }
+ }
+ rule 953 {
+ action drop
+ description Anti-spoofing_109.228.36.79
+ source {
+ address 109.228.36.79
+ mac-address !00:50:56:17:c9:65
+ }
+ }
+ rule 954 {
+ action drop
+ description Anti-spoofing_77.68.32.43
+ source {
+ address 77.68.32.43
+ mac-address !00:50:56:13:6d:02
+ }
+ }
+ rule 955 {
+ action drop
+ description Anti-spoofing_77.68.90.106
+ source {
+ address 77.68.90.106
+ mac-address !00:50:56:1b:6d:fb
+ }
+ }
+ rule 956 {
+ action drop
+ description Anti-spoofing_77.68.77.174
+ source {
+ address 77.68.77.174
+ mac-address !00:50:56:2a:61:0b
+ }
+ }
+ rule 957 {
+ action drop
+ description Anti-spoofing_77.68.94.181
+ source {
+ address 77.68.94.181
+ mac-address !00:50:56:0b:7c:cc
+ }
+ }
+ rule 958 {
+ action drop
+ description Anti-spoofing_77.68.4.136
+ source {
+ address 77.68.4.136
+ mac-address !00:50:56:10:4d:5c
+ }
+ }
+ rule 959 {
+ action drop
+ description Anti-spoofing_77.68.32.31
+ source {
+ address 77.68.32.31
+ mac-address !00:50:56:0a:f5:03
+ }
+ }
+ rule 960 {
+ action drop
+ description Anti-spoofing_77.68.30.133
+ source {
+ address 77.68.30.133
+ mac-address !00:50:56:3a:96:4e
+ }
+ }
+ rule 961 {
+ action drop
+ description Anti-spoofing_77.68.72.202
+ source {
+ address 77.68.72.202
+ mac-address !00:50:56:2e:ca:a2
+ }
+ }
+ rule 962 {
+ action drop
+ description Anti-spoofing_77.68.81.141
+ source {
+ address 77.68.81.141
+ mac-address !00:50:56:00:07:47
+ }
+ }
+ rule 963 {
+ action drop
+ description Anti-spoofing_77.68.27.54
+ source {
+ address 77.68.27.54
+ mac-address !00:50:56:37:ad:51
+ }
+ }
+ rule 964 {
+ action drop
+ description Anti-spoofing_77.68.32.254
+ source {
+ address 77.68.32.254
+ mac-address !00:50:56:2d:d0:36
+ }
+ }
+ rule 965 {
+ action drop
+ description Anti-spoofing_77.68.10.152
+ source {
+ address 77.68.10.152
+ mac-address !00:50:56:38:d7:1a
+ }
+ }
+ rule 967 {
+ action drop
+ description Anti-spoofing_109.228.47.223
+ source {
+ address 109.228.47.223
+ mac-address !00:50:56:02:f7:24
+ }
+ }
+ rule 968 {
+ action drop
+ description Anti-spoofing_77.68.5.125
+ source {
+ address 77.68.5.125
+ mac-address !00:50:56:16:21:98
+ }
+ }
+ rule 969 {
+ action drop
+ description Anti-spoofing_77.68.119.14
+ source {
+ address 77.68.119.14
+ mac-address !00:50:56:2e:87:33
+ }
+ }
+ rule 970 {
+ action drop
+ description Anti-spoofing_77.68.117.51
+ source {
+ address 77.68.117.51
+ mac-address !00:50:56:17:c0:6c
+ }
+ }
+ rule 971 {
+ action drop
+ description Anti-spoofing_77.68.118.102
+ source {
+ address 77.68.118.102
+ mac-address !00:50:56:3e:06:ca
+ }
+ }
+ rule 972 {
+ action drop
+ description Anti-spoofing_185.132.43.71
+ source {
+ address 185.132.43.71
+ mac-address !00:50:56:2d:6a:8d
+ }
+ }
+ rule 973 {
+ action drop
+ description Anti-spoofing_77.68.112.91
+ source {
+ address 77.68.112.91
+ mac-address !00:50:56:2b:c3:9f
+ }
+ }
+ rule 974 {
+ action drop
+ description Anti-spoofing_77.68.116.232
+ source {
+ address 77.68.116.232
+ mac-address !00:50:56:2a:f9:fd
+ }
+ }
+ rule 976 {
+ action drop
+ description Anti-spoofing_77.68.82.157
+ source {
+ address 77.68.82.157
+ mac-address !00:50:56:3d:81:41
+ }
+ }
+ rule 977 {
+ action drop
+ description Anti-spoofing_77.68.117.222
+ source {
+ address 77.68.117.222
+ mac-address !00:50:56:16:92:58
+ }
+ }
+ rule 978 {
+ action drop
+ description Anti-spoofing_77.68.118.15
+ source {
+ address 77.68.118.15
+ mac-address !00:50:56:28:28:de
+ }
+ }
+ rule 979 {
+ action drop
+ description Anti-spoofing_77.68.117.173
+ source {
+ address 77.68.117.173
+ mac-address !00:50:56:12:7a:57
+ }
+ }
+ rule 980 {
+ action drop
+ description Anti-spoofing_77.68.83.41
+ source {
+ address 77.68.83.41
+ mac-address !00:50:56:13:ef:0e
+ }
+ }
+ rule 981 {
+ action drop
+ description Anti-spoofing_77.68.4.57
+ source {
+ address 77.68.4.57
+ mac-address !00:50:56:23:f0:c3
+ }
+ }
+ rule 983 {
+ action drop
+ description Anti-spoofing_77.68.118.86
+ source {
+ address 77.68.118.86
+ mac-address !00:50:56:03:73:3d
+ }
+ }
+ rule 984 {
+ action drop
+ description Anti-spoofing_109.228.56.26
+ source {
+ address 109.228.56.26
+ mac-address !00:50:56:36:47:8c
+ }
+ }
+ rule 985 {
+ action drop
+ description Anti-spoofing_109.228.38.171
+ source {
+ address 109.228.38.171
+ mac-address !00:50:56:18:da:1c
+ }
+ }
+ rule 986 {
+ action drop
+ description Anti-spoofing_77.68.91.128
+ source {
+ address 77.68.91.128
+ mac-address !00:50:56:34:d0:41
+ }
+ }
+ rule 987 {
+ action drop
+ description Anti-spoofing_77.68.79.89
+ source {
+ address 77.68.79.89
+ mac-address !00:50:56:14:67:52
+ }
+ }
+ rule 988 {
+ action drop
+ description Anti-spoofing_88.208.198.66
+ source {
+ address 88.208.198.66
+ mac-address !00:50:56:3c:e0:8d
+ }
+ }
+ rule 989 {
+ action drop
+ description Anti-spoofing_77.68.118.88
+ source {
+ address 77.68.118.88
+ mac-address !00:50:56:2f:ac:5f
+ }
+ }
+ rule 990 {
+ action drop
+ description Anti-spoofing_109.228.60.215
+ source {
+ address 109.228.60.215
+ mac-address !00:50:56:2b:59:35
+ }
+ }
+ rule 991 {
+ action drop
+ description Anti-spoofing_109.228.55.82
+ source {
+ address 109.228.55.82
+ mac-address !00:50:56:32:15:bc
+ }
+ }
+ rule 992 {
+ action drop
+ description Anti-spoofing_77.68.48.14
+ source {
+ address 77.68.48.14
+ mac-address !00:50:56:2e:2e:5a
+ }
+ }
+ rule 993 {
+ action drop
+ description Anti-spoofing_77.68.7.186
+ source {
+ address 77.68.7.186
+ mac-address !00:50:56:06:63:ae
+ }
+ }
+ rule 994 {
+ action drop
+ description Anti-spoofing_77.68.74.209
+ source {
+ address 77.68.74.209
+ mac-address !00:50:56:01:c5:88
+ }
+ }
+ rule 995 {
+ action drop
+ description Anti-spoofing_77.68.6.32
+ source {
+ address 77.68.6.32
+ mac-address !00:50:56:19:b2:9e
+ }
+ }
+ rule 996 {
+ action drop
+ description Anti-spoofing_77.68.6.210
+ source {
+ address 77.68.6.210
+ mac-address !00:50:56:03:16:58
+ }
+ }
+ rule 997 {
+ action drop
+ description Anti-spoofing_77.68.34.26
+ source {
+ address 77.68.34.26
+ mac-address !00:50:56:16:f0:f3
+ }
+ }
+ rule 998 {
+ action drop
+ description Anti-spoofing_77.68.77.238
+ source {
+ address 77.68.77.238
+ mac-address !00:50:56:25:b8:e7
+ }
+ }
+ rule 999 {
+ action drop
+ description Anti-spoofing_77.68.35.116
+ source {
+ address 77.68.35.116
+ mac-address !00:50:56:22:c6:b9
+ }
+ }
+ rule 1000 {
+ action drop
+ description Anti-spoofing_77.68.23.112
+ source {
+ address 77.68.23.112
+ mac-address !00:50:56:1f:06:9f
+ }
+ }
+ rule 1001 {
+ action drop
+ description Anti-spoofing_77.68.120.241
+ source {
+ address 77.68.120.241
+ mac-address !00:50:56:18:1e:aa
+ }
+ }
+ rule 1002 {
+ action drop
+ description Anti-spoofing_77.68.34.28
+ source {
+ address 77.68.34.28
+ mac-address !00:50:56:24:5e:9a
+ }
+ }
+ rule 1003 {
+ action drop
+ description Anti-spoofing_77.68.122.195
+ source {
+ address 77.68.122.195
+ mac-address !00:50:56:0d:fd:66
+ }
+ }
+ rule 1004 {
+ action drop
+ description Anti-spoofing_77.68.126.14
+ source {
+ address 77.68.126.14
+ mac-address !00:50:56:02:46:82
+ }
+ }
+ rule 1005 {
+ action drop
+ description Anti-spoofing_109.228.38.117
+ source {
+ address 109.228.38.117
+ mac-address !00:50:56:05:55:f0
+ }
+ }
+ rule 1006 {
+ action drop
+ description Anti-spoofing_77.68.33.171
+ source {
+ address 77.68.33.171
+ mac-address !00:50:56:07:69:46
+ }
+ }
+ rule 1007 {
+ action drop
+ description Anti-spoofing_77.68.24.220
+ source {
+ address 77.68.24.220
+ mac-address !00:50:56:1f:53:df
+ }
+ }
+ rule 1008 {
+ action drop
+ description Anti-spoofing_88.208.197.23
+ source {
+ address 88.208.197.23
+ mac-address !00:50:56:23:fa:2f
+ }
+ }
+ rule 1009 {
+ action drop
+ description Anti-spoofing_77.68.80.26
+ source {
+ address 77.68.80.26
+ mac-address !00:50:56:21:23:8e
+ }
+ }
+ rule 1010 {
+ action drop
+ description Anti-spoofing_77.68.32.83
+ source {
+ address 77.68.32.83
+ mac-address !00:50:56:26:5d:1a
+ }
+ }
+ rule 1011 {
+ action drop
+ description Anti-spoofing_77.68.95.42
+ source {
+ address 77.68.95.42
+ mac-address !00:50:56:00:77:9a
+ }
+ }
+ rule 1012 {
+ action drop
+ description Anti-spoofing_213.171.209.217
+ source {
+ address 213.171.209.217
+ mac-address !00:50:56:18:7b:c2
+ }
+ }
+ rule 1014 {
+ action drop
+ description Anti-spoofing_109.228.39.249
+ source {
+ address 109.228.39.249
+ mac-address !00:50:56:0e:4b:f9
+ }
+ }
+ rule 1015 {
+ action drop
+ description Anti-spoofing_77.68.32.86
+ source {
+ address 77.68.32.86
+ mac-address !00:50:56:29:ff:6f
+ }
+ }
+ rule 1016 {
+ action drop
+ description Anti-spoofing_77.68.125.218
+ source {
+ address 77.68.125.218
+ mac-address !00:50:56:2f:4d:38
+ }
+ }
+ rule 1017 {
+ action drop
+ description Anti-spoofing_77.68.17.186
+ source {
+ address 77.68.17.186
+ mac-address !00:50:56:2e:6b:f3
+ }
+ }
+ rule 1018 {
+ action drop
+ description Anti-spoofing_77.68.12.45
+ source {
+ address 77.68.12.45
+ mac-address !00:50:56:15:e4:38
+ }
+ }
+ rule 1019 {
+ action drop
+ description Anti-spoofing_109.228.40.247
+ source {
+ address 109.228.40.247
+ mac-address !00:50:56:20:62:b7
+ }
+ }
+ rule 1020 {
+ action drop
+ description Anti-spoofing_77.68.32.89
+ source {
+ address 77.68.32.89
+ mac-address !00:50:56:2e:21:46
+ }
+ }
+ rule 1022 {
+ action drop
+ description Anti-spoofing_77.68.34.138
+ source {
+ address 77.68.34.138
+ mac-address !00:50:56:10:0a:08
+ }
+ }
+ rule 1023 {
+ action drop
+ description Anti-spoofing_77.68.34.139
+ source {
+ address 77.68.34.139
+ mac-address !00:50:56:0d:24:2f
+ }
+ }
+ rule 1024 {
+ action drop
+ description Anti-spoofing_213.171.208.40
+ source {
+ address 213.171.208.40
+ mac-address !00:50:56:07:df:6e
+ }
+ }
+ rule 1026 {
+ action drop
+ description Anti-spoofing_109.228.40.226
+ source {
+ address 109.228.40.226
+ mac-address !00:50:56:2d:c8:2a
+ }
+ }
+ rule 1028 {
+ action drop
+ description Anti-spoofing_185.132.39.109
+ source {
+ address 185.132.39.109
+ mac-address !00:50:56:2c:3e:98
+ }
+ }
+ rule 1029 {
+ action drop
+ description Anti-spoofing_109.228.40.207
+ source {
+ address 109.228.40.207
+ mac-address !00:50:56:04:ba:9c
+ }
+ }
+ rule 1030 {
+ action drop
+ description Anti-spoofing_77.68.48.89
+ source {
+ address 77.68.48.89
+ mac-address !00:50:56:33:b3:05
+ }
+ }
+ rule 1031 {
+ action drop
+ description Anti-spoofing_77.68.48.105
+ source {
+ address 77.68.48.105
+ mac-address !00:50:56:13:8d:55
+ }
+ }
+ rule 1032 {
+ action drop
+ description Anti-spoofing_77.68.50.142
+ source {
+ address 77.68.50.142
+ mac-address !00:50:56:2e:58:85
+ }
+ }
+ rule 1033 {
+ action drop
+ description Anti-spoofing_77.68.49.12
+ source {
+ address 77.68.49.12
+ mac-address !00:50:56:0f:ed:da
+ }
+ }
+ rule 1034 {
+ action drop
+ description Anti-spoofing_77.68.85.18
+ source {
+ address 77.68.85.18
+ mac-address !00:50:56:3b:0a:8b
+ }
+ }
+ rule 1035 {
+ action drop
+ description Anti-spoofing_77.68.49.4
+ source {
+ address 77.68.49.4
+ mac-address !00:50:56:05:e5:05
+ }
+ }
+ rule 1036 {
+ action drop
+ description Anti-spoofing_109.228.37.187
+ source {
+ address 109.228.37.187
+ mac-address !00:50:56:37:21:f0
+ }
+ }
+ rule 1037 {
+ action drop
+ description Anti-spoofing_77.68.49.178
+ source {
+ address 77.68.49.178
+ mac-address !00:50:56:26:00:f7
+ }
+ }
+ rule 1038 {
+ action drop
+ description Anti-spoofing_77.68.82.147
+ source {
+ address 77.68.82.147
+ mac-address !00:50:56:13:75:25
+ }
+ }
+ rule 1040 {
+ action drop
+ description Anti-spoofing_77.68.24.134
+ source {
+ address 77.68.24.134
+ mac-address !00:50:56:29:0b:02
+ }
+ }
+ rule 1041 {
+ action drop
+ description Anti-spoofing_77.68.24.63
+ source {
+ address 77.68.24.63
+ mac-address !00:50:56:08:7e:4a
+ }
+ }
+ rule 1042 {
+ action drop
+ description Anti-spoofing_77.68.50.91
+ source {
+ address 77.68.50.91
+ mac-address !00:50:56:35:b6:4f
+ }
+ }
+ rule 1043 {
+ action drop
+ description Anti-spoofing_77.68.49.160
+ source {
+ address 77.68.49.160
+ mac-address !00:50:56:0e:29:ce
+ }
+ }
+ rule 1044 {
+ action drop
+ description Anti-spoofing_77.68.116.84
+ source {
+ address 77.68.116.84
+ mac-address !00:50:56:2d:e7:75
+ }
+ }
+ rule 1045 {
+ action drop
+ description Anti-spoofing_77.68.126.160
+ source {
+ address 77.68.126.160
+ mac-address !00:50:56:19:a1:cf
+ }
+ }
+ rule 1046 {
+ action drop
+ description Anti-spoofing_185.132.41.240
+ source {
+ address 185.132.41.240
+ mac-address !00:50:56:08:f6:7c
+ }
+ }
+ rule 1047 {
+ action drop
+ description Anti-spoofing_77.68.50.193
+ source {
+ address 77.68.50.193
+ mac-address !00:50:56:0f:44:05
+ }
+ }
+ rule 1048 {
+ action drop
+ description Anti-spoofing_77.68.49.161
+ source {
+ address 77.68.49.161
+ mac-address !00:50:56:09:4a:87
+ }
+ }
+ rule 1049 {
+ action drop
+ description Anti-spoofing_109.228.58.134
+ source {
+ address 109.228.58.134
+ mac-address !00:50:56:06:82:eb
+ }
+ }
+ rule 1050 {
+ action drop
+ description Anti-spoofing_185.132.36.56
+ source {
+ address 185.132.36.56
+ mac-address !00:50:56:11:89:a1
+ }
+ }
+ rule 1051 {
+ action drop
+ description Anti-spoofing_77.68.50.198
+ source {
+ address 77.68.50.198
+ mac-address !00:50:56:21:8f:66
+ }
+ }
+ rule 1052 {
+ action drop
+ description Anti-spoofing_77.68.100.150
+ source {
+ address 77.68.100.150
+ mac-address !00:50:56:3a:15:0a
+ }
+ }
+ rule 1053 {
+ action drop
+ description Anti-spoofing_88.208.196.91
+ source {
+ address 88.208.196.91
+ mac-address !00:50:56:0a:06:31
+ }
+ }
+ rule 1054 {
+ action drop
+ description Anti-spoofing_185.132.41.148
+ source {
+ address 185.132.41.148
+ mac-address !00:50:56:3b:d9:ec
+ }
+ }
+ rule 1055 {
+ action drop
+ description Anti-spoofing_213.171.210.25
+ source {
+ address 213.171.210.25
+ mac-address !00:50:56:0a:b8:6c
+ }
+ }
+ rule 1056 {
+ action drop
+ description Anti-spoofing_77.68.51.214
+ source {
+ address 77.68.51.214
+ mac-address !00:50:56:16:29:41
+ }
+ }
+ rule 1057 {
+ action drop
+ description Anti-spoofing_77.68.51.202
+ source {
+ address 77.68.51.202
+ mac-address !00:50:56:24:5a:0f
+ }
+ }
+ rule 1058 {
+ action drop
+ description Anti-spoofing_77.68.100.132
+ source {
+ address 77.68.100.132
+ mac-address !00:50:56:27:18:b7
+ }
+ }
+ rule 1059 {
+ action drop
+ description Anti-spoofing_77.68.77.42
+ source {
+ address 77.68.77.42
+ mac-address !00:50:56:34:d1:d5
+ }
+ }
+ rule 1060 {
+ action drop
+ description Anti-spoofing_109.228.39.41
+ source {
+ address 109.228.39.41
+ mac-address !00:50:56:2e:6a:41
+ }
+ }
+ rule 1061 {
+ action drop
+ description Anti-spoofing_77.68.100.134
+ source {
+ address 77.68.100.134
+ mac-address !00:50:56:19:a0:13
+ }
+ }
+ rule 1062 {
+ action drop
+ description Anti-spoofing_77.68.89.247
+ source {
+ address 77.68.89.247
+ mac-address !00:50:56:2b:ed:68
+ }
+ }
+ rule 1063 {
+ action drop
+ description Anti-spoofing_77.68.101.64
+ source {
+ address 77.68.101.64
+ mac-address !00:50:56:24:5a:0f
+ }
+ }
+ rule 1064 {
+ action drop
+ description Anti-spoofing_88.208.199.249
+ source {
+ address 88.208.199.249
+ mac-address !00:50:56:16:3e:ed
+ }
+ }
+ rule 1065 {
+ action drop
+ description Anti-spoofing_77.68.101.124
+ source {
+ address 77.68.101.124
+ mac-address !00:50:56:15:0e:e0
+ }
+ }
+ rule 1066 {
+ action drop
+ description Anti-spoofing_77.68.101.125
+ source {
+ address 77.68.101.125
+ mac-address !00:50:56:33:ce:ff
+ }
+ }
+ rule 1068 {
+ action drop
+ description Anti-spoofing_77.68.100.167
+ source {
+ address 77.68.100.167
+ mac-address !00:50:56:34:b3:5d
+ }
+ }
+ rule 1069 {
+ action drop
+ description Anti-spoofing_77.68.49.152
+ source {
+ address 77.68.49.152
+ mac-address !00:50:56:1a:06:95
+ }
+ }
+ rule 1070 {
+ action drop
+ description Anti-spoofing_77.68.103.147
+ source {
+ address 77.68.103.147
+ mac-address !00:50:56:2e:52:7f
+ }
+ }
+ rule 1071 {
+ action drop
+ description Anti-spoofing_77.68.48.202
+ source {
+ address 77.68.48.202
+ mac-address !00:50:56:0b:da:01
+ }
+ }
+ rule 1072 {
+ action drop
+ description Anti-spoofing_77.68.112.175
+ source {
+ address 77.68.112.175
+ mac-address !00:50:56:05:9e:e5
+ }
+ }
+ rule 1073 {
+ action drop
+ description Anti-spoofing_109.228.56.97
+ source {
+ address 109.228.56.97
+ mac-address !00:50:56:36:cd:04
+ }
+ }
+ rule 1074 {
+ action drop
+ description Anti-spoofing_185.132.37.47
+ source {
+ address 185.132.37.47
+ mac-address !00:50:56:3a:de:38
+ }
+ }
+ rule 1075 {
+ action drop
+ description Anti-spoofing_77.68.31.96
+ source {
+ address 77.68.31.96
+ mac-address !00:50:56:07:d0:cf
+ }
+ }
+ rule 1076 {
+ action drop
+ description Anti-spoofing_109.228.61.37
+ source {
+ address 109.228.61.37
+ mac-address !00:50:56:1a:93:80
+ }
+ }
+ rule 1077 {
+ action drop
+ description Anti-spoofing_77.68.33.24
+ source {
+ address 77.68.33.24
+ mac-address !00:50:56:0d:ae:e8
+ }
+ }
+ rule 1078 {
+ action drop
+ description Anti-spoofing_88.208.197.135
+ source {
+ address 88.208.197.135
+ mac-address !00:50:56:3b:39:6b
+ }
+ }
+ rule 1079 {
+ action drop
+ description Anti-spoofing_77.68.103.227
+ source {
+ address 77.68.103.227
+ mac-address !00:50:56:28:cd:95
+ }
+ }
+ rule 1080 {
+ action drop
+ description Anti-spoofing_185.132.38.182
+ source {
+ address 185.132.38.182
+ mac-address !00:50:56:39:4b:e3
+ }
+ }
+ rule 1081 {
+ action drop
+ description Anti-spoofing_88.208.197.118
+ source {
+ address 88.208.197.118
+ mac-address !00:50:56:2c:cd:e3
+ }
+ }
+ rule 1082 {
+ action drop
+ description Anti-spoofing_88.208.196.92
+ source {
+ address 88.208.196.92
+ mac-address !00:50:56:05:77:19
+ }
+ }
+ rule 1083 {
+ action drop
+ description Anti-spoofing_88.208.197.150
+ source {
+ address 88.208.197.150
+ mac-address !00:50:56:0c:ae:6c
+ }
+ }
+ rule 1084 {
+ action drop
+ description Anti-spoofing_88.208.215.121
+ source {
+ address 88.208.215.121
+ mac-address !00:50:56:16:0b:60
+ }
+ }
+ rule 1085 {
+ action drop
+ description Anti-spoofing_88.208.197.10
+ source {
+ address 88.208.197.10
+ mac-address !00:50:56:1c:8b:fb
+ }
+ }
+ rule 1086 {
+ action drop
+ description Anti-spoofing_88.208.198.69
+ source {
+ address 88.208.198.69
+ mac-address !00:50:56:06:e7:eb
+ }
+ }
+ rule 1087 {
+ action drop
+ description Anti-spoofing_88.208.197.155
+ source {
+ address 88.208.197.155
+ mac-address !00:50:56:39:39:8e
+ }
+ }
+ rule 1088 {
+ action drop
+ description Anti-spoofing_88.208.198.39
+ source {
+ address 88.208.198.39
+ mac-address !00:50:56:22:2d:07
+ }
+ }
+ rule 1089 {
+ action drop
+ description Anti-spoofing_88.208.197.160
+ source {
+ address 88.208.197.160
+ mac-address !00:50:56:2e:03:9a
+ }
+ }
+ rule 1090 {
+ action drop
+ description Anti-spoofing_88.208.197.60
+ source {
+ address 88.208.197.60
+ mac-address !00:50:56:3e:59:7c
+ }
+ }
+ rule 1091 {
+ action drop
+ description Anti-spoofing_77.68.102.129
+ source {
+ address 77.68.102.129
+ mac-address !00:50:56:2c:9d:a5
+ }
+ }
+ rule 1092 {
+ action drop
+ description Anti-spoofing_88.208.196.123
+ source {
+ address 88.208.196.123
+ mac-address !00:50:56:21:ac:31
+ }
+ }
+ rule 1093 {
+ action drop
+ description Anti-spoofing_88.208.215.61
+ source {
+ address 88.208.215.61
+ mac-address !00:50:56:05:91:dd
+ }
+ }
+ rule 1094 {
+ action drop
+ description Anti-spoofing_88.208.215.62
+ source {
+ address 88.208.215.62
+ mac-address !00:50:56:2d:ff:f4
+ }
+ }
+ rule 1095 {
+ action drop
+ description Anti-spoofing_88.208.199.141
+ source {
+ address 88.208.199.141
+ mac-address !00:50:56:10:8f:10
+ }
+ }
+ rule 1096 {
+ action drop
+ description Anti-spoofing_88.208.215.157
+ source {
+ address 88.208.215.157
+ mac-address !00:50:56:38:d7:1a
+ }
+ }
+ rule 1097 {
+ action drop
+ description Anti-spoofing_77.68.21.171
+ source {
+ address 77.68.21.171
+ mac-address !00:50:56:29:e0:5f
+ }
+ }
+ rule 1098 {
+ action drop
+ description Anti-spoofing_88.208.198.251
+ source {
+ address 88.208.198.251
+ mac-address !00:50:56:2b:2a:6a
+ }
+ }
+ rule 1099 {
+ action drop
+ description Anti-spoofing_88.208.199.233
+ source {
+ address 88.208.199.233
+ mac-address !00:50:56:1e:bf:95
+ }
+ }
+ rule 1100 {
+ action drop
+ description Anti-spoofing_88.208.212.31
+ source {
+ address 88.208.212.31
+ mac-address !00:50:56:28:f4:aa
+ }
+ }
+ rule 1101 {
+ action drop
+ description Anti-spoofing_88.208.197.129
+ source {
+ address 88.208.197.129
+ mac-address !00:50:56:1f:71:bf
+ }
+ }
+ rule 1102 {
+ action drop
+ description Anti-spoofing_88.208.199.46
+ source {
+ address 88.208.199.46
+ mac-address !00:50:56:34:dc:e5
+ }
+ }
+ rule 1103 {
+ action drop
+ description Anti-spoofing_88.208.212.94
+ source {
+ address 88.208.212.94
+ mac-address !00:50:56:3d:f5:16
+ }
+ }
+ rule 1105 {
+ action drop
+ description Anti-spoofing_88.208.212.182
+ source {
+ address 88.208.212.182
+ mac-address !00:50:56:12:e4:1b
+ }
+ }
+ rule 1108 {
+ action drop
+ description Anti-spoofing_88.208.212.188
+ source {
+ address 88.208.212.188
+ mac-address !00:50:56:36:a8:9e
+ }
+ }
+ rule 1500 {
+ action drop
+ description "Block port 11211-udp"
+ protocol udp
+ source {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ port 11211
+ }
+ }
+ rule 1510 {
+ action drop
+ description "Test Drive - Outgoing traffic blocked"
+ destination {
+ group {
+ network-group !NAS_NETWORKS
+ }
+ }
+ source {
+ group {
+ address-group DT_BLOCKED
+ }
+ }
+ }
+ rule 1520 {
+ action drop
+ description "Deny outgoing SMTP to new contracts"
+ destination {
+ port smtp
+ }
+ protocol tcp
+ source {
+ group {
+ address-group DT_SMTP_BLOCKED
+ }
+ }
+ }
+ rule 1600 {
+ action accept
+ description "Allow unicast requests to DHCP servers"
+ destination {
+ group {
+ address-group DHCP_SERVERS
+ }
+ port bootps
+ }
+ protocol tcp_udp
+ source {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ }
+ rule 1610 {
+ action accept
+ description "Allow DNS queries to dnscache servers"
+ destination {
+ group {
+ address-group DNSCACHE_SERVERS
+ }
+ port 53
+ }
+ protocol tcp_udp
+ source {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ }
+ rule 1620 {
+ action accept
+ destination {
+ group {
+ address-group NAS_ARRAYS
+ }
+ }
+ source {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ }
+ rule 1630 {
+ action accept
+ description "Kerberos authentication to Domain Controllers"
+ destination {
+ group {
+ address-group NAS_DOMAIN_CONTROLLERS
+ }
+ port 88
+ }
+ protocol tcp_udp
+ source {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ }
+ rule 1640 {
+ action drop
+ description "Deny rest of the traffic to NAS"
+ destination {
+ group {
+ network-group NAS_NETWORKS
+ }
+ }
+ }
+ rule 2000 {
+ action accept
+ description "TOP port - SSH"
+ destination {
+ group {
+ address-group G-22-TCP
+ }
+ port ssh
+ }
+ protocol tcp
+ }
+ rule 2001 {
+ action accept
+ description "TOP port - RDESKTOP"
+ destination {
+ group {
+ address-group G-3389-TCP
+ }
+ port 3389
+ }
+ protocol tcp
+ }
+ rule 2002 {
+ action accept
+ description "TOP port - HTTP"
+ destination {
+ group {
+ address-group G-80-TCP
+ }
+ port http
+ }
+ protocol tcp
+ }
+ rule 2003 {
+ action accept
+ description "TOP port - HTTPS"
+ destination {
+ group {
+ address-group G-443-TCP
+ }
+ port https
+ }
+ protocol tcp
+ }
+ rule 2004 {
+ action accept
+ description "TOP port - DOMAIN TCP"
+ destination {
+ group {
+ address-group G-53-TCP
+ }
+ port domain
+ }
+ protocol tcp
+ }
+ rule 2005 {
+ action accept
+ description "TOP port - DOMAIN UDP"
+ destination {
+ group {
+ address-group G-53-UDP
+ }
+ port domain
+ }
+ protocol udp
+ }
+ rule 2006 {
+ action accept
+ description "TOP port - SMTP"
+ destination {
+ group {
+ address-group G-25-TCP
+ }
+ port smtp
+ }
+ protocol tcp
+ }
+ rule 2007 {
+ action accept
+ description "TOP port - IMAP"
+ destination {
+ group {
+ address-group G-143-TCP
+ }
+ port imap2
+ }
+ protocol tcp
+ }
+ rule 2008 {
+ action accept
+ description "TOP port - POP3"
+ destination {
+ group {
+ address-group G-110-TCP
+ }
+ port pop3
+ }
+ protocol tcp
+ }
+ rule 2009 {
+ action accept
+ description "TOP port - MSSQL TCP"
+ destination {
+ group {
+ address-group G-1433-TCP
+ }
+ port ms-sql-s
+ }
+ protocol tcp
+ }
+ rule 2010 {
+ action accept
+ description "TOP port - MYSQL TCP"
+ destination {
+ group {
+ address-group G-3306-TCP
+ }
+ port mysql
+ }
+ protocol tcp
+ }
+ rule 2011 {
+ action accept
+ description "TOP port - FTPDATA"
+ destination {
+ group {
+ address-group G-20-TCP
+ }
+ port ftp-data
+ }
+ protocol tcp
+ }
+ rule 2012 {
+ action accept
+ description "TOP port - FTP"
+ destination {
+ group {
+ address-group G-21-TCP
+ }
+ port ftp
+ }
+ protocol tcp
+ }
+ rule 2013 {
+ action accept
+ description "TOP port - SSMTP"
+ destination {
+ group {
+ address-group G-465-TCP
+ }
+ port ssmtp
+ }
+ protocol tcp
+ }
+ rule 2014 {
+ action accept
+ description "TOP port - SMTPS"
+ destination {
+ group {
+ address-group G-587-TCP
+ }
+ port 587
+ }
+ protocol tcp
+ }
+ rule 2015 {
+ action accept
+ description "TOP port - IMAPS"
+ destination {
+ group {
+ address-group G-993-TCP
+ }
+ port imaps
+ }
+ protocol tcp
+ }
+ rule 2016 {
+ action accept
+ description "TOP port - POP3S"
+ destination {
+ group {
+ address-group G-995-TCP
+ }
+ port pop3s
+ }
+ protocol tcp
+ }
+ rule 2017 {
+ action accept
+ description "TOP port - TOMCAT"
+ destination {
+ group {
+ address-group G-8080-TCP
+ }
+ port 8080
+ }
+ protocol tcp
+ }
+ rule 2018 {
+ action accept
+ description "TOP port - Alternative HTTPS"
+ destination {
+ group {
+ address-group G-8443-TCP
+ }
+ port 8443
+ }
+ protocol tcp
+ }
+ rule 2019 {
+ action accept
+ description "TOP port - 10000/TCP"
+ destination {
+ group {
+ address-group G-10000-TCP
+ }
+ port 10000
+ }
+ protocol tcp
+ }
+ rule 2020 {
+ action accept
+ description "TOP port - 8447/TCP"
+ destination {
+ group {
+ address-group G-8447-TCP
+ }
+ port 8447
+ }
+ protocol tcp
+ }
+ rule 2040 {
+ action accept
+ description "TOP port - All ports open"
+ destination {
+ group {
+ address-group G-ALL_OPEN
+ }
+ }
+ }
+ rule 2050 {
+ action accept
+ description "ICMP group"
+ destination {
+ group {
+ address-group G-ICMP
+ }
+ }
+ protocol icmp
+ }
+ rule 2100 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-104.192.143.2
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 7999,22
+ }
+ protocol tcp
+ source {
+ address 104.192.143.2
+ }
+ }
+ rule 2101 {
+ action accept
+ description FW19987_4-TCP-ALLOW-77.68.74.54
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.74.54
+ }
+ }
+ rule 2102 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-109.72.210.46
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 109.72.210.46
+ }
+ }
+ rule 2103 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 2104 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-164.177.156.192
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 164.177.156.192
+ }
+ }
+ rule 2105 {
+ action accept
+ description FWDAA4F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDAA4F_1
+ }
+ port 22335
+ }
+ protocol tcp
+ }
+ rule 2106 {
+ action accept
+ description FW6D0CD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6D0CD_1
+ }
+ port 6900,7000
+ }
+ protocol tcp
+ }
+ rule 2107 {
+ action accept
+ description FW6D0CD_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6D0CD_1
+ }
+ port 9001
+ }
+ protocol tcp_udp
+ }
+ rule 2108 {
+ action accept
+ description FW06176_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW06176_1
+ }
+ port 5900
+ }
+ protocol tcp
+ }
+ rule 2109 {
+ action accept
+ description FW19987_4-TCP-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 2110 {
+ action accept
+ description FWF7B68_1-TCP-ALLOW-54.221.251.224
+ destination {
+ group {
+ address-group DT_FWF7B68_1
+ }
+ port 8443,3306,22,21,20
+ }
+ protocol tcp
+ source {
+ address 54.221.251.224
+ }
+ }
+ rule 2111 {
+ action accept
+ description FW05AD0_2-TCP-ALLOW-178.251.181.41
+ destination {
+ group {
+ address-group DT_FW05AD0_2
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 178.251.181.41
+ }
+ }
+ rule 2112 {
+ action accept
+ description FW05AD0_2-TCP-ALLOW-178.251.181.6
+ destination {
+ group {
+ address-group DT_FW05AD0_2
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 178.251.181.6
+ }
+ }
+ rule 2113 {
+ action accept
+ description VPN-7030-ANY-ALLOW-10.4.58.119
+ destination {
+ group {
+ address-group DT_VPN-7030
+ }
+ }
+ source {
+ address 10.4.58.119
+ }
+ }
+ rule 2114 {
+ action accept
+ description FW58C69_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW58C69_4
+ }
+ port 5666
+ }
+ protocol tcp
+ }
+ rule 2115 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-185.201.180.35
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000,22
+ }
+ protocol tcp
+ source {
+ address 185.201.180.35
+ }
+ }
+ rule 2116 {
+ action accept
+ description FW19987_4-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2117 {
+ action accept
+ description FW19987_4-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2118 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-212.159.160.65
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443,3389,3306,22,21
+ }
+ protocol tcp
+ source {
+ address 212.159.160.65
+ }
+ }
+ rule 2119 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-79.78.20.149
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8447,8443,3389,3306,993,143,22,21
+ }
+ protocol tcp
+ source {
+ address 79.78.20.149
+ }
+ }
+ rule 2120 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-77.68.77.185
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.77.185
+ }
+ }
+ rule 2121 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-82.165.232.19
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443,3389
+ }
+ protocol tcp
+ source {
+ address 82.165.232.19
+ }
+ }
+ rule 2122 {
+ action accept
+ description FW2C5AE_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2C5AE_1
+ }
+ port 30303,5717
+ }
+ protocol tcp_udp
+ }
+ rule 2123 {
+ action accept
+ description VPN-12899-ANY-ALLOW-10.4.58.207
+ destination {
+ group {
+ address-group DT_VPN-12899
+ }
+ }
+ source {
+ address 10.4.58.207
+ }
+ }
+ rule 2124 {
+ action accept
+ description FW7648D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW7648D_1
+ }
+ port 8501,8050,7801,4444,1443
+ }
+ protocol tcp
+ }
+ rule 2125 {
+ action accept
+ description FW0C2E6_4-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0C2E6_4
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 2126 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.37.175.132
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.37.175.132
+ }
+ }
+ rule 2127 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-165.255.242.223
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 165.255.242.223
+ }
+ }
+ rule 2128 {
+ action accept
+ description VPN-10131-ANY-ALLOW-10.4.56.51
+ destination {
+ group {
+ address-group DT_VPN-10131
+ }
+ }
+ source {
+ address 10.4.56.51
+ }
+ }
+ rule 2129 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-212.227.84.142
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 212.227.84.142
+ }
+ }
+ rule 2130 {
+ action accept
+ description FW2BB8D_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2131 {
+ action accept
+ description FWFDD94_15-TCP-ALLOW-90.29.180.234
+ destination {
+ group {
+ address-group DT_FWFDD94_15
+ }
+ port 5683,1883
+ }
+ protocol tcp
+ source {
+ address 90.29.180.234
+ }
+ }
+ rule 2132 {
+ action accept
+ description VPN-10131-ANY-ALLOW-10.4.57.51
+ destination {
+ group {
+ address-group DT_VPN-10131
+ }
+ }
+ source {
+ address 10.4.57.51
+ }
+ }
+ rule 2133 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-109.228.49.193
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 5000
+ }
+ protocol tcp
+ source {
+ address 109.228.49.193
+ }
+ }
+ rule 2134 {
+ action accept
+ description FW81138_1-ICMP-ALLOW-3.10.221.168
+ destination {
+ group {
+ address-group DT_FW81138_1
+ }
+ }
+ protocol icmp
+ source {
+ address 3.10.221.168
+ }
+ }
+ rule 2135 {
+ action accept
+ description FWB28B6_5-AH-ALLOW-77.68.36.46
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.36.46
+ }
+ }
+ rule 2136 {
+ action accept
+ description FWB28B6_5-ESP-ALLOW-77.68.36.46
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.36.46
+ }
+ }
+ rule 2137 {
+ action accept
+ description FW825C8_24-TCP-ALLOW-77.68.87.201
+ destination {
+ group {
+ address-group DT_FW825C8_24
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.87.201
+ }
+ }
+ rule 2138 {
+ action accept
+ description FWB28B6_5-AH-ALLOW-213.171.196.146
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol ah
+ source {
+ address 213.171.196.146
+ }
+ }
+ rule 2139 {
+ action accept
+ description FWB28B6_5-ESP-ALLOW-213.171.196.146
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol esp
+ source {
+ address 213.171.196.146
+ }
+ }
+ rule 2140 {
+ action accept
+ description FWB28B6_5-UDP-ALLOW-213.171.196.146
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 500,4500
+ }
+ protocol udp
+ source {
+ address 213.171.196.146
+ }
+ }
+ rule 2141 {
+ action accept
+ description FWB28B6_5-TCP_UDP-ALLOW-213.171.196.146
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 1701
+ }
+ protocol tcp_udp
+ source {
+ address 213.171.196.146
+ }
+ }
+ rule 2142 {
+ action accept
+ description FWB28B6_5-TCP_UDP-ALLOW-77.68.36.46
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 1701
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.36.46
+ }
+ }
+ rule 2143 {
+ action accept
+ description FWB28B6_5-UDP-ALLOW-77.68.36.46
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 500,4500
+ }
+ protocol udp
+ source {
+ address 77.68.36.46
+ }
+ }
+ rule 2144 {
+ action accept
+ description VPN-12899-ANY-ALLOW-10.4.59.207
+ destination {
+ group {
+ address-group DT_VPN-12899
+ }
+ }
+ source {
+ address 10.4.59.207
+ }
+ }
+ rule 2145 {
+ action accept
+ description FWB28B6_5-TCP-ALLOW-81.130.141.175
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.130.141.175
+ }
+ }
+ rule 2146 {
+ action accept
+ description FWB28B6_5-UDP-ALLOW-77.68.38.195
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 4500,500
+ }
+ protocol udp
+ source {
+ address 77.68.38.195
+ }
+ }
+ rule 2147 {
+ action accept
+ description FWB28B6_5-AH-ALLOW-77.68.38.195
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.38.195
+ }
+ }
+ rule 2148 {
+ action accept
+ description FWB28B6_5-ESP-ALLOW-77.68.38.195
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.38.195
+ }
+ }
+ rule 2149 {
+ action accept
+ description FWB28B6_5-TCP_UDP-ALLOW-77.68.38.195
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 1701
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.38.195
+ }
+ }
+ rule 2150 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.37.178.77
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.37.178.77
+ }
+ }
+ rule 2151 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-51.241.139.56
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 51.241.139.56
+ }
+ }
+ rule 2152 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-150.143.57.138
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 150.143.57.138
+ }
+ }
+ rule 2153 {
+ action accept
+ description FW6ECA4_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6ECA4_1
+ }
+ port 3939,3335,3334,3333,3000,999,444
+ }
+ protocol tcp_udp
+ }
+ rule 2154 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.45.13.20
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.45.13.20
+ }
+ }
+ rule 2155 {
+ action accept
+ description FW481D7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW481D7_1
+ }
+ port 3478
+ }
+ protocol tcp_udp
+ }
+ rule 2156 {
+ action accept
+ description FW5A5D7_3-GRE-ALLOW-51.219.222.28
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ }
+ protocol gre
+ source {
+ address 51.219.222.28
+ }
+ }
+ rule 2157 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-94.195.127.217
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 94.195.127.217
+ }
+ }
+ rule 2158 {
+ action accept
+ description FW2E060_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2E060_1
+ }
+ port 49152-65535,8443-8447
+ }
+ protocol tcp
+ }
+ rule 2159 {
+ action accept
+ description FWFDD94_15-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFDD94_15
+ }
+ port 9090,5080,1935
+ }
+ protocol tcp
+ }
+ rule 2160 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.45.190.224
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.45.190.224
+ }
+ }
+ rule 2161 {
+ action accept
+ description FW9E550_1-TCP-ALLOW-109.249.187.56
+ destination {
+ group {
+ address-group DT_FW9E550_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 109.249.187.56
+ }
+ }
+ rule 2162 {
+ action accept
+ description FW89619_1-TCP-ALLOW-81.133.80.114
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.133.80.114
+ }
+ }
+ rule 2163 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-212.227.72.218
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 212.227.72.218
+ }
+ }
+ rule 2164 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-151.229.59.51
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 151.229.59.51
+ }
+ }
+ rule 2165 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-178.251.181.41
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433,21
+ }
+ protocol tcp
+ source {
+ address 178.251.181.41
+ }
+ }
+ rule 2166 {
+ action accept
+ description FW3CAAB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3CAAB_1
+ }
+ port 49152-65535,30000-30400,8443-8447,5432,80-110,21-25
+ }
+ protocol tcp
+ }
+ rule 2167 {
+ action accept
+ description FW91B7A_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW91B7A_1
+ }
+ port 3389,80
+ }
+ protocol tcp_udp
+ }
+ rule 2168 {
+ action accept
+ description FW40416_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW40416_1
+ }
+ port 1-65535
+ }
+ protocol tcp
+ }
+ rule 2169 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-81.151.24.216
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 10000,22
+ }
+ protocol tcp
+ source {
+ address 81.151.24.216
+ }
+ }
+ rule 2170 {
+ action accept
+ description VPN-7030-ANY-ALLOW-10.4.59.119
+ destination {
+ group {
+ address-group DT_VPN-7030
+ }
+ }
+ source {
+ address 10.4.59.119
+ }
+ }
+ rule 2171 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-62.252.94.138
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 3389,1433
+ }
+ protocol tcp
+ source {
+ address 62.252.94.138
+ }
+ }
+ rule 2172 {
+ action accept
+ description FW89619_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5015,5001,5000
+ }
+ protocol tcp
+ }
+ rule 2173 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-167.98.162.142
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 167.98.162.142
+ }
+ }
+ rule 2174 {
+ action accept
+ description FW013EF_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW013EF_2
+ }
+ port 44445,7770-7800,5090,5060-5070,5015,5001,2000-2500
+ }
+ protocol tcp
+ }
+ rule 2175 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.12
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.12
+ }
+ }
+ rule 2176 {
+ action accept
+ description VPN-15625-ANY-ALLOW-10.4.88.79
+ destination {
+ group {
+ address-group DT_VPN-15625
+ }
+ }
+ source {
+ address 10.4.88.79
+ }
+ }
+ rule 2177 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.228.53.128
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 109.228.53.128
+ }
+ }
+ rule 2178 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-178.251.181.6
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 178.251.181.6
+ }
+ }
+ rule 2179 {
+ action accept
+ description FW578BE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW578BE_1
+ }
+ port 23,1521,1522
+ }
+ protocol tcp
+ }
+ rule 2180 {
+ action accept
+ description FWE012D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE012D_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2181 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-213.171.209.161
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 213.171.209.161
+ }
+ }
+ rule 2182 {
+ action accept
+ description VPN-8203-ANY-ALLOW-10.4.58.109
+ destination {
+ group {
+ address-group DT_VPN-8203
+ }
+ }
+ source {
+ address 10.4.58.109
+ }
+ }
+ rule 2183 {
+ action accept
+ description VPN-9415-ANY-ALLOW-10.4.58.168
+ destination {
+ group {
+ address-group DT_VPN-9415
+ }
+ }
+ source {
+ address 10.4.58.168
+ }
+ }
+ rule 2184 {
+ action accept
+ description VPN-9415-ANY-ALLOW-10.4.59.168
+ destination {
+ group {
+ address-group DT_VPN-9415
+ }
+ }
+ source {
+ address 10.4.59.168
+ }
+ }
+ rule 2185 {
+ action accept
+ description FW27A8F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW27A8F_1
+ }
+ port 9990,8458,8090,6543,5432
+ }
+ protocol tcp
+ }
+ rule 2186 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.11.224
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 5000
+ }
+ protocol tcp
+ source {
+ address 77.68.11.224
+ }
+ }
+ rule 2187 {
+ action accept
+ description VPN-15625-ANY-ALLOW-10.4.89.79
+ destination {
+ group {
+ address-group DT_VPN-15625
+ }
+ }
+ source {
+ address 10.4.89.79
+ }
+ }
+ rule 2188 {
+ action accept
+ description VPN-14649-ANY-ALLOW-10.4.86.35
+ destination {
+ group {
+ address-group DT_VPN-14649
+ }
+ }
+ source {
+ address 10.4.86.35
+ }
+ }
+ rule 2189 {
+ action accept
+ description VPN-14649-ANY-ALLOW-10.4.87.35
+ destination {
+ group {
+ address-group DT_VPN-14649
+ }
+ }
+ source {
+ address 10.4.87.35
+ }
+ }
+ rule 2190 {
+ action accept
+ description VPN-14657-ANY-ALLOW-10.4.86.38
+ destination {
+ group {
+ address-group DT_VPN-14657
+ }
+ }
+ source {
+ address 10.4.86.38
+ }
+ }
+ rule 2191 {
+ action accept
+ description VPN-14657-ANY-ALLOW-10.4.87.38
+ destination {
+ group {
+ address-group DT_VPN-14657
+ }
+ }
+ source {
+ address 10.4.87.38
+ }
+ }
+ rule 2192 {
+ action accept
+ description VPN-14658-ANY-ALLOW-10.4.88.38
+ destination {
+ group {
+ address-group DT_VPN-14658
+ }
+ }
+ source {
+ address 10.4.88.38
+ }
+ }
+ rule 2193 {
+ action accept
+ description VPN-14658-ANY-ALLOW-10.4.89.38
+ destination {
+ group {
+ address-group DT_VPN-14658
+ }
+ }
+ source {
+ address 10.4.89.38
+ }
+ }
+ rule 2194 {
+ action accept
+ description FW0BB22_1-GRE-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ }
+ protocol gre
+ }
+ rule 2195 {
+ action accept
+ description FW0BB22_1-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ }
+ protocol esp
+ }
+ rule 2196 {
+ action accept
+ description FW1CC15_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1CC15_2
+ }
+ port 8089,8085,990,81
+ }
+ protocol tcp
+ }
+ rule 2197 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.0.124
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.0.124
+ }
+ }
+ rule 2198 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-51.219.222.28
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 8172,3389,1723,1701,47
+ }
+ protocol tcp
+ source {
+ address 51.219.222.28
+ }
+ }
+ rule 2199 {
+ action accept
+ description FW1CB16_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1CB16_1
+ }
+ port 3306,27017,53
+ }
+ protocol tcp_udp
+ }
+ rule 2200 {
+ action accept
+ description FWE47DA_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE47DA_1
+ }
+ port 7770-7800,44445
+ }
+ protocol tcp
+ }
+ rule 2201 {
+ action accept
+ description FW37E59_5-TCP-ALLOW-77.68.20.244
+ destination {
+ group {
+ address-group DT_FW37E59_5
+ }
+ port 30303
+ }
+ protocol tcp
+ source {
+ address 77.68.20.244
+ }
+ }
+ rule 2202 {
+ action accept
+ description FW274FD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW274FD_1
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2203 {
+ action accept
+ description FW6CD7E_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6CD7E_2
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2204 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-178.17.252.59
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 178.17.252.59
+ }
+ }
+ rule 2205 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-185.83.64.108
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 185.83.64.108
+ }
+ }
+ rule 2206 {
+ action accept
+ description FW0937A_1-TCP-ALLOW-83.135.134.13
+ destination {
+ group {
+ address-group DT_FW0937A_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 83.135.134.13
+ }
+ }
+ rule 2207 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.112.64
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 77.68.112.64
+ }
+ }
+ rule 2208 {
+ action accept
+ description FW6CD7E_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6CD7E_2
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2209 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-194.73.17.47
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 194.73.17.47
+ }
+ }
+ rule 2210 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.68.115.33
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.115.33
+ }
+ }
+ rule 2211 {
+ action accept
+ description FWA3EA3_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA3EA3_1
+ }
+ port 943
+ }
+ protocol tcp
+ }
+ rule 2212 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-82.165.100.25
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 21-10000
+ }
+ protocol tcp
+ source {
+ address 82.165.100.25
+ }
+ }
+ rule 2213 {
+ action accept
+ description FWECBFB_14-TCP-ALLOW-109.228.59.50
+ destination {
+ group {
+ address-group DT_FWECBFB_14
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 109.228.59.50
+ }
+ }
+ rule 2214 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.100
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.100
+ }
+ }
+ rule 2215 {
+ action accept
+ description FWD7EAB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD7EAB_1
+ }
+ port 60000-60100
+ }
+ protocol tcp
+ }
+ rule 2216 {
+ action accept
+ description FWEB321_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWEB321_1
+ }
+ port 113,4190
+ }
+ protocol tcp
+ }
+ rule 2217 {
+ action accept
+ description FW9C682_3-TCP-ALLOW-195.206.180.132
+ destination {
+ group {
+ address-group DT_FW9C682_3
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 195.206.180.132
+ }
+ }
+ rule 2218 {
+ action accept
+ description VPN-8159-ANY-ALLOW-10.4.58.91
+ destination {
+ group {
+ address-group DT_VPN-8159
+ }
+ }
+ source {
+ address 10.4.58.91
+ }
+ }
+ rule 2219 {
+ action accept
+ description VPN-21673-ANY-ALLOW-10.4.88.187
+ destination {
+ group {
+ address-group DT_VPN-21673
+ }
+ }
+ source {
+ address 10.4.88.187
+ }
+ }
+ rule 2220 {
+ action accept
+ description VPN-21673-ANY-ALLOW-10.4.89.187
+ destination {
+ group {
+ address-group DT_VPN-21673
+ }
+ }
+ source {
+ address 10.4.89.187
+ }
+ }
+ rule 2221 {
+ action accept
+ description VPN-21821-ANY-ALLOW-10.4.88.49
+ destination {
+ group {
+ address-group DT_VPN-21821
+ }
+ }
+ source {
+ address 10.4.88.49
+ }
+ }
+ rule 2222 {
+ action accept
+ description VPN-21821-ANY-ALLOW-10.4.89.49
+ destination {
+ group {
+ address-group DT_VPN-21821
+ }
+ }
+ source {
+ address 10.4.89.49
+ }
+ }
+ rule 2223 {
+ action accept
+ description FWECBFB_14-TCP-ALLOW-81.133.80.58
+ destination {
+ group {
+ address-group DT_FWECBFB_14
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.133.80.58
+ }
+ }
+ rule 2224 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.238
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.238
+ }
+ }
+ rule 2225 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-185.212.168.51
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 185.212.168.51
+ }
+ }
+ rule 2226 {
+ action accept
+ description FW8B21D_1-ANY-ALLOW-212.187.250.2
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ }
+ source {
+ address 212.187.250.2
+ }
+ }
+ rule 2227 {
+ action accept
+ description FW35F7B_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW35F7B_1
+ }
+ port 1434
+ }
+ protocol tcp_udp
+ }
+ rule 2228 {
+ action accept
+ description FWD338A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD338A_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2229 {
+ action accept
+ description FW35F7B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW35F7B_1
+ }
+ port 56791
+ }
+ protocol tcp
+ }
+ rule 2230 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.68.77.114
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.77.114
+ }
+ }
+ rule 2231 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-194.74.137.17
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 194.74.137.17
+ }
+ }
+ rule 2232 {
+ action accept
+ description FW52F6F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW52F6F_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2233 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.23.109
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 77.68.23.109
+ }
+ }
+ rule 2234 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.247
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.247
+ }
+ }
+ rule 2235 {
+ action accept
+ description FW4E314_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4E314_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2236 {
+ action accept
+ description FW73573_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73573_2
+ }
+ port 25
+ }
+ protocol tcp_udp
+ }
+ rule 2237 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.68.93.89
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.93.89
+ }
+ }
+ rule 2238 {
+ action accept
+ description FW856FA_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW856FA_1
+ }
+ port 6003
+ }
+ protocol tcp
+ }
+ rule 2239 {
+ action accept
+ description FWECBFB_14-TCP-ALLOW-81.19.214.155
+ destination {
+ group {
+ address-group DT_FWECBFB_14
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.19.214.155
+ }
+ }
+ rule 2240 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-51.219.168.170
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 51.219.168.170
+ }
+ }
+ rule 2241 {
+ action accept
+ description FW30D21_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW30D21_1
+ }
+ port 2083-2087,53,2812,2096,25,993,587
+ }
+ protocol tcp_udp
+ }
+ rule 2242 {
+ action accept
+ description FWA076E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA076E_1
+ }
+ port 2199,2197
+ }
+ protocol tcp
+ }
+ rule 2243 {
+ action accept
+ description FWA076E_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA076E_1
+ }
+ port 8000-8010
+ }
+ protocol tcp_udp
+ }
+ rule 2244 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-82.165.166.41
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 8447,8443,443,80,22
+ }
+ protocol tcp
+ source {
+ address 82.165.166.41
+ }
+ }
+ rule 2245 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.180
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22,80
+ }
+ protocol tcp
+ source {
+ address 213.171.217.180
+ }
+ }
+ rule 2246 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.184
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.184
+ }
+ }
+ rule 2247 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.185
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.185
+ }
+ }
+ rule 2248 {
+ action accept
+ description FW2F868_6-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 161
+ }
+ protocol udp
+ }
+ rule 2249 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.102
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22,24
+ }
+ protocol tcp
+ source {
+ address 213.171.217.102
+ }
+ }
+ rule 2250 {
+ action accept
+ description FW9C682_3-TCP-ALLOW-80.194.78.162
+ destination {
+ group {
+ address-group DT_FW9C682_3
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 80.194.78.162
+ }
+ }
+ rule 2251 {
+ action accept
+ description VPN-21822-ANY-ALLOW-10.4.54.47
+ destination {
+ group {
+ address-group DT_VPN-21822
+ }
+ }
+ source {
+ address 10.4.54.47
+ }
+ }
+ rule 2252 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-77.68.75.244
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.75.244
+ }
+ }
+ rule 2253 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-195.147.173.92
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 195.147.173.92
+ }
+ }
+ rule 2254 {
+ action accept
+ description FW1D511_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1D511_2
+ }
+ port 8090
+ }
+ protocol tcp
+ }
+ rule 2255 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-85.17.25.47
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 85.17.25.47
+ }
+ }
+ rule 2256 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.89.209
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 77.68.89.209
+ }
+ }
+ rule 2257 {
+ action accept
+ description FWE2AB5_8-TCP-ALLOW-213.171.217.184
+ destination {
+ group {
+ address-group DT_FWE2AB5_8
+ }
+ port 7000
+ }
+ protocol tcp
+ source {
+ address 213.171.217.184
+ }
+ }
+ rule 2258 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.68.94.177
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.94.177
+ }
+ }
+ rule 2259 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.95.129
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 77.68.95.129
+ }
+ }
+ rule 2260 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.104.118.136
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.104.118.136
+ }
+ }
+ rule 2261 {
+ action accept
+ description FW1FA9E_1-TCP-ALLOW-78.88.254.99
+ destination {
+ group {
+ address-group DT_FW1FA9E_1
+ }
+ port 9000,8200,5601,4444
+ }
+ protocol tcp
+ source {
+ address 78.88.254.99
+ }
+ }
+ rule 2262 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.27
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.46.27
+ }
+ }
+ rule 2263 {
+ action accept
+ description FWA7A50_1-TCP-ALLOW-81.110.192.198
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.110.192.198
+ }
+ }
+ rule 2264 {
+ action accept
+ description VPN-21822-ANY-ALLOW-10.4.55.47
+ destination {
+ group {
+ address-group DT_VPN-21822
+ }
+ }
+ source {
+ address 10.4.55.47
+ }
+ }
+ rule 2265 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.31.195
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 77.68.31.195
+ }
+ }
+ rule 2266 {
+ action accept
+ description FW45BEB_1-TCP-ALLOW-62.3.71.238
+ destination {
+ group {
+ address-group DT_FW45BEB_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 62.3.71.238
+ }
+ }
+ rule 2267 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.113
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.113
+ }
+ }
+ rule 2268 {
+ action accept
+ description VPN-23946-ANY-ALLOW-10.4.58.13
+ destination {
+ group {
+ address-group DT_VPN-23946
+ }
+ }
+ source {
+ address 10.4.58.13
+ }
+ }
+ rule 2269 {
+ action accept
+ description FW98818_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW98818_1
+ }
+ port 27015
+ }
+ protocol tcp
+ }
+ rule 2270 {
+ action accept
+ description VPN-23946-ANY-ALLOW-10.4.59.13
+ destination {
+ group {
+ address-group DT_VPN-23946
+ }
+ }
+ source {
+ address 10.4.59.13
+ }
+ }
+ rule 2271 {
+ action accept
+ description VPN-28031-ANY-ALLOW-10.4.88.197
+ destination {
+ group {
+ address-group DT_VPN-28031
+ }
+ }
+ source {
+ address 10.4.88.197
+ }
+ }
+ rule 2272 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.104.118.231
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.104.118.231
+ }
+ }
+ rule 2273 {
+ action accept
+ description FW5A5D7_3-TCP_UDP-ALLOW-51.219.222.28
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 500
+ }
+ protocol tcp_udp
+ source {
+ address 51.219.222.28
+ }
+ }
+ rule 2274 {
+ action accept
+ description FW32EFF_25-TCP-ALLOW-185.106.220.231
+ destination {
+ group {
+ address-group DT_FW32EFF_25
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 185.106.220.231
+ }
+ }
+ rule 2275 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.104.118.66
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.104.118.66
+ }
+ }
+ rule 2276 {
+ action accept
+ description FW934AE_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW934AE_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 2277 {
+ action accept
+ description VPN-28031-ANY-ALLOW-10.4.89.197
+ destination {
+ group {
+ address-group DT_VPN-28031
+ }
+ }
+ source {
+ address 10.4.89.197
+ }
+ }
+ rule 2278 {
+ action accept
+ description FW6863A_4-TCP_UDP-ALLOW-82.165.166.41
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 21-10000
+ }
+ protocol tcp_udp
+ source {
+ address 82.165.166.41
+ }
+ }
+ rule 2279 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.104.119.162
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.104.119.162
+ }
+ }
+ rule 2280 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.74.199.143
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.74.199.143
+ }
+ }
+ rule 2281 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-185.92.25.48
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 185.92.25.48
+ }
+ }
+ rule 2282 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-207.148.2.40
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 207.148.2.40
+ }
+ }
+ rule 2283 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-45.76.235.62
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 45.76.235.62
+ }
+ }
+ rule 2284 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-45.76.236.93
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 45.76.236.93
+ }
+ }
+ rule 2285 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-45.76.59.5
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 45.76.59.5
+ }
+ }
+ rule 2286 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.15.134
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4444,3306
+ }
+ protocol tcp
+ source {
+ address 77.68.15.134
+ }
+ }
+ rule 2287 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.22.208
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4444,3306
+ }
+ protocol tcp
+ source {
+ address 77.68.22.208
+ }
+ }
+ rule 2288 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.23.108
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.23.108
+ }
+ }
+ rule 2289 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.23.54
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.23.54
+ }
+ }
+ rule 2290 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.30.45
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.30.45
+ }
+ }
+ rule 2291 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.7.198
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.7.198
+ }
+ }
+ rule 2292 {
+ action accept
+ description VPN-29631-ANY-ALLOW-10.4.54.76
+ destination {
+ group {
+ address-group DT_VPN-29631
+ }
+ }
+ source {
+ address 10.4.54.76
+ }
+ }
+ rule 2293 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.89.200
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4444,3306
+ }
+ protocol tcp
+ source {
+ address 77.68.89.200
+ }
+ }
+ rule 2294 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.91.50
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.91.50
+ }
+ }
+ rule 2295 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-82.165.206.230
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 82.165.206.230
+ }
+ }
+ rule 2296 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-82.165.207.109
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4444,3306
+ }
+ protocol tcp
+ source {
+ address 82.165.207.109
+ }
+ }
+ rule 2297 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-94.196.156.5
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 94.196.156.5
+ }
+ }
+ rule 2298 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-77.68.15.134
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.15.134
+ }
+ }
+ rule 2299 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-77.68.22.208
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.22.208
+ }
+ }
+ rule 2300 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-77.68.23.109
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.23.109
+ }
+ }
+ rule 2301 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-77.68.89.200
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.89.200
+ }
+ }
+ rule 2302 {
+ action accept
+ description FW05339_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW05339_1
+ }
+ port 8085,5055,5013,5005,444
+ }
+ protocol tcp
+ }
+ rule 2303 {
+ action accept
+ description FW32EFF_25-TCP-ALLOW-217.169.61.164
+ destination {
+ group {
+ address-group DT_FW32EFF_25
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 217.169.61.164
+ }
+ }
+ rule 2304 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-185.83.65.45
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 185.83.65.45
+ }
+ }
+ rule 2305 {
+ action accept
+ description VPN-13983-ANY-ALLOW-10.4.58.176
+ destination {
+ group {
+ address-group DT_VPN-13983
+ }
+ }
+ source {
+ address 10.4.58.176
+ }
+ }
+ rule 2306 {
+ action accept
+ description FWDAF47_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDAF47_1
+ }
+ port 8090,7080,443,53
+ }
+ protocol tcp_udp
+ }
+ rule 2307 {
+ action accept
+ description VPN-29631-ANY-ALLOW-10.4.55.77
+ destination {
+ group {
+ address-group DT_VPN-29631
+ }
+ }
+ source {
+ address 10.4.55.77
+ }
+ }
+ rule 2308 {
+ action accept
+ description VPN-34309-ANY-ALLOW-10.4.58.142
+ destination {
+ group {
+ address-group DT_VPN-34309
+ }
+ }
+ source {
+ address 10.4.58.142
+ }
+ }
+ rule 2309 {
+ action accept
+ description FW27949_2-TCP-ALLOW-138.124.142.180
+ destination {
+ group {
+ address-group DT_FW27949_2
+ }
+ port 443,80
+ }
+ protocol tcp
+ source {
+ address 138.124.142.180
+ }
+ }
+ rule 2310 {
+ action accept
+ description FWF8F85_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF8F85_1
+ }
+ port 3306
+ }
+ protocol tcp_udp
+ }
+ rule 2311 {
+ action accept
+ description FWDAF47_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDAF47_1
+ }
+ port 40110-40210
+ }
+ protocol tcp
+ }
+ rule 2312 {
+ action accept
+ description VPN-34309-ANY-ALLOW-10.4.59.142
+ destination {
+ group {
+ address-group DT_VPN-34309
+ }
+ }
+ source {
+ address 10.4.59.142
+ }
+ }
+ rule 2313 {
+ action accept
+ description FWA0531_1-TCP-ALLOW-87.224.39.220
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 87.224.39.220
+ }
+ }
+ rule 2314 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 1334
+ }
+ protocol tcp
+ }
+ rule 2315 {
+ action accept
+ description FW8C927_1-TCP_UDP-ALLOW-84.92.125.78
+ destination {
+ group {
+ address-group DT_FW8C927_1
+ }
+ port 3306,22
+ }
+ protocol tcp_udp
+ source {
+ address 84.92.125.78
+ }
+ }
+ rule 2316 {
+ action accept
+ description FW8C927_1-TCP_UDP-ALLOW-88.208.238.152
+ destination {
+ group {
+ address-group DT_FW8C927_1
+ }
+ port 3306,22
+ }
+ protocol tcp_udp
+ source {
+ address 88.208.238.152
+ }
+ }
+ rule 2317 {
+ action accept
+ description FW81138_1-ICMP-ALLOW-82.165.232.19
+ destination {
+ group {
+ address-group DT_FW81138_1
+ }
+ }
+ protocol icmp
+ source {
+ address 82.165.232.19
+ }
+ }
+ rule 2318 {
+ action accept
+ description FW28892_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW28892_1
+ }
+ port 7000
+ }
+ protocol tcp
+ }
+ rule 2319 {
+ action accept
+ description FWC96A1_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC96A1_1
+ }
+ port 222
+ }
+ protocol tcp
+ }
+ rule 2320 {
+ action accept
+ description VPN-13983-ANY-ALLOW-10.4.59.176
+ destination {
+ group {
+ address-group DT_VPN-13983
+ }
+ }
+ source {
+ address 10.4.59.176
+ }
+ }
+ rule 2321 {
+ action accept
+ description FW2FB61_1-TCP-ALLOW-5.183.104.15
+ destination {
+ group {
+ address-group DT_FW2FB61_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 5.183.104.15
+ }
+ }
+ rule 2322 {
+ action accept
+ description FW81138_1-ICMP-ALLOW-82.20.69.137
+ destination {
+ group {
+ address-group DT_FW81138_1
+ }
+ }
+ protocol icmp
+ source {
+ address 82.20.69.137
+ }
+ }
+ rule 2323 {
+ action accept
+ description FW72F37_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW72F37_1
+ }
+ port 7770-7800,44445
+ }
+ protocol tcp
+ }
+ rule 2324 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-81.111.155.34
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 81.111.155.34
+ }
+ }
+ rule 2325 {
+ action accept
+ description VPN-20306-ANY-ALLOW-10.4.88.173
+ destination {
+ group {
+ address-group DT_VPN-20306
+ }
+ }
+ source {
+ address 10.4.88.173
+ }
+ }
+ rule 2326 {
+ action accept
+ description FW6C992_1-TCP-ALLOW-89.33.185.0_24
+ destination {
+ group {
+ address-group DT_FW6C992_1
+ }
+ port 8447,8443,22
+ }
+ protocol tcp
+ source {
+ address 89.33.185.0/24
+ }
+ }
+ rule 2327 {
+ action accept
+ description FW2FB61_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2FB61_1
+ }
+ port 45000
+ }
+ protocol tcp
+ }
+ rule 2328 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.202
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.46.202
+ }
+ }
+ rule 2329 {
+ action accept
+ description FWF9C28_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF9C28_2
+ }
+ port 7770-7800,44445
+ }
+ protocol tcp
+ }
+ rule 2330 {
+ action accept
+ description FW3DBF8_9-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3DBF8_9
+ }
+ port 8088,8080,5090,5060,3478,1935
+ }
+ protocol tcp_udp
+ }
+ rule 2331 {
+ action accept
+ description FW3DBF8_9-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3DBF8_9
+ }
+ port 5062,5061,5015,5001
+ }
+ protocol tcp
+ }
+ rule 2332 {
+ action accept
+ description VPN-16402-ANY-ALLOW-10.4.88.60
+ destination {
+ group {
+ address-group DT_VPN-16402
+ }
+ }
+ source {
+ address 10.4.88.60
+ }
+ }
+ rule 2333 {
+ action accept
+ description FWC1315_1-TCP-ALLOW-62.3.71.238
+ destination {
+ group {
+ address-group DT_FWC1315_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 62.3.71.238
+ }
+ }
+ rule 2334 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 8001,80
+ }
+ protocol tcp_udp
+ }
+ rule 2335 {
+ action accept
+ description FWAFF0A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAFF0A_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2336 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-195.20.253.19
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 195.20.253.19
+ }
+ }
+ rule 2337 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.73
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.73
+ }
+ }
+ rule 2338 {
+ action accept
+ description VPN-16402-ANY-ALLOW-10.4.89.60
+ destination {
+ group {
+ address-group DT_VPN-16402
+ }
+ }
+ source {
+ address 10.4.89.60
+ }
+ }
+ rule 2339 {
+ action accept
+ description VPN-15951-ANY-ALLOW-10.4.86.90
+ destination {
+ group {
+ address-group DT_VPN-15951
+ }
+ }
+ source {
+ address 10.4.86.90
+ }
+ }
+ rule 2340 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.77.181
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 77.68.77.181
+ }
+ }
+ rule 2341 {
+ action accept
+ description FWE9F7D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE9F7D_1
+ }
+ port 4035
+ }
+ protocol tcp
+ }
+ rule 2342 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.131
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.131
+ }
+ }
+ rule 2343 {
+ action accept
+ description VPN-15951-ANY-ALLOW-10.4.87.90
+ destination {
+ group {
+ address-group DT_VPN-15951
+ }
+ }
+ source {
+ address 10.4.87.90
+ }
+ }
+ rule 2344 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.93.190
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 77.68.93.190
+ }
+ }
+ rule 2345 {
+ action accept
+ description VPN-8159-ANY-ALLOW-10.4.59.91
+ destination {
+ group {
+ address-group DT_VPN-8159
+ }
+ }
+ source {
+ address 10.4.59.91
+ }
+ }
+ rule 2346 {
+ action accept
+ description VPN-12870-ANY-ALLOW-10.4.54.67
+ destination {
+ group {
+ address-group DT_VPN-12870
+ }
+ }
+ source {
+ address 10.4.54.67
+ }
+ }
+ rule 2347 {
+ action accept
+ description FW930F3_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW930F3_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2348 {
+ action accept
+ description FW12C32_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW12C32_1
+ }
+ port 465,53,25
+ }
+ protocol tcp_udp
+ }
+ rule 2349 {
+ action accept
+ description FW28EC8_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW28EC8_1
+ }
+ port 20443
+ }
+ protocol tcp
+ }
+ rule 2350 {
+ action accept
+ description VPN-12870-ANY-ALLOW-10.4.55.68
+ destination {
+ group {
+ address-group DT_VPN-12870
+ }
+ }
+ source {
+ address 10.4.55.68
+ }
+ }
+ rule 2351 {
+ action accept
+ description FW934AE_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW934AE_1
+ }
+ port 32401,32400,8081
+ }
+ protocol tcp_udp
+ }
+ rule 2352 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-185.173.161.154
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 185.173.161.154
+ }
+ }
+ rule 2353 {
+ action accept
+ description FW013EF_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW013EF_2
+ }
+ port 10600-10998,9000-9398,5090,5060-5070
+ }
+ protocol udp
+ }
+ rule 2354 {
+ action accept
+ description FW85040_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85040_1
+ }
+ port 3210
+ }
+ protocol tcp_udp
+ }
+ rule 2355 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-131.153.100.98
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 22
+ }
+ protocol tcp_udp
+ source {
+ address 131.153.100.98
+ }
+ }
+ rule 2356 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-213.133.99.176
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 22
+ }
+ protocol tcp_udp
+ source {
+ address 213.133.99.176
+ }
+ }
+ rule 2357 {
+ action accept
+ description FW6EFD7_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6EFD7_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2358 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-62.253.153.163
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 8443,22
+ }
+ protocol tcp_udp
+ source {
+ address 62.253.153.163
+ }
+ }
+ rule 2359 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-212.159.153.201
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 6443,5432-5434,5000-5100,3306-3308,990,989,22,21
+ }
+ protocol tcp
+ source {
+ address 212.159.153.201
+ }
+ }
+ rule 2360 {
+ action accept
+ description FW75CA4_6-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW75CA4_6
+ }
+ port 51472,3747,3420
+ }
+ protocol tcp
+ }
+ rule 2361 {
+ action accept
+ description FWF9C28_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF9C28_4
+ }
+ port 23,7770-7800,44445,6109
+ }
+ protocol tcp
+ }
+ rule 2362 {
+ action accept
+ description FW6B39D_1-TCP-ALLOW-120.72.95.88_29
+ destination {
+ group {
+ address-group DT_FW6B39D_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 120.72.95.88/29
+ }
+ }
+ rule 2363 {
+ action accept
+ description FW934AE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW934AE_1
+ }
+ port 20000
+ }
+ protocol tcp
+ }
+ rule 2364 {
+ action accept
+ description FW12C32_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW12C32_1
+ }
+ port 2323,953
+ }
+ protocol tcp
+ }
+ rule 2365 {
+ action accept
+ description FW49897_1-TCP-ALLOW-2.121.90.207
+ destination {
+ group {
+ address-group DT_FW49897_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 2.121.90.207
+ }
+ }
+ rule 2366 {
+ action accept
+ description FW6B39D_1-TCP-ALLOW-120.72.91.104_29
+ destination {
+ group {
+ address-group DT_FW6B39D_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 120.72.91.104/29
+ }
+ }
+ rule 2367 {
+ action accept
+ description FW4F5EE_10-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4F5EE_10
+ }
+ port 83,86,82
+ }
+ protocol tcp
+ }
+ rule 2368 {
+ action accept
+ description FWF791C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF791C_1
+ }
+ port 6001
+ }
+ protocol tcp
+ }
+ rule 2369 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-109.228.37.19
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 109.228.37.19
+ }
+ }
+ rule 2370 {
+ action accept
+ description FWE57AD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE57AD_1
+ }
+ port 57000-58000
+ }
+ protocol tcp
+ }
+ rule 2371 {
+ action accept
+ description FWC0CE0_1-TCP-ALLOW-62.232.209.221
+ destination {
+ group {
+ address-group DT_FWC0CE0_1
+ }
+ port 49152-65535,8447,8443,22,21
+ }
+ protocol tcp
+ source {
+ address 62.232.209.221
+ }
+ }
+ rule 2372 {
+ action accept
+ description FW0192C_1-TCP-ALLOW-41.140.242.86
+ destination {
+ group {
+ address-group DT_FW0192C_1
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 41.140.242.86
+ }
+ }
+ rule 2373 {
+ action accept
+ description FWEEC75_1-TCP-ALLOW-54.171.71.110
+ destination {
+ group {
+ address-group DT_FWEEC75_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 54.171.71.110
+ }
+ }
+ rule 2374 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-95.149.182.69
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 22
+ }
+ protocol tcp_udp
+ source {
+ address 95.149.182.69
+ }
+ }
+ rule 2375 {
+ action accept
+ description FW8B21D_1-TCP-ALLOW-185.201.16.0_22
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 25
+ }
+ protocol tcp
+ source {
+ address 185.201.16.0/22
+ }
+ }
+ rule 2376 {
+ action accept
+ description FW8B21D_1-TCP-ALLOW-213.133.99.176
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 25
+ }
+ protocol tcp
+ source {
+ address 213.133.99.176
+ }
+ }
+ rule 2377 {
+ action accept
+ description FW8B21D_1-TCP-ALLOW-95.211.160.147
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 25
+ }
+ protocol tcp
+ source {
+ address 95.211.160.147
+ }
+ }
+ rule 2378 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-212.227.9.72
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 212.227.9.72
+ }
+ }
+ rule 2379 {
+ action accept
+ description FW8B21D_1-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ }
+ protocol esp
+ }
+ rule 2380 {
+ action accept
+ description FW8B21D_1-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ }
+ protocol ah
+ }
+ rule 2381 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 8181,4500,1194,993,941,500,53
+ }
+ protocol tcp_udp
+ }
+ rule 2382 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-85.17.25.47
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 85.17.25.47
+ }
+ }
+ rule 2383 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-91.232.105.39
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 91.232.105.39
+ }
+ }
+ rule 2384 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-93.190.142.120
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 93.190.142.120
+ }
+ }
+ rule 2385 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-95.168.171.130
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.168.171.130
+ }
+ }
+ rule 2386 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-95.168.171.157
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.168.171.157
+ }
+ }
+ rule 2387 {
+ action accept
+ description FWD4A27_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD4A27_1
+ }
+ port 32400
+ }
+ protocol tcp
+ }
+ rule 2388 {
+ action accept
+ description FW2ACFF_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2ACFF_1
+ }
+ port 10299,60050-60055
+ }
+ protocol tcp_udp
+ }
+ rule 2389 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-193.248.62.45
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 193.248.62.45
+ }
+ }
+ rule 2390 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-78.249.208.17
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 78.249.208.17
+ }
+ }
+ rule 2391 {
+ action accept
+ description FWC8E8E_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC8E8E_1
+ }
+ port 6000
+ }
+ protocol tcp_udp
+ }
+ rule 2392 {
+ action accept
+ description FW30D21_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW30D21_1
+ }
+ port 2476
+ }
+ protocol tcp
+ }
+ rule 2393 {
+ action accept
+ description FW0192C_1-TCP-ALLOW-41.140.242.94
+ destination {
+ group {
+ address-group DT_FW0192C_1
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 41.140.242.94
+ }
+ }
+ rule 2394 {
+ action accept
+ description FW59F39_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW59F39_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2395 {
+ action accept
+ description FWEF92E_7-ESP-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2396 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-51.219.47.177
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,21
+ }
+ protocol tcp
+ source {
+ address 51.219.47.177
+ }
+ }
+ rule 2397 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-86.172.128.50
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 1433,21
+ }
+ protocol tcp
+ source {
+ address 86.172.128.50
+ }
+ }
+ rule 2398 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-88.105.1.20
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 88.105.1.20
+ }
+ }
+ rule 2399 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-95.211.243.198
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.211.243.198
+ }
+ }
+ rule 2400 {
+ action accept
+ description FW25843_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW25843_1
+ }
+ port 9001,7070,5500,5488,5000,4500,4000,3500,3000,1883,1880
+ }
+ protocol tcp
+ }
+ rule 2401 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-185.83.65.46
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 185.83.65.46
+ }
+ }
+ rule 2402 {
+ action accept
+ description FW5858F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5858F_1
+ }
+ port 1883
+ }
+ protocol tcp
+ }
+ rule 2403 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-95.147.108.173
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 95.147.108.173
+ }
+ }
+ rule 2404 {
+ action accept
+ description FW9C682_3-TCP-ALLOW-52.56.193.88
+ destination {
+ group {
+ address-group DT_FW9C682_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 52.56.193.88
+ }
+ }
+ rule 2405 {
+ action accept
+ description FW0745F_5-TCP-ALLOW-109.228.63.82
+ destination {
+ group {
+ address-group DT_FW0745F_5
+ }
+ port 5666
+ }
+ protocol tcp
+ source {
+ address 109.228.63.82
+ }
+ }
+ rule 2406 {
+ action accept
+ description FWC0CE0_1-TCP-ALLOW-90.255.228.213
+ destination {
+ group {
+ address-group DT_FWC0CE0_1
+ }
+ port 49152-65535,8443,21
+ }
+ protocol tcp
+ source {
+ address 90.255.228.213
+ }
+ }
+ rule 2407 {
+ action accept
+ description FW210E2_8-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW210E2_8
+ }
+ }
+ protocol ah
+ }
+ rule 2408 {
+ action accept
+ description FW210E2_8-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW210E2_8
+ }
+ }
+ protocol esp
+ }
+ rule 2409 {
+ action accept
+ description FW210E2_8-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW210E2_8
+ }
+ port 41,62000,23,4500,50,9876,3391,88,135
+ }
+ protocol tcp
+ }
+ rule 2410 {
+ action accept
+ description FW210E2_8-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW210E2_8
+ }
+ port 500
+ }
+ protocol udp
+ }
+ rule 2411 {
+ action accept
+ description VPN-8625-ANY-ALLOW-10.4.54.103
+ destination {
+ group {
+ address-group DT_VPN-8625
+ }
+ }
+ source {
+ address 10.4.54.103
+ }
+ }
+ rule 2412 {
+ action accept
+ description VPN-8625-ANY-ALLOW-10.4.55.104
+ destination {
+ group {
+ address-group DT_VPN-8625
+ }
+ }
+ source {
+ address 10.4.55.104
+ }
+ }
+ rule 2413 {
+ action accept
+ description FW73A64_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73A64_1
+ }
+ port 61616,8181,8161,8082,4244,4243,4242,4241
+ }
+ protocol tcp
+ }
+ rule 2414 {
+ action accept
+ description VPN-19135-ANY-ALLOW-10.4.86.165
+ destination {
+ group {
+ address-group DT_VPN-19135
+ }
+ }
+ source {
+ address 10.4.86.165
+ }
+ }
+ rule 2415 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-82.65.107.3
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 82.65.107.3
+ }
+ }
+ rule 2416 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-195.2.139.221
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 5432-5434,3306-3308
+ }
+ protocol tcp
+ source {
+ address 195.2.139.221
+ }
+ }
+ rule 2417 {
+ action accept
+ description VPN-19135-ANY-ALLOW-10.4.87.165
+ destination {
+ group {
+ address-group DT_VPN-19135
+ }
+ }
+ source {
+ address 10.4.87.165
+ }
+ }
+ rule 2418 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-87.75.109.83
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 87.75.109.83
+ }
+ }
+ rule 2419 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.83
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.83
+ }
+ }
+ rule 2420 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-84.92.65.192
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 84.92.65.192
+ }
+ }
+ rule 2421 {
+ action accept
+ description FW73A64_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73A64_1
+ }
+ port 9200,5601,4247,4246,4245
+ }
+ protocol tcp_udp
+ }
+ rule 2422 {
+ action accept
+ description FW4735F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4735F_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2423 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-109.176.154.238
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 7990,3389
+ }
+ protocol tcp
+ source {
+ address 109.176.154.238
+ }
+ }
+ rule 2424 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-95.211.243.206
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.211.243.206
+ }
+ }
+ rule 2425 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-81.133.80.114
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 81.133.80.114
+ }
+ }
+ rule 2426 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5090
+ }
+ protocol tcp_udp
+ }
+ rule 2427 {
+ action accept
+ description FW8A57A_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8A57A_1
+ }
+ port 49155,49154,7700,53,43
+ }
+ protocol tcp_udp
+ }
+ rule 2428 {
+ action accept
+ description FW8C72E_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8C72E_1
+ }
+ port 500,4500
+ }
+ protocol udp
+ }
+ rule 2429 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-18.135.66.162
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 18.135.66.162
+ }
+ }
+ rule 2430 {
+ action accept
+ description FW2C5AE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2C5AE_1
+ }
+ port 58080,58008,8545,7175
+ }
+ protocol tcp
+ }
+ rule 2431 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-80.209.144.52
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 80.209.144.52
+ }
+ }
+ rule 2432 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.153.21.103
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 7990,3389
+ }
+ protocol tcp
+ source {
+ address 82.153.21.103
+ }
+ }
+ rule 2433 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.41
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.41
+ }
+ }
+ rule 2434 {
+ action accept
+ description FW0745F_5-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0745F_5
+ }
+ port 32770,8001,7801
+ }
+ protocol tcp
+ }
+ rule 2435 {
+ action accept
+ description FW85E02_11-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85E02_11
+ }
+ port 5090,5060
+ }
+ protocol tcp_udp
+ }
+ rule 2436 {
+ action accept
+ description VPN-21982-ANY-ALLOW-10.4.58.43
+ destination {
+ group {
+ address-group DT_VPN-21982
+ }
+ }
+ source {
+ address 10.4.58.43
+ }
+ }
+ rule 2437 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.17.52.191
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.17.52.191
+ }
+ }
+ rule 2438 {
+ action accept
+ description FW66347_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW66347_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2439 {
+ action accept
+ description FW11082_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW11082_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2440 {
+ action accept
+ description VPN-21982-ANY-ALLOW-10.4.59.43
+ destination {
+ group {
+ address-group DT_VPN-21982
+ }
+ }
+ source {
+ address 10.4.59.43
+ }
+ }
+ rule 2441 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-92.207.193.203
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 5000
+ }
+ protocol tcp
+ source {
+ address 92.207.193.203
+ }
+ }
+ rule 2442 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-77.99.253.161
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,22,21
+ }
+ protocol tcp
+ source {
+ address 77.99.253.161
+ }
+ }
+ rule 2443 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.99.245.103
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 77.99.245.103
+ }
+ }
+ rule 2444 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.19.19.52
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 7990,3389
+ }
+ protocol tcp
+ source {
+ address 82.19.19.52
+ }
+ }
+ rule 2445 {
+ action accept
+ description FWEF92E_7-AH-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2446 {
+ action accept
+ description VPN-16450-ANY-ALLOW-10.4.88.99
+ destination {
+ group {
+ address-group DT_VPN-16450
+ }
+ }
+ source {
+ address 10.4.88.99
+ }
+ }
+ rule 2447 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.2.186.129
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.2.186.129
+ }
+ }
+ rule 2448 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.157
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.157
+ }
+ }
+ rule 2449 {
+ action accept
+ description FW8EA04_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8EA04_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 2450 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.21.59.207
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.21.59.207
+ }
+ }
+ rule 2451 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-82.9.22.158
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 82.9.22.158
+ }
+ }
+ rule 2452 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 1981,53
+ }
+ protocol tcp_udp
+ }
+ rule 2453 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.11.54
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.11.54
+ }
+ }
+ rule 2454 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.40.177.186
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.40.177.186
+ }
+ }
+ rule 2455 {
+ action accept
+ description FW0C25B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0C25B_1
+ }
+ port 49152-65535,5224
+ }
+ protocol tcp
+ }
+ rule 2456 {
+ action accept
+ description FW85A7C_1-TCP-ALLOW-82.24.242.137
+ destination {
+ group {
+ address-group DT_FW85A7C_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 82.24.242.137
+ }
+ }
+ rule 2457 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.68.25.66
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.68.25.66
+ }
+ }
+ rule 2458 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-51.89.148.173
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 51.89.148.173
+ }
+ }
+ rule 2459 {
+ action accept
+ description FWA69A0_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA69A0_1
+ }
+ port 48402
+ }
+ protocol udp
+ }
+ rule 2460 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.69.79.85
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.69.79.85
+ }
+ }
+ rule 2461 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.77.149
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.77.149
+ }
+ }
+ rule 2462 {
+ action accept
+ description FWEF92E_6-ESP-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2463 {
+ action accept
+ description FWEF92E_7-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2464 {
+ action accept
+ description FW49C3D_4-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FW49C3D_4
+ }
+ port 3389,445,443,80
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2465 {
+ action accept
+ description FW49C3D_6-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FW49C3D_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2466 {
+ action accept
+ description FW34C91_3-TCP-ALLOW-77.68.121.4
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.121.4
+ }
+ }
+ rule 2467 {
+ action accept
+ description VPN-16450-ANY-ALLOW-10.4.89.99
+ destination {
+ group {
+ address-group DT_VPN-16450
+ }
+ }
+ source {
+ address 10.4.89.99
+ }
+ }
+ rule 2468 {
+ action accept
+ description FW0BB22_1-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ }
+ protocol ah
+ }
+ rule 2469 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-86.139.57.116
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 86.139.57.116
+ }
+ }
+ rule 2470 {
+ action accept
+ description FW9E550_1-TCP-ALLOW-86.142.67.13
+ destination {
+ group {
+ address-group DT_FW9E550_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 86.142.67.13
+ }
+ }
+ rule 2471 {
+ action accept
+ description FW8B21D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 2096,2095,2087,2086,2083,2082
+ }
+ protocol tcp
+ }
+ rule 2472 {
+ action accept
+ description FW050AC_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW050AC_1
+ }
+ port 2087
+ }
+ protocol tcp
+ }
+ rule 2473 {
+ action accept
+ description FW1FA9E_1-TCP-ALLOW-109.228.50.206
+ destination {
+ group {
+ address-group DT_FW1FA9E_1
+ }
+ port 5432
+ }
+ protocol tcp
+ source {
+ address 109.228.50.206
+ }
+ }
+ rule 2474 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-217.23.11.155
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 217.23.11.155
+ }
+ }
+ rule 2475 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-88.96.110.198
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 88.96.110.198
+ }
+ }
+ rule 2476 {
+ action accept
+ description FWEAE53_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWEAE53_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2477 {
+ action accept
+ description VPN-19474-ANY-ALLOW-10.4.88.161
+ destination {
+ group {
+ address-group DT_VPN-19474
+ }
+ }
+ source {
+ address 10.4.88.161
+ }
+ }
+ rule 2478 {
+ action accept
+ description VPN-19474-ANY-ALLOW-10.4.89.161
+ destination {
+ group {
+ address-group DT_VPN-19474
+ }
+ }
+ source {
+ address 10.4.89.161
+ }
+ }
+ rule 2479 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-68.33.220.233
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 68.33.220.233
+ }
+ }
+ rule 2480 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-86.10.163.127
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 86.10.163.127
+ }
+ }
+ rule 2481 {
+ action accept
+ description FW2FB61_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2FB61_1
+ }
+ port 60182
+ }
+ protocol udp
+ }
+ rule 2482 {
+ action accept
+ description FW85A7C_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85A7C_1
+ }
+ port 2457,2456
+ }
+ protocol tcp_udp
+ }
+ rule 2483 {
+ action accept
+ description FWBED52_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBED52_1
+ }
+ port 1221,9000
+ }
+ protocol tcp
+ }
+ rule 2484 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-90.250.2.109
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 90.250.2.109
+ }
+ }
+ rule 2485 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.49
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.49
+ }
+ }
+ rule 2486 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 2487 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.250
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.250
+ }
+ }
+ rule 2488 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-95.168.171.131
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.168.171.131
+ }
+ }
+ rule 2489 {
+ action accept
+ description FW2379F_14-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ port 48030,10997,10993,10992,10991,10902,1723,1701
+ }
+ protocol tcp
+ }
+ rule 2490 {
+ action accept
+ description FW8C927_1-TCP-ALLOW-84.92.125.78
+ destination {
+ group {
+ address-group DT_FW8C927_1
+ }
+ port 80
+ }
+ protocol tcp
+ source {
+ address 84.92.125.78
+ }
+ }
+ rule 2491 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-86.146.220.229
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 86.146.220.229
+ }
+ }
+ rule 2492 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-2.218.5.59
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 2.218.5.59
+ }
+ }
+ rule 2493 {
+ action accept
+ description VPN-18830-ANY-ALLOW-10.4.86.156
+ destination {
+ group {
+ address-group DT_VPN-18830
+ }
+ }
+ source {
+ address 10.4.86.156
+ }
+ }
+ rule 2494 {
+ action accept
+ description VPN-18830-ANY-ALLOW-10.4.87.156
+ destination {
+ group {
+ address-group DT_VPN-18830
+ }
+ }
+ source {
+ address 10.4.87.156
+ }
+ }
+ rule 2495 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.92.33
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.92.33
+ }
+ }
+ rule 2496 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-146.198.100.105
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 146.198.100.105
+ }
+ }
+ rule 2497 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.55
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.55
+ }
+ }
+ rule 2498 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.113
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.84.113
+ }
+ }
+ rule 2499 {
+ action accept
+ description FW8C72E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8C72E_1
+ }
+ port 60134,60135
+ }
+ protocol tcp
+ }
+ rule 2500 {
+ action accept
+ description FWAB44B_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAB44B_1
+ }
+ port 3306
+ }
+ protocol tcp_udp
+ }
+ rule 2501 {
+ action accept
+ description FW2379F_14-TCP-ALLOW-51.148.87.29
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ port 3389,21
+ }
+ protocol tcp
+ source {
+ address 51.148.87.29
+ }
+ }
+ rule 2502 {
+ action accept
+ description VPN-23738-ANY-ALLOW-10.4.56.13
+ destination {
+ group {
+ address-group DT_VPN-23738
+ }
+ }
+ source {
+ address 10.4.56.13
+ }
+ }
+ rule 2503 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.100
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.100
+ }
+ }
+ rule 2504 {
+ action accept
+ description FW996B4_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW996B4_2
+ }
+ port 43595,30160
+ }
+ protocol tcp
+ }
+ rule 2505 {
+ action accept
+ description FW8871B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8871B_1
+ }
+ port 15672,8083,8082,8081,5672
+ }
+ protocol tcp
+ }
+ rule 2506 {
+ action accept
+ description FWAB44B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAB44B_1
+ }
+ port 9090,8069,5432
+ }
+ protocol tcp
+ }
+ rule 2507 {
+ action accept
+ description FW6187E_1-ICMP-ALLOW-85.214.201.250
+ destination {
+ group {
+ address-group DT_FW6187E_1
+ }
+ }
+ protocol icmp
+ source {
+ address 85.214.201.250
+ }
+ }
+ rule 2508 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-217.23.11.126
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 217.23.11.126
+ }
+ }
+ rule 2509 {
+ action accept
+ description FW78137_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW78137_1
+ }
+ port 1-65535
+ }
+ protocol tcp
+ }
+ rule 2510 {
+ action accept
+ description FW32EFF_25-TCP-ALLOW-46.252.65.10
+ destination {
+ group {
+ address-group DT_FW32EFF_25
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 46.252.65.10
+ }
+ }
+ rule 2511 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.50
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.50
+ }
+ }
+ rule 2512 {
+ action accept
+ description FW6A684_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6A684_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2513 {
+ action accept
+ description FWF48EB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF48EB_1
+ }
+ port 9204,9202,3395
+ }
+ protocol tcp
+ }
+ rule 2514 {
+ action accept
+ description FW44217_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW44217_2
+ }
+ port 443,80
+ }
+ protocol tcp_udp
+ }
+ rule 2515 {
+ action accept
+ description FW6187E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6187E_1
+ }
+ port 2282
+ }
+ protocol tcp
+ }
+ rule 2516 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.0.58
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.0.58
+ }
+ }
+ rule 2517 {
+ action accept
+ description VPN-34501-ANY-ALLOW-10.4.86.235
+ destination {
+ group {
+ address-group DT_VPN-34501
+ }
+ }
+ source {
+ address 10.4.86.235
+ }
+ }
+ rule 2518 {
+ action accept
+ description FW1271A_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1271A_2
+ }
+ port 5090,5061,5060,5015,5001
+ }
+ protocol tcp
+ }
+ rule 2519 {
+ action accept
+ description FW1271A_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1271A_2
+ }
+ port 9000-10999,5090,5060
+ }
+ protocol udp
+ }
+ rule 2520 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-216.113.160.71
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80,22
+ }
+ protocol tcp
+ source {
+ address 216.113.160.71
+ }
+ }
+ rule 2521 {
+ action accept
+ description FW32EFF_16-TCP-ALLOW-84.19.45.82
+ destination {
+ group {
+ address-group DT_FW32EFF_16
+ }
+ port 33888
+ }
+ protocol tcp
+ source {
+ address 84.19.45.82
+ }
+ }
+ rule 2522 {
+ action accept
+ description FW03F2E_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03F2E_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 2523 {
+ action accept
+ description FW03F2E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03F2E_1
+ }
+ port 4432,4431,4430
+ }
+ protocol tcp
+ }
+ rule 2524 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-216.113.162.65
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80,22
+ }
+ protocol tcp
+ source {
+ address 216.113.162.65
+ }
+ }
+ rule 2525 {
+ action accept
+ description VPN-20306-ANY-ALLOW-10.4.89.173
+ destination {
+ group {
+ address-group DT_VPN-20306
+ }
+ }
+ source {
+ address 10.4.89.173
+ }
+ }
+ rule 2526 {
+ action accept
+ description FW8A49A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8A49A_1
+ }
+ port 2525,8448-65535
+ }
+ protocol tcp
+ }
+ rule 2527 {
+ action accept
+ description FWD3431_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD3431_2
+ }
+ port 43595,30377,30289
+ }
+ protocol tcp
+ }
+ rule 2528 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-66.135.200.200
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80,22
+ }
+ protocol tcp
+ source {
+ address 66.135.200.200
+ }
+ }
+ rule 2529 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-193.28.178.38
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80
+ }
+ protocol tcp
+ source {
+ address 193.28.178.38
+ }
+ }
+ rule 2530 {
+ action accept
+ description FWAE88B_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAE88B_1
+ }
+ port 65432,8080,7300,1195,1194,993,587,465,443,442,143,110,80,53,22
+ }
+ protocol tcp_udp
+ }
+ rule 2531 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-195.234.136.80
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80
+ }
+ protocol tcp
+ source {
+ address 195.234.136.80
+ }
+ }
+ rule 2532 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-93.94.41.83
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80
+ }
+ protocol tcp
+ source {
+ address 93.94.41.83
+ }
+ }
+ rule 2533 {
+ action accept
+ description VPN-6103-ANY-ALLOW-10.4.56.102
+ destination {
+ group {
+ address-group DT_VPN-6103
+ }
+ }
+ source {
+ address 10.4.56.102
+ }
+ }
+ rule 2534 {
+ action accept
+ description VPN-6103-ANY-ALLOW-10.4.57.102
+ destination {
+ group {
+ address-group DT_VPN-6103
+ }
+ }
+ source {
+ address 10.4.57.102
+ }
+ }
+ rule 2535 {
+ action accept
+ description FW9E550_1-TCP-ALLOW-86.198.190.104
+ destination {
+ group {
+ address-group DT_FW9E550_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 86.198.190.104
+ }
+ }
+ rule 2536 {
+ action accept
+ description FW34C91_3-TCP-ALLOW-81.149.71.244
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 81.149.71.244
+ }
+ }
+ rule 2537 {
+ action accept
+ description FW0BB22_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ port 27917,27017,9592,9092,1080,587
+ }
+ protocol tcp_udp
+ }
+ rule 2538 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-89.213.26.156
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 89.213.26.156
+ }
+ }
+ rule 2539 {
+ action accept
+ description FW34C91_3-UDP-ALLOW-81.149.71.244
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1434
+ }
+ protocol udp
+ source {
+ address 81.149.71.244
+ }
+ }
+ rule 2540 {
+ action accept
+ description VPN-17207-ANY-ALLOW-10.4.86.121
+ destination {
+ group {
+ address-group DT_VPN-17207
+ }
+ }
+ source {
+ address 10.4.86.121
+ }
+ }
+ rule 2541 {
+ action accept
+ description FW0B352_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0B352_1
+ }
+ port 4500,500
+ }
+ protocol udp
+ }
+ rule 2542 {
+ action accept
+ description FW85E02_11-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85E02_11
+ }
+ port 5854,5853,5061
+ }
+ protocol tcp
+ }
+ rule 2543 {
+ action accept
+ description FW0BB22_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ port 9200,8082
+ }
+ protocol tcp
+ }
+ rule 2544 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.140
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.140
+ }
+ }
+ rule 2545 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-91.125.244.28
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 91.125.244.28
+ }
+ }
+ rule 2546 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-86.172.252.221
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 80-3389
+ }
+ protocol tcp
+ source {
+ address 86.172.252.221
+ }
+ }
+ rule 2547 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-92.207.184.106
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 92.207.184.106
+ }
+ }
+ rule 2548 {
+ action accept
+ description FW45F3D_1-ANY-ALLOW-146.255.0.198
+ destination {
+ group {
+ address-group DT_FW45F3D_1
+ }
+ }
+ source {
+ address 146.255.0.198
+ }
+ }
+ rule 2549 {
+ action accept
+ description FWBFDED_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBFDED_1
+ }
+ port 1723,445
+ }
+ protocol tcp
+ }
+ rule 2550 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-212.227.9.72
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 212.227.9.72
+ }
+ }
+ rule 2551 {
+ action accept
+ description FWE928F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE928F_1
+ }
+ port 2082,2083,2086,2087,2096
+ }
+ protocol tcp
+ }
+ rule 2552 {
+ action accept
+ description FW5CBB2_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5CBB2_1
+ }
+ port 2082,2083,2086,2087
+ }
+ protocol tcp
+ }
+ rule 2553 {
+ action accept
+ description FW63230_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW63230_1
+ }
+ port 445,139
+ }
+ protocol tcp_udp
+ }
+ rule 2554 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-71.244.176.5
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 71.244.176.5
+ }
+ }
+ rule 2555 {
+ action accept
+ description FWA4BC8_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA4BC8_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2556 {
+ action accept
+ description VPN-17207-ANY-ALLOW-10.4.87.121
+ destination {
+ group {
+ address-group DT_VPN-17207
+ }
+ }
+ source {
+ address 10.4.87.121
+ }
+ }
+ rule 2557 {
+ action accept
+ description VPN-17558-ANY-ALLOW-10.4.86.143
+ destination {
+ group {
+ address-group DT_VPN-17558
+ }
+ }
+ source {
+ address 10.4.86.143
+ }
+ }
+ rule 2558 {
+ action accept
+ description FWB2CD2_1-TCP-ALLOW-86.167.68.241
+ destination {
+ group {
+ address-group DT_FWB2CD2_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 86.167.68.241
+ }
+ }
+ rule 2559 {
+ action accept
+ description FW32EFF_25-TCP-ALLOW-84.19.45.82
+ destination {
+ group {
+ address-group DT_FW32EFF_25
+ }
+ port 33888,443
+ }
+ protocol tcp
+ source {
+ address 84.19.45.82
+ }
+ }
+ rule 2560 {
+ action accept
+ description FW44217_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW44217_2
+ }
+ port 9001,7946,2376
+ }
+ protocol tcp
+ }
+ rule 2561 {
+ action accept
+ description FW7DAE2_3-TCP-ALLOW-212.227.253.11
+ destination {
+ group {
+ address-group DT_FW7DAE2_3
+ }
+ port 25,22
+ }
+ protocol tcp
+ source {
+ address 212.227.253.11
+ }
+ }
+ rule 2562 {
+ action accept
+ description FW7DAE2_3-TCP-ALLOW-217.160.126.118
+ destination {
+ group {
+ address-group DT_FW7DAE2_3
+ }
+ port 25,22
+ }
+ protocol tcp
+ source {
+ address 217.160.126.118
+ }
+ }
+ rule 2563 {
+ action accept
+ description FWAF6E8_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAF6E8_1
+ }
+ port 2082,2083,2086,2087,2096
+ }
+ protocol tcp
+ }
+ rule 2564 {
+ action accept
+ description FWCD7CE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCD7CE_1
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2565 {
+ action accept
+ description FW32EFF_16-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW32EFF_16
+ }
+ port 47779,47778,47777,47776
+ }
+ protocol tcp
+ }
+ rule 2566 {
+ action accept
+ description FW0745F_5-TCP-ALLOW-77.68.117.222
+ destination {
+ group {
+ address-group DT_FW0745F_5
+ }
+ port 49170
+ }
+ protocol tcp
+ source {
+ address 77.68.117.222
+ }
+ }
+ rule 2567 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-92.207.199.107
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,22,21
+ }
+ protocol tcp
+ source {
+ address 92.207.199.107
+ }
+ }
+ rule 2568 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.0.89
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.0.89
+ }
+ }
+ rule 2569 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-190.2.130.41
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 190.2.130.41
+ }
+ }
+ rule 2570 {
+ action accept
+ description FWFDCC7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFDCC7_1
+ }
+ port 10000
+ }
+ protocol tcp_udp
+ }
+ rule 2571 {
+ action accept
+ description FWF19FB_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF19FB_2
+ }
+ port 43595,40001,30616-30631,30531,30204-30435
+ }
+ protocol tcp
+ }
+ rule 2572 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 2573 {
+ action accept
+ description FW4E314_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4E314_1
+ }
+ port 21543,888
+ }
+ protocol tcp
+ }
+ rule 2574 {
+ action accept
+ description FW73215_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73215_1
+ }
+ port 4380
+ }
+ protocol udp
+ }
+ rule 2575 {
+ action accept
+ description VPN-31301-ANY-ALLOW-10.4.86.223
+ destination {
+ group {
+ address-group DT_VPN-31301
+ }
+ }
+ source {
+ address 10.4.86.223
+ }
+ }
+ rule 2576 {
+ action accept
+ description FW8428B_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8428B_1
+ }
+ port 48402
+ }
+ protocol udp
+ }
+ rule 2577 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-185.195.124.169
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 2222
+ }
+ protocol tcp_udp
+ source {
+ address 185.195.124.169
+ }
+ }
+ rule 2578 {
+ action accept
+ description FW34C91_3-UDP-ALLOW-77.68.121.4
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1434
+ }
+ protocol udp
+ source {
+ address 77.68.121.4
+ }
+ }
+ rule 2579 {
+ action accept
+ description FW73215_1-TCP-ALLOW-82.38.58.135
+ destination {
+ group {
+ address-group DT_FW73215_1
+ }
+ port 10685
+ }
+ protocol tcp
+ source {
+ address 82.38.58.135
+ }
+ }
+ rule 2580 {
+ action accept
+ description FW52F6F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW52F6F_1
+ }
+ port 8888
+ }
+ protocol tcp
+ }
+ rule 2581 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.86
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.86
+ }
+ }
+ rule 2582 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.125.13
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.125.13
+ }
+ }
+ rule 2583 {
+ action accept
+ description FWEE03C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWEE03C_1
+ }
+ port 2087,2083
+ }
+ protocol tcp
+ }
+ rule 2584 {
+ action accept
+ description FW748B7_1-TCP-ALLOW-157.231.123.154
+ destination {
+ group {
+ address-group DT_FW748B7_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 157.231.123.154
+ }
+ }
+ rule 2585 {
+ action accept
+ description VPN-34501-ANY-ALLOW-10.4.87.235
+ destination {
+ group {
+ address-group DT_VPN-34501
+ }
+ }
+ source {
+ address 10.4.87.235
+ }
+ }
+ rule 2586 {
+ action accept
+ description FWE47DA_1-TCP-ALLOW-81.134.85.245
+ destination {
+ group {
+ address-group DT_FWE47DA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.134.85.245
+ }
+ }
+ rule 2587 {
+ action accept
+ description FWD61BF_1-ANY-ALLOW-193.237.81.213_32
+ destination {
+ group {
+ address-group DT_FWD61BF_1
+ }
+ }
+ source {
+ address 193.237.81.213/32
+ }
+ }
+ rule 2588 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-23.106.238.241
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,3306,22
+ }
+ protocol tcp
+ source {
+ address 23.106.238.241
+ }
+ }
+ rule 2589 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-35.204.202.196
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,3306,22
+ }
+ protocol tcp
+ source {
+ address 35.204.202.196
+ }
+ }
+ rule 2590 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-35.242.141.128
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,3306,22
+ }
+ protocol tcp
+ source {
+ address 35.242.141.128
+ }
+ }
+ rule 2591 {
+ action accept
+ description FWC2EF2_2-TCP-ALLOW-90.251.221.19
+ destination {
+ group {
+ address-group DT_FWC2EF2_2
+ }
+ port 995,993,587,465,143,110,25,22
+ }
+ protocol tcp
+ source {
+ address 90.251.221.19
+ }
+ }
+ rule 2592 {
+ action accept
+ description VPN-14673-ANY-ALLOW-10.4.88.44
+ destination {
+ group {
+ address-group DT_VPN-14673
+ }
+ }
+ source {
+ address 10.4.88.44
+ }
+ }
+ rule 2593 {
+ action accept
+ description FWA83DF_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA83DF_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2594 {
+ action accept
+ description FW31525_6-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW31525_6
+ }
+ port 35467
+ }
+ protocol tcp
+ }
+ rule 2595 {
+ action accept
+ description FW4293B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4293B_1
+ }
+ port 9080,8888,8881,7815,8419
+ }
+ protocol tcp
+ }
+ rule 2596 {
+ action accept
+ description FW4AE7D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4AE7D_1
+ }
+ port 8083,81
+ }
+ protocol tcp
+ }
+ rule 2597 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-143.52.53.22
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 143.52.53.22
+ }
+ }
+ rule 2598 {
+ action accept
+ description FW44217_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW44217_2
+ }
+ port 7946,4789
+ }
+ protocol udp
+ }
+ rule 2599 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-46.249.82.162
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 46.249.82.162
+ }
+ }
+ rule 2600 {
+ action accept
+ description FW27949_2-TCP-ALLOW-80.95.202.106
+ destination {
+ group {
+ address-group DT_FW27949_2
+ }
+ port 443,80
+ }
+ protocol tcp
+ source {
+ address 80.95.202.106
+ }
+ }
+ rule 2601 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.93.82
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.93.82
+ }
+ }
+ rule 2602 {
+ action accept
+ description FW2ACFF_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2ACFF_1
+ }
+ port 8082,5093
+ }
+ protocol tcp
+ }
+ rule 2603 {
+ action accept
+ description FWC2EF2_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC2EF2_2
+ }
+ port 10000,953,53
+ }
+ protocol tcp_udp
+ }
+ rule 2604 {
+ action accept
+ description FW0C8E1_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0C8E1_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2605 {
+ action accept
+ description FWA86ED_101-TCP_UDP-ALLOW-82.5.189.5
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ source {
+ address 82.5.189.5
+ }
+ }
+ rule 2606 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.179
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.179
+ }
+ }
+ rule 2607 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-88.208.198.93
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 88.208.198.93
+ }
+ }
+ rule 2608 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.45.43.109
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.45.43.109
+ }
+ }
+ rule 2609 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-5.67.3.195
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 5.67.3.195
+ }
+ }
+ rule 2610 {
+ action accept
+ description FWDCA36_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDCA36_3
+ }
+ port 49152-65534,5901
+ }
+ protocol tcp
+ }
+ rule 2611 {
+ action accept
+ description FWE928F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE928F_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2612 {
+ action accept
+ description FW69D6D_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW69D6D_2
+ }
+ port 5001,5090,5060,5015
+ }
+ protocol tcp
+ }
+ rule 2613 {
+ action accept
+ description FW69D6D_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW69D6D_2
+ }
+ port 5090,5060,9000-9500
+ }
+ protocol udp
+ }
+ rule 2614 {
+ action accept
+ description VPN-9765-ANY-ALLOW-10.4.56.45
+ destination {
+ group {
+ address-group DT_VPN-9765
+ }
+ }
+ source {
+ address 10.4.56.45
+ }
+ }
+ rule 2615 {
+ action accept
+ description VPN-9765-ANY-ALLOW-10.4.57.45
+ destination {
+ group {
+ address-group DT_VPN-9765
+ }
+ }
+ source {
+ address 10.4.57.45
+ }
+ }
+ rule 2616 {
+ action accept
+ description FW4C136_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4C136_1
+ }
+ port 1194
+ }
+ protocol tcp_udp
+ }
+ rule 2617 {
+ action accept
+ description FW6F539_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6F539_1
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2618 {
+ action accept
+ description FWDD089_5-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDD089_5
+ }
+ port 5666-5667,12489
+ }
+ protocol tcp_udp
+ }
+ rule 2619 {
+ action accept
+ description FWDD089_5-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDD089_5
+ }
+ port 161-162
+ }
+ protocol tcp
+ }
+ rule 2620 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-109.228.37.19
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 109.228.37.19
+ }
+ }
+ rule 2621 {
+ action accept
+ description FW0A5C4_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0A5C4_1
+ }
+ port 9000,6697,6667,5000
+ }
+ protocol tcp
+ }
+ rule 2622 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.11.54
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.11.54
+ }
+ }
+ rule 2623 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 7990
+ }
+ protocol tcp
+ }
+ rule 2624 {
+ action accept
+ description FWAF6E8_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAF6E8_1
+ }
+ port 7770-7800,44445,53
+ }
+ protocol tcp_udp
+ }
+ rule 2625 {
+ action accept
+ description FW81286_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW81286_1
+ }
+ port 2082,2083,2086,2087,2096
+ }
+ protocol tcp
+ }
+ rule 2626 {
+ action accept
+ description FW05064_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW05064_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2627 {
+ action accept
+ description FWD7382_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD7382_1
+ }
+ port 4500,1701,500
+ }
+ protocol udp
+ }
+ rule 2628 {
+ action accept
+ description FWD7382_1-TCP-ALLOW-174.91.7.198
+ destination {
+ group {
+ address-group DT_FWD7382_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 174.91.7.198
+ }
+ }
+ rule 2629 {
+ action accept
+ description VPN-9484-ANY-ALLOW-10.4.56.164
+ destination {
+ group {
+ address-group DT_VPN-9484
+ }
+ }
+ source {
+ address 10.4.56.164
+ }
+ }
+ rule 2630 {
+ action accept
+ description VPN-9484-ANY-ALLOW-10.4.57.164
+ destination {
+ group {
+ address-group DT_VPN-9484
+ }
+ }
+ source {
+ address 10.4.57.164
+ }
+ }
+ rule 2631 {
+ action accept
+ description VPN-9749-ANY-ALLOW-10.4.58.144
+ destination {
+ group {
+ address-group DT_VPN-9749
+ }
+ }
+ source {
+ address 10.4.58.144
+ }
+ }
+ rule 2632 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.77.149
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.77.149
+ }
+ }
+ rule 2633 {
+ action accept
+ description FW10FEE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW10FEE_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2634 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-5.71.30.141
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 5.71.30.141
+ }
+ }
+ rule 2635 {
+ action accept
+ description VPN-9749-ANY-ALLOW-10.4.59.144
+ destination {
+ group {
+ address-group DT_VPN-9749
+ }
+ }
+ source {
+ address 10.4.59.144
+ }
+ }
+ rule 2636 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 2637 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.92.33
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.92.33
+ }
+ }
+ rule 2638 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.93.82
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.93.82
+ }
+ }
+ rule 2639 {
+ action accept
+ description FWEF92E_6-AH-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2640 {
+ action accept
+ description FWEF92E_6-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2641 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-88.208.198.93
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 88.208.198.93
+ }
+ }
+ rule 2642 {
+ action accept
+ description FWEF92E_7-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2643 {
+ action accept
+ description FWEF92E_7-TCP-ALLOW-87.224.6.174
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.6.174
+ }
+ }
+ rule 2644 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-109.228.37.19
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 109.228.37.19
+ }
+ }
+ rule 2645 {
+ action accept
+ description FW49C3D_4-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FW49C3D_4
+ }
+ port 3389,445,80
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2646 {
+ action accept
+ description FW49C3D_4-TCP-ALLOW-82.0.198.226
+ destination {
+ group {
+ address-group DT_FW49C3D_4
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 82.0.198.226
+ }
+ }
+ rule 2647 {
+ action accept
+ description FW49C3D_6-TCP-ALLOW-82.0.198.226
+ destination {
+ group {
+ address-group DT_FW49C3D_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 82.0.198.226
+ }
+ }
+ rule 2648 {
+ action accept
+ description FW49C3D_6-TCP-ALLOW-83.100.136.74
+ destination {
+ group {
+ address-group DT_FW49C3D_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 83.100.136.74
+ }
+ }
+ rule 2649 {
+ action accept
+ description FWEF92E_6-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2650 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-194.145.189.162
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 194.145.189.162
+ }
+ }
+ rule 2651 {
+ action accept
+ description FW3DBF8_9-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3DBF8_9
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 2652 {
+ action accept
+ description VPN-19807-ANY-ALLOW-10.4.86.172
+ destination {
+ group {
+ address-group DT_VPN-19807
+ }
+ }
+ source {
+ address 10.4.86.172
+ }
+ }
+ rule 2653 {
+ action accept
+ description FWEEC75_1-TCP-ALLOW-82.8.245.40
+ destination {
+ group {
+ address-group DT_FWEEC75_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 82.8.245.40
+ }
+ }
+ rule 2654 {
+ action accept
+ description FW3AD6F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3AD6F_1
+ }
+ port 53,465
+ }
+ protocol tcp_udp
+ }
+ rule 2655 {
+ action accept
+ description FWCDBC7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCDBC7_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2656 {
+ action accept
+ description FWA373F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA373F_1
+ }
+ port 2087,2086,2083,2082
+ }
+ protocol tcp
+ }
+ rule 2657 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-94.155.221.50
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 94.155.221.50
+ }
+ }
+ rule 2658 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 2659 {
+ action accept
+ description VPN-30791-ANY-ALLOW-10.4.88.215
+ destination {
+ group {
+ address-group DT_VPN-30791
+ }
+ }
+ source {
+ address 10.4.88.215
+ }
+ }
+ rule 2660 {
+ action accept
+ description VPN-30791-ANY-ALLOW-10.4.89.215
+ destination {
+ group {
+ address-group DT_VPN-30791
+ }
+ }
+ source {
+ address 10.4.89.215
+ }
+ }
+ rule 2661 {
+ action accept
+ description FW2EF2C_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2EF2C_1
+ }
+ port 10000,3478
+ }
+ protocol udp
+ }
+ rule 2662 {
+ action accept
+ description FW32EFF_49-TCP-ALLOW-195.217.232.0_26
+ destination {
+ group {
+ address-group DT_FW32EFF_49
+ }
+ port 5589
+ }
+ protocol tcp
+ source {
+ address 195.217.232.0/26
+ }
+ }
+ rule 2663 {
+ action accept
+ description FW4AE7D_1-TCP-ALLOW-81.136.8.24
+ destination {
+ group {
+ address-group DT_FW4AE7D_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.136.8.24
+ }
+ }
+ rule 2664 {
+ action accept
+ description FW2EF2C_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2EF2C_1
+ }
+ port 5222
+ }
+ protocol tcp_udp
+ }
+ rule 2665 {
+ action accept
+ description FW48A55_2-TCP-ALLOW-86.29.225.60
+ destination {
+ group {
+ address-group DT_FW48A55_2
+ }
+ port 443,80,22
+ }
+ protocol tcp
+ source {
+ address 86.29.225.60
+ }
+ }
+ rule 2666 {
+ action accept
+ description FW48A55_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW48A55_2
+ }
+ port 1337
+ }
+ protocol udp
+ }
+ rule 2667 {
+ action accept
+ description VPN-11913-ANY-ALLOW-10.4.56.191
+ destination {
+ group {
+ address-group DT_VPN-11913
+ }
+ }
+ source {
+ address 10.4.56.191
+ }
+ }
+ rule 2668 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-194.145.189.163
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 194.145.189.163
+ }
+ }
+ rule 2669 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.0.90
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.0.90
+ }
+ }
+ rule 2670 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.24.66
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.24.66
+ }
+ }
+ rule 2671 {
+ action accept
+ description VPN-11913-ANY-ALLOW-10.4.57.191
+ destination {
+ group {
+ address-group DT_VPN-11913
+ }
+ }
+ source {
+ address 10.4.57.191
+ }
+ }
+ rule 2672 {
+ action accept
+ description FW73573_2-TCP-ALLOW-86.9.185.195
+ destination {
+ group {
+ address-group DT_FW73573_2
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 86.9.185.195
+ }
+ }
+ rule 2673 {
+ action accept
+ description VPN-17558-ANY-ALLOW-10.4.87.143
+ destination {
+ group {
+ address-group DT_VPN-17558
+ }
+ }
+ source {
+ address 10.4.87.143
+ }
+ }
+ rule 2674 {
+ action accept
+ description FW748B7_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW748B7_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2675 {
+ action accept
+ description FW16375_5-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW16375_5
+ }
+ port 2082,2083,2086,2087
+ }
+ protocol tcp
+ }
+ rule 2676 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-88.98.204.68
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 88.98.204.68
+ }
+ }
+ rule 2677 {
+ action accept
+ description FW73573_1-TCP-ALLOW-86.9.185.195
+ destination {
+ group {
+ address-group DT_FW73573_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 86.9.185.195
+ }
+ }
+ rule 2678 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-194.145.190.4
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 194.145.190.4
+ }
+ }
+ rule 2679 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-140.82.112.0_20
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 140.82.112.0/20
+ }
+ }
+ rule 2680 {
+ action accept
+ description FW62858_12-ICMP-ALLOW-77.68.122.41
+ destination {
+ group {
+ address-group DT_FW62858_12
+ }
+ }
+ protocol icmp
+ source {
+ address 77.68.122.41
+ }
+ }
+ rule 2681 {
+ action accept
+ description FWB118A_1-TCP-ALLOW-147.148.96.136
+ destination {
+ group {
+ address-group DT_FWB118A_1
+ }
+ port 49152-65534,8447,8443,22,21,20
+ }
+ protocol tcp
+ source {
+ address 147.148.96.136
+ }
+ }
+ rule 2682 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-92.207.237.42
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 10000,22
+ }
+ protocol tcp
+ source {
+ address 92.207.237.42
+ }
+ }
+ rule 2683 {
+ action accept
+ description FW364CF_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW364CF_1
+ }
+ port 4022,8099
+ }
+ protocol tcp
+ }
+ rule 2684 {
+ action accept
+ description VPN-25822-ANY-ALLOW-10.4.54.42
+ destination {
+ group {
+ address-group DT_VPN-25822
+ }
+ }
+ source {
+ address 10.4.54.42
+ }
+ }
+ rule 2685 {
+ action accept
+ description FW7F28A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW7F28A_1
+ }
+ port 10051,10050
+ }
+ protocol tcp
+ }
+ rule 2686 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.53.159
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.53.159
+ }
+ }
+ rule 2687 {
+ action accept
+ description FWE47DA_1-TCP-ALLOW-185.22.211.0_24
+ destination {
+ group {
+ address-group DT_FWE47DA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 185.22.211.0/24
+ }
+ }
+ rule 2688 {
+ action accept
+ description FWC6301_1-TCP-ALLOW-95.34.208.4
+ destination {
+ group {
+ address-group DT_FWC6301_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 95.34.208.4
+ }
+ }
+ rule 2689 {
+ action accept
+ description FW45000_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW45000_1
+ }
+ port 990
+ }
+ protocol tcp
+ }
+ rule 2690 {
+ action accept
+ description FW481D7_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW481D7_1
+ }
+ port 6789
+ }
+ protocol tcp
+ }
+ rule 2691 {
+ action accept
+ description VPN-8203-ANY-ALLOW-10.4.59.109
+ destination {
+ group {
+ address-group DT_VPN-8203
+ }
+ }
+ source {
+ address 10.4.59.109
+ }
+ }
+ rule 2692 {
+ action accept
+ description VPN-3575-ANY-ALLOW-10.4.54.124
+ destination {
+ group {
+ address-group DT_VPN-3575
+ }
+ }
+ source {
+ address 10.4.54.124
+ }
+ }
+ rule 2693 {
+ action accept
+ description VPN-3575-ANY-ALLOW-10.4.55.125
+ destination {
+ group {
+ address-group DT_VPN-3575
+ }
+ }
+ source {
+ address 10.4.55.125
+ }
+ }
+ rule 2694 {
+ action accept
+ description FW42661_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW42661_3
+ }
+ port 44445,25672,15672,9876,7770-7800
+ }
+ protocol tcp
+ }
+ rule 2695 {
+ action accept
+ description FWBF494_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBF494_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2696 {
+ action accept
+ description FWD0E22_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD0E22_4
+ }
+ port 8000,19005
+ }
+ protocol tcp
+ }
+ rule 2697 {
+ action accept
+ description FW98818_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW98818_1
+ }
+ port 27015
+ }
+ protocol udp
+ }
+ rule 2698 {
+ action accept
+ description FW62858_12-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW62858_12
+ }
+ port 5001,5000
+ }
+ protocol tcp
+ }
+ rule 2699 {
+ action accept
+ description VPN-34006-ANY-ALLOW-10.4.86.242
+ destination {
+ group {
+ address-group DT_VPN-34006
+ }
+ }
+ source {
+ address 10.4.86.242
+ }
+ }
+ rule 2700 {
+ action accept
+ description VPN-34006-ANY-ALLOW-10.4.87.242
+ destination {
+ group {
+ address-group DT_VPN-34006
+ }
+ }
+ source {
+ address 10.4.87.242
+ }
+ }
+ rule 2701 {
+ action accept
+ description FWF879C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF879C_1
+ }
+ port 8888
+ }
+ protocol tcp
+ }
+ rule 2702 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.11.54
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.11.54
+ }
+ }
+ rule 2703 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.74.89
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.74.89
+ }
+ }
+ rule 2704 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.77.149
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.77.149
+ }
+ }
+ rule 2705 {
+ action accept
+ description FW8A57A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8A57A_1
+ }
+ port 49153,5666
+ }
+ protocol tcp
+ }
+ rule 2706 {
+ action accept
+ description FW62858_12-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW62858_12
+ }
+ port 5090,5061,5060
+ }
+ protocol tcp_udp
+ }
+ rule 2707 {
+ action accept
+ description FW62858_12-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW62858_12
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 2708 {
+ action accept
+ description FW0E2EE_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0E2EE_1
+ }
+ port 1024-65535
+ }
+ protocol tcp_udp
+ }
+ rule 2709 {
+ action accept
+ description FWEEC75_1-TCP-ALLOW-82.5.80.210
+ destination {
+ group {
+ address-group DT_FWEEC75_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 82.5.80.210
+ }
+ }
+ rule 2710 {
+ action accept
+ description FW4F81F_4-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4F81F_4
+ }
+ port 26900,27005,27015,51000,51005,51030
+ }
+ protocol tcp_udp
+ }
+ rule 2711 {
+ action accept
+ description VPN-7902-ANY-ALLOW-10.4.56.78
+ destination {
+ group {
+ address-group DT_VPN-7902
+ }
+ }
+ source {
+ address 10.4.56.78
+ }
+ }
+ rule 2712 {
+ action accept
+ description VPN-7902-ANY-ALLOW-10.4.57.78
+ destination {
+ group {
+ address-group DT_VPN-7902
+ }
+ }
+ source {
+ address 10.4.57.78
+ }
+ }
+ rule 2713 {
+ action accept
+ description FWB36A0_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB36A0_1
+ }
+ port 20-21,990
+ }
+ protocol tcp_udp
+ }
+ rule 2714 {
+ action accept
+ description FWD2082_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2082_1
+ }
+ port 8001,8002
+ }
+ protocol tcp
+ }
+ rule 2715 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-212.8.242.171
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 212.8.242.171
+ }
+ }
+ rule 2716 {
+ action accept
+ description FWB9699_11-TCP-ALLOW-213.171.217.184
+ destination {
+ group {
+ address-group DT_FWB9699_11
+ }
+ port 443,80,8800,22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.184
+ }
+ }
+ rule 2717 {
+ action accept
+ description VPN-11083-ANY-ALLOW-10.4.54.186
+ destination {
+ group {
+ address-group DT_VPN-11083
+ }
+ }
+ source {
+ address 10.4.54.186
+ }
+ }
+ rule 2718 {
+ action accept
+ description VPN-11083-ANY-ALLOW-10.4.55.187
+ destination {
+ group {
+ address-group DT_VPN-11083
+ }
+ }
+ source {
+ address 10.4.55.187
+ }
+ }
+ rule 2719 {
+ action accept
+ description VPN-34583-ANY-ALLOW-10.4.86.243
+ destination {
+ group {
+ address-group DT_VPN-34583
+ }
+ }
+ source {
+ address 10.4.86.243
+ }
+ }
+ rule 2720 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.155
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.84.155
+ }
+ }
+ rule 2721 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.117
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.117
+ }
+ }
+ rule 2722 {
+ action accept
+ description FW7A9B0_9-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW7A9B0_9
+ }
+ port 11112
+ }
+ protocol tcp
+ }
+ rule 2723 {
+ action accept
+ description FW3F465_1-TCP-ALLOW-77.68.127.177
+ destination {
+ group {
+ address-group DT_FW3F465_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.127.177
+ }
+ }
+ rule 2724 {
+ action accept
+ description VPN-34583-ANY-ALLOW-10.4.87.243
+ destination {
+ group {
+ address-group DT_VPN-34583
+ }
+ }
+ source {
+ address 10.4.87.243
+ }
+ }
+ rule 2725 {
+ action accept
+ description FW930F3_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW930F3_1
+ }
+ port 9089,5900,5666,5272
+ }
+ protocol tcp
+ }
+ rule 2726 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.165
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.165
+ }
+ }
+ rule 2727 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.140
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.140
+ }
+ }
+ rule 2728 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-82.11.114.136
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 82.11.114.136
+ }
+ }
+ rule 2729 {
+ action accept
+ description FW73215_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73215_1
+ }
+ port 27015
+ }
+ protocol tcp_udp
+ }
+ rule 2730 {
+ action accept
+ description FWC2EF2_1-TCP-ALLOW-18.130.156.250
+ destination {
+ group {
+ address-group DT_FWC2EF2_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 18.130.156.250
+ }
+ }
+ rule 2731 {
+ action accept
+ description FWC2EF2_1-TCP-ALLOW-90.251.221.19
+ destination {
+ group {
+ address-group DT_FWC2EF2_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 90.251.221.19
+ }
+ }
+ rule 2732 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 8765,8001,8000
+ }
+ protocol tcp
+ }
+ rule 2733 {
+ action accept
+ description FWC2EF2_1-TCP-ALLOW-87.74.110.191
+ destination {
+ group {
+ address-group DT_FWC2EF2_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 87.74.110.191
+ }
+ }
+ rule 2734 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 2735 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.93
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.93
+ }
+ }
+ rule 2736 {
+ action accept
+ description FW81138_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW81138_1
+ }
+ port 123
+ }
+ protocol udp
+ }
+ rule 2737 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.64
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.64
+ }
+ }
+ rule 2738 {
+ action accept
+ description FW03B35_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03B35_1
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ }
+ rule 2739 {
+ action accept
+ description VPN-19807-ANY-ALLOW-10.4.87.172
+ destination {
+ group {
+ address-group DT_VPN-19807
+ }
+ }
+ source {
+ address 10.4.87.172
+ }
+ }
+ rule 2740 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-94.12.73.154
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8447
+ }
+ protocol tcp
+ source {
+ address 94.12.73.154
+ }
+ }
+ rule 2741 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2742 {
+ action accept
+ description FW0B352_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0B352_1
+ }
+ port 3443
+ }
+ protocol tcp_udp
+ }
+ rule 2743 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2744 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.92.33
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.92.33
+ }
+ }
+ rule 2745 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.93.82
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.93.82
+ }
+ }
+ rule 2746 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.44
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.44
+ }
+ }
+ rule 2747 {
+ action accept
+ description FW34C91_3-TCP-ALLOW-188.220.176.104
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 188.220.176.104
+ }
+ }
+ rule 2748 {
+ action accept
+ description FW3F465_1-TCP-ALLOW-77.68.16.101
+ destination {
+ group {
+ address-group DT_FW3F465_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.16.101
+ }
+ }
+ rule 2749 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2750 {
+ action accept
+ description FW34C91_3-UDP-ALLOW-188.220.176.104
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1434
+ }
+ protocol udp
+ source {
+ address 188.220.176.104
+ }
+ }
+ rule 2751 {
+ action accept
+ description FWE47DA_1-TCP-ALLOW-185.22.208.0_25
+ destination {
+ group {
+ address-group DT_FWE47DA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 185.22.208.0/25
+ }
+ }
+ rule 2752 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.187
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.187
+ }
+ }
+ rule 2753 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.84
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.84
+ }
+ }
+ rule 2754 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.52
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.246.52
+ }
+ }
+ rule 2755 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-77.68.92.154
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.92.154
+ }
+ }
+ rule 2756 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-77.68.93.156
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.93.156
+ }
+ }
+ rule 2757 {
+ action accept
+ description VPN-24398-ANY-ALLOW-10.4.88.151
+ destination {
+ group {
+ address-group DT_VPN-24398
+ }
+ }
+ source {
+ address 10.4.88.151
+ }
+ }
+ rule 2758 {
+ action accept
+ description VPN-24398-ANY-ALLOW-10.4.89.151
+ destination {
+ group {
+ address-group DT_VPN-24398
+ }
+ }
+ source {
+ address 10.4.89.151
+ }
+ }
+ rule 2759 {
+ action accept
+ description VPN-24589-ANY-ALLOW-10.4.56.9
+ destination {
+ group {
+ address-group DT_VPN-24589
+ }
+ }
+ source {
+ address 10.4.56.9
+ }
+ }
+ rule 2760 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.29
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.29
+ }
+ }
+ rule 2761 {
+ action accept
+ description FWC7D36_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC7D36_1
+ }
+ port 27017,11080
+ }
+ protocol tcp
+ }
+ rule 2762 {
+ action accept
+ description FWBB718_1-TCP_UDP-ALLOW-77.68.73.116
+ destination {
+ group {
+ address-group DT_FWBB718_1
+ }
+ port 1433
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.73.116
+ }
+ }
+ rule 2763 {
+ action accept
+ description FWBB718_1-UDP-ALLOW-77.68.73.116
+ destination {
+ group {
+ address-group DT_FWBB718_1
+ }
+ port 1434
+ }
+ protocol udp
+ source {
+ address 77.68.73.116
+ }
+ }
+ rule 2764 {
+ action accept
+ description FWB9699_11-TCP-ALLOW-213.171.217.102
+ destination {
+ group {
+ address-group DT_FWB9699_11
+ }
+ port 22,80,443,8800
+ }
+ protocol tcp
+ source {
+ address 213.171.217.102
+ }
+ }
+ rule 2765 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-103.8.164.5
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 103.8.164.5
+ }
+ }
+ rule 2766 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.193
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.193
+ }
+ }
+ rule 2768 {
+ action accept
+ description FW26F0A_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW26F0A_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2769 {
+ action accept
+ description FWCC18F_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCC18F_2
+ }
+ port 8883,1883
+ }
+ protocol tcp
+ }
+ rule 2771 {
+ action accept
+ description FW633DD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW633DD_1
+ }
+ port 28967,14002,9984,9983,9982,9981,8888,8884
+ }
+ protocol tcp
+ }
+ rule 2772 {
+ action accept
+ description FWDEDB9_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDEDB9_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2773 {
+ action accept
+ description VPN-18646-ANY-ALLOW-10.4.88.109
+ destination {
+ group {
+ address-group DT_VPN-18646
+ }
+ }
+ source {
+ address 10.4.88.109
+ }
+ }
+ rule 2774 {
+ action accept
+ description VPN-18646-ANY-ALLOW-10.4.89.109
+ destination {
+ group {
+ address-group DT_VPN-18646
+ }
+ }
+ source {
+ address 10.4.89.109
+ }
+ }
+ rule 2775 {
+ action accept
+ description FWA0531_1-TCP-ALLOW-87.224.39.221
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 8082,3003,22
+ }
+ protocol tcp
+ source {
+ address 87.224.39.221
+ }
+ }
+ rule 2776 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.94
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.94
+ }
+ }
+ rule 2777 {
+ action accept
+ description FWA0531_1-TCP-ALLOW-92.237.97.92
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 8082,3003,22
+ }
+ protocol tcp
+ source {
+ address 92.237.97.92
+ }
+ }
+ rule 2778 {
+ action accept
+ description VPN-25822-ANY-ALLOW-10.4.55.42
+ destination {
+ group {
+ address-group DT_VPN-25822
+ }
+ }
+ source {
+ address 10.4.55.42
+ }
+ }
+ rule 2779 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.88
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.88
+ }
+ }
+ rule 2780 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-143.55.64.0_20
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 143.55.64.0/20
+ }
+ }
+ rule 2781 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-194.176.78.206
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 194.176.78.206
+ }
+ }
+ rule 2782 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-195.243.221.50
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 195.243.221.50
+ }
+ }
+ rule 2783 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 2784 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-81.150.168.54
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 81.150.168.54
+ }
+ }
+ rule 2785 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-89.197.133.235
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 89.197.133.235
+ }
+ }
+ rule 2786 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 60000-60100,873
+ }
+ protocol tcp
+ }
+ rule 2787 {
+ action accept
+ description FW2BF20_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2BF20_3
+ }
+ port 49152-65534,990
+ }
+ protocol tcp
+ }
+ rule 2788 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.98
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.98
+ }
+ }
+ rule 2789 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.65
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.65
+ }
+ }
+ rule 2791 {
+ action accept
+ description FW197DB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW197DB_1
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2792 {
+ action accept
+ description FW1208C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1208C_1
+ }
+ port 2087,2083,2096
+ }
+ protocol tcp
+ }
+ rule 2793 {
+ action accept
+ description FW00D98_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW00D98_1
+ }
+ port 4430
+ }
+ protocol tcp
+ }
+ rule 2794 {
+ action accept
+ description FW03B35_1-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03B35_1
+ }
+ }
+ protocol esp
+ }
+ rule 2795 {
+ action accept
+ description FW03B35_1-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03B35_1
+ }
+ }
+ protocol ah
+ }
+ rule 2796 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-87.224.6.174
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 87.224.6.174
+ }
+ }
+ rule 2797 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-159.253.51.74
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 3389,1433,995
+ }
+ protocol tcp
+ source {
+ address 159.253.51.74
+ }
+ }
+ rule 2798 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-77.68.76.111
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.76.111
+ }
+ }
+ rule 2799 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-77.68.28.63
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 995
+ }
+ protocol tcp
+ source {
+ address 77.68.28.63
+ }
+ }
+ rule 2801 {
+ action accept
+ description FW2EF2C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2EF2C_1
+ }
+ port 5349
+ }
+ protocol tcp
+ }
+ rule 2802 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-88.208.198.93
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 88.208.198.93
+ }
+ }
+ rule 2803 {
+ action accept
+ description FWC3921_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC3921_1
+ }
+ port 25000,25001-25005,26000-26006
+ }
+ protocol tcp
+ }
+ rule 2804 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-109.228.37.19
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 109.228.37.19
+ }
+ }
+ rule 2805 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.11.54
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.11.54
+ }
+ }
+ rule 2806 {
+ action accept
+ description FW5AE10_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5AE10_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2810 {
+ action accept
+ description FW45F87_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW45F87_1
+ }
+ port 60000-60100
+ }
+ protocol tcp
+ }
+ rule 2811 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.108.158
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.108.158
+ }
+ }
+ rule 2813 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-109.228.1.233
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.1.233
+ }
+ }
+ rule 2814 {
+ action accept
+ description FW20449_2-ICMP-ALLOW-3.10.221.168
+ destination {
+ group {
+ address-group DT_FW20449_2
+ }
+ }
+ protocol icmp
+ source {
+ address 3.10.221.168
+ }
+ }
+ rule 2815 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.100
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.100
+ }
+ }
+ rule 2816 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.180
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.180
+ }
+ }
+ rule 2817 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.184
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.184
+ }
+ }
+ rule 2818 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.185
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.185
+ }
+ }
+ rule 2819 {
+ action accept
+ description FWB9699_7-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 161
+ }
+ protocol udp
+ }
+ rule 2820 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.102
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22,8443
+ }
+ protocol tcp
+ source {
+ address 213.171.217.102
+ }
+ }
+ rule 2821 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.103
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.103
+ }
+ }
+ rule 2824 {
+ action accept
+ description FWE3E77_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE3E77_1
+ }
+ port 10010,10009
+ }
+ protocol tcp
+ }
+ rule 2825 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-93.190.142.120
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 93.190.142.120
+ }
+ }
+ rule 2826 {
+ action accept
+ description FW20449_2-ICMP-ALLOW-82.20.69.137
+ destination {
+ group {
+ address-group DT_FW20449_2
+ }
+ }
+ protocol icmp
+ source {
+ address 82.20.69.137
+ }
+ }
+ rule 2827 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-46.101.232.93
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 21-10000
+ }
+ protocol tcp
+ source {
+ address 46.101.232.93
+ }
+ }
+ rule 2828 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.5
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.5
+ }
+ }
+ rule 2829 {
+ action accept
+ description FWD2440_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2440_1
+ }
+ port 1-65535
+ }
+ protocol tcp
+ }
+ rule 2831 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.105
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.105
+ }
+ }
+ rule 2833 {
+ action accept
+ description FW825C8_24-TCP-ALLOW-159.253.51.74
+ destination {
+ group {
+ address-group DT_FW825C8_24
+ }
+ port 3389,1433,995
+ }
+ protocol tcp
+ source {
+ address 159.253.51.74
+ }
+ }
+ rule 2834 {
+ action accept
+ description FW825C8_24-TCP-ALLOW-77.68.77.120
+ destination {
+ group {
+ address-group DT_FW825C8_24
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.77.120
+ }
+ }
+ rule 2839 {
+ action accept
+ description FWD2440_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2440_1
+ }
+ port 1-65535
+ }
+ protocol udp
+ }
+ rule 2840 {
+ action accept
+ description FW1C8F2_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1C8F2_1
+ }
+ port 7000-10000,5554,5443,5080,1935,1111
+ }
+ protocol tcp
+ }
+ rule 2843 {
+ action accept
+ description FWE7180_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE7180_1
+ }
+ port 443,53
+ }
+ protocol tcp_udp
+ }
+ rule 2844 {
+ action accept
+ description FWC6301_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC6301_1
+ }
+ port 2456
+ }
+ protocol tcp_udp
+ }
+ rule 2845 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.113
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.113
+ }
+ }
+ rule 2846 {
+ action accept
+ description VPN-24589-ANY-ALLOW-10.4.57.9
+ destination {
+ group {
+ address-group DT_VPN-24589
+ }
+ }
+ source {
+ address 10.4.57.9
+ }
+ }
+ rule 2847 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.237
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.237
+ }
+ }
+ rule 2849 {
+ action accept
+ description FWFD9AF_9-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFD9AF_9
+ }
+ port 445
+ }
+ protocol tcp_udp
+ }
+ rule 2850 {
+ action accept
+ description VPN-23209-ANY-ALLOW-10.4.58.8
+ destination {
+ group {
+ address-group DT_VPN-23209
+ }
+ }
+ source {
+ address 10.4.58.8
+ }
+ }
+ rule 2851 {
+ action accept
+ description VPN-23209-ANY-ALLOW-10.4.59.8
+ destination {
+ group {
+ address-group DT_VPN-23209
+ }
+ }
+ source {
+ address 10.4.59.8
+ }
+ }
+ rule 2853 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.29
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.29
+ }
+ }
+ rule 2854 {
+ action accept
+ description FW16375_5-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW16375_5
+ }
+ port 2096
+ }
+ protocol tcp_udp
+ }
+ rule 2856 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.173
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.173
+ }
+ }
+ rule 2858 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.35
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.35
+ }
+ }
+ rule 2859 {
+ action accept
+ description FW73573_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73573_1
+ }
+ port 25
+ }
+ protocol tcp_udp
+ }
+ rule 2860 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-148.253.173.242
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 148.253.173.242
+ }
+ }
+ rule 2861 {
+ action accept
+ description FW8ECF4_1-TCP-ALLOW-77.68.2.215
+ destination {
+ group {
+ address-group DT_FW8ECF4_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.2.215
+ }
+ }
+ rule 2862 {
+ action accept
+ description FW8A3FC_3-TCP_UDP-ALLOW-82.165.100.25
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 21-10000
+ }
+ protocol tcp_udp
+ source {
+ address 82.165.100.25
+ }
+ }
+ rule 2863 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.235
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.235
+ }
+ }
+ rule 2864 {
+ action accept
+ description VPN-18647-ANY-ALLOW-10.4.86.114
+ destination {
+ group {
+ address-group DT_VPN-18647
+ }
+ }
+ source {
+ address 10.4.86.114
+ }
+ }
+ rule 2865 {
+ action accept
+ description VPN-18647-ANY-ALLOW-10.4.87.114
+ destination {
+ group {
+ address-group DT_VPN-18647
+ }
+ }
+ source {
+ address 10.4.87.114
+ }
+ }
+ rule 2867 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.107
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.107
+ }
+ }
+ rule 2868 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.239
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.239
+ }
+ }
+ rule 2869 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-164.39.151.3
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 164.39.151.3
+ }
+ }
+ rule 2870 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.245
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.245
+ }
+ }
+ rule 2873 {
+ action accept
+ description FWEF92E_6-TCP-ALLOW-87.224.6.174
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.6.174
+ }
+ }
+ rule 2874 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.130
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.130
+ }
+ }
+ rule 2875 {
+ action accept
+ description FW44BF9_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW44BF9_1
+ }
+ port 49160-49200
+ }
+ protocol tcp
+ }
+ rule 2876 {
+ action accept
+ description VPN-24591-ANY-ALLOW-10.4.86.4
+ destination {
+ group {
+ address-group DT_VPN-24591
+ }
+ }
+ source {
+ address 10.4.86.4
+ }
+ }
+ rule 2877 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.60
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.60
+ }
+ }
+ rule 2879 {
+ action accept
+ description FWEF92E_6-UDP-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2880 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-185.132.38.110
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 185.132.38.110
+ }
+ }
+ rule 2881 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.216
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.216
+ }
+ }
+ rule 2882 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.77.149
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.77.149
+ }
+ }
+ rule 2883 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-80.229.18.102
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 3306,21,22
+ }
+ protocol tcp
+ source {
+ address 80.229.18.102
+ }
+ }
+ rule 2884 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-109.169.33.69
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 3306,21,22
+ }
+ protocol tcp
+ source {
+ address 109.169.33.69
+ }
+ }
+ rule 2885 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-46.102.209.35
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 3306,21
+ }
+ protocol tcp
+ source {
+ address 46.102.209.35
+ }
+ }
+ rule 2886 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-90.213.48.16
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 3306,21
+ }
+ protocol tcp
+ source {
+ address 90.213.48.16
+ }
+ }
+ rule 2887 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-77.68.76.129
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 77.68.76.129
+ }
+ }
+ rule 2888 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-109.228.50.145
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 109.228.50.145
+ }
+ }
+ rule 2889 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-77.68.76.231
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 77.68.76.231
+ }
+ }
+ rule 2890 {
+ action accept
+ description FW4513E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4513E_1
+ }
+ port 50000-50020,990
+ }
+ protocol tcp
+ }
+ rule 2893 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.40.7
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.40.7
+ }
+ }
+ rule 2894 {
+ action accept
+ description VPN-21876-ANY-ALLOW-10.4.88.96
+ destination {
+ group {
+ address-group DT_VPN-21876
+ }
+ }
+ source {
+ address 10.4.88.96
+ }
+ }
+ rule 2895 {
+ action accept
+ description VPN-21876-ANY-ALLOW-10.4.89.96
+ destination {
+ group {
+ address-group DT_VPN-21876
+ }
+ }
+ source {
+ address 10.4.89.96
+ }
+ }
+ rule 2896 {
+ action accept
+ description VPN-26124-ANY-ALLOW-10.4.54.75
+ destination {
+ group {
+ address-group DT_VPN-26124
+ }
+ }
+ source {
+ address 10.4.54.75
+ }
+ }
+ rule 2897 {
+ action accept
+ description VPN-26124-ANY-ALLOW-10.4.55.76
+ destination {
+ group {
+ address-group DT_VPN-26124
+ }
+ }
+ source {
+ address 10.4.55.76
+ }
+ }
+ rule 2898 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.21
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.21
+ }
+ }
+ rule 2899 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.213
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.213
+ }
+ }
+ rule 2901 {
+ action accept
+ description FWC6301_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC6301_1
+ }
+ port 5555
+ }
+ protocol udp
+ }
+ rule 2902 {
+ action accept
+ description VPN-13261-ANY-ALLOW-10.4.56.173
+ destination {
+ group {
+ address-group DT_VPN-13261
+ }
+ }
+ source {
+ address 10.4.56.173
+ }
+ }
+ rule 2903 {
+ action accept
+ description VPN-13261-ANY-ALLOW-10.4.57.173
+ destination {
+ group {
+ address-group DT_VPN-13261
+ }
+ }
+ source {
+ address 10.4.57.173
+ }
+ }
+ rule 2909 {
+ action accept
+ description VPN-24591-ANY-ALLOW-10.4.87.4
+ destination {
+ group {
+ address-group DT_VPN-24591
+ }
+ }
+ source {
+ address 10.4.87.4
+ }
+ }
+ rule 2911 {
+ action accept
+ description FWE7180_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE7180_1
+ }
+ port 40110-40210,8090
+ }
+ protocol tcp
+ }
+ rule 2914 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.247
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.247
+ }
+ }
+ rule 2915 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.129
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.129
+ }
+ }
+ rule 2916 {
+ action accept
+ description FWCB29D_1-TCP-ALLOW-51.146.16.162
+ destination {
+ group {
+ address-group DT_FWCB29D_1
+ }
+ port 8447,8443,22
+ }
+ protocol tcp
+ source {
+ address 51.146.16.162
+ }
+ }
+ rule 2917 {
+ action accept
+ description FW4E399_1-TCP-ALLOW-51.155.19.77
+ destination {
+ group {
+ address-group DT_FW4E399_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 51.155.19.77
+ }
+ }
+ rule 2919 {
+ action accept
+ description FWC72E5_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC72E5_1
+ }
+ port 9000-9100,6667
+ }
+ protocol tcp
+ }
+ rule 2922 {
+ action accept
+ description FW21A75_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW21A75_2
+ }
+ port 3000
+ }
+ protocol tcp
+ }
+ rule 2923 {
+ action accept
+ description FW3B068_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3B068_2
+ }
+ port 990,60000-65000
+ }
+ protocol tcp
+ }
+ rule 2924 {
+ action accept
+ description FW48814_3-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW48814_3
+ }
+ port 3306
+ }
+ protocol tcp_udp
+ }
+ rule 2925 {
+ action accept
+ description FW48814_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW48814_3
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2926 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-178.128.39.210
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 178.128.39.210
+ }
+ }
+ rule 2927 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-82.165.232.19
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 82.165.232.19
+ }
+ }
+ rule 2928 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-84.64.186.31
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 84.64.186.31
+ }
+ }
+ rule 2929 {
+ action accept
+ description FW1C8F2_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1C8F2_1
+ }
+ port 5000-65000
+ }
+ protocol udp
+ }
+ rule 2930 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2931 {
+ action accept
+ description FW608FA_1-TCP-ALLOW-195.10.106.114
+ destination {
+ group {
+ address-group DT_FW608FA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 195.10.106.114
+ }
+ }
+ rule 2932 {
+ action accept
+ description FW608FA_1-TCP-ALLOW-213.137.25.134
+ destination {
+ group {
+ address-group DT_FW608FA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.137.25.134
+ }
+ }
+ rule 2933 {
+ action accept
+ description FW608FA_1-TCP-ALLOW-92.39.202.189
+ destination {
+ group {
+ address-group DT_FW608FA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 92.39.202.189
+ }
+ }
+ rule 2935 {
+ action accept
+ description FWC37B9_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC37B9_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2936 {
+ action accept
+ description FW15C99_6-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW15C99_6
+ }
+ port 32410-32414,1900
+ }
+ protocol udp
+ }
+ rule 2937 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.244.146
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.244.146
+ }
+ }
+ rule 2938 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.158
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.158
+ }
+ }
+ rule 2939 {
+ action accept
+ description FW15C99_6-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW15C99_6
+ }
+ port 32469,32400
+ }
+ protocol tcp
+ }
+ rule 2940 {
+ action accept
+ description FW0192C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0192C_1
+ }
+ port 2053
+ }
+ protocol tcp
+ }
+ rule 2941 {
+ action accept
+ description FW27949_2-TCP-ALLOW-86.179.23.119
+ destination {
+ group {
+ address-group DT_FW27949_2
+ }
+ port 443,80
+ }
+ protocol tcp
+ source {
+ address 86.179.23.119
+ }
+ }
+ rule 2942 {
+ action accept
+ description FW27949_2-TCP-ALLOW-92.15.208.193
+ destination {
+ group {
+ address-group DT_FW27949_2
+ }
+ port 443,80
+ }
+ protocol tcp
+ source {
+ address 92.15.208.193
+ }
+ }
+ rule 2943 {
+ action accept
+ description VPN-34122-ANY-ALLOW-10.4.56.122
+ destination {
+ group {
+ address-group DT_VPN-34122
+ }
+ }
+ source {
+ address 10.4.56.122
+ }
+ }
+ rule 2944 {
+ action accept
+ description VPN-34122-ANY-ALLOW-10.4.57.122
+ destination {
+ group {
+ address-group DT_VPN-34122
+ }
+ }
+ source {
+ address 10.4.57.122
+ }
+ }
+ rule 2945 {
+ action accept
+ description FWF323F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF323F_1
+ }
+ port 25565,9999,8080,5001,3306
+ }
+ protocol tcp_udp
+ }
+ rule 2946 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.132
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.132
+ }
+ }
+ rule 2948 {
+ action accept
+ description VPN-30261-ANY-ALLOW-10.4.86.110
+ destination {
+ group {
+ address-group DT_VPN-30261
+ }
+ }
+ source {
+ address 10.4.86.110
+ }
+ }
+ rule 2949 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.246
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.246
+ }
+ }
+ rule 2951 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-157.231.100.222
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 157.231.100.222
+ }
+ }
+ rule 2952 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-164.39.131.31
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 164.39.131.31
+ }
+ }
+ rule 2953 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-185.199.108.0_22
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 185.199.108.0/22
+ }
+ }
+ rule 2954 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-192.30.252.0_22
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 192.30.252.0/22
+ }
+ }
+ rule 2955 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-80.252.78.202
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 80.252.78.202
+ }
+ }
+ rule 2956 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-86.15.158.234
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 86.15.158.234
+ }
+ }
+ rule 2957 {
+ action accept
+ description VPN-30261-ANY-ALLOW-10.4.87.110
+ destination {
+ group {
+ address-group DT_VPN-30261
+ }
+ }
+ source {
+ address 10.4.87.110
+ }
+ }
+ rule 2958 {
+ action accept
+ description VPN-30262-ANY-ALLOW-10.4.88.36
+ destination {
+ group {
+ address-group DT_VPN-30262
+ }
+ }
+ source {
+ address 10.4.88.36
+ }
+ }
+ rule 2961 {
+ action accept
+ description VPN-15950-ANY-ALLOW-10.4.88.89
+ destination {
+ group {
+ address-group DT_VPN-15950
+ }
+ }
+ source {
+ address 10.4.88.89
+ }
+ }
+ rule 2962 {
+ action accept
+ description FWBFDED_1-TCP-ALLOW-78.141.24.164
+ destination {
+ group {
+ address-group DT_FWBFDED_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 78.141.24.164
+ }
+ }
+ rule 2963 {
+ action accept
+ description VPN-30262-ANY-ALLOW-10.4.89.36
+ destination {
+ group {
+ address-group DT_VPN-30262
+ }
+ }
+ source {
+ address 10.4.89.36
+ }
+ }
+ rule 2964 {
+ action accept
+ description FW1F126_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1F126_1
+ }
+ port 2087,2083
+ }
+ protocol tcp
+ }
+ rule 2965 {
+ action accept
+ description FWA7A50_1-ANY-ALLOW-40.120.53.80
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ }
+ source {
+ address 40.120.53.80
+ }
+ }
+ rule 2967 {
+ action accept
+ description VPN-23729-ANY-ALLOW-10.4.54.10
+ destination {
+ group {
+ address-group DT_VPN-23729
+ }
+ }
+ source {
+ address 10.4.54.10
+ }
+ }
+ rule 2968 {
+ action accept
+ description VPN-23729-ANY-ALLOW-10.4.55.10
+ destination {
+ group {
+ address-group DT_VPN-23729
+ }
+ }
+ source {
+ address 10.4.55.10
+ }
+ }
+ rule 2969 {
+ action accept
+ description VPN-23733-ANY-ALLOW-10.4.58.12
+ destination {
+ group {
+ address-group DT_VPN-23733
+ }
+ }
+ source {
+ address 10.4.58.12
+ }
+ }
+ rule 2970 {
+ action accept
+ description VPN-23733-ANY-ALLOW-10.4.59.12
+ destination {
+ group {
+ address-group DT_VPN-23733
+ }
+ }
+ source {
+ address 10.4.59.12
+ }
+ }
+ rule 2971 {
+ action accept
+ description VPN-23734-ANY-ALLOW-10.4.56.29
+ destination {
+ group {
+ address-group DT_VPN-23734
+ }
+ }
+ source {
+ address 10.4.56.29
+ }
+ }
+ rule 2972 {
+ action accept
+ description VPN-23734-ANY-ALLOW-10.4.57.29
+ destination {
+ group {
+ address-group DT_VPN-23734
+ }
+ }
+ source {
+ address 10.4.57.29
+ }
+ }
+ rule 2975 {
+ action accept
+ description VPN-23738-ANY-ALLOW-10.4.57.13
+ destination {
+ group {
+ address-group DT_VPN-23738
+ }
+ }
+ source {
+ address 10.4.57.13
+ }
+ }
+ rule 2976 {
+ action accept
+ description FWD8DD1_2-TCP-ALLOW-77.153.164.226
+ destination {
+ group {
+ address-group DT_FWD8DD1_2
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 77.153.164.226
+ }
+ }
+ rule 2977 {
+ action accept
+ description FWE012D_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE012D_1
+ }
+ port 143,25
+ }
+ protocol tcp_udp
+ }
+ rule 2978 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.120.196
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.120.196
+ }
+ }
+ rule 2981 {
+ action accept
+ description FW24AB7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW24AB7_1
+ }
+ port 40110-40210
+ }
+ protocol tcp_udp
+ }
+ rule 2985 {
+ action accept
+ description FW2379F_14-TCP-ALLOW-194.72.140.178
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ port 3389,21
+ }
+ protocol tcp
+ source {
+ address 194.72.140.178
+ }
+ }
+ rule 2986 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.97
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.97
+ }
+ }
+ rule 2988 {
+ action accept
+ description FW883EB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW883EB_1
+ }
+ port 5005,5004,5003,5002,5001
+ }
+ protocol tcp
+ }
+ rule 2992 {
+ action accept
+ description FW310C6_3-ANY-ALLOW-62.30.207.232
+ destination {
+ group {
+ address-group DT_FW310C6_3
+ }
+ }
+ source {
+ address 62.30.207.232
+ }
+ }
+ rule 2993 {
+ action accept
+ description VPN-15950-ANY-ALLOW-10.4.89.89
+ destination {
+ group {
+ address-group DT_VPN-15950
+ }
+ }
+ source {
+ address 10.4.89.89
+ }
+ }
+ rule 2994 {
+ action accept
+ description VPN-15960-ANY-ALLOW-10.4.88.90
+ destination {
+ group {
+ address-group DT_VPN-15960
+ }
+ }
+ source {
+ address 10.4.88.90
+ }
+ }
+ rule 2995 {
+ action accept
+ description FWEF92E_7-UDP-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2996 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.135
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.135
+ }
+ }
+ rule 2998 {
+ action accept
+ description VPN-31002-ANY-ALLOW-10.4.88.126
+ destination {
+ group {
+ address-group DT_VPN-31002
+ }
+ }
+ source {
+ address 10.4.88.126
+ }
+ }
+ rule 2999 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.110
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.246.110
+ }
+ }
+ rule 3000 {
+ action accept
+ description FW08061_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW08061_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 3001 {
+ action accept
+ description VPN-15960-ANY-ALLOW-10.4.89.90
+ destination {
+ group {
+ address-group DT_VPN-15960
+ }
+ }
+ source {
+ address 10.4.89.90
+ }
+ }
+ rule 3003 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.56
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.56
+ }
+ }
+ rule 3004 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.47.47
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.47.47
+ }
+ }
+ rule 3005 {
+ action accept
+ description FW10C3D_19-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW10C3D_19
+ }
+ port 49152-65535,14147
+ }
+ protocol tcp
+ }
+ rule 3006 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.136
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.136
+ }
+ }
+ rule 3009 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.44.109
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.44.109
+ }
+ }
+ rule 3010 {
+ action accept
+ description VPN-24592-ANY-ALLOW-10.4.88.9
+ destination {
+ group {
+ address-group DT_VPN-24592
+ }
+ }
+ source {
+ address 10.4.88.9
+ }
+ }
+ rule 3011 {
+ action accept
+ description FW05AD0_2-TCP-ALLOW-213.171.209.161
+ destination {
+ group {
+ address-group DT_FW05AD0_2
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 213.171.209.161
+ }
+ }
+ rule 3012 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.86.254
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.86.254
+ }
+ }
+ rule 3014 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.16
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.16
+ }
+ }
+ rule 3018 {
+ action accept
+ description VPN-24592-ANY-ALLOW-10.4.89.9
+ destination {
+ group {
+ address-group DT_VPN-24592
+ }
+ }
+ source {
+ address 10.4.89.9
+ }
+ }
+ rule 3019 {
+ action accept
+ description VPN-24593-ANY-ALLOW-10.4.54.6
+ destination {
+ group {
+ address-group DT_VPN-24593
+ }
+ }
+ source {
+ address 10.4.54.6
+ }
+ }
+ rule 3020 {
+ action accept
+ description VPN-24593-ANY-ALLOW-10.4.55.6
+ destination {
+ group {
+ address-group DT_VPN-24593
+ }
+ }
+ source {
+ address 10.4.55.6
+ }
+ }
+ rule 3021 {
+ action accept
+ description VPN-24594-ANY-ALLOW-10.4.58.6
+ destination {
+ group {
+ address-group DT_VPN-24594
+ }
+ }
+ source {
+ address 10.4.58.6
+ }
+ }
+ rule 3022 {
+ action accept
+ description VPN-24594-ANY-ALLOW-10.4.59.6
+ destination {
+ group {
+ address-group DT_VPN-24594
+ }
+ }
+ source {
+ address 10.4.59.6
+ }
+ }
+ rule 3023 {
+ action accept
+ description VPN-24595-ANY-ALLOW-10.4.56.14
+ destination {
+ group {
+ address-group DT_VPN-24595
+ }
+ }
+ source {
+ address 10.4.56.14
+ }
+ }
+ rule 3024 {
+ action accept
+ description VPN-24595-ANY-ALLOW-10.4.57.14
+ destination {
+ group {
+ address-group DT_VPN-24595
+ }
+ }
+ source {
+ address 10.4.57.14
+ }
+ }
+ rule 3025 {
+ action accept
+ description VPN-32528-ANY-ALLOW-10.4.58.67
+ destination {
+ group {
+ address-group DT_VPN-32528
+ }
+ }
+ source {
+ address 10.4.58.67
+ }
+ }
+ rule 3026 {
+ action accept
+ description VPN-32528-ANY-ALLOW-10.4.59.67
+ destination {
+ group {
+ address-group DT_VPN-32528
+ }
+ }
+ source {
+ address 10.4.59.67
+ }
+ }
+ rule 3027 {
+ action accept
+ description FW6187E_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6187E_1
+ }
+ port 51195
+ }
+ protocol udp
+ }
+ rule 3028 {
+ action accept
+ description FW406AB_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW406AB_1
+ }
+ port 37013,25461,8881,8080,2095,2082,1992
+ }
+ protocol tcp_udp
+ }
+ rule 3029 {
+ action accept
+ description FWA86A4_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA86A4_1
+ }
+ port 30333,5666
+ }
+ protocol tcp
+ }
+ rule 3032 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.52
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.52
+ }
+ }
+ rule 3033 {
+ action accept
+ description FWC055A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC055A_1
+ }
+ port 2195
+ }
+ protocol tcp
+ }
+ rule 3035 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.81
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.81
+ }
+ }
+ rule 3039 {
+ action accept
+ description FW42BC7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW42BC7_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3040 {
+ action accept
+ description FW42BC7_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW42BC7_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 3041 {
+ action accept
+ description FW310C6_3-ANY-ALLOW-88.208.198.39
+ destination {
+ group {
+ address-group DT_FW310C6_3
+ }
+ }
+ source {
+ address 88.208.198.39
+ }
+ }
+ rule 3042 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.235
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.235
+ }
+ }
+ rule 3043 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.205
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.205
+ }
+ }
+ rule 3044 {
+ action accept
+ description FWBE878_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBE878_1
+ }
+ port 8989,5003,3000
+ }
+ protocol tcp_udp
+ }
+ rule 3045 {
+ action accept
+ description VPN-30679-ANY-ALLOW-10.4.58.195
+ destination {
+ group {
+ address-group DT_VPN-30679
+ }
+ }
+ source {
+ address 10.4.58.195
+ }
+ }
+ rule 3046 {
+ action accept
+ description FW6B9B9_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6B9B9_1
+ }
+ port 30006-65000,27017,7101,4200,2990-3009
+ }
+ protocol tcp
+ }
+ rule 3047 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.212
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.212
+ }
+ }
+ rule 3049 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.125.4
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.125.4
+ }
+ }
+ rule 3050 {
+ action accept
+ description FW49C3D_4-TCP-ALLOW-83.100.136.74
+ destination {
+ group {
+ address-group DT_FW49C3D_4
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 83.100.136.74
+ }
+ }
+ rule 3051 {
+ action accept
+ description FW49C3D_6-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FW49C3D_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 3053 {
+ action accept
+ description FW89619_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 3054 {
+ action accept
+ description FWBD9D0_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBD9D0_1
+ }
+ port 9090
+ }
+ protocol tcp
+ }
+ rule 3055 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.47.236
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.47.236
+ }
+ }
+ rule 3056 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.226
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.46.226
+ }
+ }
+ rule 3058 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.205
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.205
+ }
+ }
+ rule 3060 {
+ action accept
+ description FWF7B68_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF7B68_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 3061 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.253
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.253
+ }
+ }
+ rule 3063 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.0
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.0
+ }
+ }
+ rule 3065 {
+ action accept
+ description FW85619_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85619_1
+ }
+ port 6433
+ }
+ protocol tcp
+ }
+ rule 3066 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-188.66.79.94
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 8172,3389
+ }
+ protocol tcp
+ source {
+ address 188.66.79.94
+ }
+ }
+ rule 3067 {
+ action accept
+ description FWF30BD_1-TCP-ALLOW-81.133.80.114
+ destination {
+ group {
+ address-group DT_FWF30BD_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.133.80.114
+ }
+ }
+ rule 3068 {
+ action accept
+ description FWF30BD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF30BD_1
+ }
+ port 5061,5015,5001
+ }
+ protocol tcp
+ }
+ rule 3069 {
+ action accept
+ description FWBD9D0_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBD9D0_1
+ }
+ port 51820
+ }
+ protocol udp
+ }
+ rule 3070 {
+ action accept
+ description FW7C4D9_14-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW7C4D9_14
+ }
+ port 25565,2456-2458
+ }
+ protocol tcp_udp
+ }
+ rule 3071 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.23
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.23
+ }
+ }
+ rule 3072 {
+ action accept
+ description FWEEC75_1-TCP-ALLOW-81.96.100.32
+ destination {
+ group {
+ address-group DT_FWEEC75_1
+ }
+ port 8447
+ }
+ protocol tcp
+ source {
+ address 81.96.100.32
+ }
+ }
+ rule 3073 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-95.168.164.208
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.168.164.208
+ }
+ }
+ rule 3074 {
+ action accept
+ description VPN-19992-ANY-ALLOW-10.4.86.158
+ destination {
+ group {
+ address-group DT_VPN-19992
+ }
+ }
+ source {
+ address 10.4.86.158
+ }
+ }
+ rule 3075 {
+ action accept
+ description FWF30BD_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF30BD_1
+ }
+ port 5090,5060
+ }
+ protocol tcp_udp
+ }
+ rule 3076 {
+ action accept
+ description VPN-30679-ANY-ALLOW-10.4.59.195
+ destination {
+ group {
+ address-group DT_VPN-30679
+ }
+ }
+ source {
+ address 10.4.59.195
+ }
+ }
+ rule 3077 {
+ action accept
+ description FW930F3_3-ANY-ALLOW-77.68.112.254
+ destination {
+ group {
+ address-group DT_FW930F3_3
+ }
+ }
+ source {
+ address 77.68.112.254
+ }
+ }
+ rule 3078 {
+ action accept
+ description FW672AB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW672AB_1
+ }
+ port 5432
+ }
+ protocol tcp
+ }
+ rule 3079 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.252
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.252
+ }
+ }
+ rule 3080 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.86.192
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.86.192
+ }
+ }
+ rule 3081 {
+ action accept
+ description VPN-33204-ANY-ALLOW-10.4.56.176
+ destination {
+ group {
+ address-group DT_VPN-33204
+ }
+ }
+ source {
+ address 10.4.56.176
+ }
+ }
+ rule 3083 {
+ action accept
+ description FW1FA8E_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1FA8E_1
+ }
+ port 33434
+ }
+ protocol udp
+ }
+ rule 3084 {
+ action accept
+ description FWD2440_1-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2440_1
+ }
+ }
+ protocol esp
+ }
+ rule 3085 {
+ action accept
+ description FWA0531_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3090 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.70
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.70
+ }
+ }
+ rule 3091 {
+ action accept
+ description FWF7BFA_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF7BFA_1
+ }
+ port 8000,5901,5479,5478
+ }
+ protocol tcp
+ }
+ rule 3092 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.212
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.212
+ }
+ }
+ rule 3094 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.125
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.125
+ }
+ }
+ rule 3096 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.89
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.89
+ }
+ }
+ rule 3097 {
+ action accept
+ description FWD56A2_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD56A2_1
+ }
+ port 8001,8000
+ }
+ protocol tcp
+ }
+ rule 3098 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.109
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.109
+ }
+ }
+ rule 3099 {
+ action accept
+ description FW36425_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW36425_1
+ }
+ port 44445,7770-7800
+ }
+ protocol tcp
+ }
+ rule 3100 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.238
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.238
+ }
+ }
+ rule 3102 {
+ action accept
+ description FW6B39D_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6B39D_1
+ }
+ port 49216,49215
+ }
+ protocol tcp_udp
+ }
+ rule 3103 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.121
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.121
+ }
+ }
+ rule 3105 {
+ action accept
+ description FW2379F_14-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ port 443
+ }
+ protocol tcp_udp
+ }
+ rule 3107 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.38
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.38
+ }
+ }
+ rule 3109 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.191
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.191
+ }
+ }
+ rule 3111 {
+ action accept
+ description FW27947_1-TCP-ALLOW-213.229.100.148
+ destination {
+ group {
+ address-group DT_FW27947_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 213.229.100.148
+ }
+ }
+ rule 3112 {
+ action accept
+ description FWD42CF_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD42CF_1
+ }
+ port 5432,5001,5000
+ }
+ protocol tcp
+ }
+ rule 3114 {
+ action accept
+ description FW3A12F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3A12F_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3116 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-194.62.184.87
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 194.62.184.87
+ }
+ }
+ rule 3117 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-51.219.31.78
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 8172,3389
+ }
+ protocol tcp
+ source {
+ address 51.219.31.78
+ }
+ }
+ rule 3118 {
+ action accept
+ description VPN-26157-ANY-ALLOW-10.4.86.57
+ destination {
+ group {
+ address-group DT_VPN-26157
+ }
+ }
+ source {
+ address 10.4.86.57
+ }
+ }
+ rule 3119 {
+ action accept
+ description VPN-26157-ANY-ALLOW-10.4.87.57
+ destination {
+ group {
+ address-group DT_VPN-26157
+ }
+ }
+ source {
+ address 10.4.87.57
+ }
+ }
+ rule 3120 {
+ action accept
+ description FWA7625_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA7625_1
+ }
+ port 943
+ }
+ protocol tcp
+ }
+ rule 3121 {
+ action accept
+ description FWC96A1_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC96A1_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3122 {
+ action accept
+ description FWA7625_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA7625_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3123 {
+ action accept
+ description FWA7625_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA7625_1
+ }
+ port 32400,10108
+ }
+ protocol tcp_udp
+ }
+ rule 3125 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-185.173.161.154
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 185.173.161.154
+ }
+ }
+ rule 3127 {
+ action accept
+ description FW05339_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW05339_1
+ }
+ port 46961
+ }
+ protocol udp
+ }
+ rule 3130 {
+ action accept
+ description FWA0AA0_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0AA0_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3132 {
+ action accept
+ description FWD8DD1_2-TCP_UDP-ALLOW-77.153.164.226
+ destination {
+ group {
+ address-group DT_FWD8DD1_2
+ }
+ port 443,80
+ }
+ protocol tcp_udp
+ source {
+ address 77.153.164.226
+ }
+ }
+ rule 3134 {
+ action accept
+ description FW19987_4-TCP-ALLOW-87.224.6.174
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 87.224.6.174
+ }
+ }
+ rule 3135 {
+ action accept
+ description FW40AE4_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW40AE4_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3136 {
+ action accept
+ description VPN-33204-ANY-ALLOW-10.4.57.176
+ destination {
+ group {
+ address-group DT_VPN-33204
+ }
+ }
+ source {
+ address 10.4.57.176
+ }
+ }
+ rule 3137 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-86.132.125.4
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 2222
+ }
+ protocol tcp_udp
+ source {
+ address 86.132.125.4
+ }
+ }
+ rule 3138 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-91.205.173.51
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 2222
+ }
+ protocol tcp_udp
+ source {
+ address 91.205.173.51
+ }
+ }
+ rule 3143 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-109.149.121.73
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 109.149.121.73
+ }
+ }
+ rule 3144 {
+ action accept
+ description FWA0AA0_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0AA0_1
+ }
+ port 28083,28015-28016,1935
+ }
+ protocol tcp_udp
+ }
+ rule 3146 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-92.233.27.144
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 2222
+ }
+ protocol tcp_udp
+ source {
+ address 92.233.27.144
+ }
+ }
+ rule 3148 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-151.228.194.190
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 151.228.194.190
+ }
+ }
+ rule 3149 {
+ action accept
+ description FW9B6FB_1-ICMP-ALLOW-77.68.89.115_32
+ destination {
+ group {
+ address-group DT_FW9B6FB_1
+ }
+ }
+ protocol icmp
+ source {
+ address 77.68.89.115/32
+ }
+ }
+ rule 3153 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.199
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.199
+ }
+ }
+ rule 3155 {
+ action accept
+ description FW45F3D_1-ANY-ALLOW-195.224.110.168
+ destination {
+ group {
+ address-group DT_FW45F3D_1
+ }
+ }
+ source {
+ address 195.224.110.168
+ }
+ }
+ rule 3156 {
+ action accept
+ description FWF8E67_1-TCP-ALLOW-82.14.188.35
+ destination {
+ group {
+ address-group DT_FWF8E67_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 82.14.188.35
+ }
+ }
+ rule 3157 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.58
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.58
+ }
+ }
+ rule 3158 {
+ action accept
+ description VPN-19992-ANY-ALLOW-10.4.87.158
+ destination {
+ group {
+ address-group DT_VPN-19992
+ }
+ }
+ source {
+ address 10.4.87.158
+ }
+ }
+ rule 3159 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-5.66.24.185
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 5.66.24.185
+ }
+ }
+ rule 3160 {
+ action accept
+ description FWF8E67_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF8E67_1
+ }
+ port 3001
+ }
+ protocol tcp
+ }
+ rule 3161 {
+ action accept
+ description FWD2440_1-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2440_1
+ }
+ }
+ protocol ah
+ }
+ rule 3166 {
+ action accept
+ description FW3EBC8_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3EBC8_1
+ }
+ port 9001-9900,9000
+ }
+ protocol tcp
+ }
+ rule 3167 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.244
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.244
+ }
+ }
+ rule 3168 {
+ action accept
+ description FWA0531_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 3000
+ }
+ protocol tcp
+ }
+ rule 3170 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.137
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.137
+ }
+ }
+ rule 3173 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.104
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.104
+ }
+ }
+ rule 3176 {
+ action accept
+ description FW6906B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6906B_1
+ }
+ port 4190
+ }
+ protocol tcp
+ }
+ rule 3177 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.230
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.246.230
+ }
+ }
+ rule 3178 {
+ action accept
+ description FW444AF_1-TCP-ALLOW-91.135.10.140
+ destination {
+ group {
+ address-group DT_FW444AF_1
+ }
+ port 27017
+ }
+ protocol tcp
+ source {
+ address 91.135.10.140
+ }
+ }
+ rule 3180 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-81.150.13.34
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 81.150.13.34
+ }
+ }
+ rule 3181 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-82.10.14.73
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 82.10.14.73
+ }
+ }
+ rule 3183 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.25
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.25
+ }
+ }
+ rule 3184 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.224
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.224
+ }
+ }
+ rule 3185 {
+ action accept
+ description FW9B6FB_1-TCP-ALLOW-77.68.89.115_32
+ destination {
+ group {
+ address-group DT_FW9B6FB_1
+ }
+ port 10050
+ }
+ protocol tcp
+ source {
+ address 77.68.89.115/32
+ }
+ }
+ rule 3186 {
+ action accept
+ description VPN-14673-ANY-ALLOW-10.4.89.44
+ destination {
+ group {
+ address-group DT_VPN-14673
+ }
+ }
+ source {
+ address 10.4.89.44
+ }
+ }
+ rule 3187 {
+ action accept
+ description FWCA628_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCA628_1
+ }
+ port 2096,2095,2087,2086,2083,2082
+ }
+ protocol tcp
+ }
+ rule 3189 {
+ action accept
+ description VPN-28484-ANY-ALLOW-10.4.58.159
+ destination {
+ group {
+ address-group DT_VPN-28484
+ }
+ }
+ source {
+ address 10.4.58.159
+ }
+ }
+ rule 3190 {
+ action accept
+ description FW028C0_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW028C0_2
+ }
+ port 44491-44498,44474
+ }
+ protocol tcp
+ }
+ rule 3191 {
+ action accept
+ description VPN-28484-ANY-ALLOW-10.4.59.159
+ destination {
+ group {
+ address-group DT_VPN-28484
+ }
+ }
+ source {
+ address 10.4.59.159
+ }
+ }
+ rule 3192 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.119
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.119
+ }
+ }
+ rule 3194 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-195.74.108.130
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 195.74.108.130
+ }
+ }
+ rule 3195 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-31.54.149.143
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 31.54.149.143
+ }
+ }
+ rule 3196 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-35.204.243.120
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 35.204.243.120
+ }
+ }
+ rule 3197 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-81.150.55.65
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.150.55.65
+ }
+ }
+ rule 3198 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-81.150.55.70
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.150.55.70
+ }
+ }
+ rule 3199 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-86.142.112.4
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 86.142.112.4
+ }
+ }
+ rule 3200 {
+ action accept
+ description FWF699D_4-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 8983
+ }
+ protocol tcp_udp
+ }
+ rule 3201 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 11009,10009
+ }
+ protocol tcp
+ }
+ rule 3202 {
+ action accept
+ description VPN-2661-ANY-ALLOW-10.4.54.24
+ destination {
+ group {
+ address-group DT_VPN-2661
+ }
+ }
+ source {
+ address 10.4.54.24
+ }
+ }
+ rule 3203 {
+ action accept
+ description VPN-2661-ANY-ALLOW-10.4.55.24
+ destination {
+ group {
+ address-group DT_VPN-2661
+ }
+ }
+ source {
+ address 10.4.55.24
+ }
+ }
+ rule 3204 {
+ action accept
+ description VPN-9727-ANY-ALLOW-10.4.54.118
+ destination {
+ group {
+ address-group DT_VPN-9727
+ }
+ }
+ source {
+ address 10.4.54.118
+ }
+ }
+ rule 3205 {
+ action accept
+ description VPN-9727-ANY-ALLOW-10.4.55.119
+ destination {
+ group {
+ address-group DT_VPN-9727
+ }
+ }
+ source {
+ address 10.4.55.119
+ }
+ }
+ rule 3207 {
+ action accept
+ description FWF0221_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF0221_1
+ }
+ port 65000,8099,8080
+ }
+ protocol tcp_udp
+ }
+ rule 3208 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.180
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.180
+ }
+ }
+ rule 3209 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-82.5.189.5
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 82.5.189.5
+ }
+ }
+ rule 3210 {
+ action accept
+ description FW60FD6_5-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW60FD6_5
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3211 {
+ action accept
+ description FW60FD6_5-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW60FD6_5
+ }
+ port 9500,9191,9090,8090,2222
+ }
+ protocol tcp
+ }
+ rule 3212 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-84.65.217.114
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 84.65.217.114
+ }
+ }
+ rule 3213 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.43.21
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.43.21
+ }
+ }
+ rule 3214 {
+ action accept
+ description FW45F3D_1-ANY-ALLOW-77.68.126.251
+ destination {
+ group {
+ address-group DT_FW45F3D_1
+ }
+ }
+ source {
+ address 77.68.126.251
+ }
+ }
+ rule 3215 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-86.14.23.23
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 86.14.23.23
+ }
+ }
+ rule 3217 {
+ action accept
+ description FW85E02_11-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85E02_11
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 3218 {
+ action accept
+ description FW5D0FA_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5D0FA_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3222 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.141
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.141
+ }
+ }
+ rule 3223 {
+ action accept
+ description FWCDD8B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCDD8B_1
+ }
+ port 2222
+ }
+ protocol tcp
+ }
+ rule 3224 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.185
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.185
+ }
+ }
+ rule 3225 {
+ action accept
+ description FW06940_3-TCP_UDP-ALLOW-213.171.210.153
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ source {
+ address 213.171.210.153
+ }
+ }
+ rule 3226 {
+ action accept
+ description FW06940_3-TCP_UDP-ALLOW-70.29.113.102
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ source {
+ address 70.29.113.102
+ }
+ }
+ rule 3227 {
+ action accept
+ description FWC32BE_1-ANY-ALLOW-3.127.0.177
+ destination {
+ group {
+ address-group DT_FWC32BE_1
+ }
+ }
+ source {
+ address 3.127.0.177
+ }
+ }
+ rule 3228 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-93.115.195.58
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 93.115.195.58
+ }
+ }
+ rule 3229 {
+ action accept
+ description FWE32F2_8-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE32F2_8
+ }
+ port 40120,30120,30110
+ }
+ protocol tcp
+ }
+ rule 3230 {
+ action accept
+ description VPN-28515-ANY-ALLOW-10.4.56.162
+ destination {
+ group {
+ address-group DT_VPN-28515
+ }
+ }
+ source {
+ address 10.4.56.162
+ }
+ }
+ rule 3231 {
+ action accept
+ description FW06940_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 30000-30400,8443-8447,445,80-110,21-25
+ }
+ protocol tcp
+ }
+ rule 3232 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.134
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.134
+ }
+ }
+ rule 3236 {
+ action accept
+ description VPN-28515-ANY-ALLOW-10.4.57.162
+ destination {
+ group {
+ address-group DT_VPN-28515
+ }
+ }
+ source {
+ address 10.4.57.162
+ }
+ }
+ rule 3237 {
+ action accept
+ description FWF4063_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF4063_1
+ }
+ port 3000
+ }
+ protocol tcp
+ }
+ rule 3240 {
+ action accept
+ description FW06940_3-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 49152-65535,6379,5666,5432-5454
+ }
+ protocol tcp_udp
+ }
+ rule 3242 {
+ action accept
+ description FW2E8D4_1-TCP-ALLOW-63.35.92.185
+ destination {
+ group {
+ address-group DT_FW2E8D4_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 63.35.92.185
+ }
+ }
+ rule 3244 {
+ action accept
+ description FWF30BD_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF30BD_1
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 3245 {
+ action accept
+ description FWE30A1_4-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE30A1_4
+ }
+ port 65057
+ }
+ protocol tcp_udp
+ }
+ rule 3246 {
+ action accept
+ description VPN-26772-ANY-ALLOW-10.4.54.123
+ destination {
+ group {
+ address-group DT_VPN-26772
+ }
+ }
+ source {
+ address 10.4.54.123
+ }
+ }
+ rule 3249 {
+ action accept
+ description FW56496_1-ANY-ALLOW-77.68.82.49
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ }
+ source {
+ address 77.68.82.49
+ }
+ }
+ rule 3251 {
+ action accept
+ description FWDA443_6-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDA443_6
+ }
+ port 30175,12050
+ }
+ protocol tcp
+ }
+ rule 3253 {
+ action accept
+ description FW5A521_3-TCP-ALLOW-88.98.75.17
+ destination {
+ group {
+ address-group DT_FW5A521_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 88.98.75.17
+ }
+ }
+ rule 3254 {
+ action accept
+ description FW5A521_3-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5A521_3
+ }
+ port 161-162
+ }
+ protocol udp
+ }
+ rule 3255 {
+ action accept
+ description FW5A521_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5A521_3
+ }
+ port 5900
+ }
+ protocol tcp
+ }
+ rule 3259 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.178
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.178
+ }
+ }
+ rule 3260 {
+ action accept
+ description VPN-26772-ANY-ALLOW-10.4.55.124
+ destination {
+ group {
+ address-group DT_VPN-26772
+ }
+ }
+ source {
+ address 10.4.55.124
+ }
+ }
+ rule 3262 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.114
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.114
+ }
+ }
+ rule 3272 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.30
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.246.30
+ }
+ }
+ rule 3273 {
+ action accept
+ description FW2B4BA_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2B4BA_1
+ }
+ port 30000-31000
+ }
+ protocol tcp
+ }
+ rule 3284 {
+ action accept
+ description FW06940_3-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 3285 {
+ action accept
+ description FW0952B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0952B_1
+ }
+ port 9030,9001
+ }
+ protocol tcp
+ }
+ rule 3286 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.85.35
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.85.35
+ }
+ }
+ rule 3290 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.232
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.232
+ }
+ }
+ rule 3294 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.21
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.21
+ }
+ }
+ rule 3295 {
+ action accept
+ description FW0EA3F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0EA3F_1
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ }
+ rule 3296 {
+ action accept
+ description FW9D5C7_1-TCP-ALLOW-209.97.176.108
+ destination {
+ group {
+ address-group DT_FW9D5C7_1
+ }
+ port 8447,8443,22
+ }
+ protocol tcp
+ source {
+ address 209.97.176.108
+ }
+ }
+ rule 3297 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.188
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.188
+ }
+ }
+ rule 3298 {
+ action accept
+ description FW9D5C7_1-TCP-ALLOW-165.227.231.227
+ destination {
+ group {
+ address-group DT_FW9D5C7_1
+ }
+ port 9117,9113,9104,9100
+ }
+ protocol tcp
+ source {
+ address 165.227.231.227
+ }
+ }
+ rule 3299 {
+ action accept
+ description FW4DB0A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4DB0A_1
+ }
+ port 953
+ }
+ protocol tcp
+ }
+ rule 3300 {
+ action accept
+ description FW4DB0A_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4DB0A_1
+ }
+ port 953
+ }
+ protocol udp
+ }
+ rule 3301 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.91
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.91
+ }
+ }
+ rule 3303 {
+ action accept
+ description FW56496_1-TCP-ALLOW-176.255.93.149
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 176.255.93.149
+ }
+ }
+ rule 3304 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.79
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.79
+ }
+ }
+ rule 3305 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.43
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.43
+ }
+ }
+ rule 3306 {
+ action accept
+ description FW310C6_3-ANY-ALLOW-88.208.198.40
+ destination {
+ group {
+ address-group DT_FW310C6_3
+ }
+ }
+ source {
+ address 88.208.198.40
+ }
+ }
+ rule 3307 {
+ action accept
+ description FW597A6_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW597A6_1
+ }
+ port 49152-65535,990
+ }
+ protocol tcp
+ }
+ rule 3308 {
+ action accept
+ description FW597A6_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW597A6_1
+ }
+ port 3306
+ }
+ protocol tcp_udp
+ }
+ rule 3309 {
+ action accept
+ description FWBC280_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBC280_1
+ }
+ port 49152-65535,20-21
+ }
+ protocol tcp
+ }
+ rule 3310 {
+ action accept
+ description VPN-31301-ANY-ALLOW-10.4.87.223
+ destination {
+ group {
+ address-group DT_VPN-31301
+ }
+ }
+ source {
+ address 10.4.87.223
+ }
+ }
+ rule 3311 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-148.253.173.243
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 148.253.173.243
+ }
+ }
+ rule 3312 {
+ action accept
+ description FW9EEDD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW9EEDD_1
+ }
+ port 990,197,20-23
+ }
+ protocol tcp
+ }
+ rule 3313 {
+ action accept
+ description FW9EEDD_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW9EEDD_1
+ }
+ port 49152-65535
+ }
+ protocol tcp_udp
+ }
+ rule 3314 {
+ action accept
+ description VPN-31002-ANY-ALLOW-10.4.89.126
+ destination {
+ group {
+ address-group DT_VPN-31002
+ }
+ }
+ source {
+ address 10.4.89.126
+ }
+ }
+ rule 3316 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.11
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.11
+ }
+ }
+ rule 3317 {
+ action accept
+ description FW32EFF_49-TCP-ALLOW-195.59.191.128_25
+ destination {
+ group {
+ address-group DT_FW32EFF_49
+ }
+ port 5589
+ }
+ protocol tcp
+ source {
+ address 195.59.191.128/25
+ }
+ }
+ rule 3318 {
+ action accept
+ description FW32EFF_49-TCP-ALLOW-213.71.130.0_26
+ destination {
+ group {
+ address-group DT_FW32EFF_49
+ }
+ port 5589
+ }
+ protocol tcp
+ source {
+ address 213.71.130.0/26
+ }
+ }
+ rule 3319 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.88
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.88
+ }
+ }
+ rule 3320 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.173
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.173
+ }
+ }
+ rule 3321 {
+ action accept
+ description FW32EFF_49-TCP-ALLOW-84.19.45.82
+ destination {
+ group {
+ address-group DT_FW32EFF_49
+ }
+ port 5589
+ }
+ protocol tcp
+ source {
+ address 84.19.45.82
+ }
+ }
+ rule 3322 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.43.122
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.43.122
+ }
+ }
+ rule 3323 {
+ action accept
+ description FWC1ACD_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC1ACD_1
+ }
+ port 28061,28060,8080
+ }
+ protocol tcp_udp
+ }
+ rule 3324 {
+ action accept
+ description FWA5D67_1-TCP_UDP-ALLOW-84.74.32.74
+ destination {
+ group {
+ address-group DT_FWA5D67_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 84.74.32.74
+ }
+ }
+ rule 3325 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.169
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.169
+ }
+ }
+ rule 3326 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.89
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.89
+ }
+ }
+ rule 3329 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.35
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.35
+ }
+ }
+ rule 3330 {
+ action accept
+ description FWCE020_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCE020_1
+ }
+ port 48402
+ }
+ protocol udp
+ }
+ rule 3333 {
+ action accept
+ description FWF3574_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF3574_1
+ }
+ port 8060,445,139
+ }
+ protocol tcp
+ }
+ rule 3334 {
+ action accept
+ description FWE6AB2_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE6AB2_1
+ }
+ port 44158,945,943
+ }
+ protocol tcp
+ }
+ rule 3335 {
+ action accept
+ description FWBFC02_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBFC02_1
+ }
+ port 44158,945,943
+ }
+ protocol tcp
+ }
+ rule 3336 {
+ action accept
+ description FWBFC02_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBFC02_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3337 {
+ action accept
+ description FWE6AB2_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE6AB2_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3338 {
+ action accept
+ description FWBC8A6_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBC8A6_1
+ }
+ port 44158,945,943
+ }
+ protocol tcp
+ }
+ rule 3339 {
+ action accept
+ description FWBC8A6_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBC8A6_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3340 {
+ action accept
+ description FWA0AA0_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0AA0_1
+ }
+ port 2302
+ }
+ protocol tcp
+ }
+ rule 3342 {
+ action accept
+ description FW56496_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 22
+ }
+ protocol tcp_udp
+ }
+ rule 3343 {
+ action accept
+ description FW56496_1-TCP-ALLOW-157.231.178.162
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 157.231.178.162
+ }
+ }
+ rule 3344 {
+ action accept
+ description FW56496_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 2443,1022
+ }
+ protocol tcp
+ }
+ rule 3345 {
+ action accept
+ description FW56496_1-TCP_UDP-ALLOW-46.16.211.142
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 3389,21
+ }
+ protocol tcp_udp
+ source {
+ address 46.16.211.142
+ }
+ }
+ rule 3347 {
+ action accept
+ description FW2379F_14-GRE-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ }
+ protocol gre
+ }
+ rule 3348 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 52000
+ }
+ protocol tcp
+ }
+ rule 3350 {
+ action accept
+ description FWB4438_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB4438_2
+ }
+ port 993-995,7
+ }
+ protocol tcp
+ }
+ rule 3351 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-82.165.207.109
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 82.165.207.109
+ }
+ }
+ rule 3352 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.77
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.77
+ }
+ }
+ rule 3358 {
+ action accept
+ description FW46F4A_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW46F4A_1
+ }
+ port 51820
+ }
+ protocol udp
+ }
+ rule 3359 {
+ action accept
+ description FW53C72_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW53C72_1
+ }
+ port 48402
+ }
+ protocol udp
+ }
+ rule 3360 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.251
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.251
+ }
+ }
+ rule 3362 {
+ action accept
+ description FWAA38E_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAA38E_1
+ }
+ port 1001-65535
+ }
+ protocol tcp_udp
+ }
+ rule 3363 {
+ action accept
+ description FW138F8_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW138F8_1
+ }
+ port 21,20
+ }
+ protocol tcp_udp
+ }
+ rule 3364 {
+ action accept
+ description FW0BD92_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BD92_3
+ }
+ port 18081,18080
+ }
+ protocol tcp
+ }
+ rule 3365 {
+ action accept
+ description FWFEF05_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFEF05_1
+ }
+ port 1935
+ }
+ protocol tcp_udp
+ }
+ rule 3367 {
+ action accept
+ description FW26846_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW26846_1
+ }
+ port 8000
+ }
+ protocol tcp
+ }
+ rule 3368 {
+ action accept
+ description FWB4438_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB4438_2
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3369 {
+ action accept
+ description FWA884B_5-TCP-ALLOW-51.146.16.162
+ destination {
+ group {
+ address-group DT_FWA884B_5
+ }
+ port 8447,8443,22
+ }
+ protocol tcp
+ source {
+ address 51.146.16.162
+ }
+ }
+ rule 3370 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.22
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.22
+ }
+ }
+ rule 3371 {
+ action accept
+ description FWFDE34_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFDE34_1
+ }
+ port 18081,18080
+ }
+ protocol tcp
+ }
+ rule 3373 {
+ action accept
+ description FWB6101_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB6101_1
+ }
+ port 2280
+ }
+ protocol tcp
+ }
+ rule 3377 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.203
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.84.203
+ }
+ }
+ rule 3378 {
+ action accept
+ description FW1D511_2-TCP-ALLOW-92.29.46.47
+ destination {
+ group {
+ address-group DT_FW1D511_2
+ }
+ port 9090
+ }
+ protocol tcp
+ source {
+ address 92.29.46.47
+ }
+ }
+ rule 3386 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.175
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.175
+ }
+ }
+ rule 3387 {
+ action accept
+ description FW1ACD9_2-TCP-ALLOW-89.197.148.38
+ destination {
+ group {
+ address-group DT_FW1ACD9_2
+ }
+ port 5015,22
+ }
+ protocol tcp
+ source {
+ address 89.197.148.38
+ }
+ }
+ rule 3388 {
+ action accept
+ description FW1ACD9_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1ACD9_2
+ }
+ port 9000-10999,5090,5060
+ }
+ protocol udp
+ }
+ rule 3389 {
+ action accept
+ description FW1ACD9_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1ACD9_2
+ }
+ port 5090,5060-5062
+ }
+ protocol tcp
+ }
+ rule 3391 {
+ action accept
+ description FWA0B7F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0B7F_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3392 {
+ action accept
+ description FW56335_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW56335_2
+ }
+ port 18081,18080
+ }
+ protocol tcp
+ }
+ rule 3395 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.90
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.90
+ }
+ }
+ rule 3396 {
+ action accept
+ description FW4D3E6_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4D3E6_1
+ }
+ port 18081,18080
+ }
+ protocol tcp
+ }
+ rule 3397 {
+ action accept
+ description FWB118A_1-TCP-ALLOW-188.65.177.58
+ destination {
+ group {
+ address-group DT_FWB118A_1
+ }
+ port 49152-65534,8447,8443,22,21,20
+ }
+ protocol tcp
+ source {
+ address 188.65.177.58
+ }
+ }
+ rule 3398 {
+ action accept
+ description FWB118A_1-TCP-ALLOW-77.68.103.13
+ destination {
+ group {
+ address-group DT_FWB118A_1
+ }
+ port 49152-65534,8447,8443,22,21,20
+ }
+ protocol tcp
+ source {
+ address 77.68.103.13
+ }
+ }
+ rule 3399 {
+ action accept
+ description FWB118A_1-TCP-ALLOW-80.5.71.130
+ destination {
+ group {
+ address-group DT_FWB118A_1
+ }
+ port 49152-65534,8447,8443,22,21,20
+ }
+ protocol tcp
+ source {
+ address 80.5.71.130
+ }
+ }
+ rule 3402 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.205
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.205
+ }
+ }
+ rule 3408 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.31
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.31
+ }
+ }
+ rule 3409 {
+ action accept
+ description FW539FB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW539FB_1
+ }
+ port 389
+ }
+ protocol tcp
+ }
+ rule 3411 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.185
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.185
+ }
+ }
+ rule 3415 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.245.124
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.245.124
+ }
+ }
+ rule 3416 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.75
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.75
+ }
+ }
+ rule 3417 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.34
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.34
+ }
+ }
+ rule 3418 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 3419 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.92.33
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.92.33
+ }
+ }
+ rule 3420 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.93.82
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.93.82
+ }
+ }
+ rule 3421 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-88.208.198.93
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 88.208.198.93
+ }
+ }
+ rule 3422 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.94
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.94
+ }
+ }
+ rule 3424 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-148.253.173.244
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 148.253.173.244
+ }
+ }
+ rule 3425 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-148.253.173.246
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 148.253.173.246
+ }
+ }
+ rule 3426 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-195.97.222.122
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 195.97.222.122
+ }
+ }
+ rule 3431 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.111
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.111
+ }
+ }
+ rule 3432 {
+ action accept
+ description FW06940_3-TCP_UDP-ALLOW-74.208.41.119
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ source {
+ address 74.208.41.119
+ }
+ }
+ rule 3438 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.252
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.252
+ }
+ }
+ rule 3440 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.118
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.118
+ }
+ }
+ rule 3442 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.15
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.15
+ }
+ }
+ rule 3446 {
+ action accept
+ description FWC32BE_1-ANY-ALLOW-3.65.3.75
+ destination {
+ group {
+ address-group DT_FWC32BE_1
+ }
+ }
+ source {
+ address 3.65.3.75
+ }
+ }
+ rule 3447 {
+ action accept
+ description FWC32BE_1-TCP-ALLOW-217.155.2.52
+ destination {
+ group {
+ address-group DT_FWC32BE_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 217.155.2.52
+ }
+ }
+ rule 3448 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.243
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.243
+ }
+ }
+ rule 3449 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.117
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.117
+ }
+ }
+ rule 3450 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.4
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.4
+ }
+ }
+ rule 3452 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.177
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.177
+ }
+ }
+ rule 3454 {
+ action accept
+ description FWD498E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD498E_1
+ }
+ port 44158
+ }
+ protocol tcp
+ }
+ rule 3455 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.147
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.147
+ }
+ }
+ rule 8500 {
+ action drop
+ description "Deny traffic to any private address"
+ destination {
+ group {
+ network-group RFC1918
+ }
+ }
+ source {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ }
+ rule 8510 {
+ action accept
+ description "Default allow rule"
+ destination {
+ group {
+ address-group !CLUSTER_ADDRESSES
+ }
+ }
+ source {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ }
+ }
+ name LOCAL-LAN {
+ default-action drop
+ rule 2 {
+ action accept
+ destination {
+ address 10.255.255.1
+ }
+ protocol icmp
+ source {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ }
+ rule 4 {
+ action accept
+ destination {
+ group {
+ address-group LAN_ADDRESSES
+ }
+ }
+ source {
+ group {
+ address-group LAN_ADDRESSES
+ }
+ }
+ }
+ rule 10 {
+ action accept
+ description "Multicast para VRRP"
+ destination {
+ address 224.0.0.18
+ }
+ source {
+ group {
+ address-group LAN_ADDRESSES
+ }
+ }
+ }
+ }
+ name LOCAL-SYNC {
+ default-action drop
+ rule 5 {
+ action accept
+ description "Permitir trafico sync entre nodos"
+ destination {
+ address 10.4.51.132/30
+ }
+ source {
+ address 10.4.51.132/30
+ }
+ }
+ }
+ name LOCAL-WAN {
+ default-action drop
+ description "External connections from VLAN2701 to this system"
+ rule 10 {
+ action accept
+ description "Allow intra-vlan connections"
+ destination {
+ address 109.228.63.128/25
+ }
+ source {
+ address 109.228.63.128/25
+ }
+ }
+ rule 20 {
+ action accept
+ description "Allow Arsys desktops to contact this system"
+ source {
+ group {
+ address-group MANAGEMENT_ADDRESSES
+ }
+ }
+ }
+ }
+ name WAN-INBOUND {
+ default-action drop
+ rule 10 {
+ action accept
+ description "Management from HN-ES"
+ source {
+ group {
+ address-group MANAGEMENT_ADDRESSES
+ }
+ }
+ }
+ rule 20 {
+ action accept
+ description "Connections from Load Balancer to Frontends - TCP Proxy"
+ destination {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ source {
+ group {
+ address-group NLB_ADDRESSES
+ }
+ }
+ }
+ rule 30 {
+ action accept
+ description "Allow external probes"
+ destination {
+ group {
+ address-group NAGIOS_PROBES
+ }
+ }
+ protocol icmp
+ }
+ rule 40 {
+ action accept
+ description "Allow Centreon servers traffic to VMs"
+ destination {
+ group {
+ address-group CLUSTER_ADDRESSES
+ }
+ }
+ source {
+ group {
+ address-group CENTREON_SERVERS
+ }
+ }
+ }
+ rule 50 {
+ action accept
+ description "Allow CMK to check dnscache servers - TCP"
+ destination {
+ group {
+ address-group DNSCACHE_SERVERS
+ }
+ port 22,53,6556
+ }
+ protocol tcp
+ source {
+ group {
+ address-group CMK_SATELLITES
+ }
+ }
+ }
+ rule 65 {
+ action accept
+ description "Allow CMK to check dnscache servers - UDP"
+ destination {
+ group {
+ address-group DNSCACHE_SERVERS
+ }
+ port 53
+ }
+ protocol udp
+ source {
+ group {
+ address-group CMK_SATELLITES
+ }
+ }
+ }
+ rule 70 {
+ action accept
+ description "Allow CMK to check dnscache servers - ICMP"
+ destination {
+ group {
+ address-group DNSCACHE_SERVERS
+ }
+ }
+ protocol icmp
+ source {
+ group {
+ address-group CMK_SATELLITES
+ }
+ }
+ }
+ rule 80 {
+ action accept
+ description "Allow CMK to check monitoring sensors - TCP"
+ destination {
+ group {
+ address-group NAGIOS_PROBES
+ }
+ port 6556
+ }
+ protocol tcp
+ source {
+ group {
+ address-group CMK_SATELLITES
+ }
+ }
+ }
+ rule 90 {
+ action accept
+ description "Allow CMK to check monitoring sensors - ICMP"
+ destination {
+ group {
+ address-group NAGIOS_PROBES
+ }
+ }
+ protocol icmp
+ source {
+ group {
+ address-group CMK_SATELLITES
+ }
+ }
+ }
+ rule 2000 {
+ action accept
+ description "TOP port - SSH"
+ destination {
+ group {
+ address-group G-22-TCP
+ }
+ port ssh
+ }
+ protocol tcp
+ }
+ rule 2001 {
+ action accept
+ description "TOP port - RDESKTOP"
+ destination {
+ group {
+ address-group G-3389-TCP
+ }
+ port 3389
+ }
+ protocol tcp
+ }
+ rule 2002 {
+ action accept
+ description "TOP port - HTTP"
+ destination {
+ group {
+ address-group G-80-TCP
+ }
+ port http
+ }
+ protocol tcp
+ }
+ rule 2003 {
+ action accept
+ description "TOP port - HTTPS"
+ destination {
+ group {
+ address-group G-443-TCP
+ }
+ port https
+ }
+ protocol tcp
+ }
+ rule 2004 {
+ action accept
+ description "TOP port - DOMAIN TCP"
+ destination {
+ group {
+ address-group G-53-TCP
+ }
+ port domain
+ }
+ protocol tcp
+ }
+ rule 2005 {
+ action accept
+ description "TOP port - DOMAIN UDP"
+ destination {
+ group {
+ address-group G-53-UDP
+ }
+ port domain
+ }
+ protocol udp
+ }
+ rule 2006 {
+ action accept
+ description "TOP port - SMTP"
+ destination {
+ group {
+ address-group G-25-TCP
+ }
+ port smtp
+ }
+ protocol tcp
+ }
+ rule 2007 {
+ action accept
+ description "TOP port - IMAP"
+ destination {
+ group {
+ address-group G-143-TCP
+ }
+ port imap2
+ }
+ protocol tcp
+ }
+ rule 2008 {
+ action accept
+ description "TOP port - POP3"
+ destination {
+ group {
+ address-group G-110-TCP
+ }
+ port pop3
+ }
+ protocol tcp
+ }
+ rule 2009 {
+ action accept
+ description "TOP port - MSSQL TCP"
+ destination {
+ group {
+ address-group G-1433-TCP
+ }
+ port ms-sql-s
+ }
+ protocol tcp
+ }
+ rule 2010 {
+ action accept
+ description "TOP port - MYSQL TCP"
+ destination {
+ group {
+ address-group G-3306-TCP
+ }
+ port mysql
+ }
+ protocol tcp
+ }
+ rule 2011 {
+ action accept
+ description "TOP port - FTPDATA"
+ destination {
+ group {
+ address-group G-20-TCP
+ }
+ port ftp-data
+ }
+ protocol tcp
+ }
+ rule 2012 {
+ action accept
+ description "TOP port - FTP"
+ destination {
+ group {
+ address-group G-21-TCP
+ }
+ port ftp
+ }
+ protocol tcp
+ }
+ rule 2013 {
+ action accept
+ description "TOP port - SSMTP"
+ destination {
+ group {
+ address-group G-465-TCP
+ }
+ port ssmtp
+ }
+ protocol tcp
+ }
+ rule 2014 {
+ action accept
+ description "TOP port - SMTPS"
+ destination {
+ group {
+ address-group G-587-TCP
+ }
+ port 587
+ }
+ protocol tcp
+ }
+ rule 2015 {
+ action accept
+ description "TOP port - IMAPS"
+ destination {
+ group {
+ address-group G-993-TCP
+ }
+ port imaps
+ }
+ protocol tcp
+ }
+ rule 2016 {
+ action accept
+ description "TOP port - POP3S"
+ destination {
+ group {
+ address-group G-995-TCP
+ }
+ port pop3s
+ }
+ protocol tcp
+ }
+ rule 2017 {
+ action accept
+ description "TOP port - TOMCAT"
+ destination {
+ group {
+ address-group G-8080-TCP
+ }
+ port 8080
+ }
+ protocol tcp
+ }
+ rule 2018 {
+ action accept
+ description "TOP port - Alternative HTTPS"
+ destination {
+ group {
+ address-group G-8443-TCP
+ }
+ port 8443
+ }
+ protocol tcp
+ }
+ rule 2019 {
+ action accept
+ description "TOP port - 10000/TCP"
+ destination {
+ group {
+ address-group G-10000-TCP
+ }
+ port 10000
+ }
+ protocol tcp
+ }
+ rule 2020 {
+ action accept
+ description "TOP port - 8447/TCP"
+ destination {
+ group {
+ address-group G-8447-TCP
+ }
+ port 8447
+ }
+ protocol tcp
+ }
+ rule 2040 {
+ action accept
+ description "TOP port - All ports open"
+ destination {
+ group {
+ address-group G-ALL_OPEN
+ }
+ }
+ }
+ rule 2050 {
+ action accept
+ description "ICMP group"
+ destination {
+ group {
+ address-group G-ICMP
+ }
+ }
+ protocol icmp
+ }
+ rule 2100 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-104.192.143.2
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 7999,22
+ }
+ protocol tcp
+ source {
+ address 104.192.143.2
+ }
+ }
+ rule 2101 {
+ action accept
+ description FW19987_4-TCP-ALLOW-77.68.74.54
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.74.54
+ }
+ }
+ rule 2102 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-109.72.210.46
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 109.72.210.46
+ }
+ }
+ rule 2103 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 2104 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-164.177.156.192
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 164.177.156.192
+ }
+ }
+ rule 2105 {
+ action accept
+ description FWDAA4F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDAA4F_1
+ }
+ port 22335
+ }
+ protocol tcp
+ }
+ rule 2106 {
+ action accept
+ description FW6D0CD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6D0CD_1
+ }
+ port 6900,7000
+ }
+ protocol tcp
+ }
+ rule 2107 {
+ action accept
+ description FW6D0CD_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6D0CD_1
+ }
+ port 9001
+ }
+ protocol tcp_udp
+ }
+ rule 2108 {
+ action accept
+ description FW06176_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW06176_1
+ }
+ port 5900
+ }
+ protocol tcp
+ }
+ rule 2109 {
+ action accept
+ description FW19987_4-TCP-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 2110 {
+ action accept
+ description FWF7B68_1-TCP-ALLOW-54.221.251.224
+ destination {
+ group {
+ address-group DT_FWF7B68_1
+ }
+ port 8443,3306,22,21,20
+ }
+ protocol tcp
+ source {
+ address 54.221.251.224
+ }
+ }
+ rule 2111 {
+ action accept
+ description FW05AD0_2-TCP-ALLOW-178.251.181.41
+ destination {
+ group {
+ address-group DT_FW05AD0_2
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 178.251.181.41
+ }
+ }
+ rule 2112 {
+ action accept
+ description FW05AD0_2-TCP-ALLOW-178.251.181.6
+ destination {
+ group {
+ address-group DT_FW05AD0_2
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 178.251.181.6
+ }
+ }
+ rule 2113 {
+ action accept
+ description VPN-7030-ANY-ALLOW-10.4.58.119
+ destination {
+ group {
+ address-group DT_VPN-7030
+ }
+ }
+ source {
+ address 10.4.58.119
+ }
+ }
+ rule 2114 {
+ action accept
+ description FW58C69_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW58C69_4
+ }
+ port 5666
+ }
+ protocol tcp
+ }
+ rule 2115 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-185.201.180.35
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000,22
+ }
+ protocol tcp
+ source {
+ address 185.201.180.35
+ }
+ }
+ rule 2116 {
+ action accept
+ description FW19987_4-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2117 {
+ action accept
+ description FW19987_4-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2118 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-212.159.160.65
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443,3389,3306,22,21
+ }
+ protocol tcp
+ source {
+ address 212.159.160.65
+ }
+ }
+ rule 2119 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-79.78.20.149
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8447,8443,3389,3306,993,143,22,21
+ }
+ protocol tcp
+ source {
+ address 79.78.20.149
+ }
+ }
+ rule 2120 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-77.68.77.185
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.77.185
+ }
+ }
+ rule 2121 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-82.165.232.19
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443,3389
+ }
+ protocol tcp
+ source {
+ address 82.165.232.19
+ }
+ }
+ rule 2122 {
+ action accept
+ description FW2C5AE_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2C5AE_1
+ }
+ port 30303,5717
+ }
+ protocol tcp_udp
+ }
+ rule 2123 {
+ action accept
+ description VPN-12899-ANY-ALLOW-10.4.58.207
+ destination {
+ group {
+ address-group DT_VPN-12899
+ }
+ }
+ source {
+ address 10.4.58.207
+ }
+ }
+ rule 2124 {
+ action accept
+ description FW7648D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW7648D_1
+ }
+ port 8501,8050,7801,4444,1443
+ }
+ protocol tcp
+ }
+ rule 2125 {
+ action accept
+ description FW0C2E6_4-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0C2E6_4
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 2126 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.37.175.132
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.37.175.132
+ }
+ }
+ rule 2127 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-165.255.242.223
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 165.255.242.223
+ }
+ }
+ rule 2128 {
+ action accept
+ description VPN-10131-ANY-ALLOW-10.4.56.51
+ destination {
+ group {
+ address-group DT_VPN-10131
+ }
+ }
+ source {
+ address 10.4.56.51
+ }
+ }
+ rule 2129 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-212.227.84.142
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 212.227.84.142
+ }
+ }
+ rule 2130 {
+ action accept
+ description FW2BB8D_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2131 {
+ action accept
+ description FWFDD94_15-TCP-ALLOW-90.29.180.234
+ destination {
+ group {
+ address-group DT_FWFDD94_15
+ }
+ port 5683,1883
+ }
+ protocol tcp
+ source {
+ address 90.29.180.234
+ }
+ }
+ rule 2132 {
+ action accept
+ description VPN-10131-ANY-ALLOW-10.4.57.51
+ destination {
+ group {
+ address-group DT_VPN-10131
+ }
+ }
+ source {
+ address 10.4.57.51
+ }
+ }
+ rule 2133 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-109.228.49.193
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 5000
+ }
+ protocol tcp
+ source {
+ address 109.228.49.193
+ }
+ }
+ rule 2134 {
+ action accept
+ description FW81138_1-ICMP-ALLOW-3.10.221.168
+ destination {
+ group {
+ address-group DT_FW81138_1
+ }
+ }
+ protocol icmp
+ source {
+ address 3.10.221.168
+ }
+ }
+ rule 2135 {
+ action accept
+ description FWB28B6_5-AH-ALLOW-77.68.36.46
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.36.46
+ }
+ }
+ rule 2136 {
+ action accept
+ description FWB28B6_5-ESP-ALLOW-77.68.36.46
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.36.46
+ }
+ }
+ rule 2137 {
+ action accept
+ description FW825C8_24-TCP-ALLOW-77.68.87.201
+ destination {
+ group {
+ address-group DT_FW825C8_24
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.87.201
+ }
+ }
+ rule 2138 {
+ action accept
+ description FWB28B6_5-AH-ALLOW-213.171.196.146
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol ah
+ source {
+ address 213.171.196.146
+ }
+ }
+ rule 2139 {
+ action accept
+ description FWB28B6_5-ESP-ALLOW-213.171.196.146
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol esp
+ source {
+ address 213.171.196.146
+ }
+ }
+ rule 2140 {
+ action accept
+ description FWB28B6_5-UDP-ALLOW-213.171.196.146
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 500,4500
+ }
+ protocol udp
+ source {
+ address 213.171.196.146
+ }
+ }
+ rule 2141 {
+ action accept
+ description FWB28B6_5-TCP_UDP-ALLOW-213.171.196.146
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 1701
+ }
+ protocol tcp_udp
+ source {
+ address 213.171.196.146
+ }
+ }
+ rule 2142 {
+ action accept
+ description FWB28B6_5-TCP_UDP-ALLOW-77.68.36.46
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 1701
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.36.46
+ }
+ }
+ rule 2143 {
+ action accept
+ description FWB28B6_5-UDP-ALLOW-77.68.36.46
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 500,4500
+ }
+ protocol udp
+ source {
+ address 77.68.36.46
+ }
+ }
+ rule 2144 {
+ action accept
+ description VPN-12899-ANY-ALLOW-10.4.59.207
+ destination {
+ group {
+ address-group DT_VPN-12899
+ }
+ }
+ source {
+ address 10.4.59.207
+ }
+ }
+ rule 2145 {
+ action accept
+ description FWB28B6_5-TCP-ALLOW-81.130.141.175
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.130.141.175
+ }
+ }
+ rule 2146 {
+ action accept
+ description FWB28B6_5-UDP-ALLOW-77.68.38.195
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 4500,500
+ }
+ protocol udp
+ source {
+ address 77.68.38.195
+ }
+ }
+ rule 2147 {
+ action accept
+ description FWB28B6_5-AH-ALLOW-77.68.38.195
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.38.195
+ }
+ }
+ rule 2148 {
+ action accept
+ description FWB28B6_5-ESP-ALLOW-77.68.38.195
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.38.195
+ }
+ }
+ rule 2149 {
+ action accept
+ description FWB28B6_5-TCP_UDP-ALLOW-77.68.38.195
+ destination {
+ group {
+ address-group DT_FWB28B6_5
+ }
+ port 1701
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.38.195
+ }
+ }
+ rule 2150 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.37.178.77
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.37.178.77
+ }
+ }
+ rule 2151 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-51.241.139.56
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 51.241.139.56
+ }
+ }
+ rule 2152 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-150.143.57.138
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 150.143.57.138
+ }
+ }
+ rule 2153 {
+ action accept
+ description FW6ECA4_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6ECA4_1
+ }
+ port 3939,3335,3334,3333,3000,999,444
+ }
+ protocol tcp_udp
+ }
+ rule 2154 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.45.13.20
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.45.13.20
+ }
+ }
+ rule 2155 {
+ action accept
+ description FW481D7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW481D7_1
+ }
+ port 3478
+ }
+ protocol tcp_udp
+ }
+ rule 2156 {
+ action accept
+ description FW5A5D7_3-GRE-ALLOW-51.219.222.28
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ }
+ protocol gre
+ source {
+ address 51.219.222.28
+ }
+ }
+ rule 2157 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-94.195.127.217
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 94.195.127.217
+ }
+ }
+ rule 2158 {
+ action accept
+ description FW2E060_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2E060_1
+ }
+ port 49152-65535,8443-8447
+ }
+ protocol tcp
+ }
+ rule 2159 {
+ action accept
+ description FWFDD94_15-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFDD94_15
+ }
+ port 9090,5080,1935
+ }
+ protocol tcp
+ }
+ rule 2160 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.45.190.224
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.45.190.224
+ }
+ }
+ rule 2161 {
+ action accept
+ description FW9E550_1-TCP-ALLOW-109.249.187.56
+ destination {
+ group {
+ address-group DT_FW9E550_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 109.249.187.56
+ }
+ }
+ rule 2162 {
+ action accept
+ description FW89619_1-TCP-ALLOW-81.133.80.114
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.133.80.114
+ }
+ }
+ rule 2163 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-212.227.72.218
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 212.227.72.218
+ }
+ }
+ rule 2164 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-151.229.59.51
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 151.229.59.51
+ }
+ }
+ rule 2165 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-178.251.181.41
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433,21
+ }
+ protocol tcp
+ source {
+ address 178.251.181.41
+ }
+ }
+ rule 2166 {
+ action accept
+ description FW3CAAB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3CAAB_1
+ }
+ port 49152-65535,30000-30400,8443-8447,5432,80-110,21-25
+ }
+ protocol tcp
+ }
+ rule 2167 {
+ action accept
+ description FW91B7A_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW91B7A_1
+ }
+ port 3389,80
+ }
+ protocol tcp_udp
+ }
+ rule 2168 {
+ action accept
+ description FW40416_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW40416_1
+ }
+ port 1-65535
+ }
+ protocol tcp
+ }
+ rule 2169 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-81.151.24.216
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 10000,22
+ }
+ protocol tcp
+ source {
+ address 81.151.24.216
+ }
+ }
+ rule 2170 {
+ action accept
+ description VPN-7030-ANY-ALLOW-10.4.59.119
+ destination {
+ group {
+ address-group DT_VPN-7030
+ }
+ }
+ source {
+ address 10.4.59.119
+ }
+ }
+ rule 2171 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-62.252.94.138
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 3389,1433
+ }
+ protocol tcp
+ source {
+ address 62.252.94.138
+ }
+ }
+ rule 2172 {
+ action accept
+ description FW89619_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5015,5001,5000
+ }
+ protocol tcp
+ }
+ rule 2173 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-167.98.162.142
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 167.98.162.142
+ }
+ }
+ rule 2174 {
+ action accept
+ description FW013EF_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW013EF_2
+ }
+ port 44445,7770-7800,5090,5060-5070,5015,5001,2000-2500
+ }
+ protocol tcp
+ }
+ rule 2175 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.12
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.12
+ }
+ }
+ rule 2176 {
+ action accept
+ description VPN-15625-ANY-ALLOW-10.4.88.79
+ destination {
+ group {
+ address-group DT_VPN-15625
+ }
+ }
+ source {
+ address 10.4.88.79
+ }
+ }
+ rule 2177 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.228.53.128
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 109.228.53.128
+ }
+ }
+ rule 2178 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-178.251.181.6
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 178.251.181.6
+ }
+ }
+ rule 2179 {
+ action accept
+ description FW578BE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW578BE_1
+ }
+ port 23,1521,1522
+ }
+ protocol tcp
+ }
+ rule 2180 {
+ action accept
+ description FWE012D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE012D_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2181 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-213.171.209.161
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 213.171.209.161
+ }
+ }
+ rule 2182 {
+ action accept
+ description VPN-8203-ANY-ALLOW-10.4.58.109
+ destination {
+ group {
+ address-group DT_VPN-8203
+ }
+ }
+ source {
+ address 10.4.58.109
+ }
+ }
+ rule 2183 {
+ action accept
+ description VPN-9415-ANY-ALLOW-10.4.58.168
+ destination {
+ group {
+ address-group DT_VPN-9415
+ }
+ }
+ source {
+ address 10.4.58.168
+ }
+ }
+ rule 2184 {
+ action accept
+ description VPN-9415-ANY-ALLOW-10.4.59.168
+ destination {
+ group {
+ address-group DT_VPN-9415
+ }
+ }
+ source {
+ address 10.4.59.168
+ }
+ }
+ rule 2185 {
+ action accept
+ description FW27A8F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW27A8F_1
+ }
+ port 9990,8458,8090,6543,5432
+ }
+ protocol tcp
+ }
+ rule 2186 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.11.224
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 5000
+ }
+ protocol tcp
+ source {
+ address 77.68.11.224
+ }
+ }
+ rule 2187 {
+ action accept
+ description VPN-15625-ANY-ALLOW-10.4.89.79
+ destination {
+ group {
+ address-group DT_VPN-15625
+ }
+ }
+ source {
+ address 10.4.89.79
+ }
+ }
+ rule 2188 {
+ action accept
+ description VPN-14649-ANY-ALLOW-10.4.86.35
+ destination {
+ group {
+ address-group DT_VPN-14649
+ }
+ }
+ source {
+ address 10.4.86.35
+ }
+ }
+ rule 2189 {
+ action accept
+ description VPN-14649-ANY-ALLOW-10.4.87.35
+ destination {
+ group {
+ address-group DT_VPN-14649
+ }
+ }
+ source {
+ address 10.4.87.35
+ }
+ }
+ rule 2190 {
+ action accept
+ description VPN-14657-ANY-ALLOW-10.4.86.38
+ destination {
+ group {
+ address-group DT_VPN-14657
+ }
+ }
+ source {
+ address 10.4.86.38
+ }
+ }
+ rule 2191 {
+ action accept
+ description VPN-14657-ANY-ALLOW-10.4.87.38
+ destination {
+ group {
+ address-group DT_VPN-14657
+ }
+ }
+ source {
+ address 10.4.87.38
+ }
+ }
+ rule 2192 {
+ action accept
+ description VPN-14658-ANY-ALLOW-10.4.88.38
+ destination {
+ group {
+ address-group DT_VPN-14658
+ }
+ }
+ source {
+ address 10.4.88.38
+ }
+ }
+ rule 2193 {
+ action accept
+ description VPN-14658-ANY-ALLOW-10.4.89.38
+ destination {
+ group {
+ address-group DT_VPN-14658
+ }
+ }
+ source {
+ address 10.4.89.38
+ }
+ }
+ rule 2194 {
+ action accept
+ description FW0BB22_1-GRE-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ }
+ protocol gre
+ }
+ rule 2195 {
+ action accept
+ description FW0BB22_1-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ }
+ protocol esp
+ }
+ rule 2196 {
+ action accept
+ description FW1CC15_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1CC15_2
+ }
+ port 8089,8085,990,81
+ }
+ protocol tcp
+ }
+ rule 2197 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.0.124
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.0.124
+ }
+ }
+ rule 2198 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-51.219.222.28
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 8172,3389,1723,1701,47
+ }
+ protocol tcp
+ source {
+ address 51.219.222.28
+ }
+ }
+ rule 2199 {
+ action accept
+ description FW1CB16_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1CB16_1
+ }
+ port 3306,27017,53
+ }
+ protocol tcp_udp
+ }
+ rule 2200 {
+ action accept
+ description FWE47DA_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE47DA_1
+ }
+ port 7770-7800,44445
+ }
+ protocol tcp
+ }
+ rule 2201 {
+ action accept
+ description FW37E59_5-TCP-ALLOW-77.68.20.244
+ destination {
+ group {
+ address-group DT_FW37E59_5
+ }
+ port 30303
+ }
+ protocol tcp
+ source {
+ address 77.68.20.244
+ }
+ }
+ rule 2202 {
+ action accept
+ description FW274FD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW274FD_1
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2203 {
+ action accept
+ description FW6CD7E_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6CD7E_2
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2204 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-178.17.252.59
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 178.17.252.59
+ }
+ }
+ rule 2205 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-185.83.64.108
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 185.83.64.108
+ }
+ }
+ rule 2206 {
+ action accept
+ description FW0937A_1-TCP-ALLOW-83.135.134.13
+ destination {
+ group {
+ address-group DT_FW0937A_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 83.135.134.13
+ }
+ }
+ rule 2207 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.112.64
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 77.68.112.64
+ }
+ }
+ rule 2208 {
+ action accept
+ description FW6CD7E_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6CD7E_2
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2209 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-194.73.17.47
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 194.73.17.47
+ }
+ }
+ rule 2210 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.68.115.33
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.115.33
+ }
+ }
+ rule 2211 {
+ action accept
+ description FWA3EA3_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA3EA3_1
+ }
+ port 943
+ }
+ protocol tcp
+ }
+ rule 2212 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-82.165.100.25
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 21-10000
+ }
+ protocol tcp
+ source {
+ address 82.165.100.25
+ }
+ }
+ rule 2213 {
+ action accept
+ description FWECBFB_14-TCP-ALLOW-109.228.59.50
+ destination {
+ group {
+ address-group DT_FWECBFB_14
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 109.228.59.50
+ }
+ }
+ rule 2214 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.100
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.100
+ }
+ }
+ rule 2215 {
+ action accept
+ description FWD7EAB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD7EAB_1
+ }
+ port 60000-60100
+ }
+ protocol tcp
+ }
+ rule 2216 {
+ action accept
+ description FWEB321_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWEB321_1
+ }
+ port 113,4190
+ }
+ protocol tcp
+ }
+ rule 2217 {
+ action accept
+ description FW9C682_3-TCP-ALLOW-195.206.180.132
+ destination {
+ group {
+ address-group DT_FW9C682_3
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 195.206.180.132
+ }
+ }
+ rule 2218 {
+ action accept
+ description VPN-8159-ANY-ALLOW-10.4.58.91
+ destination {
+ group {
+ address-group DT_VPN-8159
+ }
+ }
+ source {
+ address 10.4.58.91
+ }
+ }
+ rule 2219 {
+ action accept
+ description VPN-21673-ANY-ALLOW-10.4.88.187
+ destination {
+ group {
+ address-group DT_VPN-21673
+ }
+ }
+ source {
+ address 10.4.88.187
+ }
+ }
+ rule 2220 {
+ action accept
+ description VPN-21673-ANY-ALLOW-10.4.89.187
+ destination {
+ group {
+ address-group DT_VPN-21673
+ }
+ }
+ source {
+ address 10.4.89.187
+ }
+ }
+ rule 2221 {
+ action accept
+ description VPN-21821-ANY-ALLOW-10.4.88.49
+ destination {
+ group {
+ address-group DT_VPN-21821
+ }
+ }
+ source {
+ address 10.4.88.49
+ }
+ }
+ rule 2222 {
+ action accept
+ description VPN-21821-ANY-ALLOW-10.4.89.49
+ destination {
+ group {
+ address-group DT_VPN-21821
+ }
+ }
+ source {
+ address 10.4.89.49
+ }
+ }
+ rule 2223 {
+ action accept
+ description FWECBFB_14-TCP-ALLOW-81.133.80.58
+ destination {
+ group {
+ address-group DT_FWECBFB_14
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.133.80.58
+ }
+ }
+ rule 2224 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.238
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.238
+ }
+ }
+ rule 2225 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-185.212.168.51
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 185.212.168.51
+ }
+ }
+ rule 2226 {
+ action accept
+ description FW8B21D_1-ANY-ALLOW-212.187.250.2
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ }
+ source {
+ address 212.187.250.2
+ }
+ }
+ rule 2227 {
+ action accept
+ description FW35F7B_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW35F7B_1
+ }
+ port 1434
+ }
+ protocol tcp_udp
+ }
+ rule 2228 {
+ action accept
+ description FWD338A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD338A_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2229 {
+ action accept
+ description FW35F7B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW35F7B_1
+ }
+ port 56791
+ }
+ protocol tcp
+ }
+ rule 2230 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.68.77.114
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.77.114
+ }
+ }
+ rule 2231 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-194.74.137.17
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 194.74.137.17
+ }
+ }
+ rule 2232 {
+ action accept
+ description FW52F6F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW52F6F_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2233 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.23.109
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 77.68.23.109
+ }
+ }
+ rule 2234 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.247
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.247
+ }
+ }
+ rule 2235 {
+ action accept
+ description FW4E314_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4E314_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2236 {
+ action accept
+ description FW73573_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73573_2
+ }
+ port 25
+ }
+ protocol tcp_udp
+ }
+ rule 2237 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.68.93.89
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.93.89
+ }
+ }
+ rule 2238 {
+ action accept
+ description FW856FA_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW856FA_1
+ }
+ port 6003
+ }
+ protocol tcp
+ }
+ rule 2239 {
+ action accept
+ description FWECBFB_14-TCP-ALLOW-81.19.214.155
+ destination {
+ group {
+ address-group DT_FWECBFB_14
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.19.214.155
+ }
+ }
+ rule 2240 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-51.219.168.170
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 51.219.168.170
+ }
+ }
+ rule 2241 {
+ action accept
+ description FW30D21_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW30D21_1
+ }
+ port 2083-2087,53,2812,2096,25,993,587
+ }
+ protocol tcp_udp
+ }
+ rule 2242 {
+ action accept
+ description FWA076E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA076E_1
+ }
+ port 2199,2197
+ }
+ protocol tcp
+ }
+ rule 2243 {
+ action accept
+ description FWA076E_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA076E_1
+ }
+ port 8000-8010
+ }
+ protocol tcp_udp
+ }
+ rule 2244 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-82.165.166.41
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 8447,8443,443,80,22
+ }
+ protocol tcp
+ source {
+ address 82.165.166.41
+ }
+ }
+ rule 2245 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.180
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22,80
+ }
+ protocol tcp
+ source {
+ address 213.171.217.180
+ }
+ }
+ rule 2246 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.184
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.184
+ }
+ }
+ rule 2247 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.185
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.185
+ }
+ }
+ rule 2248 {
+ action accept
+ description FW2F868_6-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 161
+ }
+ protocol udp
+ }
+ rule 2249 {
+ action accept
+ description FW2F868_6-TCP-ALLOW-213.171.217.102
+ destination {
+ group {
+ address-group DT_FW2F868_6
+ }
+ port 22,24
+ }
+ protocol tcp
+ source {
+ address 213.171.217.102
+ }
+ }
+ rule 2250 {
+ action accept
+ description FW9C682_3-TCP-ALLOW-80.194.78.162
+ destination {
+ group {
+ address-group DT_FW9C682_3
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 80.194.78.162
+ }
+ }
+ rule 2251 {
+ action accept
+ description VPN-21822-ANY-ALLOW-10.4.54.47
+ destination {
+ group {
+ address-group DT_VPN-21822
+ }
+ }
+ source {
+ address 10.4.54.47
+ }
+ }
+ rule 2252 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-77.68.75.244
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.75.244
+ }
+ }
+ rule 2253 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-195.147.173.92
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 195.147.173.92
+ }
+ }
+ rule 2254 {
+ action accept
+ description FW1D511_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1D511_2
+ }
+ port 8090
+ }
+ protocol tcp
+ }
+ rule 2255 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-85.17.25.47
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 85.17.25.47
+ }
+ }
+ rule 2256 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.89.209
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 77.68.89.209
+ }
+ }
+ rule 2257 {
+ action accept
+ description FWE2AB5_8-TCP-ALLOW-213.171.217.184
+ destination {
+ group {
+ address-group DT_FWE2AB5_8
+ }
+ port 7000
+ }
+ protocol tcp
+ source {
+ address 213.171.217.184
+ }
+ }
+ rule 2258 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.68.94.177
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.94.177
+ }
+ }
+ rule 2259 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.95.129
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 77.68.95.129
+ }
+ }
+ rule 2260 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.104.118.136
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.104.118.136
+ }
+ }
+ rule 2261 {
+ action accept
+ description FW1FA9E_1-TCP-ALLOW-78.88.254.99
+ destination {
+ group {
+ address-group DT_FW1FA9E_1
+ }
+ port 9000,8200,5601,4444
+ }
+ protocol tcp
+ source {
+ address 78.88.254.99
+ }
+ }
+ rule 2262 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.27
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.46.27
+ }
+ }
+ rule 2263 {
+ action accept
+ description FWA7A50_1-TCP-ALLOW-81.110.192.198
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.110.192.198
+ }
+ }
+ rule 2264 {
+ action accept
+ description VPN-21822-ANY-ALLOW-10.4.55.47
+ destination {
+ group {
+ address-group DT_VPN-21822
+ }
+ }
+ source {
+ address 10.4.55.47
+ }
+ }
+ rule 2265 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.31.195
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 77.68.31.195
+ }
+ }
+ rule 2266 {
+ action accept
+ description FW45BEB_1-TCP-ALLOW-62.3.71.238
+ destination {
+ group {
+ address-group DT_FW45BEB_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 62.3.71.238
+ }
+ }
+ rule 2267 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.113
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.113
+ }
+ }
+ rule 2268 {
+ action accept
+ description VPN-23946-ANY-ALLOW-10.4.58.13
+ destination {
+ group {
+ address-group DT_VPN-23946
+ }
+ }
+ source {
+ address 10.4.58.13
+ }
+ }
+ rule 2269 {
+ action accept
+ description FW98818_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW98818_1
+ }
+ port 27015
+ }
+ protocol tcp
+ }
+ rule 2270 {
+ action accept
+ description VPN-23946-ANY-ALLOW-10.4.59.13
+ destination {
+ group {
+ address-group DT_VPN-23946
+ }
+ }
+ source {
+ address 10.4.59.13
+ }
+ }
+ rule 2271 {
+ action accept
+ description VPN-28031-ANY-ALLOW-10.4.88.197
+ destination {
+ group {
+ address-group DT_VPN-28031
+ }
+ }
+ source {
+ address 10.4.88.197
+ }
+ }
+ rule 2272 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.104.118.231
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.104.118.231
+ }
+ }
+ rule 2273 {
+ action accept
+ description FW5A5D7_3-TCP_UDP-ALLOW-51.219.222.28
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 500
+ }
+ protocol tcp_udp
+ source {
+ address 51.219.222.28
+ }
+ }
+ rule 2274 {
+ action accept
+ description FW32EFF_25-TCP-ALLOW-185.106.220.231
+ destination {
+ group {
+ address-group DT_FW32EFF_25
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 185.106.220.231
+ }
+ }
+ rule 2275 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.104.118.66
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.104.118.66
+ }
+ }
+ rule 2276 {
+ action accept
+ description FW934AE_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW934AE_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 2277 {
+ action accept
+ description VPN-28031-ANY-ALLOW-10.4.89.197
+ destination {
+ group {
+ address-group DT_VPN-28031
+ }
+ }
+ source {
+ address 10.4.89.197
+ }
+ }
+ rule 2278 {
+ action accept
+ description FW6863A_4-TCP_UDP-ALLOW-82.165.166.41
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 21-10000
+ }
+ protocol tcp_udp
+ source {
+ address 82.165.166.41
+ }
+ }
+ rule 2279 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.104.119.162
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.104.119.162
+ }
+ }
+ rule 2280 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-109.74.199.143
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 109.74.199.143
+ }
+ }
+ rule 2281 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-185.92.25.48
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 185.92.25.48
+ }
+ }
+ rule 2282 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-207.148.2.40
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 207.148.2.40
+ }
+ }
+ rule 2283 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-45.76.235.62
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 45.76.235.62
+ }
+ }
+ rule 2284 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-45.76.236.93
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 45.76.236.93
+ }
+ }
+ rule 2285 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-45.76.59.5
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 45.76.59.5
+ }
+ }
+ rule 2286 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.15.134
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4444,3306
+ }
+ protocol tcp
+ source {
+ address 77.68.15.134
+ }
+ }
+ rule 2287 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.22.208
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4444,3306
+ }
+ protocol tcp
+ source {
+ address 77.68.22.208
+ }
+ }
+ rule 2288 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.23.108
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.23.108
+ }
+ }
+ rule 2289 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.23.54
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.23.54
+ }
+ }
+ rule 2290 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.30.45
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.30.45
+ }
+ }
+ rule 2291 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.7.198
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.7.198
+ }
+ }
+ rule 2292 {
+ action accept
+ description VPN-29631-ANY-ALLOW-10.4.54.76
+ destination {
+ group {
+ address-group DT_VPN-29631
+ }
+ }
+ source {
+ address 10.4.54.76
+ }
+ }
+ rule 2293 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.89.200
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4444,3306
+ }
+ protocol tcp
+ source {
+ address 77.68.89.200
+ }
+ }
+ rule 2294 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-77.68.91.50
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.91.50
+ }
+ }
+ rule 2295 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-82.165.206.230
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 82.165.206.230
+ }
+ }
+ rule 2296 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-82.165.207.109
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4444,3306
+ }
+ protocol tcp
+ source {
+ address 82.165.207.109
+ }
+ }
+ rule 2297 {
+ action accept
+ description FW1F3D0_6-TCP-ALLOW-94.196.156.5
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 94.196.156.5
+ }
+ }
+ rule 2298 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-77.68.15.134
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.15.134
+ }
+ }
+ rule 2299 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-77.68.22.208
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.22.208
+ }
+ }
+ rule 2300 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-77.68.23.109
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.23.109
+ }
+ }
+ rule 2301 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-77.68.89.200
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.89.200
+ }
+ }
+ rule 2302 {
+ action accept
+ description FW05339_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW05339_1
+ }
+ port 8085,5055,5013,5005,444
+ }
+ protocol tcp
+ }
+ rule 2303 {
+ action accept
+ description FW32EFF_25-TCP-ALLOW-217.169.61.164
+ destination {
+ group {
+ address-group DT_FW32EFF_25
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 217.169.61.164
+ }
+ }
+ rule 2304 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-185.83.65.45
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 185.83.65.45
+ }
+ }
+ rule 2305 {
+ action accept
+ description VPN-13983-ANY-ALLOW-10.4.58.176
+ destination {
+ group {
+ address-group DT_VPN-13983
+ }
+ }
+ source {
+ address 10.4.58.176
+ }
+ }
+ rule 2306 {
+ action accept
+ description FWDAF47_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDAF47_1
+ }
+ port 8090,7080,443,53
+ }
+ protocol tcp_udp
+ }
+ rule 2307 {
+ action accept
+ description VPN-29631-ANY-ALLOW-10.4.55.77
+ destination {
+ group {
+ address-group DT_VPN-29631
+ }
+ }
+ source {
+ address 10.4.55.77
+ }
+ }
+ rule 2308 {
+ action accept
+ description VPN-34309-ANY-ALLOW-10.4.58.142
+ destination {
+ group {
+ address-group DT_VPN-34309
+ }
+ }
+ source {
+ address 10.4.58.142
+ }
+ }
+ rule 2309 {
+ action accept
+ description FW27949_2-TCP-ALLOW-138.124.142.180
+ destination {
+ group {
+ address-group DT_FW27949_2
+ }
+ port 443,80
+ }
+ protocol tcp
+ source {
+ address 138.124.142.180
+ }
+ }
+ rule 2310 {
+ action accept
+ description FWF8F85_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF8F85_1
+ }
+ port 3306
+ }
+ protocol tcp_udp
+ }
+ rule 2311 {
+ action accept
+ description FWDAF47_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDAF47_1
+ }
+ port 40110-40210
+ }
+ protocol tcp
+ }
+ rule 2312 {
+ action accept
+ description VPN-34309-ANY-ALLOW-10.4.59.142
+ destination {
+ group {
+ address-group DT_VPN-34309
+ }
+ }
+ source {
+ address 10.4.59.142
+ }
+ }
+ rule 2313 {
+ action accept
+ description FWA0531_1-TCP-ALLOW-87.224.39.220
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 87.224.39.220
+ }
+ }
+ rule 2314 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 1334
+ }
+ protocol tcp
+ }
+ rule 2315 {
+ action accept
+ description FW8C927_1-TCP_UDP-ALLOW-84.92.125.78
+ destination {
+ group {
+ address-group DT_FW8C927_1
+ }
+ port 3306,22
+ }
+ protocol tcp_udp
+ source {
+ address 84.92.125.78
+ }
+ }
+ rule 2316 {
+ action accept
+ description FW8C927_1-TCP_UDP-ALLOW-88.208.238.152
+ destination {
+ group {
+ address-group DT_FW8C927_1
+ }
+ port 3306,22
+ }
+ protocol tcp_udp
+ source {
+ address 88.208.238.152
+ }
+ }
+ rule 2317 {
+ action accept
+ description FW81138_1-ICMP-ALLOW-82.165.232.19
+ destination {
+ group {
+ address-group DT_FW81138_1
+ }
+ }
+ protocol icmp
+ source {
+ address 82.165.232.19
+ }
+ }
+ rule 2318 {
+ action accept
+ description FW28892_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW28892_1
+ }
+ port 7000
+ }
+ protocol tcp
+ }
+ rule 2319 {
+ action accept
+ description FWC96A1_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC96A1_1
+ }
+ port 222
+ }
+ protocol tcp
+ }
+ rule 2320 {
+ action accept
+ description VPN-13983-ANY-ALLOW-10.4.59.176
+ destination {
+ group {
+ address-group DT_VPN-13983
+ }
+ }
+ source {
+ address 10.4.59.176
+ }
+ }
+ rule 2321 {
+ action accept
+ description FW2FB61_1-TCP-ALLOW-5.183.104.15
+ destination {
+ group {
+ address-group DT_FW2FB61_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 5.183.104.15
+ }
+ }
+ rule 2322 {
+ action accept
+ description FW81138_1-ICMP-ALLOW-82.20.69.137
+ destination {
+ group {
+ address-group DT_FW81138_1
+ }
+ }
+ protocol icmp
+ source {
+ address 82.20.69.137
+ }
+ }
+ rule 2323 {
+ action accept
+ description FW72F37_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW72F37_1
+ }
+ port 7770-7800,44445
+ }
+ protocol tcp
+ }
+ rule 2324 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-81.111.155.34
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 81.111.155.34
+ }
+ }
+ rule 2325 {
+ action accept
+ description VPN-20306-ANY-ALLOW-10.4.88.173
+ destination {
+ group {
+ address-group DT_VPN-20306
+ }
+ }
+ source {
+ address 10.4.88.173
+ }
+ }
+ rule 2326 {
+ action accept
+ description FW6C992_1-TCP-ALLOW-89.33.185.0_24
+ destination {
+ group {
+ address-group DT_FW6C992_1
+ }
+ port 8447,8443,22
+ }
+ protocol tcp
+ source {
+ address 89.33.185.0/24
+ }
+ }
+ rule 2327 {
+ action accept
+ description FW2FB61_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2FB61_1
+ }
+ port 45000
+ }
+ protocol tcp
+ }
+ rule 2328 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.202
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.46.202
+ }
+ }
+ rule 2329 {
+ action accept
+ description FWF9C28_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF9C28_2
+ }
+ port 7770-7800,44445
+ }
+ protocol tcp
+ }
+ rule 2330 {
+ action accept
+ description FW3DBF8_9-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3DBF8_9
+ }
+ port 8088,8080,5090,5060,3478,1935
+ }
+ protocol tcp_udp
+ }
+ rule 2331 {
+ action accept
+ description FW3DBF8_9-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3DBF8_9
+ }
+ port 5062,5061,5015,5001
+ }
+ protocol tcp
+ }
+ rule 2332 {
+ action accept
+ description VPN-16402-ANY-ALLOW-10.4.88.60
+ destination {
+ group {
+ address-group DT_VPN-16402
+ }
+ }
+ source {
+ address 10.4.88.60
+ }
+ }
+ rule 2333 {
+ action accept
+ description FWC1315_1-TCP-ALLOW-62.3.71.238
+ destination {
+ group {
+ address-group DT_FWC1315_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 62.3.71.238
+ }
+ }
+ rule 2334 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 8001,80
+ }
+ protocol tcp_udp
+ }
+ rule 2335 {
+ action accept
+ description FWAFF0A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAFF0A_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2336 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-195.20.253.19
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 195.20.253.19
+ }
+ }
+ rule 2337 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.73
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.73
+ }
+ }
+ rule 2338 {
+ action accept
+ description VPN-16402-ANY-ALLOW-10.4.89.60
+ destination {
+ group {
+ address-group DT_VPN-16402
+ }
+ }
+ source {
+ address 10.4.89.60
+ }
+ }
+ rule 2339 {
+ action accept
+ description VPN-15951-ANY-ALLOW-10.4.86.90
+ destination {
+ group {
+ address-group DT_VPN-15951
+ }
+ }
+ source {
+ address 10.4.86.90
+ }
+ }
+ rule 2340 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.77.181
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 77.68.77.181
+ }
+ }
+ rule 2341 {
+ action accept
+ description FWE9F7D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE9F7D_1
+ }
+ port 4035
+ }
+ protocol tcp
+ }
+ rule 2342 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.131
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.131
+ }
+ }
+ rule 2343 {
+ action accept
+ description VPN-15951-ANY-ALLOW-10.4.87.90
+ destination {
+ group {
+ address-group DT_VPN-15951
+ }
+ }
+ source {
+ address 10.4.87.90
+ }
+ }
+ rule 2344 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-77.68.93.190
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 77.68.93.190
+ }
+ }
+ rule 2345 {
+ action accept
+ description VPN-8159-ANY-ALLOW-10.4.59.91
+ destination {
+ group {
+ address-group DT_VPN-8159
+ }
+ }
+ source {
+ address 10.4.59.91
+ }
+ }
+ rule 2346 {
+ action accept
+ description VPN-12870-ANY-ALLOW-10.4.54.67
+ destination {
+ group {
+ address-group DT_VPN-12870
+ }
+ }
+ source {
+ address 10.4.54.67
+ }
+ }
+ rule 2347 {
+ action accept
+ description FW930F3_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW930F3_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2348 {
+ action accept
+ description FW12C32_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW12C32_1
+ }
+ port 465,53,25
+ }
+ protocol tcp_udp
+ }
+ rule 2349 {
+ action accept
+ description FW28EC8_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW28EC8_1
+ }
+ port 20443
+ }
+ protocol tcp
+ }
+ rule 2350 {
+ action accept
+ description VPN-12870-ANY-ALLOW-10.4.55.68
+ destination {
+ group {
+ address-group DT_VPN-12870
+ }
+ }
+ source {
+ address 10.4.55.68
+ }
+ }
+ rule 2351 {
+ action accept
+ description FW934AE_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW934AE_1
+ }
+ port 32401,32400,8081
+ }
+ protocol tcp_udp
+ }
+ rule 2352 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-185.173.161.154
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 185.173.161.154
+ }
+ }
+ rule 2353 {
+ action accept
+ description FW013EF_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW013EF_2
+ }
+ port 10600-10998,9000-9398,5090,5060-5070
+ }
+ protocol udp
+ }
+ rule 2354 {
+ action accept
+ description FW85040_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85040_1
+ }
+ port 3210
+ }
+ protocol tcp_udp
+ }
+ rule 2355 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-131.153.100.98
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 22
+ }
+ protocol tcp_udp
+ source {
+ address 131.153.100.98
+ }
+ }
+ rule 2356 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-213.133.99.176
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 22
+ }
+ protocol tcp_udp
+ source {
+ address 213.133.99.176
+ }
+ }
+ rule 2357 {
+ action accept
+ description FW6EFD7_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6EFD7_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2358 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-62.253.153.163
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 8443,22
+ }
+ protocol tcp_udp
+ source {
+ address 62.253.153.163
+ }
+ }
+ rule 2359 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-212.159.153.201
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 6443,5432-5434,5000-5100,3306-3308,990,989,22,21
+ }
+ protocol tcp
+ source {
+ address 212.159.153.201
+ }
+ }
+ rule 2360 {
+ action accept
+ description FW75CA4_6-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW75CA4_6
+ }
+ port 51472,3747,3420
+ }
+ protocol tcp
+ }
+ rule 2361 {
+ action accept
+ description FWF9C28_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF9C28_4
+ }
+ port 23,7770-7800,44445,6109
+ }
+ protocol tcp
+ }
+ rule 2362 {
+ action accept
+ description FW6B39D_1-TCP-ALLOW-120.72.95.88_29
+ destination {
+ group {
+ address-group DT_FW6B39D_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 120.72.95.88/29
+ }
+ }
+ rule 2363 {
+ action accept
+ description FW934AE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW934AE_1
+ }
+ port 20000
+ }
+ protocol tcp
+ }
+ rule 2364 {
+ action accept
+ description FW12C32_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW12C32_1
+ }
+ port 2323,953
+ }
+ protocol tcp
+ }
+ rule 2365 {
+ action accept
+ description FW49897_1-TCP-ALLOW-2.121.90.207
+ destination {
+ group {
+ address-group DT_FW49897_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 2.121.90.207
+ }
+ }
+ rule 2366 {
+ action accept
+ description FW6B39D_1-TCP-ALLOW-120.72.91.104_29
+ destination {
+ group {
+ address-group DT_FW6B39D_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 120.72.91.104/29
+ }
+ }
+ rule 2367 {
+ action accept
+ description FW4F5EE_10-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4F5EE_10
+ }
+ port 83,86,82
+ }
+ protocol tcp
+ }
+ rule 2368 {
+ action accept
+ description FWF791C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF791C_1
+ }
+ port 6001
+ }
+ protocol tcp
+ }
+ rule 2369 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-109.228.37.19
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 109.228.37.19
+ }
+ }
+ rule 2370 {
+ action accept
+ description FWE57AD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE57AD_1
+ }
+ port 57000-58000
+ }
+ protocol tcp
+ }
+ rule 2371 {
+ action accept
+ description FWC0CE0_1-TCP-ALLOW-62.232.209.221
+ destination {
+ group {
+ address-group DT_FWC0CE0_1
+ }
+ port 49152-65535,8447,8443,22,21
+ }
+ protocol tcp
+ source {
+ address 62.232.209.221
+ }
+ }
+ rule 2372 {
+ action accept
+ description FW0192C_1-TCP-ALLOW-41.140.242.86
+ destination {
+ group {
+ address-group DT_FW0192C_1
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 41.140.242.86
+ }
+ }
+ rule 2373 {
+ action accept
+ description FWEEC75_1-TCP-ALLOW-54.171.71.110
+ destination {
+ group {
+ address-group DT_FWEEC75_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 54.171.71.110
+ }
+ }
+ rule 2374 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-95.149.182.69
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 22
+ }
+ protocol tcp_udp
+ source {
+ address 95.149.182.69
+ }
+ }
+ rule 2375 {
+ action accept
+ description FW8B21D_1-TCP-ALLOW-185.201.16.0_22
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 25
+ }
+ protocol tcp
+ source {
+ address 185.201.16.0/22
+ }
+ }
+ rule 2376 {
+ action accept
+ description FW8B21D_1-TCP-ALLOW-213.133.99.176
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 25
+ }
+ protocol tcp
+ source {
+ address 213.133.99.176
+ }
+ }
+ rule 2377 {
+ action accept
+ description FW8B21D_1-TCP-ALLOW-95.211.160.147
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 25
+ }
+ protocol tcp
+ source {
+ address 95.211.160.147
+ }
+ }
+ rule 2378 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-212.227.9.72
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 212.227.9.72
+ }
+ }
+ rule 2379 {
+ action accept
+ description FW8B21D_1-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ }
+ protocol esp
+ }
+ rule 2380 {
+ action accept
+ description FW8B21D_1-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ }
+ protocol ah
+ }
+ rule 2381 {
+ action accept
+ description FW8B21D_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 8181,4500,1194,993,941,500,53
+ }
+ protocol tcp_udp
+ }
+ rule 2382 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-85.17.25.47
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 85.17.25.47
+ }
+ }
+ rule 2383 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-91.232.105.39
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 91.232.105.39
+ }
+ }
+ rule 2384 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-93.190.142.120
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 93.190.142.120
+ }
+ }
+ rule 2385 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-95.168.171.130
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.168.171.130
+ }
+ }
+ rule 2386 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-95.168.171.157
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.168.171.157
+ }
+ }
+ rule 2387 {
+ action accept
+ description FWD4A27_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD4A27_1
+ }
+ port 32400
+ }
+ protocol tcp
+ }
+ rule 2388 {
+ action accept
+ description FW2ACFF_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2ACFF_1
+ }
+ port 10299,60050-60055
+ }
+ protocol tcp_udp
+ }
+ rule 2389 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-193.248.62.45
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 193.248.62.45
+ }
+ }
+ rule 2390 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-78.249.208.17
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 78.249.208.17
+ }
+ }
+ rule 2391 {
+ action accept
+ description FWC8E8E_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC8E8E_1
+ }
+ port 6000
+ }
+ protocol tcp_udp
+ }
+ rule 2392 {
+ action accept
+ description FW30D21_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW30D21_1
+ }
+ port 2476
+ }
+ protocol tcp
+ }
+ rule 2393 {
+ action accept
+ description FW0192C_1-TCP-ALLOW-41.140.242.94
+ destination {
+ group {
+ address-group DT_FW0192C_1
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 41.140.242.94
+ }
+ }
+ rule 2394 {
+ action accept
+ description FW59F39_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW59F39_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2395 {
+ action accept
+ description FWEF92E_7-ESP-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2396 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-51.219.47.177
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 3389,21
+ }
+ protocol tcp
+ source {
+ address 51.219.47.177
+ }
+ }
+ rule 2397 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-86.172.128.50
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 1433,21
+ }
+ protocol tcp
+ source {
+ address 86.172.128.50
+ }
+ }
+ rule 2398 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-88.105.1.20
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 88.105.1.20
+ }
+ }
+ rule 2399 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-95.211.243.198
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.211.243.198
+ }
+ }
+ rule 2400 {
+ action accept
+ description FW25843_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW25843_1
+ }
+ port 9001,7070,5500,5488,5000,4500,4000,3500,3000,1883,1880
+ }
+ protocol tcp
+ }
+ rule 2401 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-185.83.65.46
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 185.83.65.46
+ }
+ }
+ rule 2402 {
+ action accept
+ description FW5858F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5858F_1
+ }
+ port 1883
+ }
+ protocol tcp
+ }
+ rule 2403 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-95.147.108.173
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 95.147.108.173
+ }
+ }
+ rule 2404 {
+ action accept
+ description FW9C682_3-TCP-ALLOW-52.56.193.88
+ destination {
+ group {
+ address-group DT_FW9C682_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 52.56.193.88
+ }
+ }
+ rule 2405 {
+ action accept
+ description FW0745F_5-TCP-ALLOW-109.228.63.82
+ destination {
+ group {
+ address-group DT_FW0745F_5
+ }
+ port 5666
+ }
+ protocol tcp
+ source {
+ address 109.228.63.82
+ }
+ }
+ rule 2406 {
+ action accept
+ description FWC0CE0_1-TCP-ALLOW-90.255.228.213
+ destination {
+ group {
+ address-group DT_FWC0CE0_1
+ }
+ port 49152-65535,8443,21
+ }
+ protocol tcp
+ source {
+ address 90.255.228.213
+ }
+ }
+ rule 2407 {
+ action accept
+ description FW210E2_8-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW210E2_8
+ }
+ }
+ protocol ah
+ }
+ rule 2408 {
+ action accept
+ description FW210E2_8-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW210E2_8
+ }
+ }
+ protocol esp
+ }
+ rule 2409 {
+ action accept
+ description FW210E2_8-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW210E2_8
+ }
+ port 41,62000,23,4500,50,9876,3391,88,135
+ }
+ protocol tcp
+ }
+ rule 2410 {
+ action accept
+ description FW210E2_8-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW210E2_8
+ }
+ port 500
+ }
+ protocol udp
+ }
+ rule 2411 {
+ action accept
+ description VPN-8625-ANY-ALLOW-10.4.54.103
+ destination {
+ group {
+ address-group DT_VPN-8625
+ }
+ }
+ source {
+ address 10.4.54.103
+ }
+ }
+ rule 2412 {
+ action accept
+ description VPN-8625-ANY-ALLOW-10.4.55.104
+ destination {
+ group {
+ address-group DT_VPN-8625
+ }
+ }
+ source {
+ address 10.4.55.104
+ }
+ }
+ rule 2413 {
+ action accept
+ description FW73A64_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73A64_1
+ }
+ port 61616,8181,8161,8082,4244,4243,4242,4241
+ }
+ protocol tcp
+ }
+ rule 2414 {
+ action accept
+ description VPN-19135-ANY-ALLOW-10.4.86.165
+ destination {
+ group {
+ address-group DT_VPN-19135
+ }
+ }
+ source {
+ address 10.4.86.165
+ }
+ }
+ rule 2415 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-82.65.107.3
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 82.65.107.3
+ }
+ }
+ rule 2416 {
+ action accept
+ description FWCB0CF_7-TCP-ALLOW-195.2.139.221
+ destination {
+ group {
+ address-group DT_FWCB0CF_7
+ }
+ port 5432-5434,3306-3308
+ }
+ protocol tcp
+ source {
+ address 195.2.139.221
+ }
+ }
+ rule 2417 {
+ action accept
+ description VPN-19135-ANY-ALLOW-10.4.87.165
+ destination {
+ group {
+ address-group DT_VPN-19135
+ }
+ }
+ source {
+ address 10.4.87.165
+ }
+ }
+ rule 2418 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-87.75.109.83
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 27017,5000
+ }
+ protocol tcp
+ source {
+ address 87.75.109.83
+ }
+ }
+ rule 2419 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.83
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.83
+ }
+ }
+ rule 2420 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-84.92.65.192
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 84.92.65.192
+ }
+ }
+ rule 2421 {
+ action accept
+ description FW73A64_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73A64_1
+ }
+ port 9200,5601,4247,4246,4245
+ }
+ protocol tcp_udp
+ }
+ rule 2422 {
+ action accept
+ description FW4735F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4735F_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2423 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-109.176.154.238
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 7990,3389
+ }
+ protocol tcp
+ source {
+ address 109.176.154.238
+ }
+ }
+ rule 2424 {
+ action accept
+ description FW6863A_4-TCP-ALLOW-95.211.243.206
+ destination {
+ group {
+ address-group DT_FW6863A_4
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.211.243.206
+ }
+ }
+ rule 2425 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-81.133.80.114
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5060
+ }
+ protocol tcp_udp
+ source {
+ address 81.133.80.114
+ }
+ }
+ rule 2426 {
+ action accept
+ description FW89619_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 5090
+ }
+ protocol tcp_udp
+ }
+ rule 2427 {
+ action accept
+ description FW8A57A_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8A57A_1
+ }
+ port 49155,49154,7700,53,43
+ }
+ protocol tcp_udp
+ }
+ rule 2428 {
+ action accept
+ description FW8C72E_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8C72E_1
+ }
+ port 500,4500
+ }
+ protocol udp
+ }
+ rule 2429 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-18.135.66.162
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 18.135.66.162
+ }
+ }
+ rule 2430 {
+ action accept
+ description FW2C5AE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2C5AE_1
+ }
+ port 58080,58008,8545,7175
+ }
+ protocol tcp
+ }
+ rule 2431 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-80.209.144.52
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 80.209.144.52
+ }
+ }
+ rule 2432 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.153.21.103
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 7990,3389
+ }
+ protocol tcp
+ source {
+ address 82.153.21.103
+ }
+ }
+ rule 2433 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.41
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.41
+ }
+ }
+ rule 2434 {
+ action accept
+ description FW0745F_5-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0745F_5
+ }
+ port 32770,8001,7801
+ }
+ protocol tcp
+ }
+ rule 2435 {
+ action accept
+ description FW85E02_11-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85E02_11
+ }
+ port 5090,5060
+ }
+ protocol tcp_udp
+ }
+ rule 2436 {
+ action accept
+ description VPN-21982-ANY-ALLOW-10.4.58.43
+ destination {
+ group {
+ address-group DT_VPN-21982
+ }
+ }
+ source {
+ address 10.4.58.43
+ }
+ }
+ rule 2437 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.17.52.191
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.17.52.191
+ }
+ }
+ rule 2438 {
+ action accept
+ description FW66347_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW66347_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2439 {
+ action accept
+ description FW11082_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW11082_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2440 {
+ action accept
+ description VPN-21982-ANY-ALLOW-10.4.59.43
+ destination {
+ group {
+ address-group DT_VPN-21982
+ }
+ }
+ source {
+ address 10.4.59.43
+ }
+ }
+ rule 2441 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-92.207.193.203
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 5000
+ }
+ protocol tcp
+ source {
+ address 92.207.193.203
+ }
+ }
+ rule 2442 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-77.99.253.161
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,22,21
+ }
+ protocol tcp
+ source {
+ address 77.99.253.161
+ }
+ }
+ rule 2443 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-77.99.245.103
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 77.99.245.103
+ }
+ }
+ rule 2444 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.19.19.52
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 7990,3389
+ }
+ protocol tcp
+ source {
+ address 82.19.19.52
+ }
+ }
+ rule 2445 {
+ action accept
+ description FWEF92E_7-AH-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2446 {
+ action accept
+ description VPN-16450-ANY-ALLOW-10.4.88.99
+ destination {
+ group {
+ address-group DT_VPN-16450
+ }
+ }
+ source {
+ address 10.4.88.99
+ }
+ }
+ rule 2447 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.2.186.129
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.2.186.129
+ }
+ }
+ rule 2448 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.157
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.157
+ }
+ }
+ rule 2449 {
+ action accept
+ description FW8EA04_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8EA04_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 2450 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.21.59.207
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.21.59.207
+ }
+ }
+ rule 2451 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-82.9.22.158
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 82.9.22.158
+ }
+ }
+ rule 2452 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 1981,53
+ }
+ protocol tcp_udp
+ }
+ rule 2453 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.11.54
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.11.54
+ }
+ }
+ rule 2454 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.40.177.186
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.40.177.186
+ }
+ }
+ rule 2455 {
+ action accept
+ description FW0C25B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0C25B_1
+ }
+ port 49152-65535,5224
+ }
+ protocol tcp
+ }
+ rule 2456 {
+ action accept
+ description FW85A7C_1-TCP-ALLOW-82.24.242.137
+ destination {
+ group {
+ address-group DT_FW85A7C_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 82.24.242.137
+ }
+ }
+ rule 2457 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.68.25.66
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.68.25.66
+ }
+ }
+ rule 2458 {
+ action accept
+ description FW826BA_3-TCP-ALLOW-51.89.148.173
+ destination {
+ group {
+ address-group DT_FW826BA_3
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 51.89.148.173
+ }
+ }
+ rule 2459 {
+ action accept
+ description FWA69A0_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA69A0_1
+ }
+ port 48402
+ }
+ protocol udp
+ }
+ rule 2460 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-82.69.79.85
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 82.69.79.85
+ }
+ }
+ rule 2461 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.77.149
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.77.149
+ }
+ }
+ rule 2462 {
+ action accept
+ description FWEF92E_6-ESP-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2463 {
+ action accept
+ description FWEF92E_7-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2464 {
+ action accept
+ description FW49C3D_4-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FW49C3D_4
+ }
+ port 3389,445,443,80
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2465 {
+ action accept
+ description FW49C3D_6-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FW49C3D_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2466 {
+ action accept
+ description FW34C91_3-TCP-ALLOW-77.68.121.4
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.121.4
+ }
+ }
+ rule 2467 {
+ action accept
+ description VPN-16450-ANY-ALLOW-10.4.89.99
+ destination {
+ group {
+ address-group DT_VPN-16450
+ }
+ }
+ source {
+ address 10.4.89.99
+ }
+ }
+ rule 2468 {
+ action accept
+ description FW0BB22_1-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ }
+ protocol ah
+ }
+ rule 2469 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-86.139.57.116
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 86.139.57.116
+ }
+ }
+ rule 2470 {
+ action accept
+ description FW9E550_1-TCP-ALLOW-86.142.67.13
+ destination {
+ group {
+ address-group DT_FW9E550_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 86.142.67.13
+ }
+ }
+ rule 2471 {
+ action accept
+ description FW8B21D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8B21D_1
+ }
+ port 2096,2095,2087,2086,2083,2082
+ }
+ protocol tcp
+ }
+ rule 2472 {
+ action accept
+ description FW050AC_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW050AC_1
+ }
+ port 2087
+ }
+ protocol tcp
+ }
+ rule 2473 {
+ action accept
+ description FW1FA9E_1-TCP-ALLOW-109.228.50.206
+ destination {
+ group {
+ address-group DT_FW1FA9E_1
+ }
+ port 5432
+ }
+ protocol tcp
+ source {
+ address 109.228.50.206
+ }
+ }
+ rule 2474 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-217.23.11.155
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 217.23.11.155
+ }
+ }
+ rule 2475 {
+ action accept
+ description FW2ED4D_2-TCP-ALLOW-88.96.110.198
+ destination {
+ group {
+ address-group DT_FW2ED4D_2
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 88.96.110.198
+ }
+ }
+ rule 2476 {
+ action accept
+ description FWEAE53_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWEAE53_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2477 {
+ action accept
+ description VPN-19474-ANY-ALLOW-10.4.88.161
+ destination {
+ group {
+ address-group DT_VPN-19474
+ }
+ }
+ source {
+ address 10.4.88.161
+ }
+ }
+ rule 2478 {
+ action accept
+ description VPN-19474-ANY-ALLOW-10.4.89.161
+ destination {
+ group {
+ address-group DT_VPN-19474
+ }
+ }
+ source {
+ address 10.4.89.161
+ }
+ }
+ rule 2479 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-68.33.220.233
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 68.33.220.233
+ }
+ }
+ rule 2480 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-86.10.163.127
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 86.10.163.127
+ }
+ }
+ rule 2481 {
+ action accept
+ description FW2FB61_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2FB61_1
+ }
+ port 60182
+ }
+ protocol udp
+ }
+ rule 2482 {
+ action accept
+ description FW85A7C_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85A7C_1
+ }
+ port 2457,2456
+ }
+ protocol tcp_udp
+ }
+ rule 2483 {
+ action accept
+ description FWBED52_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBED52_1
+ }
+ port 1221,9000
+ }
+ protocol tcp
+ }
+ rule 2484 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-90.250.2.109
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 90.250.2.109
+ }
+ }
+ rule 2485 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.49
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.49
+ }
+ }
+ rule 2486 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 2487 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.250
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.250
+ }
+ }
+ rule 2488 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-95.168.171.131
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.168.171.131
+ }
+ }
+ rule 2489 {
+ action accept
+ description FW2379F_14-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ port 48030,10997,10993,10992,10991,10902,1723,1701
+ }
+ protocol tcp
+ }
+ rule 2490 {
+ action accept
+ description FW8C927_1-TCP-ALLOW-84.92.125.78
+ destination {
+ group {
+ address-group DT_FW8C927_1
+ }
+ port 80
+ }
+ protocol tcp
+ source {
+ address 84.92.125.78
+ }
+ }
+ rule 2491 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-86.146.220.229
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 86.146.220.229
+ }
+ }
+ rule 2492 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-2.218.5.59
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 2.218.5.59
+ }
+ }
+ rule 2493 {
+ action accept
+ description VPN-18830-ANY-ALLOW-10.4.86.156
+ destination {
+ group {
+ address-group DT_VPN-18830
+ }
+ }
+ source {
+ address 10.4.86.156
+ }
+ }
+ rule 2494 {
+ action accept
+ description VPN-18830-ANY-ALLOW-10.4.87.156
+ destination {
+ group {
+ address-group DT_VPN-18830
+ }
+ }
+ source {
+ address 10.4.87.156
+ }
+ }
+ rule 2495 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.92.33
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.92.33
+ }
+ }
+ rule 2496 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-146.198.100.105
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 146.198.100.105
+ }
+ }
+ rule 2497 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.55
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.55
+ }
+ }
+ rule 2498 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.113
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.84.113
+ }
+ }
+ rule 2499 {
+ action accept
+ description FW8C72E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8C72E_1
+ }
+ port 60134,60135
+ }
+ protocol tcp
+ }
+ rule 2500 {
+ action accept
+ description FWAB44B_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAB44B_1
+ }
+ port 3306
+ }
+ protocol tcp_udp
+ }
+ rule 2501 {
+ action accept
+ description FW2379F_14-TCP-ALLOW-51.148.87.29
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ port 3389,21
+ }
+ protocol tcp
+ source {
+ address 51.148.87.29
+ }
+ }
+ rule 2502 {
+ action accept
+ description VPN-23738-ANY-ALLOW-10.4.56.13
+ destination {
+ group {
+ address-group DT_VPN-23738
+ }
+ }
+ source {
+ address 10.4.56.13
+ }
+ }
+ rule 2503 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.100
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.100
+ }
+ }
+ rule 2504 {
+ action accept
+ description FW996B4_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW996B4_2
+ }
+ port 43595,30160
+ }
+ protocol tcp
+ }
+ rule 2505 {
+ action accept
+ description FW8871B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8871B_1
+ }
+ port 15672,8083,8082,8081,5672
+ }
+ protocol tcp
+ }
+ rule 2506 {
+ action accept
+ description FWAB44B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAB44B_1
+ }
+ port 9090,8069,5432
+ }
+ protocol tcp
+ }
+ rule 2507 {
+ action accept
+ description FW6187E_1-ICMP-ALLOW-85.214.201.250
+ destination {
+ group {
+ address-group DT_FW6187E_1
+ }
+ }
+ protocol icmp
+ source {
+ address 85.214.201.250
+ }
+ }
+ rule 2508 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-217.23.11.126
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 217.23.11.126
+ }
+ }
+ rule 2509 {
+ action accept
+ description FW78137_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW78137_1
+ }
+ port 1-65535
+ }
+ protocol tcp
+ }
+ rule 2510 {
+ action accept
+ description FW32EFF_25-TCP-ALLOW-46.252.65.10
+ destination {
+ group {
+ address-group DT_FW32EFF_25
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 46.252.65.10
+ }
+ }
+ rule 2511 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.50
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.50
+ }
+ }
+ rule 2512 {
+ action accept
+ description FW6A684_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6A684_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2513 {
+ action accept
+ description FWF48EB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF48EB_1
+ }
+ port 9204,9202,3395
+ }
+ protocol tcp
+ }
+ rule 2514 {
+ action accept
+ description FW44217_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW44217_2
+ }
+ port 443,80
+ }
+ protocol tcp_udp
+ }
+ rule 2515 {
+ action accept
+ description FW6187E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6187E_1
+ }
+ port 2282
+ }
+ protocol tcp
+ }
+ rule 2516 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.0.58
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.0.58
+ }
+ }
+ rule 2517 {
+ action accept
+ description VPN-34501-ANY-ALLOW-10.4.86.235
+ destination {
+ group {
+ address-group DT_VPN-34501
+ }
+ }
+ source {
+ address 10.4.86.235
+ }
+ }
+ rule 2518 {
+ action accept
+ description FW1271A_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1271A_2
+ }
+ port 5090,5061,5060,5015,5001
+ }
+ protocol tcp
+ }
+ rule 2519 {
+ action accept
+ description FW1271A_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1271A_2
+ }
+ port 9000-10999,5090,5060
+ }
+ protocol udp
+ }
+ rule 2520 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-216.113.160.71
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80,22
+ }
+ protocol tcp
+ source {
+ address 216.113.160.71
+ }
+ }
+ rule 2521 {
+ action accept
+ description FW32EFF_16-TCP-ALLOW-84.19.45.82
+ destination {
+ group {
+ address-group DT_FW32EFF_16
+ }
+ port 33888
+ }
+ protocol tcp
+ source {
+ address 84.19.45.82
+ }
+ }
+ rule 2522 {
+ action accept
+ description FW03F2E_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03F2E_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 2523 {
+ action accept
+ description FW03F2E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03F2E_1
+ }
+ port 4432,4431,4430
+ }
+ protocol tcp
+ }
+ rule 2524 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-216.113.162.65
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80,22
+ }
+ protocol tcp
+ source {
+ address 216.113.162.65
+ }
+ }
+ rule 2525 {
+ action accept
+ description VPN-20306-ANY-ALLOW-10.4.89.173
+ destination {
+ group {
+ address-group DT_VPN-20306
+ }
+ }
+ source {
+ address 10.4.89.173
+ }
+ }
+ rule 2526 {
+ action accept
+ description FW8A49A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8A49A_1
+ }
+ port 2525,8448-65535
+ }
+ protocol tcp
+ }
+ rule 2527 {
+ action accept
+ description FWD3431_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD3431_2
+ }
+ port 43595,30377,30289
+ }
+ protocol tcp
+ }
+ rule 2528 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-66.135.200.200
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80,22
+ }
+ protocol tcp
+ source {
+ address 66.135.200.200
+ }
+ }
+ rule 2529 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-193.28.178.38
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80
+ }
+ protocol tcp
+ source {
+ address 193.28.178.38
+ }
+ }
+ rule 2530 {
+ action accept
+ description FWAE88B_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAE88B_1
+ }
+ port 65432,8080,7300,1195,1194,993,587,465,443,442,143,110,80,53,22
+ }
+ protocol tcp_udp
+ }
+ rule 2531 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-195.234.136.80
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80
+ }
+ protocol tcp
+ source {
+ address 195.234.136.80
+ }
+ }
+ rule 2532 {
+ action accept
+ description FW1226C_3-TCP-ALLOW-93.94.41.83
+ destination {
+ group {
+ address-group DT_FW1226C_3
+ }
+ port 80
+ }
+ protocol tcp
+ source {
+ address 93.94.41.83
+ }
+ }
+ rule 2533 {
+ action accept
+ description VPN-6103-ANY-ALLOW-10.4.56.102
+ destination {
+ group {
+ address-group DT_VPN-6103
+ }
+ }
+ source {
+ address 10.4.56.102
+ }
+ }
+ rule 2534 {
+ action accept
+ description VPN-6103-ANY-ALLOW-10.4.57.102
+ destination {
+ group {
+ address-group DT_VPN-6103
+ }
+ }
+ source {
+ address 10.4.57.102
+ }
+ }
+ rule 2535 {
+ action accept
+ description FW9E550_1-TCP-ALLOW-86.198.190.104
+ destination {
+ group {
+ address-group DT_FW9E550_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 86.198.190.104
+ }
+ }
+ rule 2536 {
+ action accept
+ description FW34C91_3-TCP-ALLOW-81.149.71.244
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 81.149.71.244
+ }
+ }
+ rule 2537 {
+ action accept
+ description FW0BB22_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ port 27917,27017,9592,9092,1080,587
+ }
+ protocol tcp_udp
+ }
+ rule 2538 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-89.213.26.156
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 89.213.26.156
+ }
+ }
+ rule 2539 {
+ action accept
+ description FW34C91_3-UDP-ALLOW-81.149.71.244
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1434
+ }
+ protocol udp
+ source {
+ address 81.149.71.244
+ }
+ }
+ rule 2540 {
+ action accept
+ description VPN-17207-ANY-ALLOW-10.4.86.121
+ destination {
+ group {
+ address-group DT_VPN-17207
+ }
+ }
+ source {
+ address 10.4.86.121
+ }
+ }
+ rule 2541 {
+ action accept
+ description FW0B352_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0B352_1
+ }
+ port 4500,500
+ }
+ protocol udp
+ }
+ rule 2542 {
+ action accept
+ description FW85E02_11-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85E02_11
+ }
+ port 5854,5853,5061
+ }
+ protocol tcp
+ }
+ rule 2543 {
+ action accept
+ description FW0BB22_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BB22_1
+ }
+ port 9200,8082
+ }
+ protocol tcp
+ }
+ rule 2544 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.140
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.140
+ }
+ }
+ rule 2545 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-91.125.244.28
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 91.125.244.28
+ }
+ }
+ rule 2546 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-86.172.252.221
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 80-3389
+ }
+ protocol tcp
+ source {
+ address 86.172.252.221
+ }
+ }
+ rule 2547 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-92.207.184.106
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,21
+ }
+ protocol tcp
+ source {
+ address 92.207.184.106
+ }
+ }
+ rule 2548 {
+ action accept
+ description FW45F3D_1-ANY-ALLOW-146.255.0.198
+ destination {
+ group {
+ address-group DT_FW45F3D_1
+ }
+ }
+ source {
+ address 146.255.0.198
+ }
+ }
+ rule 2549 {
+ action accept
+ description FWBFDED_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBFDED_1
+ }
+ port 1723,445
+ }
+ protocol tcp
+ }
+ rule 2550 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-212.227.9.72
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 212.227.9.72
+ }
+ }
+ rule 2551 {
+ action accept
+ description FWE928F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE928F_1
+ }
+ port 2082,2083,2086,2087,2096
+ }
+ protocol tcp
+ }
+ rule 2552 {
+ action accept
+ description FW5CBB2_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5CBB2_1
+ }
+ port 2082,2083,2086,2087
+ }
+ protocol tcp
+ }
+ rule 2553 {
+ action accept
+ description FW63230_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW63230_1
+ }
+ port 445,139
+ }
+ protocol tcp_udp
+ }
+ rule 2554 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-71.244.176.5
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 71.244.176.5
+ }
+ }
+ rule 2555 {
+ action accept
+ description FWA4BC8_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA4BC8_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2556 {
+ action accept
+ description VPN-17207-ANY-ALLOW-10.4.87.121
+ destination {
+ group {
+ address-group DT_VPN-17207
+ }
+ }
+ source {
+ address 10.4.87.121
+ }
+ }
+ rule 2557 {
+ action accept
+ description VPN-17558-ANY-ALLOW-10.4.86.143
+ destination {
+ group {
+ address-group DT_VPN-17558
+ }
+ }
+ source {
+ address 10.4.86.143
+ }
+ }
+ rule 2558 {
+ action accept
+ description FWB2CD2_1-TCP-ALLOW-86.167.68.241
+ destination {
+ group {
+ address-group DT_FWB2CD2_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 86.167.68.241
+ }
+ }
+ rule 2559 {
+ action accept
+ description FW32EFF_25-TCP-ALLOW-84.19.45.82
+ destination {
+ group {
+ address-group DT_FW32EFF_25
+ }
+ port 33888,443
+ }
+ protocol tcp
+ source {
+ address 84.19.45.82
+ }
+ }
+ rule 2560 {
+ action accept
+ description FW44217_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW44217_2
+ }
+ port 9001,7946,2376
+ }
+ protocol tcp
+ }
+ rule 2561 {
+ action accept
+ description FW7DAE2_3-TCP-ALLOW-212.227.253.11
+ destination {
+ group {
+ address-group DT_FW7DAE2_3
+ }
+ port 25,22
+ }
+ protocol tcp
+ source {
+ address 212.227.253.11
+ }
+ }
+ rule 2562 {
+ action accept
+ description FW7DAE2_3-TCP-ALLOW-217.160.126.118
+ destination {
+ group {
+ address-group DT_FW7DAE2_3
+ }
+ port 25,22
+ }
+ protocol tcp
+ source {
+ address 217.160.126.118
+ }
+ }
+ rule 2563 {
+ action accept
+ description FWAF6E8_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAF6E8_1
+ }
+ port 2082,2083,2086,2087,2096
+ }
+ protocol tcp
+ }
+ rule 2564 {
+ action accept
+ description FWCD7CE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCD7CE_1
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2565 {
+ action accept
+ description FW32EFF_16-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW32EFF_16
+ }
+ port 47779,47778,47777,47776
+ }
+ protocol tcp
+ }
+ rule 2566 {
+ action accept
+ description FW0745F_5-TCP-ALLOW-77.68.117.222
+ destination {
+ group {
+ address-group DT_FW0745F_5
+ }
+ port 49170
+ }
+ protocol tcp
+ source {
+ address 77.68.117.222
+ }
+ }
+ rule 2567 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-92.207.199.107
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,22,21
+ }
+ protocol tcp
+ source {
+ address 92.207.199.107
+ }
+ }
+ rule 2568 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.0.89
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.0.89
+ }
+ }
+ rule 2569 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-190.2.130.41
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 190.2.130.41
+ }
+ }
+ rule 2570 {
+ action accept
+ description FWFDCC7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFDCC7_1
+ }
+ port 10000
+ }
+ protocol tcp_udp
+ }
+ rule 2571 {
+ action accept
+ description FWF19FB_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF19FB_2
+ }
+ port 43595,40001,30616-30631,30531,30204-30435
+ }
+ protocol tcp
+ }
+ rule 2572 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 2573 {
+ action accept
+ description FW4E314_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4E314_1
+ }
+ port 21543,888
+ }
+ protocol tcp
+ }
+ rule 2574 {
+ action accept
+ description FW73215_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73215_1
+ }
+ port 4380
+ }
+ protocol udp
+ }
+ rule 2575 {
+ action accept
+ description VPN-31301-ANY-ALLOW-10.4.86.223
+ destination {
+ group {
+ address-group DT_VPN-31301
+ }
+ }
+ source {
+ address 10.4.86.223
+ }
+ }
+ rule 2576 {
+ action accept
+ description FW8428B_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8428B_1
+ }
+ port 48402
+ }
+ protocol udp
+ }
+ rule 2577 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-185.195.124.169
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 2222
+ }
+ protocol tcp_udp
+ source {
+ address 185.195.124.169
+ }
+ }
+ rule 2578 {
+ action accept
+ description FW34C91_3-UDP-ALLOW-77.68.121.4
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1434
+ }
+ protocol udp
+ source {
+ address 77.68.121.4
+ }
+ }
+ rule 2579 {
+ action accept
+ description FW73215_1-TCP-ALLOW-82.38.58.135
+ destination {
+ group {
+ address-group DT_FW73215_1
+ }
+ port 10685
+ }
+ protocol tcp
+ source {
+ address 82.38.58.135
+ }
+ }
+ rule 2580 {
+ action accept
+ description FW52F6F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW52F6F_1
+ }
+ port 8888
+ }
+ protocol tcp
+ }
+ rule 2581 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.86
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.86
+ }
+ }
+ rule 2582 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.125.13
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.125.13
+ }
+ }
+ rule 2583 {
+ action accept
+ description FWEE03C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWEE03C_1
+ }
+ port 2087,2083
+ }
+ protocol tcp
+ }
+ rule 2584 {
+ action accept
+ description FW748B7_1-TCP-ALLOW-157.231.123.154
+ destination {
+ group {
+ address-group DT_FW748B7_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 157.231.123.154
+ }
+ }
+ rule 2585 {
+ action accept
+ description VPN-34501-ANY-ALLOW-10.4.87.235
+ destination {
+ group {
+ address-group DT_VPN-34501
+ }
+ }
+ source {
+ address 10.4.87.235
+ }
+ }
+ rule 2586 {
+ action accept
+ description FWE47DA_1-TCP-ALLOW-81.134.85.245
+ destination {
+ group {
+ address-group DT_FWE47DA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.134.85.245
+ }
+ }
+ rule 2587 {
+ action accept
+ description FWD61BF_1-ANY-ALLOW-193.237.81.213_32
+ destination {
+ group {
+ address-group DT_FWD61BF_1
+ }
+ }
+ source {
+ address 193.237.81.213/32
+ }
+ }
+ rule 2588 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-23.106.238.241
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,3306,22
+ }
+ protocol tcp
+ source {
+ address 23.106.238.241
+ }
+ }
+ rule 2589 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-35.204.202.196
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,3306,22
+ }
+ protocol tcp
+ source {
+ address 35.204.202.196
+ }
+ }
+ rule 2590 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-35.242.141.128
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,3306,22
+ }
+ protocol tcp
+ source {
+ address 35.242.141.128
+ }
+ }
+ rule 2591 {
+ action accept
+ description FWC2EF2_2-TCP-ALLOW-90.251.221.19
+ destination {
+ group {
+ address-group DT_FWC2EF2_2
+ }
+ port 995,993,587,465,143,110,25,22
+ }
+ protocol tcp
+ source {
+ address 90.251.221.19
+ }
+ }
+ rule 2592 {
+ action accept
+ description VPN-14673-ANY-ALLOW-10.4.88.44
+ destination {
+ group {
+ address-group DT_VPN-14673
+ }
+ }
+ source {
+ address 10.4.88.44
+ }
+ }
+ rule 2593 {
+ action accept
+ description FWA83DF_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA83DF_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2594 {
+ action accept
+ description FW31525_6-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW31525_6
+ }
+ port 35467
+ }
+ protocol tcp
+ }
+ rule 2595 {
+ action accept
+ description FW4293B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4293B_1
+ }
+ port 9080,8888,8881,7815,8419
+ }
+ protocol tcp
+ }
+ rule 2596 {
+ action accept
+ description FW4AE7D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4AE7D_1
+ }
+ port 8083,81
+ }
+ protocol tcp
+ }
+ rule 2597 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-143.52.53.22
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 143.52.53.22
+ }
+ }
+ rule 2598 {
+ action accept
+ description FW44217_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW44217_2
+ }
+ port 7946,4789
+ }
+ protocol udp
+ }
+ rule 2599 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-46.249.82.162
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 46.249.82.162
+ }
+ }
+ rule 2600 {
+ action accept
+ description FW27949_2-TCP-ALLOW-80.95.202.106
+ destination {
+ group {
+ address-group DT_FW27949_2
+ }
+ port 443,80
+ }
+ protocol tcp
+ source {
+ address 80.95.202.106
+ }
+ }
+ rule 2601 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-77.68.93.82
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 77.68.93.82
+ }
+ }
+ rule 2602 {
+ action accept
+ description FW2ACFF_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2ACFF_1
+ }
+ port 8082,5093
+ }
+ protocol tcp
+ }
+ rule 2603 {
+ action accept
+ description FWC2EF2_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC2EF2_2
+ }
+ port 10000,953,53
+ }
+ protocol tcp_udp
+ }
+ rule 2604 {
+ action accept
+ description FW0C8E1_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0C8E1_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2605 {
+ action accept
+ description FWA86ED_101-TCP_UDP-ALLOW-82.5.189.5
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ source {
+ address 82.5.189.5
+ }
+ }
+ rule 2606 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.179
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.179
+ }
+ }
+ rule 2607 {
+ action accept
+ description FWEF92E_5-ESP-ALLOW-88.208.198.93
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol esp
+ source {
+ address 88.208.198.93
+ }
+ }
+ rule 2608 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-39.45.43.109
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 39.45.43.109
+ }
+ }
+ rule 2609 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-5.67.3.195
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 5.67.3.195
+ }
+ }
+ rule 2610 {
+ action accept
+ description FWDCA36_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDCA36_3
+ }
+ port 49152-65534,5901
+ }
+ protocol tcp
+ }
+ rule 2611 {
+ action accept
+ description FWE928F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE928F_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2612 {
+ action accept
+ description FW69D6D_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW69D6D_2
+ }
+ port 5001,5090,5060,5015
+ }
+ protocol tcp
+ }
+ rule 2613 {
+ action accept
+ description FW69D6D_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW69D6D_2
+ }
+ port 5090,5060,9000-9500
+ }
+ protocol udp
+ }
+ rule 2614 {
+ action accept
+ description VPN-9765-ANY-ALLOW-10.4.56.45
+ destination {
+ group {
+ address-group DT_VPN-9765
+ }
+ }
+ source {
+ address 10.4.56.45
+ }
+ }
+ rule 2615 {
+ action accept
+ description VPN-9765-ANY-ALLOW-10.4.57.45
+ destination {
+ group {
+ address-group DT_VPN-9765
+ }
+ }
+ source {
+ address 10.4.57.45
+ }
+ }
+ rule 2616 {
+ action accept
+ description FW4C136_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4C136_1
+ }
+ port 1194
+ }
+ protocol tcp_udp
+ }
+ rule 2617 {
+ action accept
+ description FW6F539_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6F539_1
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2618 {
+ action accept
+ description FWDD089_5-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDD089_5
+ }
+ port 5666-5667,12489
+ }
+ protocol tcp_udp
+ }
+ rule 2619 {
+ action accept
+ description FWDD089_5-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDD089_5
+ }
+ port 161-162
+ }
+ protocol tcp
+ }
+ rule 2620 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-109.228.37.19
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 109.228.37.19
+ }
+ }
+ rule 2621 {
+ action accept
+ description FW0A5C4_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0A5C4_1
+ }
+ port 9000,6697,6667,5000
+ }
+ protocol tcp
+ }
+ rule 2622 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.11.54
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.11.54
+ }
+ }
+ rule 2623 {
+ action accept
+ description FW2BB8D_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2BB8D_1
+ }
+ port 7990
+ }
+ protocol tcp
+ }
+ rule 2624 {
+ action accept
+ description FWAF6E8_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAF6E8_1
+ }
+ port 7770-7800,44445,53
+ }
+ protocol tcp_udp
+ }
+ rule 2625 {
+ action accept
+ description FW81286_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW81286_1
+ }
+ port 2082,2083,2086,2087,2096
+ }
+ protocol tcp
+ }
+ rule 2626 {
+ action accept
+ description FW05064_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW05064_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2627 {
+ action accept
+ description FWD7382_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD7382_1
+ }
+ port 4500,1701,500
+ }
+ protocol udp
+ }
+ rule 2628 {
+ action accept
+ description FWD7382_1-TCP-ALLOW-174.91.7.198
+ destination {
+ group {
+ address-group DT_FWD7382_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 174.91.7.198
+ }
+ }
+ rule 2629 {
+ action accept
+ description VPN-9484-ANY-ALLOW-10.4.56.164
+ destination {
+ group {
+ address-group DT_VPN-9484
+ }
+ }
+ source {
+ address 10.4.56.164
+ }
+ }
+ rule 2630 {
+ action accept
+ description VPN-9484-ANY-ALLOW-10.4.57.164
+ destination {
+ group {
+ address-group DT_VPN-9484
+ }
+ }
+ source {
+ address 10.4.57.164
+ }
+ }
+ rule 2631 {
+ action accept
+ description VPN-9749-ANY-ALLOW-10.4.58.144
+ destination {
+ group {
+ address-group DT_VPN-9749
+ }
+ }
+ source {
+ address 10.4.58.144
+ }
+ }
+ rule 2632 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.77.149
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.77.149
+ }
+ }
+ rule 2633 {
+ action accept
+ description FW10FEE_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW10FEE_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2634 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-5.71.30.141
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 5.71.30.141
+ }
+ }
+ rule 2635 {
+ action accept
+ description VPN-9749-ANY-ALLOW-10.4.59.144
+ destination {
+ group {
+ address-group DT_VPN-9749
+ }
+ }
+ source {
+ address 10.4.59.144
+ }
+ }
+ rule 2636 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 2637 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.92.33
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.92.33
+ }
+ }
+ rule 2638 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-77.68.93.82
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.93.82
+ }
+ }
+ rule 2639 {
+ action accept
+ description FWEF92E_6-AH-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ }
+ protocol ah
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2640 {
+ action accept
+ description FWEF92E_6-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2641 {
+ action accept
+ description FWEF92E_5-AH-ALLOW-88.208.198.93
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ }
+ protocol ah
+ source {
+ address 88.208.198.93
+ }
+ }
+ rule 2642 {
+ action accept
+ description FWEF92E_7-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2643 {
+ action accept
+ description FWEF92E_7-TCP-ALLOW-87.224.6.174
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.6.174
+ }
+ }
+ rule 2644 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-109.228.37.19
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 109.228.37.19
+ }
+ }
+ rule 2645 {
+ action accept
+ description FW49C3D_4-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FW49C3D_4
+ }
+ port 3389,445,80
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2646 {
+ action accept
+ description FW49C3D_4-TCP-ALLOW-82.0.198.226
+ destination {
+ group {
+ address-group DT_FW49C3D_4
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 82.0.198.226
+ }
+ }
+ rule 2647 {
+ action accept
+ description FW49C3D_6-TCP-ALLOW-82.0.198.226
+ destination {
+ group {
+ address-group DT_FW49C3D_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 82.0.198.226
+ }
+ }
+ rule 2648 {
+ action accept
+ description FW49C3D_6-TCP-ALLOW-83.100.136.74
+ destination {
+ group {
+ address-group DT_FW49C3D_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 83.100.136.74
+ }
+ }
+ rule 2649 {
+ action accept
+ description FWEF92E_6-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2650 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-194.145.189.162
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 194.145.189.162
+ }
+ }
+ rule 2651 {
+ action accept
+ description FW3DBF8_9-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3DBF8_9
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 2652 {
+ action accept
+ description VPN-19807-ANY-ALLOW-10.4.86.172
+ destination {
+ group {
+ address-group DT_VPN-19807
+ }
+ }
+ source {
+ address 10.4.86.172
+ }
+ }
+ rule 2653 {
+ action accept
+ description FWEEC75_1-TCP-ALLOW-82.8.245.40
+ destination {
+ group {
+ address-group DT_FWEEC75_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 82.8.245.40
+ }
+ }
+ rule 2654 {
+ action accept
+ description FW3AD6F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3AD6F_1
+ }
+ port 53,465
+ }
+ protocol tcp_udp
+ }
+ rule 2655 {
+ action accept
+ description FWCDBC7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCDBC7_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2656 {
+ action accept
+ description FWA373F_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA373F_1
+ }
+ port 2087,2086,2083,2082
+ }
+ protocol tcp
+ }
+ rule 2657 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-94.155.221.50
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 94.155.221.50
+ }
+ }
+ rule 2658 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443,22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 2659 {
+ action accept
+ description VPN-30791-ANY-ALLOW-10.4.88.215
+ destination {
+ group {
+ address-group DT_VPN-30791
+ }
+ }
+ source {
+ address 10.4.88.215
+ }
+ }
+ rule 2660 {
+ action accept
+ description VPN-30791-ANY-ALLOW-10.4.89.215
+ destination {
+ group {
+ address-group DT_VPN-30791
+ }
+ }
+ source {
+ address 10.4.89.215
+ }
+ }
+ rule 2661 {
+ action accept
+ description FW2EF2C_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2EF2C_1
+ }
+ port 10000,3478
+ }
+ protocol udp
+ }
+ rule 2662 {
+ action accept
+ description FW32EFF_49-TCP-ALLOW-195.217.232.0_26
+ destination {
+ group {
+ address-group DT_FW32EFF_49
+ }
+ port 5589
+ }
+ protocol tcp
+ source {
+ address 195.217.232.0/26
+ }
+ }
+ rule 2663 {
+ action accept
+ description FW4AE7D_1-TCP-ALLOW-81.136.8.24
+ destination {
+ group {
+ address-group DT_FW4AE7D_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.136.8.24
+ }
+ }
+ rule 2664 {
+ action accept
+ description FW2EF2C_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2EF2C_1
+ }
+ port 5222
+ }
+ protocol tcp_udp
+ }
+ rule 2665 {
+ action accept
+ description FW48A55_2-TCP-ALLOW-86.29.225.60
+ destination {
+ group {
+ address-group DT_FW48A55_2
+ }
+ port 443,80,22
+ }
+ protocol tcp
+ source {
+ address 86.29.225.60
+ }
+ }
+ rule 2666 {
+ action accept
+ description FW48A55_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW48A55_2
+ }
+ port 1337
+ }
+ protocol udp
+ }
+ rule 2667 {
+ action accept
+ description VPN-11913-ANY-ALLOW-10.4.56.191
+ destination {
+ group {
+ address-group DT_VPN-11913
+ }
+ }
+ source {
+ address 10.4.56.191
+ }
+ }
+ rule 2668 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-194.145.189.163
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 194.145.189.163
+ }
+ }
+ rule 2669 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.0.90
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.0.90
+ }
+ }
+ rule 2670 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.24.66
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.24.66
+ }
+ }
+ rule 2671 {
+ action accept
+ description VPN-11913-ANY-ALLOW-10.4.57.191
+ destination {
+ group {
+ address-group DT_VPN-11913
+ }
+ }
+ source {
+ address 10.4.57.191
+ }
+ }
+ rule 2672 {
+ action accept
+ description FW73573_2-TCP-ALLOW-86.9.185.195
+ destination {
+ group {
+ address-group DT_FW73573_2
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 86.9.185.195
+ }
+ }
+ rule 2673 {
+ action accept
+ description VPN-17558-ANY-ALLOW-10.4.87.143
+ destination {
+ group {
+ address-group DT_VPN-17558
+ }
+ }
+ source {
+ address 10.4.87.143
+ }
+ }
+ rule 2674 {
+ action accept
+ description FW748B7_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW748B7_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2675 {
+ action accept
+ description FW16375_5-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW16375_5
+ }
+ port 2082,2083,2086,2087
+ }
+ protocol tcp
+ }
+ rule 2676 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-88.98.204.68
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 88.98.204.68
+ }
+ }
+ rule 2677 {
+ action accept
+ description FW73573_1-TCP-ALLOW-86.9.185.195
+ destination {
+ group {
+ address-group DT_FW73573_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 86.9.185.195
+ }
+ }
+ rule 2678 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-194.145.190.4
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 194.145.190.4
+ }
+ }
+ rule 2679 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-140.82.112.0_20
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 140.82.112.0/20
+ }
+ }
+ rule 2680 {
+ action accept
+ description FW62858_12-ICMP-ALLOW-77.68.122.41
+ destination {
+ group {
+ address-group DT_FW62858_12
+ }
+ }
+ protocol icmp
+ source {
+ address 77.68.122.41
+ }
+ }
+ rule 2681 {
+ action accept
+ description FWB118A_1-TCP-ALLOW-147.148.96.136
+ destination {
+ group {
+ address-group DT_FWB118A_1
+ }
+ port 49152-65534,8447,8443,22,21,20
+ }
+ protocol tcp
+ source {
+ address 147.148.96.136
+ }
+ }
+ rule 2682 {
+ action accept
+ description FW5A77C_16-TCP-ALLOW-92.207.237.42
+ destination {
+ group {
+ address-group DT_FW5A77C_16
+ }
+ port 10000,22
+ }
+ protocol tcp
+ source {
+ address 92.207.237.42
+ }
+ }
+ rule 2683 {
+ action accept
+ description FW364CF_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW364CF_1
+ }
+ port 4022,8099
+ }
+ protocol tcp
+ }
+ rule 2684 {
+ action accept
+ description VPN-25822-ANY-ALLOW-10.4.54.42
+ destination {
+ group {
+ address-group DT_VPN-25822
+ }
+ }
+ source {
+ address 10.4.54.42
+ }
+ }
+ rule 2685 {
+ action accept
+ description FW7F28A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW7F28A_1
+ }
+ port 10051,10050
+ }
+ protocol tcp
+ }
+ rule 2686 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-109.228.53.159
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.53.159
+ }
+ }
+ rule 2687 {
+ action accept
+ description FWE47DA_1-TCP-ALLOW-185.22.211.0_24
+ destination {
+ group {
+ address-group DT_FWE47DA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 185.22.211.0/24
+ }
+ }
+ rule 2688 {
+ action accept
+ description FWC6301_1-TCP-ALLOW-95.34.208.4
+ destination {
+ group {
+ address-group DT_FWC6301_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 95.34.208.4
+ }
+ }
+ rule 2689 {
+ action accept
+ description FW45000_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW45000_1
+ }
+ port 990
+ }
+ protocol tcp
+ }
+ rule 2690 {
+ action accept
+ description FW481D7_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW481D7_1
+ }
+ port 6789
+ }
+ protocol tcp
+ }
+ rule 2691 {
+ action accept
+ description VPN-8203-ANY-ALLOW-10.4.59.109
+ destination {
+ group {
+ address-group DT_VPN-8203
+ }
+ }
+ source {
+ address 10.4.59.109
+ }
+ }
+ rule 2692 {
+ action accept
+ description VPN-3575-ANY-ALLOW-10.4.54.124
+ destination {
+ group {
+ address-group DT_VPN-3575
+ }
+ }
+ source {
+ address 10.4.54.124
+ }
+ }
+ rule 2693 {
+ action accept
+ description VPN-3575-ANY-ALLOW-10.4.55.125
+ destination {
+ group {
+ address-group DT_VPN-3575
+ }
+ }
+ source {
+ address 10.4.55.125
+ }
+ }
+ rule 2694 {
+ action accept
+ description FW42661_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW42661_3
+ }
+ port 44445,25672,15672,9876,7770-7800
+ }
+ protocol tcp
+ }
+ rule 2695 {
+ action accept
+ description FWBF494_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBF494_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2696 {
+ action accept
+ description FWD0E22_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD0E22_4
+ }
+ port 8000,19005
+ }
+ protocol tcp
+ }
+ rule 2697 {
+ action accept
+ description FW98818_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW98818_1
+ }
+ port 27015
+ }
+ protocol udp
+ }
+ rule 2698 {
+ action accept
+ description FW62858_12-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW62858_12
+ }
+ port 5001,5000
+ }
+ protocol tcp
+ }
+ rule 2699 {
+ action accept
+ description VPN-34006-ANY-ALLOW-10.4.86.242
+ destination {
+ group {
+ address-group DT_VPN-34006
+ }
+ }
+ source {
+ address 10.4.86.242
+ }
+ }
+ rule 2700 {
+ action accept
+ description VPN-34006-ANY-ALLOW-10.4.87.242
+ destination {
+ group {
+ address-group DT_VPN-34006
+ }
+ }
+ source {
+ address 10.4.87.242
+ }
+ }
+ rule 2701 {
+ action accept
+ description FWF879C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF879C_1
+ }
+ port 8888
+ }
+ protocol tcp
+ }
+ rule 2702 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.11.54
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.11.54
+ }
+ }
+ rule 2703 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.74.89
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.74.89
+ }
+ }
+ rule 2704 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.77.149
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.77.149
+ }
+ }
+ rule 2705 {
+ action accept
+ description FW8A57A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW8A57A_1
+ }
+ port 49153,5666
+ }
+ protocol tcp
+ }
+ rule 2706 {
+ action accept
+ description FW62858_12-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW62858_12
+ }
+ port 5090,5061,5060
+ }
+ protocol tcp_udp
+ }
+ rule 2707 {
+ action accept
+ description FW62858_12-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW62858_12
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 2708 {
+ action accept
+ description FW0E2EE_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0E2EE_1
+ }
+ port 1024-65535
+ }
+ protocol tcp_udp
+ }
+ rule 2709 {
+ action accept
+ description FWEEC75_1-TCP-ALLOW-82.5.80.210
+ destination {
+ group {
+ address-group DT_FWEEC75_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 82.5.80.210
+ }
+ }
+ rule 2710 {
+ action accept
+ description FW4F81F_4-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4F81F_4
+ }
+ port 26900,27005,27015,51000,51005,51030
+ }
+ protocol tcp_udp
+ }
+ rule 2711 {
+ action accept
+ description VPN-7902-ANY-ALLOW-10.4.56.78
+ destination {
+ group {
+ address-group DT_VPN-7902
+ }
+ }
+ source {
+ address 10.4.56.78
+ }
+ }
+ rule 2712 {
+ action accept
+ description VPN-7902-ANY-ALLOW-10.4.57.78
+ destination {
+ group {
+ address-group DT_VPN-7902
+ }
+ }
+ source {
+ address 10.4.57.78
+ }
+ }
+ rule 2713 {
+ action accept
+ description FWB36A0_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB36A0_1
+ }
+ port 20-21,990
+ }
+ protocol tcp_udp
+ }
+ rule 2714 {
+ action accept
+ description FWD2082_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2082_1
+ }
+ port 8001,8002
+ }
+ protocol tcp
+ }
+ rule 2715 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-212.8.242.171
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 212.8.242.171
+ }
+ }
+ rule 2716 {
+ action accept
+ description FWB9699_11-TCP-ALLOW-213.171.217.184
+ destination {
+ group {
+ address-group DT_FWB9699_11
+ }
+ port 443,80,8800,22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.184
+ }
+ }
+ rule 2717 {
+ action accept
+ description VPN-11083-ANY-ALLOW-10.4.54.186
+ destination {
+ group {
+ address-group DT_VPN-11083
+ }
+ }
+ source {
+ address 10.4.54.186
+ }
+ }
+ rule 2718 {
+ action accept
+ description VPN-11083-ANY-ALLOW-10.4.55.187
+ destination {
+ group {
+ address-group DT_VPN-11083
+ }
+ }
+ source {
+ address 10.4.55.187
+ }
+ }
+ rule 2719 {
+ action accept
+ description VPN-34583-ANY-ALLOW-10.4.86.243
+ destination {
+ group {
+ address-group DT_VPN-34583
+ }
+ }
+ source {
+ address 10.4.86.243
+ }
+ }
+ rule 2720 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.155
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.84.155
+ }
+ }
+ rule 2721 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.117
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.117
+ }
+ }
+ rule 2722 {
+ action accept
+ description FW7A9B0_9-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW7A9B0_9
+ }
+ port 11112
+ }
+ protocol tcp
+ }
+ rule 2723 {
+ action accept
+ description FW3F465_1-TCP-ALLOW-77.68.127.177
+ destination {
+ group {
+ address-group DT_FW3F465_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.127.177
+ }
+ }
+ rule 2724 {
+ action accept
+ description VPN-34583-ANY-ALLOW-10.4.87.243
+ destination {
+ group {
+ address-group DT_VPN-34583
+ }
+ }
+ source {
+ address 10.4.87.243
+ }
+ }
+ rule 2725 {
+ action accept
+ description FW930F3_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW930F3_1
+ }
+ port 9089,5900,5666,5272
+ }
+ protocol tcp
+ }
+ rule 2726 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.165
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.165
+ }
+ }
+ rule 2727 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.140
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.140
+ }
+ }
+ rule 2728 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-82.11.114.136
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 82.11.114.136
+ }
+ }
+ rule 2729 {
+ action accept
+ description FW73215_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73215_1
+ }
+ port 27015
+ }
+ protocol tcp_udp
+ }
+ rule 2730 {
+ action accept
+ description FWC2EF2_1-TCP-ALLOW-18.130.156.250
+ destination {
+ group {
+ address-group DT_FWC2EF2_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 18.130.156.250
+ }
+ }
+ rule 2731 {
+ action accept
+ description FWC2EF2_1-TCP-ALLOW-90.251.221.19
+ destination {
+ group {
+ address-group DT_FWC2EF2_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 90.251.221.19
+ }
+ }
+ rule 2732 {
+ action accept
+ description FW90AE3_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW90AE3_1
+ }
+ port 8765,8001,8000
+ }
+ protocol tcp
+ }
+ rule 2733 {
+ action accept
+ description FWC2EF2_1-TCP-ALLOW-87.74.110.191
+ destination {
+ group {
+ address-group DT_FWC2EF2_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 87.74.110.191
+ }
+ }
+ rule 2734 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 2735 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.93
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.93
+ }
+ }
+ rule 2736 {
+ action accept
+ description FW81138_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW81138_1
+ }
+ port 123
+ }
+ protocol udp
+ }
+ rule 2737 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.64
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.64
+ }
+ }
+ rule 2738 {
+ action accept
+ description FW03B35_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03B35_1
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ }
+ rule 2739 {
+ action accept
+ description VPN-19807-ANY-ALLOW-10.4.87.172
+ destination {
+ group {
+ address-group DT_VPN-19807
+ }
+ }
+ source {
+ address 10.4.87.172
+ }
+ }
+ rule 2740 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-94.12.73.154
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 8447
+ }
+ protocol tcp
+ source {
+ address 94.12.73.154
+ }
+ }
+ rule 2741 {
+ action accept
+ description FW5658C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5658C_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2742 {
+ action accept
+ description FW0B352_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0B352_1
+ }
+ port 3443
+ }
+ protocol tcp_udp
+ }
+ rule 2743 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.8.74
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 77.68.8.74
+ }
+ }
+ rule 2744 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.92.33
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.92.33
+ }
+ }
+ rule 2745 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-77.68.93.82
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 77.68.93.82
+ }
+ }
+ rule 2746 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.44
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.44
+ }
+ }
+ rule 2747 {
+ action accept
+ description FW34C91_3-TCP-ALLOW-188.220.176.104
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 188.220.176.104
+ }
+ }
+ rule 2748 {
+ action accept
+ description FW3F465_1-TCP-ALLOW-77.68.16.101
+ destination {
+ group {
+ address-group DT_FW3F465_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.16.101
+ }
+ }
+ rule 2749 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 2750 {
+ action accept
+ description FW34C91_3-UDP-ALLOW-188.220.176.104
+ destination {
+ group {
+ address-group DT_FW34C91_3
+ }
+ port 1434
+ }
+ protocol udp
+ source {
+ address 188.220.176.104
+ }
+ }
+ rule 2751 {
+ action accept
+ description FWE47DA_1-TCP-ALLOW-185.22.208.0_25
+ destination {
+ group {
+ address-group DT_FWE47DA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 185.22.208.0/25
+ }
+ }
+ rule 2752 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.187
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.187
+ }
+ }
+ rule 2753 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.84
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.84
+ }
+ }
+ rule 2754 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.52
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.246.52
+ }
+ }
+ rule 2755 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-77.68.92.154
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.92.154
+ }
+ }
+ rule 2756 {
+ action accept
+ description FW8AFF1_7-TCP-ALLOW-77.68.93.156
+ destination {
+ group {
+ address-group DT_FW8AFF1_7
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.93.156
+ }
+ }
+ rule 2757 {
+ action accept
+ description VPN-24398-ANY-ALLOW-10.4.88.151
+ destination {
+ group {
+ address-group DT_VPN-24398
+ }
+ }
+ source {
+ address 10.4.88.151
+ }
+ }
+ rule 2758 {
+ action accept
+ description VPN-24398-ANY-ALLOW-10.4.89.151
+ destination {
+ group {
+ address-group DT_VPN-24398
+ }
+ }
+ source {
+ address 10.4.89.151
+ }
+ }
+ rule 2759 {
+ action accept
+ description VPN-24589-ANY-ALLOW-10.4.56.9
+ destination {
+ group {
+ address-group DT_VPN-24589
+ }
+ }
+ source {
+ address 10.4.56.9
+ }
+ }
+ rule 2760 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.29
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.29
+ }
+ }
+ rule 2761 {
+ action accept
+ description FWC7D36_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC7D36_1
+ }
+ port 27017,11080
+ }
+ protocol tcp
+ }
+ rule 2762 {
+ action accept
+ description FWBB718_1-TCP_UDP-ALLOW-77.68.73.116
+ destination {
+ group {
+ address-group DT_FWBB718_1
+ }
+ port 1433
+ }
+ protocol tcp_udp
+ source {
+ address 77.68.73.116
+ }
+ }
+ rule 2763 {
+ action accept
+ description FWBB718_1-UDP-ALLOW-77.68.73.116
+ destination {
+ group {
+ address-group DT_FWBB718_1
+ }
+ port 1434
+ }
+ protocol udp
+ source {
+ address 77.68.73.116
+ }
+ }
+ rule 2764 {
+ action accept
+ description FWB9699_11-TCP-ALLOW-213.171.217.102
+ destination {
+ group {
+ address-group DT_FWB9699_11
+ }
+ port 22,80,443,8800
+ }
+ protocol tcp
+ source {
+ address 213.171.217.102
+ }
+ }
+ rule 2765 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-103.8.164.5
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 103.8.164.5
+ }
+ }
+ rule 2766 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.193
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.193
+ }
+ }
+ rule 2768 {
+ action accept
+ description FW26F0A_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW26F0A_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2769 {
+ action accept
+ description FWCC18F_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCC18F_2
+ }
+ port 8883,1883
+ }
+ protocol tcp
+ }
+ rule 2771 {
+ action accept
+ description FW633DD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW633DD_1
+ }
+ port 28967,14002,9984,9983,9982,9981,8888,8884
+ }
+ protocol tcp
+ }
+ rule 2772 {
+ action accept
+ description FWDEDB9_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDEDB9_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2773 {
+ action accept
+ description VPN-18646-ANY-ALLOW-10.4.88.109
+ destination {
+ group {
+ address-group DT_VPN-18646
+ }
+ }
+ source {
+ address 10.4.88.109
+ }
+ }
+ rule 2774 {
+ action accept
+ description VPN-18646-ANY-ALLOW-10.4.89.109
+ destination {
+ group {
+ address-group DT_VPN-18646
+ }
+ }
+ source {
+ address 10.4.89.109
+ }
+ }
+ rule 2775 {
+ action accept
+ description FWA0531_1-TCP-ALLOW-87.224.39.221
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 8082,3003,22
+ }
+ protocol tcp
+ source {
+ address 87.224.39.221
+ }
+ }
+ rule 2776 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.94
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.94
+ }
+ }
+ rule 2777 {
+ action accept
+ description FWA0531_1-TCP-ALLOW-92.237.97.92
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 8082,3003,22
+ }
+ protocol tcp
+ source {
+ address 92.237.97.92
+ }
+ }
+ rule 2778 {
+ action accept
+ description VPN-25822-ANY-ALLOW-10.4.55.42
+ destination {
+ group {
+ address-group DT_VPN-25822
+ }
+ }
+ source {
+ address 10.4.55.42
+ }
+ }
+ rule 2779 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.88
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.88
+ }
+ }
+ rule 2780 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-143.55.64.0_20
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 143.55.64.0/20
+ }
+ }
+ rule 2781 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-194.176.78.206
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 194.176.78.206
+ }
+ }
+ rule 2782 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-195.243.221.50
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 195.243.221.50
+ }
+ }
+ rule 2783 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 2784 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-81.150.168.54
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 81.150.168.54
+ }
+ }
+ rule 2785 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-89.197.133.235
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 89.197.133.235
+ }
+ }
+ rule 2786 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 60000-60100,873
+ }
+ protocol tcp
+ }
+ rule 2787 {
+ action accept
+ description FW2BF20_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2BF20_3
+ }
+ port 49152-65534,990
+ }
+ protocol tcp
+ }
+ rule 2788 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.98
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.98
+ }
+ }
+ rule 2789 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.65
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.65
+ }
+ }
+ rule 2791 {
+ action accept
+ description FW197DB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW197DB_1
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2792 {
+ action accept
+ description FW1208C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1208C_1
+ }
+ port 2087,2083,2096
+ }
+ protocol tcp
+ }
+ rule 2793 {
+ action accept
+ description FW00D98_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW00D98_1
+ }
+ port 4430
+ }
+ protocol tcp
+ }
+ rule 2794 {
+ action accept
+ description FW03B35_1-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03B35_1
+ }
+ }
+ protocol esp
+ }
+ rule 2795 {
+ action accept
+ description FW03B35_1-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW03B35_1
+ }
+ }
+ protocol ah
+ }
+ rule 2796 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-87.224.6.174
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 87.224.6.174
+ }
+ }
+ rule 2797 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-159.253.51.74
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 3389,1433,995
+ }
+ protocol tcp
+ source {
+ address 159.253.51.74
+ }
+ }
+ rule 2798 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-77.68.76.111
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.76.111
+ }
+ }
+ rule 2799 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-77.68.28.63
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 995
+ }
+ protocol tcp
+ source {
+ address 77.68.28.63
+ }
+ }
+ rule 2801 {
+ action accept
+ description FW2EF2C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2EF2C_1
+ }
+ port 5349
+ }
+ protocol tcp
+ }
+ rule 2802 {
+ action accept
+ description FWEF92E_5-TCP-ALLOW-88.208.198.93
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 88.208.198.93
+ }
+ }
+ rule 2803 {
+ action accept
+ description FWC3921_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC3921_1
+ }
+ port 25000,25001-25005,26000-26006
+ }
+ protocol tcp
+ }
+ rule 2804 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-109.228.37.19
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 109.228.37.19
+ }
+ }
+ rule 2805 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.11.54
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.11.54
+ }
+ }
+ rule 2806 {
+ action accept
+ description FW5AE10_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5AE10_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 2810 {
+ action accept
+ description FW45F87_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW45F87_1
+ }
+ port 60000-60100
+ }
+ protocol tcp
+ }
+ rule 2811 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.108.158
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.108.158
+ }
+ }
+ rule 2813 {
+ action accept
+ description FW825C8_19-TCP-ALLOW-109.228.1.233
+ destination {
+ group {
+ address-group DT_FW825C8_19
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 109.228.1.233
+ }
+ }
+ rule 2814 {
+ action accept
+ description FW20449_2-ICMP-ALLOW-3.10.221.168
+ destination {
+ group {
+ address-group DT_FW20449_2
+ }
+ }
+ protocol icmp
+ source {
+ address 3.10.221.168
+ }
+ }
+ rule 2815 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.100
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.100
+ }
+ }
+ rule 2816 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.180
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.180
+ }
+ }
+ rule 2817 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.184
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.184
+ }
+ }
+ rule 2818 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.185
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.185
+ }
+ }
+ rule 2819 {
+ action accept
+ description FWB9699_7-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 161
+ }
+ protocol udp
+ }
+ rule 2820 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.102
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22,8443
+ }
+ protocol tcp
+ source {
+ address 213.171.217.102
+ }
+ }
+ rule 2821 {
+ action accept
+ description FWB9699_7-TCP-ALLOW-213.171.217.103
+ destination {
+ group {
+ address-group DT_FWB9699_7
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.171.217.103
+ }
+ }
+ rule 2824 {
+ action accept
+ description FWE3E77_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE3E77_1
+ }
+ port 10010,10009
+ }
+ protocol tcp
+ }
+ rule 2825 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-93.190.142.120
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 93.190.142.120
+ }
+ }
+ rule 2826 {
+ action accept
+ description FW20449_2-ICMP-ALLOW-82.20.69.137
+ destination {
+ group {
+ address-group DT_FW20449_2
+ }
+ }
+ protocol icmp
+ source {
+ address 82.20.69.137
+ }
+ }
+ rule 2827 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-46.101.232.93
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 21-10000
+ }
+ protocol tcp
+ source {
+ address 46.101.232.93
+ }
+ }
+ rule 2828 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.5
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.5
+ }
+ }
+ rule 2829 {
+ action accept
+ description FWD2440_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2440_1
+ }
+ port 1-65535
+ }
+ protocol tcp
+ }
+ rule 2831 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.105
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.105
+ }
+ }
+ rule 2833 {
+ action accept
+ description FW825C8_24-TCP-ALLOW-159.253.51.74
+ destination {
+ group {
+ address-group DT_FW825C8_24
+ }
+ port 3389,1433,995
+ }
+ protocol tcp
+ source {
+ address 159.253.51.74
+ }
+ }
+ rule 2834 {
+ action accept
+ description FW825C8_24-TCP-ALLOW-77.68.77.120
+ destination {
+ group {
+ address-group DT_FW825C8_24
+ }
+ port 1433
+ }
+ protocol tcp
+ source {
+ address 77.68.77.120
+ }
+ }
+ rule 2839 {
+ action accept
+ description FWD2440_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2440_1
+ }
+ port 1-65535
+ }
+ protocol udp
+ }
+ rule 2840 {
+ action accept
+ description FW1C8F2_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1C8F2_1
+ }
+ port 7000-10000,5554,5443,5080,1935,1111
+ }
+ protocol tcp
+ }
+ rule 2843 {
+ action accept
+ description FWE7180_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE7180_1
+ }
+ port 443,53
+ }
+ protocol tcp_udp
+ }
+ rule 2844 {
+ action accept
+ description FWC6301_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC6301_1
+ }
+ port 2456
+ }
+ protocol tcp_udp
+ }
+ rule 2845 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.113
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.113
+ }
+ }
+ rule 2846 {
+ action accept
+ description VPN-24589-ANY-ALLOW-10.4.57.9
+ destination {
+ group {
+ address-group DT_VPN-24589
+ }
+ }
+ source {
+ address 10.4.57.9
+ }
+ }
+ rule 2847 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.237
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.237
+ }
+ }
+ rule 2849 {
+ action accept
+ description FWFD9AF_9-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFD9AF_9
+ }
+ port 445
+ }
+ protocol tcp_udp
+ }
+ rule 2850 {
+ action accept
+ description VPN-23209-ANY-ALLOW-10.4.58.8
+ destination {
+ group {
+ address-group DT_VPN-23209
+ }
+ }
+ source {
+ address 10.4.58.8
+ }
+ }
+ rule 2851 {
+ action accept
+ description VPN-23209-ANY-ALLOW-10.4.59.8
+ destination {
+ group {
+ address-group DT_VPN-23209
+ }
+ }
+ source {
+ address 10.4.59.8
+ }
+ }
+ rule 2853 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.29
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.29
+ }
+ }
+ rule 2854 {
+ action accept
+ description FW16375_5-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW16375_5
+ }
+ port 2096
+ }
+ protocol tcp_udp
+ }
+ rule 2856 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.173
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.173
+ }
+ }
+ rule 2858 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.35
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.35
+ }
+ }
+ rule 2859 {
+ action accept
+ description FW73573_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW73573_1
+ }
+ port 25
+ }
+ protocol tcp_udp
+ }
+ rule 2860 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-148.253.173.242
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 148.253.173.242
+ }
+ }
+ rule 2861 {
+ action accept
+ description FW8ECF4_1-TCP-ALLOW-77.68.2.215
+ destination {
+ group {
+ address-group DT_FW8ECF4_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 77.68.2.215
+ }
+ }
+ rule 2862 {
+ action accept
+ description FW8A3FC_3-TCP_UDP-ALLOW-82.165.100.25
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 21-10000
+ }
+ protocol tcp_udp
+ source {
+ address 82.165.100.25
+ }
+ }
+ rule 2863 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.235
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.235
+ }
+ }
+ rule 2864 {
+ action accept
+ description VPN-18647-ANY-ALLOW-10.4.86.114
+ destination {
+ group {
+ address-group DT_VPN-18647
+ }
+ }
+ source {
+ address 10.4.86.114
+ }
+ }
+ rule 2865 {
+ action accept
+ description VPN-18647-ANY-ALLOW-10.4.87.114
+ destination {
+ group {
+ address-group DT_VPN-18647
+ }
+ }
+ source {
+ address 10.4.87.114
+ }
+ }
+ rule 2867 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.107
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.107
+ }
+ }
+ rule 2868 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.239
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.239
+ }
+ }
+ rule 2869 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-164.39.151.3
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 164.39.151.3
+ }
+ }
+ rule 2870 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.245
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.245
+ }
+ }
+ rule 2873 {
+ action accept
+ description FWEF92E_6-TCP-ALLOW-87.224.6.174
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.6.174
+ }
+ }
+ rule 2874 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.130
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.130
+ }
+ }
+ rule 2875 {
+ action accept
+ description FW44BF9_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW44BF9_1
+ }
+ port 49160-49200
+ }
+ protocol tcp
+ }
+ rule 2876 {
+ action accept
+ description VPN-24591-ANY-ALLOW-10.4.86.4
+ destination {
+ group {
+ address-group DT_VPN-24591
+ }
+ }
+ source {
+ address 10.4.86.4
+ }
+ }
+ rule 2877 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.60
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.60
+ }
+ }
+ rule 2879 {
+ action accept
+ description FWEF92E_6-UDP-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_6
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2880 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-185.132.38.110
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 185.132.38.110
+ }
+ }
+ rule 2881 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.216
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.216
+ }
+ }
+ rule 2882 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.77.149
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.77.149
+ }
+ }
+ rule 2883 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-80.229.18.102
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 3306,21,22
+ }
+ protocol tcp
+ source {
+ address 80.229.18.102
+ }
+ }
+ rule 2884 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-109.169.33.69
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 3306,21,22
+ }
+ protocol tcp
+ source {
+ address 109.169.33.69
+ }
+ }
+ rule 2885 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-46.102.209.35
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 3306,21
+ }
+ protocol tcp
+ source {
+ address 46.102.209.35
+ }
+ }
+ rule 2886 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-90.213.48.16
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 3306,21
+ }
+ protocol tcp
+ source {
+ address 90.213.48.16
+ }
+ }
+ rule 2887 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-77.68.76.129
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 77.68.76.129
+ }
+ }
+ rule 2888 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-109.228.50.145
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 109.228.50.145
+ }
+ }
+ rule 2889 {
+ action accept
+ description FWA2FF8_4-TCP-ALLOW-77.68.76.231
+ destination {
+ group {
+ address-group DT_FWA2FF8_4
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 77.68.76.231
+ }
+ }
+ rule 2890 {
+ action accept
+ description FW4513E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4513E_1
+ }
+ port 50000-50020,990
+ }
+ protocol tcp
+ }
+ rule 2893 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.40.7
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.40.7
+ }
+ }
+ rule 2894 {
+ action accept
+ description VPN-21876-ANY-ALLOW-10.4.88.96
+ destination {
+ group {
+ address-group DT_VPN-21876
+ }
+ }
+ source {
+ address 10.4.88.96
+ }
+ }
+ rule 2895 {
+ action accept
+ description VPN-21876-ANY-ALLOW-10.4.89.96
+ destination {
+ group {
+ address-group DT_VPN-21876
+ }
+ }
+ source {
+ address 10.4.89.96
+ }
+ }
+ rule 2896 {
+ action accept
+ description VPN-26124-ANY-ALLOW-10.4.54.75
+ destination {
+ group {
+ address-group DT_VPN-26124
+ }
+ }
+ source {
+ address 10.4.54.75
+ }
+ }
+ rule 2897 {
+ action accept
+ description VPN-26124-ANY-ALLOW-10.4.55.76
+ destination {
+ group {
+ address-group DT_VPN-26124
+ }
+ }
+ source {
+ address 10.4.55.76
+ }
+ }
+ rule 2898 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.21
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.21
+ }
+ }
+ rule 2899 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.213
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.213
+ }
+ }
+ rule 2901 {
+ action accept
+ description FWC6301_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC6301_1
+ }
+ port 5555
+ }
+ protocol udp
+ }
+ rule 2902 {
+ action accept
+ description VPN-13261-ANY-ALLOW-10.4.56.173
+ destination {
+ group {
+ address-group DT_VPN-13261
+ }
+ }
+ source {
+ address 10.4.56.173
+ }
+ }
+ rule 2903 {
+ action accept
+ description VPN-13261-ANY-ALLOW-10.4.57.173
+ destination {
+ group {
+ address-group DT_VPN-13261
+ }
+ }
+ source {
+ address 10.4.57.173
+ }
+ }
+ rule 2909 {
+ action accept
+ description VPN-24591-ANY-ALLOW-10.4.87.4
+ destination {
+ group {
+ address-group DT_VPN-24591
+ }
+ }
+ source {
+ address 10.4.87.4
+ }
+ }
+ rule 2911 {
+ action accept
+ description FWE7180_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE7180_1
+ }
+ port 40110-40210,8090
+ }
+ protocol tcp
+ }
+ rule 2914 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.247
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.247
+ }
+ }
+ rule 2915 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.129
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.129
+ }
+ }
+ rule 2916 {
+ action accept
+ description FWCB29D_1-TCP-ALLOW-51.146.16.162
+ destination {
+ group {
+ address-group DT_FWCB29D_1
+ }
+ port 8447,8443,22
+ }
+ protocol tcp
+ source {
+ address 51.146.16.162
+ }
+ }
+ rule 2917 {
+ action accept
+ description FW4E399_1-TCP-ALLOW-51.155.19.77
+ destination {
+ group {
+ address-group DT_FW4E399_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 51.155.19.77
+ }
+ }
+ rule 2919 {
+ action accept
+ description FWC72E5_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC72E5_1
+ }
+ port 9000-9100,6667
+ }
+ protocol tcp
+ }
+ rule 2922 {
+ action accept
+ description FW21A75_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW21A75_2
+ }
+ port 3000
+ }
+ protocol tcp
+ }
+ rule 2923 {
+ action accept
+ description FW3B068_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3B068_2
+ }
+ port 990,60000-65000
+ }
+ protocol tcp
+ }
+ rule 2924 {
+ action accept
+ description FW48814_3-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW48814_3
+ }
+ port 3306
+ }
+ protocol tcp_udp
+ }
+ rule 2925 {
+ action accept
+ description FW48814_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW48814_3
+ }
+ port 49152-65534
+ }
+ protocol tcp
+ }
+ rule 2926 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-178.128.39.210
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 178.128.39.210
+ }
+ }
+ rule 2927 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-82.165.232.19
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 82.165.232.19
+ }
+ }
+ rule 2928 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-84.64.186.31
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 84.64.186.31
+ }
+ }
+ rule 2929 {
+ action accept
+ description FW1C8F2_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1C8F2_1
+ }
+ port 5000-65000
+ }
+ protocol udp
+ }
+ rule 2930 {
+ action accept
+ description FW2B279_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2B279_4
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2931 {
+ action accept
+ description FW608FA_1-TCP-ALLOW-195.10.106.114
+ destination {
+ group {
+ address-group DT_FW608FA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 195.10.106.114
+ }
+ }
+ rule 2932 {
+ action accept
+ description FW608FA_1-TCP-ALLOW-213.137.25.134
+ destination {
+ group {
+ address-group DT_FW608FA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 213.137.25.134
+ }
+ }
+ rule 2933 {
+ action accept
+ description FW608FA_1-TCP-ALLOW-92.39.202.189
+ destination {
+ group {
+ address-group DT_FW608FA_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 92.39.202.189
+ }
+ }
+ rule 2935 {
+ action accept
+ description FWC37B9_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC37B9_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 2936 {
+ action accept
+ description FW15C99_6-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW15C99_6
+ }
+ port 32410-32414,1900
+ }
+ protocol udp
+ }
+ rule 2937 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.244.146
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.244.146
+ }
+ }
+ rule 2938 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.158
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.158
+ }
+ }
+ rule 2939 {
+ action accept
+ description FW15C99_6-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW15C99_6
+ }
+ port 32469,32400
+ }
+ protocol tcp
+ }
+ rule 2940 {
+ action accept
+ description FW0192C_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0192C_1
+ }
+ port 2053
+ }
+ protocol tcp
+ }
+ rule 2941 {
+ action accept
+ description FW27949_2-TCP-ALLOW-86.179.23.119
+ destination {
+ group {
+ address-group DT_FW27949_2
+ }
+ port 443,80
+ }
+ protocol tcp
+ source {
+ address 86.179.23.119
+ }
+ }
+ rule 2942 {
+ action accept
+ description FW27949_2-TCP-ALLOW-92.15.208.193
+ destination {
+ group {
+ address-group DT_FW27949_2
+ }
+ port 443,80
+ }
+ protocol tcp
+ source {
+ address 92.15.208.193
+ }
+ }
+ rule 2943 {
+ action accept
+ description VPN-34122-ANY-ALLOW-10.4.56.122
+ destination {
+ group {
+ address-group DT_VPN-34122
+ }
+ }
+ source {
+ address 10.4.56.122
+ }
+ }
+ rule 2944 {
+ action accept
+ description VPN-34122-ANY-ALLOW-10.4.57.122
+ destination {
+ group {
+ address-group DT_VPN-34122
+ }
+ }
+ source {
+ address 10.4.57.122
+ }
+ }
+ rule 2945 {
+ action accept
+ description FWF323F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF323F_1
+ }
+ port 25565,9999,8080,5001,3306
+ }
+ protocol tcp_udp
+ }
+ rule 2946 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.132
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.132
+ }
+ }
+ rule 2948 {
+ action accept
+ description VPN-30261-ANY-ALLOW-10.4.86.110
+ destination {
+ group {
+ address-group DT_VPN-30261
+ }
+ }
+ source {
+ address 10.4.86.110
+ }
+ }
+ rule 2949 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.246
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.246
+ }
+ }
+ rule 2951 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-157.231.100.222
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 157.231.100.222
+ }
+ }
+ rule 2952 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-164.39.131.31
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 164.39.131.31
+ }
+ }
+ rule 2953 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-185.199.108.0_22
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 185.199.108.0/22
+ }
+ }
+ rule 2954 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-192.30.252.0_22
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 192.30.252.0/22
+ }
+ }
+ rule 2955 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-80.252.78.202
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 80.252.78.202
+ }
+ }
+ rule 2956 {
+ action accept
+ description FWC2D30_1-TCP-ALLOW-86.15.158.234
+ destination {
+ group {
+ address-group DT_FWC2D30_1
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 86.15.158.234
+ }
+ }
+ rule 2957 {
+ action accept
+ description VPN-30261-ANY-ALLOW-10.4.87.110
+ destination {
+ group {
+ address-group DT_VPN-30261
+ }
+ }
+ source {
+ address 10.4.87.110
+ }
+ }
+ rule 2958 {
+ action accept
+ description VPN-30262-ANY-ALLOW-10.4.88.36
+ destination {
+ group {
+ address-group DT_VPN-30262
+ }
+ }
+ source {
+ address 10.4.88.36
+ }
+ }
+ rule 2961 {
+ action accept
+ description VPN-15950-ANY-ALLOW-10.4.88.89
+ destination {
+ group {
+ address-group DT_VPN-15950
+ }
+ }
+ source {
+ address 10.4.88.89
+ }
+ }
+ rule 2962 {
+ action accept
+ description FWBFDED_1-TCP-ALLOW-78.141.24.164
+ destination {
+ group {
+ address-group DT_FWBFDED_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 78.141.24.164
+ }
+ }
+ rule 2963 {
+ action accept
+ description VPN-30262-ANY-ALLOW-10.4.89.36
+ destination {
+ group {
+ address-group DT_VPN-30262
+ }
+ }
+ source {
+ address 10.4.89.36
+ }
+ }
+ rule 2964 {
+ action accept
+ description FW1F126_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1F126_1
+ }
+ port 2087,2083
+ }
+ protocol tcp
+ }
+ rule 2965 {
+ action accept
+ description FWA7A50_1-ANY-ALLOW-40.120.53.80
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ }
+ source {
+ address 40.120.53.80
+ }
+ }
+ rule 2967 {
+ action accept
+ description VPN-23729-ANY-ALLOW-10.4.54.10
+ destination {
+ group {
+ address-group DT_VPN-23729
+ }
+ }
+ source {
+ address 10.4.54.10
+ }
+ }
+ rule 2968 {
+ action accept
+ description VPN-23729-ANY-ALLOW-10.4.55.10
+ destination {
+ group {
+ address-group DT_VPN-23729
+ }
+ }
+ source {
+ address 10.4.55.10
+ }
+ }
+ rule 2969 {
+ action accept
+ description VPN-23733-ANY-ALLOW-10.4.58.12
+ destination {
+ group {
+ address-group DT_VPN-23733
+ }
+ }
+ source {
+ address 10.4.58.12
+ }
+ }
+ rule 2970 {
+ action accept
+ description VPN-23733-ANY-ALLOW-10.4.59.12
+ destination {
+ group {
+ address-group DT_VPN-23733
+ }
+ }
+ source {
+ address 10.4.59.12
+ }
+ }
+ rule 2971 {
+ action accept
+ description VPN-23734-ANY-ALLOW-10.4.56.29
+ destination {
+ group {
+ address-group DT_VPN-23734
+ }
+ }
+ source {
+ address 10.4.56.29
+ }
+ }
+ rule 2972 {
+ action accept
+ description VPN-23734-ANY-ALLOW-10.4.57.29
+ destination {
+ group {
+ address-group DT_VPN-23734
+ }
+ }
+ source {
+ address 10.4.57.29
+ }
+ }
+ rule 2975 {
+ action accept
+ description VPN-23738-ANY-ALLOW-10.4.57.13
+ destination {
+ group {
+ address-group DT_VPN-23738
+ }
+ }
+ source {
+ address 10.4.57.13
+ }
+ }
+ rule 2976 {
+ action accept
+ description FWD8DD1_2-TCP-ALLOW-77.153.164.226
+ destination {
+ group {
+ address-group DT_FWD8DD1_2
+ }
+ port 3306,22
+ }
+ protocol tcp
+ source {
+ address 77.153.164.226
+ }
+ }
+ rule 2977 {
+ action accept
+ description FWE012D_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE012D_1
+ }
+ port 143,25
+ }
+ protocol tcp_udp
+ }
+ rule 2978 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.120.196
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.120.196
+ }
+ }
+ rule 2981 {
+ action accept
+ description FW24AB7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW24AB7_1
+ }
+ port 40110-40210
+ }
+ protocol tcp_udp
+ }
+ rule 2985 {
+ action accept
+ description FW2379F_14-TCP-ALLOW-194.72.140.178
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ port 3389,21
+ }
+ protocol tcp
+ source {
+ address 194.72.140.178
+ }
+ }
+ rule 2986 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.97
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.97
+ }
+ }
+ rule 2988 {
+ action accept
+ description FW883EB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW883EB_1
+ }
+ port 5005,5004,5003,5002,5001
+ }
+ protocol tcp
+ }
+ rule 2992 {
+ action accept
+ description FW310C6_3-ANY-ALLOW-62.30.207.232
+ destination {
+ group {
+ address-group DT_FW310C6_3
+ }
+ }
+ source {
+ address 62.30.207.232
+ }
+ }
+ rule 2993 {
+ action accept
+ description VPN-15950-ANY-ALLOW-10.4.89.89
+ destination {
+ group {
+ address-group DT_VPN-15950
+ }
+ }
+ source {
+ address 10.4.89.89
+ }
+ }
+ rule 2994 {
+ action accept
+ description VPN-15960-ANY-ALLOW-10.4.88.90
+ destination {
+ group {
+ address-group DT_VPN-15960
+ }
+ }
+ source {
+ address 10.4.88.90
+ }
+ }
+ rule 2995 {
+ action accept
+ description FWEF92E_7-UDP-ALLOW-77.68.77.57
+ destination {
+ group {
+ address-group DT_FWEF92E_7
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.77.57
+ }
+ }
+ rule 2996 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.135
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.135
+ }
+ }
+ rule 2998 {
+ action accept
+ description VPN-31002-ANY-ALLOW-10.4.88.126
+ destination {
+ group {
+ address-group DT_VPN-31002
+ }
+ }
+ source {
+ address 10.4.88.126
+ }
+ }
+ rule 2999 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.110
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.246.110
+ }
+ }
+ rule 3000 {
+ action accept
+ description FW08061_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW08061_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 3001 {
+ action accept
+ description VPN-15960-ANY-ALLOW-10.4.89.90
+ destination {
+ group {
+ address-group DT_VPN-15960
+ }
+ }
+ source {
+ address 10.4.89.90
+ }
+ }
+ rule 3003 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.56
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.56
+ }
+ }
+ rule 3004 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.47.47
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.47.47
+ }
+ }
+ rule 3005 {
+ action accept
+ description FW10C3D_19-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW10C3D_19
+ }
+ port 49152-65535,14147
+ }
+ protocol tcp
+ }
+ rule 3006 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.136
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.136
+ }
+ }
+ rule 3009 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.44.109
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.44.109
+ }
+ }
+ rule 3010 {
+ action accept
+ description VPN-24592-ANY-ALLOW-10.4.88.9
+ destination {
+ group {
+ address-group DT_VPN-24592
+ }
+ }
+ source {
+ address 10.4.88.9
+ }
+ }
+ rule 3011 {
+ action accept
+ description FW05AD0_2-TCP-ALLOW-213.171.209.161
+ destination {
+ group {
+ address-group DT_FW05AD0_2
+ }
+ port 3389,1433,21
+ }
+ protocol tcp
+ source {
+ address 213.171.209.161
+ }
+ }
+ rule 3012 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.86.254
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.86.254
+ }
+ }
+ rule 3014 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.16
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.16
+ }
+ }
+ rule 3018 {
+ action accept
+ description VPN-24592-ANY-ALLOW-10.4.89.9
+ destination {
+ group {
+ address-group DT_VPN-24592
+ }
+ }
+ source {
+ address 10.4.89.9
+ }
+ }
+ rule 3019 {
+ action accept
+ description VPN-24593-ANY-ALLOW-10.4.54.6
+ destination {
+ group {
+ address-group DT_VPN-24593
+ }
+ }
+ source {
+ address 10.4.54.6
+ }
+ }
+ rule 3020 {
+ action accept
+ description VPN-24593-ANY-ALLOW-10.4.55.6
+ destination {
+ group {
+ address-group DT_VPN-24593
+ }
+ }
+ source {
+ address 10.4.55.6
+ }
+ }
+ rule 3021 {
+ action accept
+ description VPN-24594-ANY-ALLOW-10.4.58.6
+ destination {
+ group {
+ address-group DT_VPN-24594
+ }
+ }
+ source {
+ address 10.4.58.6
+ }
+ }
+ rule 3022 {
+ action accept
+ description VPN-24594-ANY-ALLOW-10.4.59.6
+ destination {
+ group {
+ address-group DT_VPN-24594
+ }
+ }
+ source {
+ address 10.4.59.6
+ }
+ }
+ rule 3023 {
+ action accept
+ description VPN-24595-ANY-ALLOW-10.4.56.14
+ destination {
+ group {
+ address-group DT_VPN-24595
+ }
+ }
+ source {
+ address 10.4.56.14
+ }
+ }
+ rule 3024 {
+ action accept
+ description VPN-24595-ANY-ALLOW-10.4.57.14
+ destination {
+ group {
+ address-group DT_VPN-24595
+ }
+ }
+ source {
+ address 10.4.57.14
+ }
+ }
+ rule 3025 {
+ action accept
+ description VPN-32528-ANY-ALLOW-10.4.58.67
+ destination {
+ group {
+ address-group DT_VPN-32528
+ }
+ }
+ source {
+ address 10.4.58.67
+ }
+ }
+ rule 3026 {
+ action accept
+ description VPN-32528-ANY-ALLOW-10.4.59.67
+ destination {
+ group {
+ address-group DT_VPN-32528
+ }
+ }
+ source {
+ address 10.4.59.67
+ }
+ }
+ rule 3027 {
+ action accept
+ description FW6187E_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6187E_1
+ }
+ port 51195
+ }
+ protocol udp
+ }
+ rule 3028 {
+ action accept
+ description FW406AB_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW406AB_1
+ }
+ port 37013,25461,8881,8080,2095,2082,1992
+ }
+ protocol tcp_udp
+ }
+ rule 3029 {
+ action accept
+ description FWA86A4_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA86A4_1
+ }
+ port 30333,5666
+ }
+ protocol tcp
+ }
+ rule 3032 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.52
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.52
+ }
+ }
+ rule 3033 {
+ action accept
+ description FWC055A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC055A_1
+ }
+ port 2195
+ }
+ protocol tcp
+ }
+ rule 3035 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.81
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.81
+ }
+ }
+ rule 3039 {
+ action accept
+ description FW42BC7_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW42BC7_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3040 {
+ action accept
+ description FW42BC7_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW42BC7_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 3041 {
+ action accept
+ description FW310C6_3-ANY-ALLOW-88.208.198.39
+ destination {
+ group {
+ address-group DT_FW310C6_3
+ }
+ }
+ source {
+ address 88.208.198.39
+ }
+ }
+ rule 3042 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.235
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.235
+ }
+ }
+ rule 3043 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.205
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.205
+ }
+ }
+ rule 3044 {
+ action accept
+ description FWBE878_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBE878_1
+ }
+ port 8989,5003,3000
+ }
+ protocol tcp_udp
+ }
+ rule 3045 {
+ action accept
+ description VPN-30679-ANY-ALLOW-10.4.58.195
+ destination {
+ group {
+ address-group DT_VPN-30679
+ }
+ }
+ source {
+ address 10.4.58.195
+ }
+ }
+ rule 3046 {
+ action accept
+ description FW6B9B9_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6B9B9_1
+ }
+ port 30006-65000,27017,7101,4200,2990-3009
+ }
+ protocol tcp
+ }
+ rule 3047 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.212
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.212
+ }
+ }
+ rule 3049 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.125.4
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.125.4
+ }
+ }
+ rule 3050 {
+ action accept
+ description FW49C3D_4-TCP-ALLOW-83.100.136.74
+ destination {
+ group {
+ address-group DT_FW49C3D_4
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 83.100.136.74
+ }
+ }
+ rule 3051 {
+ action accept
+ description FW49C3D_6-TCP-ALLOW-87.224.33.215
+ destination {
+ group {
+ address-group DT_FW49C3D_6
+ }
+ port 3389,445
+ }
+ protocol tcp
+ source {
+ address 87.224.33.215
+ }
+ }
+ rule 3053 {
+ action accept
+ description FW89619_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW89619_1
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 3054 {
+ action accept
+ description FWBD9D0_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBD9D0_1
+ }
+ port 9090
+ }
+ protocol tcp
+ }
+ rule 3055 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.47.236
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.47.236
+ }
+ }
+ rule 3056 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.226
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.46.226
+ }
+ }
+ rule 3058 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.205
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.205
+ }
+ }
+ rule 3060 {
+ action accept
+ description FWF7B68_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF7B68_1
+ }
+ port 49152-65535
+ }
+ protocol tcp
+ }
+ rule 3061 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.253
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.253
+ }
+ }
+ rule 3063 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.0
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.0
+ }
+ }
+ rule 3065 {
+ action accept
+ description FW85619_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85619_1
+ }
+ port 6433
+ }
+ protocol tcp
+ }
+ rule 3066 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-188.66.79.94
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 8172,3389
+ }
+ protocol tcp
+ source {
+ address 188.66.79.94
+ }
+ }
+ rule 3067 {
+ action accept
+ description FWF30BD_1-TCP-ALLOW-81.133.80.114
+ destination {
+ group {
+ address-group DT_FWF30BD_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 81.133.80.114
+ }
+ }
+ rule 3068 {
+ action accept
+ description FWF30BD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF30BD_1
+ }
+ port 5061,5015,5001
+ }
+ protocol tcp
+ }
+ rule 3069 {
+ action accept
+ description FWBD9D0_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBD9D0_1
+ }
+ port 51820
+ }
+ protocol udp
+ }
+ rule 3070 {
+ action accept
+ description FW7C4D9_14-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW7C4D9_14
+ }
+ port 25565,2456-2458
+ }
+ protocol tcp_udp
+ }
+ rule 3071 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.23
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.23
+ }
+ }
+ rule 3072 {
+ action accept
+ description FWEEC75_1-TCP-ALLOW-81.96.100.32
+ destination {
+ group {
+ address-group DT_FWEEC75_1
+ }
+ port 8447
+ }
+ protocol tcp
+ source {
+ address 81.96.100.32
+ }
+ }
+ rule 3073 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-95.168.164.208
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 95.168.164.208
+ }
+ }
+ rule 3074 {
+ action accept
+ description VPN-19992-ANY-ALLOW-10.4.86.158
+ destination {
+ group {
+ address-group DT_VPN-19992
+ }
+ }
+ source {
+ address 10.4.86.158
+ }
+ }
+ rule 3075 {
+ action accept
+ description FWF30BD_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF30BD_1
+ }
+ port 5090,5060
+ }
+ protocol tcp_udp
+ }
+ rule 3076 {
+ action accept
+ description VPN-30679-ANY-ALLOW-10.4.59.195
+ destination {
+ group {
+ address-group DT_VPN-30679
+ }
+ }
+ source {
+ address 10.4.59.195
+ }
+ }
+ rule 3077 {
+ action accept
+ description FW930F3_3-ANY-ALLOW-77.68.112.254
+ destination {
+ group {
+ address-group DT_FW930F3_3
+ }
+ }
+ source {
+ address 77.68.112.254
+ }
+ }
+ rule 3078 {
+ action accept
+ description FW672AB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW672AB_1
+ }
+ port 5432
+ }
+ protocol tcp
+ }
+ rule 3079 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.252
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.252
+ }
+ }
+ rule 3080 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.86.192
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.86.192
+ }
+ }
+ rule 3081 {
+ action accept
+ description VPN-33204-ANY-ALLOW-10.4.56.176
+ destination {
+ group {
+ address-group DT_VPN-33204
+ }
+ }
+ source {
+ address 10.4.56.176
+ }
+ }
+ rule 3083 {
+ action accept
+ description FW1FA8E_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1FA8E_1
+ }
+ port 33434
+ }
+ protocol udp
+ }
+ rule 3084 {
+ action accept
+ description FWD2440_1-ESP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2440_1
+ }
+ }
+ protocol esp
+ }
+ rule 3085 {
+ action accept
+ description FWA0531_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3090 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.70
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.70
+ }
+ }
+ rule 3091 {
+ action accept
+ description FWF7BFA_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF7BFA_1
+ }
+ port 8000,5901,5479,5478
+ }
+ protocol tcp
+ }
+ rule 3092 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.212
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.212
+ }
+ }
+ rule 3094 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.125
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.125
+ }
+ }
+ rule 3096 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.89
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.89
+ }
+ }
+ rule 3097 {
+ action accept
+ description FWD56A2_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD56A2_1
+ }
+ port 8001,8000
+ }
+ protocol tcp
+ }
+ rule 3098 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.109
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.109
+ }
+ }
+ rule 3099 {
+ action accept
+ description FW36425_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW36425_1
+ }
+ port 44445,7770-7800
+ }
+ protocol tcp
+ }
+ rule 3100 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.238
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.238
+ }
+ }
+ rule 3102 {
+ action accept
+ description FW6B39D_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6B39D_1
+ }
+ port 49216,49215
+ }
+ protocol tcp_udp
+ }
+ rule 3103 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.121
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.121
+ }
+ }
+ rule 3105 {
+ action accept
+ description FW2379F_14-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ port 443
+ }
+ protocol tcp_udp
+ }
+ rule 3107 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.38
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.38
+ }
+ }
+ rule 3109 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.191
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.191
+ }
+ }
+ rule 3111 {
+ action accept
+ description FW27947_1-TCP-ALLOW-213.229.100.148
+ destination {
+ group {
+ address-group DT_FW27947_1
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 213.229.100.148
+ }
+ }
+ rule 3112 {
+ action accept
+ description FWD42CF_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD42CF_1
+ }
+ port 5432,5001,5000
+ }
+ protocol tcp
+ }
+ rule 3114 {
+ action accept
+ description FW3A12F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3A12F_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3116 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-194.62.184.87
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 194.62.184.87
+ }
+ }
+ rule 3117 {
+ action accept
+ description FW5A5D7_3-TCP-ALLOW-51.219.31.78
+ destination {
+ group {
+ address-group DT_FW5A5D7_3
+ }
+ port 8172,3389
+ }
+ protocol tcp
+ source {
+ address 51.219.31.78
+ }
+ }
+ rule 3118 {
+ action accept
+ description VPN-26157-ANY-ALLOW-10.4.86.57
+ destination {
+ group {
+ address-group DT_VPN-26157
+ }
+ }
+ source {
+ address 10.4.86.57
+ }
+ }
+ rule 3119 {
+ action accept
+ description VPN-26157-ANY-ALLOW-10.4.87.57
+ destination {
+ group {
+ address-group DT_VPN-26157
+ }
+ }
+ source {
+ address 10.4.87.57
+ }
+ }
+ rule 3120 {
+ action accept
+ description FWA7625_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA7625_1
+ }
+ port 943
+ }
+ protocol tcp
+ }
+ rule 3121 {
+ action accept
+ description FWC96A1_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC96A1_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3122 {
+ action accept
+ description FWA7625_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA7625_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3123 {
+ action accept
+ description FWA7625_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA7625_1
+ }
+ port 32400,10108
+ }
+ protocol tcp_udp
+ }
+ rule 3125 {
+ action accept
+ description FW8A3FC_3-TCP-ALLOW-185.173.161.154
+ destination {
+ group {
+ address-group DT_FW8A3FC_3
+ }
+ port 465
+ }
+ protocol tcp
+ source {
+ address 185.173.161.154
+ }
+ }
+ rule 3127 {
+ action accept
+ description FW05339_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW05339_1
+ }
+ port 46961
+ }
+ protocol udp
+ }
+ rule 3130 {
+ action accept
+ description FWA0AA0_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0AA0_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3132 {
+ action accept
+ description FWD8DD1_2-TCP_UDP-ALLOW-77.153.164.226
+ destination {
+ group {
+ address-group DT_FWD8DD1_2
+ }
+ port 443,80
+ }
+ protocol tcp_udp
+ source {
+ address 77.153.164.226
+ }
+ }
+ rule 3134 {
+ action accept
+ description FW19987_4-TCP-ALLOW-87.224.6.174
+ destination {
+ group {
+ address-group DT_FW19987_4
+ }
+ port 3389,445,443
+ }
+ protocol tcp
+ source {
+ address 87.224.6.174
+ }
+ }
+ rule 3135 {
+ action accept
+ description FW40AE4_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW40AE4_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3136 {
+ action accept
+ description VPN-33204-ANY-ALLOW-10.4.57.176
+ destination {
+ group {
+ address-group DT_VPN-33204
+ }
+ }
+ source {
+ address 10.4.57.176
+ }
+ }
+ rule 3137 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-86.132.125.4
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 2222
+ }
+ protocol tcp_udp
+ source {
+ address 86.132.125.4
+ }
+ }
+ rule 3138 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-91.205.173.51
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 2222
+ }
+ protocol tcp_udp
+ source {
+ address 91.205.173.51
+ }
+ }
+ rule 3143 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-109.149.121.73
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 109.149.121.73
+ }
+ }
+ rule 3144 {
+ action accept
+ description FWA0AA0_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0AA0_1
+ }
+ port 28083,28015-28016,1935
+ }
+ protocol tcp_udp
+ }
+ rule 3146 {
+ action accept
+ description FWF3A1B_1-TCP_UDP-ALLOW-92.233.27.144
+ destination {
+ group {
+ address-group DT_FWF3A1B_1
+ }
+ port 2222
+ }
+ protocol tcp_udp
+ source {
+ address 92.233.27.144
+ }
+ }
+ rule 3148 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-151.228.194.190
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 151.228.194.190
+ }
+ }
+ rule 3149 {
+ action accept
+ description FW9B6FB_1-ICMP-ALLOW-77.68.89.115_32
+ destination {
+ group {
+ address-group DT_FW9B6FB_1
+ }
+ }
+ protocol icmp
+ source {
+ address 77.68.89.115/32
+ }
+ }
+ rule 3153 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.199
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.199
+ }
+ }
+ rule 3155 {
+ action accept
+ description FW45F3D_1-ANY-ALLOW-195.224.110.168
+ destination {
+ group {
+ address-group DT_FW45F3D_1
+ }
+ }
+ source {
+ address 195.224.110.168
+ }
+ }
+ rule 3156 {
+ action accept
+ description FWF8E67_1-TCP-ALLOW-82.14.188.35
+ destination {
+ group {
+ address-group DT_FWF8E67_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 82.14.188.35
+ }
+ }
+ rule 3157 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.58
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.58
+ }
+ }
+ rule 3158 {
+ action accept
+ description VPN-19992-ANY-ALLOW-10.4.87.158
+ destination {
+ group {
+ address-group DT_VPN-19992
+ }
+ }
+ source {
+ address 10.4.87.158
+ }
+ }
+ rule 3159 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-5.66.24.185
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 5.66.24.185
+ }
+ }
+ rule 3160 {
+ action accept
+ description FWF8E67_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF8E67_1
+ }
+ port 3001
+ }
+ protocol tcp
+ }
+ rule 3161 {
+ action accept
+ description FWD2440_1-AH-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD2440_1
+ }
+ }
+ protocol ah
+ }
+ rule 3166 {
+ action accept
+ description FW3EBC8_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW3EBC8_1
+ }
+ port 9001-9900,9000
+ }
+ protocol tcp
+ }
+ rule 3167 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.244
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.244
+ }
+ }
+ rule 3168 {
+ action accept
+ description FWA0531_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0531_1
+ }
+ port 3000
+ }
+ protocol tcp
+ }
+ rule 3170 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.137
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.137
+ }
+ }
+ rule 3173 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.104
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.104
+ }
+ }
+ rule 3176 {
+ action accept
+ description FW6906B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW6906B_1
+ }
+ port 4190
+ }
+ protocol tcp
+ }
+ rule 3177 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.230
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.246.230
+ }
+ }
+ rule 3178 {
+ action accept
+ description FW444AF_1-TCP-ALLOW-91.135.10.140
+ destination {
+ group {
+ address-group DT_FW444AF_1
+ }
+ port 27017
+ }
+ protocol tcp
+ source {
+ address 91.135.10.140
+ }
+ }
+ rule 3180 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-81.150.13.34
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 81.150.13.34
+ }
+ }
+ rule 3181 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-82.10.14.73
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 82.10.14.73
+ }
+ }
+ rule 3183 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.25
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.25
+ }
+ }
+ rule 3184 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.224
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.224
+ }
+ }
+ rule 3185 {
+ action accept
+ description FW9B6FB_1-TCP-ALLOW-77.68.89.115_32
+ destination {
+ group {
+ address-group DT_FW9B6FB_1
+ }
+ port 10050
+ }
+ protocol tcp
+ source {
+ address 77.68.89.115/32
+ }
+ }
+ rule 3186 {
+ action accept
+ description VPN-14673-ANY-ALLOW-10.4.89.44
+ destination {
+ group {
+ address-group DT_VPN-14673
+ }
+ }
+ source {
+ address 10.4.89.44
+ }
+ }
+ rule 3187 {
+ action accept
+ description FWCA628_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCA628_1
+ }
+ port 2096,2095,2087,2086,2083,2082
+ }
+ protocol tcp
+ }
+ rule 3189 {
+ action accept
+ description VPN-28484-ANY-ALLOW-10.4.58.159
+ destination {
+ group {
+ address-group DT_VPN-28484
+ }
+ }
+ source {
+ address 10.4.58.159
+ }
+ }
+ rule 3190 {
+ action accept
+ description FW028C0_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW028C0_2
+ }
+ port 44491-44498,44474
+ }
+ protocol tcp
+ }
+ rule 3191 {
+ action accept
+ description VPN-28484-ANY-ALLOW-10.4.59.159
+ destination {
+ group {
+ address-group DT_VPN-28484
+ }
+ }
+ source {
+ address 10.4.59.159
+ }
+ }
+ rule 3192 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.119
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.119
+ }
+ }
+ rule 3194 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-195.74.108.130
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 195.74.108.130
+ }
+ }
+ rule 3195 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-31.54.149.143
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 31.54.149.143
+ }
+ }
+ rule 3196 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-35.204.243.120
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 35.204.243.120
+ }
+ }
+ rule 3197 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-81.150.55.65
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.150.55.65
+ }
+ }
+ rule 3198 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-81.150.55.70
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 81.150.55.70
+ }
+ }
+ rule 3199 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-86.142.112.4
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 86.142.112.4
+ }
+ }
+ rule 3200 {
+ action accept
+ description FWF699D_4-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 8983
+ }
+ protocol tcp_udp
+ }
+ rule 3201 {
+ action accept
+ description FWF699D_4-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF699D_4
+ }
+ port 11009,10009
+ }
+ protocol tcp
+ }
+ rule 3202 {
+ action accept
+ description VPN-2661-ANY-ALLOW-10.4.54.24
+ destination {
+ group {
+ address-group DT_VPN-2661
+ }
+ }
+ source {
+ address 10.4.54.24
+ }
+ }
+ rule 3203 {
+ action accept
+ description VPN-2661-ANY-ALLOW-10.4.55.24
+ destination {
+ group {
+ address-group DT_VPN-2661
+ }
+ }
+ source {
+ address 10.4.55.24
+ }
+ }
+ rule 3204 {
+ action accept
+ description VPN-9727-ANY-ALLOW-10.4.54.118
+ destination {
+ group {
+ address-group DT_VPN-9727
+ }
+ }
+ source {
+ address 10.4.54.118
+ }
+ }
+ rule 3205 {
+ action accept
+ description VPN-9727-ANY-ALLOW-10.4.55.119
+ destination {
+ group {
+ address-group DT_VPN-9727
+ }
+ }
+ source {
+ address 10.4.55.119
+ }
+ }
+ rule 3207 {
+ action accept
+ description FWF0221_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF0221_1
+ }
+ port 65000,8099,8080
+ }
+ protocol tcp_udp
+ }
+ rule 3208 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.180
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.180
+ }
+ }
+ rule 3209 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-82.5.189.5
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 443
+ }
+ protocol tcp
+ source {
+ address 82.5.189.5
+ }
+ }
+ rule 3210 {
+ action accept
+ description FW60FD6_5-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW60FD6_5
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3211 {
+ action accept
+ description FW60FD6_5-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW60FD6_5
+ }
+ port 9500,9191,9090,8090,2222
+ }
+ protocol tcp
+ }
+ rule 3212 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-84.65.217.114
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 84.65.217.114
+ }
+ }
+ rule 3213 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.43.21
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.43.21
+ }
+ }
+ rule 3214 {
+ action accept
+ description FW45F3D_1-ANY-ALLOW-77.68.126.251
+ destination {
+ group {
+ address-group DT_FW45F3D_1
+ }
+ }
+ source {
+ address 77.68.126.251
+ }
+ }
+ rule 3215 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-86.14.23.23
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 86.14.23.23
+ }
+ }
+ rule 3217 {
+ action accept
+ description FW85E02_11-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW85E02_11
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 3218 {
+ action accept
+ description FW5D0FA_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5D0FA_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3222 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.141
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.141
+ }
+ }
+ rule 3223 {
+ action accept
+ description FWCDD8B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCDD8B_1
+ }
+ port 2222
+ }
+ protocol tcp
+ }
+ rule 3224 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.185
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.185
+ }
+ }
+ rule 3225 {
+ action accept
+ description FW06940_3-TCP_UDP-ALLOW-213.171.210.153
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ source {
+ address 213.171.210.153
+ }
+ }
+ rule 3226 {
+ action accept
+ description FW06940_3-TCP_UDP-ALLOW-70.29.113.102
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ source {
+ address 70.29.113.102
+ }
+ }
+ rule 3227 {
+ action accept
+ description FWC32BE_1-ANY-ALLOW-3.127.0.177
+ destination {
+ group {
+ address-group DT_FWC32BE_1
+ }
+ }
+ source {
+ address 3.127.0.177
+ }
+ }
+ rule 3228 {
+ action accept
+ description FWA86ED_101-TCP-ALLOW-93.115.195.58
+ destination {
+ group {
+ address-group DT_FWA86ED_101
+ }
+ port 3389,443
+ }
+ protocol tcp
+ source {
+ address 93.115.195.58
+ }
+ }
+ rule 3229 {
+ action accept
+ description FWE32F2_8-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE32F2_8
+ }
+ port 40120,30120,30110
+ }
+ protocol tcp
+ }
+ rule 3230 {
+ action accept
+ description VPN-28515-ANY-ALLOW-10.4.56.162
+ destination {
+ group {
+ address-group DT_VPN-28515
+ }
+ }
+ source {
+ address 10.4.56.162
+ }
+ }
+ rule 3231 {
+ action accept
+ description FW06940_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 30000-30400,8443-8447,445,80-110,21-25
+ }
+ protocol tcp
+ }
+ rule 3232 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.134
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.134
+ }
+ }
+ rule 3236 {
+ action accept
+ description VPN-28515-ANY-ALLOW-10.4.57.162
+ destination {
+ group {
+ address-group DT_VPN-28515
+ }
+ }
+ source {
+ address 10.4.57.162
+ }
+ }
+ rule 3237 {
+ action accept
+ description FWF4063_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF4063_1
+ }
+ port 3000
+ }
+ protocol tcp
+ }
+ rule 3240 {
+ action accept
+ description FW06940_3-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 49152-65535,6379,5666,5432-5454
+ }
+ protocol tcp_udp
+ }
+ rule 3242 {
+ action accept
+ description FW2E8D4_1-TCP-ALLOW-63.35.92.185
+ destination {
+ group {
+ address-group DT_FW2E8D4_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 63.35.92.185
+ }
+ }
+ rule 3244 {
+ action accept
+ description FWF30BD_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF30BD_1
+ }
+ port 9000-10999
+ }
+ protocol udp
+ }
+ rule 3245 {
+ action accept
+ description FWE30A1_4-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE30A1_4
+ }
+ port 65057
+ }
+ protocol tcp_udp
+ }
+ rule 3246 {
+ action accept
+ description VPN-26772-ANY-ALLOW-10.4.54.123
+ destination {
+ group {
+ address-group DT_VPN-26772
+ }
+ }
+ source {
+ address 10.4.54.123
+ }
+ }
+ rule 3249 {
+ action accept
+ description FW56496_1-ANY-ALLOW-77.68.82.49
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ }
+ source {
+ address 77.68.82.49
+ }
+ }
+ rule 3251 {
+ action accept
+ description FWDA443_6-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWDA443_6
+ }
+ port 30175,12050
+ }
+ protocol tcp
+ }
+ rule 3253 {
+ action accept
+ description FW5A521_3-TCP-ALLOW-88.98.75.17
+ destination {
+ group {
+ address-group DT_FW5A521_3
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 88.98.75.17
+ }
+ }
+ rule 3254 {
+ action accept
+ description FW5A521_3-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5A521_3
+ }
+ port 161-162
+ }
+ protocol udp
+ }
+ rule 3255 {
+ action accept
+ description FW5A521_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW5A521_3
+ }
+ port 5900
+ }
+ protocol tcp
+ }
+ rule 3259 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.178
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.178
+ }
+ }
+ rule 3260 {
+ action accept
+ description VPN-26772-ANY-ALLOW-10.4.55.124
+ destination {
+ group {
+ address-group DT_VPN-26772
+ }
+ }
+ source {
+ address 10.4.55.124
+ }
+ }
+ rule 3262 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.114
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.114
+ }
+ }
+ rule 3272 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.30
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.246.30
+ }
+ }
+ rule 3273 {
+ action accept
+ description FW2B4BA_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2B4BA_1
+ }
+ port 30000-31000
+ }
+ protocol tcp
+ }
+ rule 3284 {
+ action accept
+ description FW06940_3-TCP-ALLOW-213.171.217.107
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 8443
+ }
+ protocol tcp
+ source {
+ address 213.171.217.107
+ }
+ }
+ rule 3285 {
+ action accept
+ description FW0952B_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0952B_1
+ }
+ port 9030,9001
+ }
+ protocol tcp
+ }
+ rule 3286 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.85.35
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.85.35
+ }
+ }
+ rule 3290 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.232
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.232
+ }
+ }
+ rule 3294 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.21
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.21
+ }
+ }
+ rule 3295 {
+ action accept
+ description FW0EA3F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0EA3F_1
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ }
+ rule 3296 {
+ action accept
+ description FW9D5C7_1-TCP-ALLOW-209.97.176.108
+ destination {
+ group {
+ address-group DT_FW9D5C7_1
+ }
+ port 8447,8443,22
+ }
+ protocol tcp
+ source {
+ address 209.97.176.108
+ }
+ }
+ rule 3297 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.188
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.188
+ }
+ }
+ rule 3298 {
+ action accept
+ description FW9D5C7_1-TCP-ALLOW-165.227.231.227
+ destination {
+ group {
+ address-group DT_FW9D5C7_1
+ }
+ port 9117,9113,9104,9100
+ }
+ protocol tcp
+ source {
+ address 165.227.231.227
+ }
+ }
+ rule 3299 {
+ action accept
+ description FW4DB0A_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4DB0A_1
+ }
+ port 953
+ }
+ protocol tcp
+ }
+ rule 3300 {
+ action accept
+ description FW4DB0A_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4DB0A_1
+ }
+ port 953
+ }
+ protocol udp
+ }
+ rule 3301 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.91
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.91
+ }
+ }
+ rule 3303 {
+ action accept
+ description FW56496_1-TCP-ALLOW-176.255.93.149
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 3389
+ }
+ protocol tcp
+ source {
+ address 176.255.93.149
+ }
+ }
+ rule 3304 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.79
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.79
+ }
+ }
+ rule 3305 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.43
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.43
+ }
+ }
+ rule 3306 {
+ action accept
+ description FW310C6_3-ANY-ALLOW-88.208.198.40
+ destination {
+ group {
+ address-group DT_FW310C6_3
+ }
+ }
+ source {
+ address 88.208.198.40
+ }
+ }
+ rule 3307 {
+ action accept
+ description FW597A6_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW597A6_1
+ }
+ port 49152-65535,990
+ }
+ protocol tcp
+ }
+ rule 3308 {
+ action accept
+ description FW597A6_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW597A6_1
+ }
+ port 3306
+ }
+ protocol tcp_udp
+ }
+ rule 3309 {
+ action accept
+ description FWBC280_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBC280_1
+ }
+ port 49152-65535,20-21
+ }
+ protocol tcp
+ }
+ rule 3310 {
+ action accept
+ description VPN-31301-ANY-ALLOW-10.4.87.223
+ destination {
+ group {
+ address-group DT_VPN-31301
+ }
+ }
+ source {
+ address 10.4.87.223
+ }
+ }
+ rule 3311 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-148.253.173.243
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 148.253.173.243
+ }
+ }
+ rule 3312 {
+ action accept
+ description FW9EEDD_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW9EEDD_1
+ }
+ port 990,197,20-23
+ }
+ protocol tcp
+ }
+ rule 3313 {
+ action accept
+ description FW9EEDD_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW9EEDD_1
+ }
+ port 49152-65535
+ }
+ protocol tcp_udp
+ }
+ rule 3314 {
+ action accept
+ description VPN-31002-ANY-ALLOW-10.4.89.126
+ destination {
+ group {
+ address-group DT_VPN-31002
+ }
+ }
+ source {
+ address 10.4.89.126
+ }
+ }
+ rule 3316 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.11
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.11
+ }
+ }
+ rule 3317 {
+ action accept
+ description FW32EFF_49-TCP-ALLOW-195.59.191.128_25
+ destination {
+ group {
+ address-group DT_FW32EFF_49
+ }
+ port 5589
+ }
+ protocol tcp
+ source {
+ address 195.59.191.128/25
+ }
+ }
+ rule 3318 {
+ action accept
+ description FW32EFF_49-TCP-ALLOW-213.71.130.0_26
+ destination {
+ group {
+ address-group DT_FW32EFF_49
+ }
+ port 5589
+ }
+ protocol tcp
+ source {
+ address 213.71.130.0/26
+ }
+ }
+ rule 3319 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.88
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.88
+ }
+ }
+ rule 3320 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.173
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.215.173
+ }
+ }
+ rule 3321 {
+ action accept
+ description FW32EFF_49-TCP-ALLOW-84.19.45.82
+ destination {
+ group {
+ address-group DT_FW32EFF_49
+ }
+ port 5589
+ }
+ protocol tcp
+ source {
+ address 84.19.45.82
+ }
+ }
+ rule 3322 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-175.157.43.122
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 175.157.43.122
+ }
+ }
+ rule 3323 {
+ action accept
+ description FWC1ACD_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWC1ACD_1
+ }
+ port 28061,28060,8080
+ }
+ protocol tcp_udp
+ }
+ rule 3324 {
+ action accept
+ description FWA5D67_1-TCP_UDP-ALLOW-84.74.32.74
+ destination {
+ group {
+ address-group DT_FWA5D67_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 84.74.32.74
+ }
+ }
+ rule 3325 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.169
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.169
+ }
+ }
+ rule 3326 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.89
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.89
+ }
+ }
+ rule 3329 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.35
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.35
+ }
+ }
+ rule 3330 {
+ action accept
+ description FWCE020_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWCE020_1
+ }
+ port 48402
+ }
+ protocol udp
+ }
+ rule 3333 {
+ action accept
+ description FWF3574_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWF3574_1
+ }
+ port 8060,445,139
+ }
+ protocol tcp
+ }
+ rule 3334 {
+ action accept
+ description FWE6AB2_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE6AB2_1
+ }
+ port 44158,945,943
+ }
+ protocol tcp
+ }
+ rule 3335 {
+ action accept
+ description FWBFC02_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBFC02_1
+ }
+ port 44158,945,943
+ }
+ protocol tcp
+ }
+ rule 3336 {
+ action accept
+ description FWBFC02_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBFC02_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3337 {
+ action accept
+ description FWE6AB2_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWE6AB2_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3338 {
+ action accept
+ description FWBC8A6_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBC8A6_1
+ }
+ port 44158,945,943
+ }
+ protocol tcp
+ }
+ rule 3339 {
+ action accept
+ description FWBC8A6_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWBC8A6_1
+ }
+ port 1194
+ }
+ protocol udp
+ }
+ rule 3340 {
+ action accept
+ description FWA0AA0_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0AA0_1
+ }
+ port 2302
+ }
+ protocol tcp
+ }
+ rule 3342 {
+ action accept
+ description FW56496_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 22
+ }
+ protocol tcp_udp
+ }
+ rule 3343 {
+ action accept
+ description FW56496_1-TCP-ALLOW-157.231.178.162
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 21
+ }
+ protocol tcp
+ source {
+ address 157.231.178.162
+ }
+ }
+ rule 3344 {
+ action accept
+ description FW56496_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 2443,1022
+ }
+ protocol tcp
+ }
+ rule 3345 {
+ action accept
+ description FW56496_1-TCP_UDP-ALLOW-46.16.211.142
+ destination {
+ group {
+ address-group DT_FW56496_1
+ }
+ port 3389,21
+ }
+ protocol tcp_udp
+ source {
+ address 46.16.211.142
+ }
+ }
+ rule 3347 {
+ action accept
+ description FW2379F_14-GRE-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW2379F_14
+ }
+ }
+ protocol gre
+ }
+ rule 3348 {
+ action accept
+ description FW0E383_9-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0E383_9
+ }
+ port 52000
+ }
+ protocol tcp
+ }
+ rule 3350 {
+ action accept
+ description FWB4438_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB4438_2
+ }
+ port 993-995,7
+ }
+ protocol tcp
+ }
+ rule 3351 {
+ action accept
+ description FW1F3D0_6-TCP_UDP-ALLOW-82.165.207.109
+ destination {
+ group {
+ address-group DT_FW1F3D0_6
+ }
+ port 4567-4568
+ }
+ protocol tcp_udp
+ source {
+ address 82.165.207.109
+ }
+ }
+ rule 3352 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.77
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.77
+ }
+ }
+ rule 3358 {
+ action accept
+ description FW46F4A_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW46F4A_1
+ }
+ port 51820
+ }
+ protocol udp
+ }
+ rule 3359 {
+ action accept
+ description FW53C72_1-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW53C72_1
+ }
+ port 48402
+ }
+ protocol udp
+ }
+ rule 3360 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.251
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.251
+ }
+ }
+ rule 3362 {
+ action accept
+ description FWAA38E_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWAA38E_1
+ }
+ port 1001-65535
+ }
+ protocol tcp_udp
+ }
+ rule 3363 {
+ action accept
+ description FW138F8_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW138F8_1
+ }
+ port 21,20
+ }
+ protocol tcp_udp
+ }
+ rule 3364 {
+ action accept
+ description FW0BD92_3-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW0BD92_3
+ }
+ port 18081,18080
+ }
+ protocol tcp
+ }
+ rule 3365 {
+ action accept
+ description FWFEF05_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFEF05_1
+ }
+ port 1935
+ }
+ protocol tcp_udp
+ }
+ rule 3367 {
+ action accept
+ description FW26846_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW26846_1
+ }
+ port 8000
+ }
+ protocol tcp
+ }
+ rule 3368 {
+ action accept
+ description FWB4438_2-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB4438_2
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3369 {
+ action accept
+ description FWA884B_5-TCP-ALLOW-51.146.16.162
+ destination {
+ group {
+ address-group DT_FWA884B_5
+ }
+ port 8447,8443,22
+ }
+ protocol tcp
+ source {
+ address 51.146.16.162
+ }
+ }
+ rule 3370 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.22
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.22
+ }
+ }
+ rule 3371 {
+ action accept
+ description FWFDE34_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWFDE34_1
+ }
+ port 18081,18080
+ }
+ protocol tcp
+ }
+ rule 3373 {
+ action accept
+ description FWB6101_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWB6101_1
+ }
+ port 2280
+ }
+ protocol tcp
+ }
+ rule 3377 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.203
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 123.231.84.203
+ }
+ }
+ rule 3378 {
+ action accept
+ description FW1D511_2-TCP-ALLOW-92.29.46.47
+ destination {
+ group {
+ address-group DT_FW1D511_2
+ }
+ port 9090
+ }
+ protocol tcp
+ source {
+ address 92.29.46.47
+ }
+ }
+ rule 3386 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.175
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.208.175
+ }
+ }
+ rule 3387 {
+ action accept
+ description FW1ACD9_2-TCP-ALLOW-89.197.148.38
+ destination {
+ group {
+ address-group DT_FW1ACD9_2
+ }
+ port 5015,22
+ }
+ protocol tcp
+ source {
+ address 89.197.148.38
+ }
+ }
+ rule 3388 {
+ action accept
+ description FW1ACD9_2-UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1ACD9_2
+ }
+ port 9000-10999,5090,5060
+ }
+ protocol udp
+ }
+ rule 3389 {
+ action accept
+ description FW1ACD9_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW1ACD9_2
+ }
+ port 5090,5060-5062
+ }
+ protocol tcp
+ }
+ rule 3391 {
+ action accept
+ description FWA0B7F_1-TCP_UDP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWA0B7F_1
+ }
+ port 53
+ }
+ protocol tcp_udp
+ }
+ rule 3392 {
+ action accept
+ description FW56335_2-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW56335_2
+ }
+ port 18081,18080
+ }
+ protocol tcp
+ }
+ rule 3395 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.90
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.90
+ }
+ }
+ rule 3396 {
+ action accept
+ description FW4D3E6_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW4D3E6_1
+ }
+ port 18081,18080
+ }
+ protocol tcp
+ }
+ rule 3397 {
+ action accept
+ description FWB118A_1-TCP-ALLOW-188.65.177.58
+ destination {
+ group {
+ address-group DT_FWB118A_1
+ }
+ port 49152-65534,8447,8443,22,21,20
+ }
+ protocol tcp
+ source {
+ address 188.65.177.58
+ }
+ }
+ rule 3398 {
+ action accept
+ description FWB118A_1-TCP-ALLOW-77.68.103.13
+ destination {
+ group {
+ address-group DT_FWB118A_1
+ }
+ port 49152-65534,8447,8443,22,21,20
+ }
+ protocol tcp
+ source {
+ address 77.68.103.13
+ }
+ }
+ rule 3399 {
+ action accept
+ description FWB118A_1-TCP-ALLOW-80.5.71.130
+ destination {
+ group {
+ address-group DT_FWB118A_1
+ }
+ port 49152-65534,8447,8443,22,21,20
+ }
+ protocol tcp
+ source {
+ address 80.5.71.130
+ }
+ }
+ rule 3402 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.205
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.205
+ }
+ }
+ rule 3408 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.31
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.211.31
+ }
+ }
+ rule 3409 {
+ action accept
+ description FW539FB_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FW539FB_1
+ }
+ port 389
+ }
+ protocol tcp
+ }
+ rule 3411 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.185
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.185
+ }
+ }
+ rule 3415 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-116.206.245.124
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 116.206.245.124
+ }
+ }
+ rule 3416 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.75
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.213.75
+ }
+ }
+ rule 3417 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.34
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.34
+ }
+ }
+ rule 3418 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.77.70
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.77.70
+ }
+ }
+ rule 3419 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.92.33
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.92.33
+ }
+ }
+ rule 3420 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-77.68.93.82
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 77.68.93.82
+ }
+ }
+ rule 3421 {
+ action accept
+ description FWEF92E_5-UDP-ALLOW-88.208.198.93
+ destination {
+ group {
+ address-group DT_FWEF92E_5
+ }
+ port 500
+ }
+ protocol udp
+ source {
+ address 88.208.198.93
+ }
+ }
+ rule 3422 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.94
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.94
+ }
+ }
+ rule 3424 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-148.253.173.244
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 148.253.173.244
+ }
+ }
+ rule 3425 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-148.253.173.246
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 148.253.173.246
+ }
+ }
+ rule 3426 {
+ action accept
+ description FW18E6E_3-TCP-ALLOW-195.97.222.122
+ destination {
+ group {
+ address-group DT_FW18E6E_3
+ }
+ port 3306
+ }
+ protocol tcp
+ source {
+ address 195.97.222.122
+ }
+ }
+ rule 3431 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.111
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.111
+ }
+ }
+ rule 3432 {
+ action accept
+ description FW06940_3-TCP_UDP-ALLOW-74.208.41.119
+ destination {
+ group {
+ address-group DT_FW06940_3
+ }
+ port 1-65535
+ }
+ protocol tcp_udp
+ source {
+ address 74.208.41.119
+ }
+ }
+ rule 3438 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.252
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.252
+ }
+ }
+ rule 3440 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.118
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.118
+ }
+ }
+ rule 3442 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.15
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.209.15
+ }
+ }
+ rule 3446 {
+ action accept
+ description FWC32BE_1-ANY-ALLOW-3.65.3.75
+ destination {
+ group {
+ address-group DT_FWC32BE_1
+ }
+ }
+ source {
+ address 3.65.3.75
+ }
+ }
+ rule 3447 {
+ action accept
+ description FWC32BE_1-TCP-ALLOW-217.155.2.52
+ destination {
+ group {
+ address-group DT_FWC32BE_1
+ }
+ port 22
+ }
+ protocol tcp
+ source {
+ address 217.155.2.52
+ }
+ }
+ rule 3448 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.243
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.243
+ }
+ }
+ rule 3449 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.117
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000,3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.214.117
+ }
+ }
+ rule 3450 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.4
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.4
+ }
+ }
+ rule 3452 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.177
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 9000
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.210.177
+ }
+ }
+ rule 3454 {
+ action accept
+ description FWD498E_1-TCP-ALLOW-ANY
+ destination {
+ group {
+ address-group DT_FWD498E_1
+ }
+ port 44158
+ }
+ protocol tcp
+ }
+ rule 3455 {
+ action accept
+ description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.147
+ destination {
+ group {
+ address-group DT_FWA7A50_1
+ }
+ port 3389
+ }
+ protocol tcp_udp
+ source {
+ address 112.134.212.147
+ }
+ }
+ }
+ receive-redirects disable
+ send-redirects disable
+ source-validation disable
+ state-policy {
+ established {
+ action accept
+ }
+ invalid {
+ action drop
+ }
+ related {
+ action accept
+ }
+ }
+ syn-cookies enable
+ twa-hazards-protection disable
+}
+high-availability {
+ vrrp {
+ group eth3-90 {
+ advertise-interval 3
+ authentication {
+ password Ng-1p90
+ type plaintext-password
+ }
+ interface eth3
+ preempt-delay 30
+ priority 10
+ virtual-address 10.255.255.1/32
+ virtual-address 169.254.169.254/32
+ vrid 90
+ }
+ sync-group VRRP-GROUP {
+ member eth3-90
+ }
+ }
+}
+interfaces {
+ ethernet eth0 {
+ address 10.4.35.105/24
+ description Management
+ duplex auto
+ smp-affinity auto
+ speed auto
+ }
+ ethernet eth1 {
+ description MicroVLANs
+ duplex auto
+ smp-affinity auto
+ speed auto
+ vif 3201 {
+ address 109.228.63.251/25
+ description "MicroVLAN publica"
+ firewall {
+ in {
+ name WAN-INBOUND
+ }
+ local {
+ name LOCAL-WAN
+ }
+ }
+ }
+ }
+ ethernet eth2 {
+ address 10.4.51.133/30
+ description Sync
+ duplex auto
+ firewall {
+ local {
+ name LOCAL-SYNC
+ }
+ }
+ smp-affinity auto
+ speed auto
+ }
+ ethernet eth3 {
+ address 10.255.255.2/20
+ description "Customers LAN"
+ duplex auto
+ firewall {
+ in {
+ name LAN-INBOUND
+ }
+ local {
+ name LOCAL-LAN
+ }
+ }
+ smp-affinity auto
+ speed auto
+ }
+ loopback lo {
+ address 10.4.35.105/32
+ }
+}
+nat {
+ destination {
+ rule 5 {
+ description cloud-init
+ destination {
+ address 169.254.169.254
+ port http
+ }
+ inbound-interface eth3
+ protocol tcp
+ translation {
+ address 82.223.45.35
+ }
+ }
+ rule 20 {
+ description "TEMPORARY NAT for dnscache removal in favor of anycns"
+ destination {
+ address 77.68.76.12
+ port domain
+ }
+ inbound-interface eth3
+ protocol tcp_udp
+ translation {
+ address 212.227.123.16
+ }
+ }
+ rule 25 {
+ description "TEMPORARY NAT for dnscache removal in favor of anycns"
+ destination {
+ address 77.68.77.12
+ port domain
+ }
+ inbound-interface eth3
+ protocol tcp_udp
+ translation {
+ address 212.227.123.17
+ }
+ }
+ }
+}
+policy {
+ community-list 100 {
+ rule 10 {
+ action permit
+ regex 65500:1001
+ }
+ }
+ community-list 200 {
+ rule 10 {
+ action permit
+ regex "65500:10**"
+ }
+ }
+ prefix-list Service-NETs {
+ rule 1 {
+ action permit
+ ge 32
+ prefix 0.0.0.0/0
+ }
+ }
+ route-map Any-Site-1 {
+ rule 10 {
+ action permit
+ match {
+ community {
+ community-list 200
+ }
+ }
+ }
+ rule 20 {
+ action deny
+ }
+ }
+ route-map CLOUD-Service-NETs {
+ rule 10 {
+ action permit
+ match {
+ ip {
+ address {
+ prefix-list Service-NETs
+ }
+ }
+ }
+ set {
+ community 65500:1027
+ }
+ }
+ rule 20 {
+ action deny
+ }
+ }
+ route-map None {
+ rule 10 {
+ action deny
+ }
+ }
+}
+protocols {
+ bgp 8560 {
+ address-family {
+ ipv4-unicast {
+ redistribute {
+ static {
+ }
+ }
+ }
+ }
+ neighbor 109.228.63.134 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export CLOUD-Service-NETs
+ import Any-Site-1
+ }
+ weight 150
+ }
+ }
+ description RouteServer1-vyos
+ password VyOS123
+ remote-as 8560
+ timers {
+ holdtime 5
+ keepalive 1
+ }
+ }
+ neighbor 109.228.63.135 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export CLOUD-Service-NETs
+ import Any-Site-1
+ }
+ weight 125
+ }
+ }
+ description RouteServer2-quagga
+ password VyOS123
+ remote-as 8560
+ }
+ neighbor 109.228.63.136 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ export CLOUD-Service-NETs
+ import Any-Site-1
+ }
+ weight 100
+ }
+ }
+ description RouteServer3-bird
+ password VyOS123
+ remote-as 8560
+ }
+ parameters {
+ log-neighbor-changes
+ router-id 10.4.35.105
+ }
+ }
+ static {
+ interface-route 77.68.2.215/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.3.52/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.3.61/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.3.80/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.3.121/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.3.144/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.3.161/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.3.194/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.3.247/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.22/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.24/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.25/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.39/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.57/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.74/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.80/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.111/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.136/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.180/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.242/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.4.252/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.5.95/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.5.125/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.5.155/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.5.166/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.5.187/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.5.241/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.6.32/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.6.105/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.6.110/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.6.119/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.6.202/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.6.210/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.7.67/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.7.114/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.7.123/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.7.160/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.7.172/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.7.186/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.7.222/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.7.227/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.8.144/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.9.75/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.9.186/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.10.142/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.10.152/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.10.170/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.11.140/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.12.45/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.12.195/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.12.250/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.13.76/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.13.137/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.14.88/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.15.95/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.16.247/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.17.26/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.17.186/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.17.200/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.20.161/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.20.217/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.20.231/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.21.78/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.21.171/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.22.146/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.23.35/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.23.64/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.23.112/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.23.158/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.24.59/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.24.63/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.24.112/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.24.134/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.24.172/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.24.220/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.25.124/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.25.130/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.25.146/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.26.166/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.26.216/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.26.221/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.26.228/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.27.18/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.27.27/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.27.28/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.27.54/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.27.57/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.27.211/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.28.139/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.28.145/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.28.147/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.28.207/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.29.65/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.29.178/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.30.133/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.30.164/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.31.96/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.31.144/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.32.31/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.32.43/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.32.83/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.32.86/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.32.89/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.32.118/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.32.254/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.33.24/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.33.37/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.33.48/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.33.68/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.33.171/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.33.197/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.33.216/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.34.26/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.34.28/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.34.50/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.34.138/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.34.139/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.35.116/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.48.14/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.48.81/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.48.89/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.48.105/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.48.202/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.49.4/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.49.12/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.49.126/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.49.152/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.49.159/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.49.160/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.49.161/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.49.178/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.50.90/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.50.91/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.50.142/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.50.193/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.50.198/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.51.202/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.51.214/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.72.202/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.72.254/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.73.73/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.74.39/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.74.85/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.74.152/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.74.209/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.74.232/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.75.45/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.75.64/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.75.113/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.75.245/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.75.253/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.12/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.13/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.14/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.16/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.19/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.20/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.21/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.22/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.23/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.25/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.26/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.29/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.30/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.31/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.33/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.35/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.37/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.38/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.39/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.40/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.42/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.44/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.45/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.47/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.48/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.49/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.50/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.54/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.55/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.57/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.58/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.59/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.60/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.61/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.74/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.75/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.76/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.77/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.80/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.88/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.91/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.92/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.93/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.94/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.95/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.96/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.99/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.102/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.104/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.105/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.107/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.108/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.110/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.111/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.112/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.114/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.115/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.116/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.118/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.120/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.122/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.123/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.124/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.126/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.127/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.136/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.137/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.138/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.139/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.141/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.142/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.145/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.148/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.149/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.150/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.152/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.157/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.158/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.160/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.161/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.164/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.165/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.169/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.171/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.176/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.177/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.181/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.183/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.185/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.187/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.191/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.195/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.197/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.198/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.200/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.202/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.203/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.208/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.209/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.211/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.212/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.217/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.219/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.220/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.228/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.229/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.231/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.234/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.235/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.239/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.241/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.243/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.244/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.245/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.247/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.248/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.249/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.250/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.251/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.252/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.253/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.76.254/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.12/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.13/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.14/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.16/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.19/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.21/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.22/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.24/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.26/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.29/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.30/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.32/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.33/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.37/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.38/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.42/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.43/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.44/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.46/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.49/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.50/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.53/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.54/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.56/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.57/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.59/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.62/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.63/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.65/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.67/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.68/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.69/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.70/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.71/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.72/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.74/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.75/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.76/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.77/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.79/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.81/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.85/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.88/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.90/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.92/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.95/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.97/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.99/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.100/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.102/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.103/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.105/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.107/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.108/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.114/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.115/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.117/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.120/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.124/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.128/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.129/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.130/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.132/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.137/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.139/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.140/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.141/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.144/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.145/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.149/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.150/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.151/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.152/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.156/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.157/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.159/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.160/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.161/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.163/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.165/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.171/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.174/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.176/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.178/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.181/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.185/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.190/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.192/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.199/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.200/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.201/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.202/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.203/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.204/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.205/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.207/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.208/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.209/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.211/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.212/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.214/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.215/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.219/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.221/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.222/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.227/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.228/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.231/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.233/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.234/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.236/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.238/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.239/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.240/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.243/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.247/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.248/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.249/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.251/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.253/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.77.254/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.78.73/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.78.113/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.78.229/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.79.82/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.79.89/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.79.206/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.80.26/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.80.97/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.81.44/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.81.141/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.81.218/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.82.147/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.82.157/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.83.41/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.84.147/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.84.155/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.85.18/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.85.27/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.85.73/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.85.115/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.85.172/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.86.40/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.86.148/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.87.164/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.87.212/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.88.100/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.88.164/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.89.72/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.89.183/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.89.247/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.90.106/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.90.132/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.91.22/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.91.128/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.91.195/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.92.92/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.92.186/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.93.125/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.93.164/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.93.246/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.94.181/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.95.42/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.95.212/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.100.77/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.100.132/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.100.134/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.100.150/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.100.167/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.101.64/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.101.124/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.101.125/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.102.5/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.102.129/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.103.19/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.103.56/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.103.120/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.103.147/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.103.227/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.112.75/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.112.83/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.112.90/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.112.91/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.112.167/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.112.175/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.112.184/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.112.213/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.112.248/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.113.117/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.113.164/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.114.93/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.114.136/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.114.183/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.114.205/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.114.234/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.114.237/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.115.17/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.115.142/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.116.36/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.116.52/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.116.84/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.116.119/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.116.183/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.116.220/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.116.221/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.116.232/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.117.29/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.117.45/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.117.51/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.117.142/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.117.173/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.117.202/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.117.214/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.117.222/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.118.15/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.118.17/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.118.86/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.118.88/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.118.102/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.118.104/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.118.120/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.119.14/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.119.92/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.119.188/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.120.26/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.120.31/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.120.45/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.120.146/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.120.218/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.120.229/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.120.241/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.120.249/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.121.94/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.121.106/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.121.119/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.121.127/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.122.89/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.122.195/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.122.241/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.123.177/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.123.250/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.125.32/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.125.60/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.125.218/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.126.14/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.126.22/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.126.51/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.126.101/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.126.160/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.127.151/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 77.68.127.172/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.196.91/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.196.92/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.196.123/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.196.154/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.10/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.23/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.60/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.118/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.129/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.135/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.150/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.155/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.160/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.197.208/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.198.39/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.198.64/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.198.66/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.198.69/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.198.92/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.198.251/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.199.46/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.199.141/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.199.233/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.199.249/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.212.31/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.212.94/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.212.182/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.212.188/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.215.19/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.215.61/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.215.62/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.215.121/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 88.208.215.157/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.35.84/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.35.110/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.36.37/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.36.79/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.36.119/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.36.174/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.36.194/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.36.229/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.37.10/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.37.114/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.37.174/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.37.187/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.37.240/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.38.117/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.38.171/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.38.201/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.39.41/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.39.151/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.39.157/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.39.249/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.40.194/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.40.195/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.40.207/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.40.222/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.40.226/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.40.247/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.42.232/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.46.81/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.46.196/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.47.223/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.48.249/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.52.186/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.53.243/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.55.82/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.56.26/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.56.97/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.56.185/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.56.242/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.58.134/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.59.247/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.60.215/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.61.31/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 109.228.61.37/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.36.7/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.36.17/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.36.24/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.36.56/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.36.60/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.36.142/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.36.148/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.37.23/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.37.47/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.37.83/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.37.101/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.37.102/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.37.133/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.38.95/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.38.114/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.38.142/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.38.182/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.38.216/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.38.248/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.39.37/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.39.44/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.39.68/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.39.99/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.39.109/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.39.129/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.39.145/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.39.219/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.40.11/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.40.56/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.40.90/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.40.124/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.40.152/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.40.166/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.40.244/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.41.72/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.41.73/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.41.148/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.41.240/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.43.6/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.43.28/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.43.71/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.43.98/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.43.113/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.43.157/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 185.132.43.164/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.208.40/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.208.58/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.208.176/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.209.217/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.210.19/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.210.25/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.210.59/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.210.155/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.210.177/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.211.128/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.212.71/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.212.89/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.212.90/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.212.114/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.212.136/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.212.171/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.212.172/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.212.203/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.213.31/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.213.41/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.213.42/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.213.97/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.213.175/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.213.242/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.214.96/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.214.102/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.214.167/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.214.234/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.215.43/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.215.184/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ interface-route 213.171.215.252/32 {
+ next-hop-interface eth3 {
+ }
+ }
+ route 0.0.0.0/0 {
+ next-hop 109.228.63.129 {
+ }
+ }
+ route 10.0.0.0/8 {
+ next-hop 10.4.35.1 {
+ }
+ }
+ route 10.7.197.0/24 {
+ next-hop 109.228.63.240 {
+ }
+ }
+ route 172.16.0.0/12 {
+ next-hop 10.4.35.1 {
+ }
+ }
+ route 192.168.0.0/16 {
+ next-hop 10.4.35.1 {
+ }
+ }
+ }
+}
+service {
+ lldp {
+ legacy-protocols {
+ cdp
+ }
+ snmp {
+ enable
+ }
+ }
+ snmp {
+ community 1Trpq25 {
+ authorization ro
+ }
+ contact network@arsys.es
+ description gb-glo-sg4ng1fw27-01
+ listen-address 10.4.35.105 {
+ port 161
+ }
+ location NGCS
+ trap-target 10.4.36.64 {
+ community 1Trpq25
+ port 162
+ }
+ trap-target 172.21.15.200 {
+ community 1Trpq25
+ port 162
+ }
+ }
+ ssh {
+ listen-address 10.4.35.105
+ listen-address 10.4.51.133
+ port 22
+ }
+}
+system {
+ config-management {
+ commit-revisions 20
+ }
+ conntrack {
+ expect-table-size 8192
+ hash-size 262144
+ modules {
+ sip {
+ disable
+ }
+ }
+ table-size 2097152
+ timeout {
+ icmp 30
+ other 120
+ tcp {
+ close 10
+ close-wait 60
+ established 3600
+ fin-wait 30
+ last-ack 30
+ syn-recv 5
+ syn-sent 5
+ time-wait 5
+ }
+ udp {
+ other 10
+ stream 10
+ }
+ }
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name gb-glo-sg4ng1fw27-01
+ ip {
+ arp {
+ table-size 2048
+ }
+ }
+ ipv6 {
+ disable
+ }
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 10.4.36.16
+ name-server 10.4.37.16
+ ntp {
+ server glo-ntp1.por-ngcs.lan {
+ }
+ server glo-ntp2.por-ngcs.lan {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level notice
+ }
+ facility protocols {
+ level info
+ }
+ }
+ host 10.4.36.23 {
+ facility all {
+ level all
+ }
+ facility protocols {
+ level info
+ }
+ facility user {
+ level err
+ }
+ }
+ user all {
+ facility all {
+ level emerg
+ }
+ }
+ }
+ time-zone Europe/Madrid
+}
+
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@10:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.6-S1 */
+
diff --git a/smoketest/configs/basic-vyos b/smoketest/configs/basic-vyos
index 493feed5b..e6f89954f 100644
--- a/smoketest/configs/basic-vyos
+++ b/smoketest/configs/basic-vyos
@@ -6,16 +6,68 @@ interfaces {
speed auto
}
ethernet eth1 {
- address 100.64.0.0/31
duplex auto
smp-affinity auto
speed auto
}
+ ethernet eth2 {
+ duplex auto
+ smp-affinity auto
+ speed auto
+ vif 100 {
+ address 100.100.0.1/24
+ }
+ vif-s 200 {
+ address 100.64.200.254/24
+ vif-c 201 {
+ address 100.64.201.254/24
+ }
+ vif-c 202 {
+ address 100.64.202.254/24
+ }
+ }
+ }
loopback lo {
}
}
protocols {
static {
+ arp 192.168.0.20 {
+ hwaddr 00:50:00:00:00:20
+ }
+ arp 192.168.0.30 {
+ hwaddr 00:50:00:00:00:30
+ }
+ arp 192.168.0.40 {
+ hwaddr 00:50:00:00:00:40
+ }
+ arp 100.100.0.2 {
+ hwaddr 00:50:00:00:02:02
+ }
+ arp 100.100.0.3 {
+ hwaddr 00:50:00:00:02:03
+ }
+ arp 100.100.0.4 {
+ hwaddr 00:50:00:00:02:04
+ }
+ arp 100.64.200.1 {
+ hwaddr 00:50:00:00:00:01
+ }
+ arp 100.64.200.2 {
+ hwaddr 00:50:00:00:00:02
+ }
+ arp 100.64.201.10 {
+ hwaddr 00:50:00:00:00:10
+ }
+ arp 100.64.201.20 {
+ hwaddr 00:50:00:00:00:20
+ }
+ arp 100.64.202.30 {
+ hwaddr 00:50:00:00:00:30
+ }
+ arp 100.64.202.40 {
+ hwaddr 00:50:00:00:00:40
+ }
route 0.0.0.0/0 {
next-hop 100.64.0.1 {
}
diff --git a/smoketest/configs/bgp-big-as-cloud b/smoketest/configs/bgp-big-as-cloud
index 10660ec87..65819256e 100644
--- a/smoketest/configs/bgp-big-as-cloud
+++ b/smoketest/configs/bgp-big-as-cloud
@@ -982,6 +982,10 @@ policy {
}
}
}
+ set {
+ as-path-exclude "100 200 300"
+ as-path-prepend "64512 64512 64512"
+ }
}
rule 100 {
action deny
diff --git a/smoketest/configs/qos-basic b/smoketest/configs/qos-basic
new file mode 100644
index 000000000..f94a5650d
--- /dev/null
+++ b/smoketest/configs/qos-basic
@@ -0,0 +1,205 @@
+interfaces {
+ ethernet eth0 {
+ address 10.1.1.100/24
+ traffic-policy {
+ out FS
+ }
+ }
+ ethernet eth1 {
+ address 10.2.1.1/24
+ traffic-policy {
+ out M2
+ }
+ }
+ ethernet eth2 {
+ address 10.9.9.1/24
+ traffic-policy {
+ out MY-HTB
+ }
+ }
+ loopback lo {
+ }
+}
+protocols {
+ static {
+ route 0.0.0.0/0 {
+ next-hop 10.9.9.2 {
+ }
+ next-hop 10.1.1.1 {
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 10
+ }
+ conntrack {
+ modules {
+ ftp
+ h323
+ nfs
+ pptp
+ sip
+ sqlnet
+ tftp
+ }
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0
+ plaintext-password ""
+ }
+ }
+ }
+ ntp {
+ server time1.vyos.net {
+ }
+ server time2.vyos.net {
+ }
+ server time3.vyos.net {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+traffic-policy {
+ shaper M2 {
+ bandwidth auto
+ class 10 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS10 {
+ ip {
+ dscp CS4
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS5
+ }
+ default {
+ bandwidth 10mbit
+ burst 15k
+ queue-type fair-queue
+ }
+ }
+ shaper MY-HTB {
+ bandwidth 10mbit
+ class 30 {
+ bandwidth 10%
+ burst 15k
+ ceiling 50%
+ match ADDRESS30 {
+ ip {
+ source {
+ address 10.1.1.0/24
+ }
+ }
+ }
+ priority 5
+ queue-type fair-queue
+ }
+ class 40 {
+ bandwidth 90%
+ burst 15k
+ ceiling 100%
+ match ADDRESS40 {
+ ip {
+ dscp CS4
+ source {
+ address 10.2.1.0/24
+ }
+ }
+ }
+ priority 5
+ queue-type fair-queue
+ }
+ class 50 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS50 {
+ ip {
+ dscp CS5
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS7
+ }
+ default {
+ bandwidth 10%
+ burst 15k
+ ceiling 100%
+ priority 7
+ queue-type fair-queue
+ set-dscp CS1
+ }
+ }
+ shaper FS {
+ bandwidth auto
+ class 10 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS10 {
+ ip {
+ source {
+ address 172.17.1.2/32
+ }
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS4
+ }
+ class 20 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS20 {
+ ip {
+ source {
+ address 172.17.1.3/32
+ }
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS5
+ }
+ class 30 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS30 {
+ ip {
+ source {
+ address 172.17.1.4/32
+ }
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS6
+ }
+ default {
+ bandwidth 10%
+ burst 15k
+ ceiling 100%
+ priority 7
+ queue-type fair-queue
+ }
+ }
+}
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3.1
+
diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py
index ba5acf5d6..816ba6dcd 100644
--- a/smoketest/scripts/cli/base_interfaces_test.py
+++ b/smoketest/scripts/cli/base_interfaces_test.py
@@ -78,18 +78,25 @@ class BasicInterfaceTest:
# choose IPv6 minimum MTU value for tests - this must always work
_mtu = '1280'
- def setUp(self):
+ @classmethod
+ def setUpClass(cls):
+ super(BasicInterfaceTest.TestCase, cls).setUpClass()
+
# Setup mirror interfaces for SPAN (Switch Port Analyzer)
- for span in self._mirror_interfaces:
+ for span in cls._mirror_interfaces:
section = Section.section(span)
- self.cli_set(['interfaces', section, span])
+ cls.cli_set(cls, ['interfaces', section, span])
- def tearDown(self):
+ @classmethod
+ def tearDownClass(cls):
# Tear down mirror interfaces for SPAN (Switch Port Analyzer)
- for span in self._mirror_interfaces:
+ for span in cls._mirror_interfaces:
section = Section.section(span)
- self.cli_delete(['interfaces', section, span])
+ cls.cli_delete(cls, ['interfaces', section, span])
+ super(BasicInterfaceTest.TestCase, cls).tearDownClass()
+
+ def tearDown(self):
self.cli_delete(self._base_path)
self.cli_commit()
@@ -232,6 +239,7 @@ class BasicInterfaceTest:
self.cli_commit()
for interface in self._interfaces:
+ self.assertIn(AF_INET6, ifaddresses(interface))
for addr in ifaddresses(interface)[AF_INET6]:
self.assertTrue(is_ipv6_link_local(addr['addr']))
diff --git a/smoketest/scripts/cli/base_vyostest_shim.py b/smoketest/scripts/cli/base_vyostest_shim.py
index 1652aa0d6..7cfb53045 100644
--- a/smoketest/scripts/cli/base_vyostest_shim.py
+++ b/smoketest/scripts/cli/base_vyostest_shim.py
@@ -16,6 +16,7 @@ import os
import unittest
from time import sleep
+from typing import Type
from vyos.configsession import ConfigSession
from vyos.configsession import ConfigSessionError
@@ -85,3 +86,17 @@ class VyOSUnitTestSHIM:
print(f'\n\ncommand "{command}" returned:\n')
pprint.pprint(out)
return out
+
+# standard construction; typing suggestion: https://stackoverflow.com/a/70292317
+def ignore_warning(warning: Type[Warning]):
+ import warnings
+ from functools import wraps
+
+ def inner(f):
+ @wraps(f)
+ def wrapped(*args, **kwargs):
+ with warnings.catch_warnings():
+ warnings.simplefilter("ignore", category=warning)
+ return f(*args, **kwargs)
+ return wrapped
+ return inner
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index 5448295fa..b8f944575 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -38,7 +38,7 @@ sysfs_config = {
class TestFirewall(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestFirewall, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
@@ -49,8 +49,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['interfaces', 'ethernet', 'eth0', 'address', '172.16.10.1/24'])
-
- super(cls, cls).tearDownClass()
+ super(TestFirewall, cls).tearDownClass()
def tearDown(self):
self.cli_delete(['interfaces', 'ethernet', 'eth0', 'firewall'])
@@ -174,6 +173,45 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
nftables_output = cmd(f'sudo nft list chain {table} {chain}')
self.assertTrue('jump VYOS_STATE_POLICY' in nftables_output)
+ def test_state_and_status_rules(self):
+ self.cli_set(['firewall', 'name', 'smoketest', 'default-action', 'drop'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'action', 'accept'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'state', 'established', 'enable'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'state', 'related', 'enable'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'action', 'reject'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'state', 'invalid', 'enable'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '3', 'action', 'accept'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '3', 'state', 'new', 'enable'])
+
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '3', 'connection-status', 'nat', 'destination'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'action', 'accept'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'state', 'new', 'enable'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'state', 'established', 'enable'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'connection-status', 'nat', 'source'])
+
+ self.cli_set(['interfaces', 'ethernet', 'eth0', 'firewall', 'in', 'name', 'smoketest'])
+
+ self.cli_commit()
+
+ nftables_search = [
+ ['iifname "eth0"', 'jump NAME_smoketest'],
+ ['ct state { established, related }', 'return'],
+ ['ct state { invalid }', 'reject'],
+ ['ct state { new }', 'ct status { dnat }', 'return'],
+ ['ct state { established, new }', 'ct status { snat }', 'return'],
+ ['smoketest default-action', 'drop']
+ ]
+
+ nftables_output = cmd('sudo nft list table ip filter')
+
+ for search in nftables_search:
+ matched = False
+ for line in nftables_output.split("\n"):
+ if all(item in line for item in search):
+ matched = True
+ break
+ self.assertTrue(matched, msg=search)
+
def test_sysfs(self):
for name, conf in sysfs_config.items():
paths = glob(conf['sysfs'])
diff --git a/smoketest/scripts/cli/test_interfaces_bonding.py b/smoketest/scripts/cli/test_interfaces_bonding.py
index 9bb561275..237abb487 100755
--- a/smoketest/scripts/cli/test_interfaces_bonding.py
+++ b/smoketest/scripts/cli/test_interfaces_bonding.py
@@ -55,7 +55,7 @@ class BondingInterfaceTest(BasicInterfaceTest.TestCase):
cls._interfaces = list(cls._options)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(BondingInterfaceTest, cls).setUpClass()
def test_add_single_ip_address(self):
super().test_add_single_ip_address()
diff --git a/smoketest/scripts/cli/test_interfaces_bridge.py b/smoketest/scripts/cli/test_interfaces_bridge.py
index f2e111425..ca0ead9e8 100755
--- a/smoketest/scripts/cli/test_interfaces_bridge.py
+++ b/smoketest/scripts/cli/test_interfaces_bridge.py
@@ -56,7 +56,7 @@ class BridgeInterfaceTest(BasicInterfaceTest.TestCase):
cls._interfaces = list(cls._options)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(BridgeInterfaceTest, cls).setUpClass()
def tearDown(self):
for intf in self._interfaces:
diff --git a/smoketest/scripts/cli/test_interfaces_dummy.py b/smoketest/scripts/cli/test_interfaces_dummy.py
index dedc6fe05..d96ec2c5d 100755
--- a/smoketest/scripts/cli/test_interfaces_dummy.py
+++ b/smoketest/scripts/cli/test_interfaces_dummy.py
@@ -24,7 +24,7 @@ class DummyInterfaceTest(BasicInterfaceTest.TestCase):
cls._base_path = ['interfaces', 'dummy']
cls._interfaces = ['dum435', 'dum8677', 'dum0931', 'dum089']
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(DummyInterfaceTest, cls).setUpClass()
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_interfaces_ethernet.py b/smoketest/scripts/cli/test_interfaces_ethernet.py
index ee7649af8..05d2ae5f5 100755
--- a/smoketest/scripts/cli/test_interfaces_ethernet.py
+++ b/smoketest/scripts/cli/test_interfaces_ethernet.py
@@ -18,13 +18,19 @@ import os
import re
import unittest
+from netifaces import AF_INET
+from netifaces import AF_INET6
+from netifaces import ifaddresses
+
from base_interfaces_test import BasicInterfaceTest
from vyos.configsession import ConfigSessionError
from vyos.ifconfig import Section
from vyos.pki import CERT_BEGIN
+from vyos.template import is_ipv6
from vyos.util import cmd
from vyos.util import process_named_running
from vyos.util import read_file
+from vyos.validate import is_ipv6_link_local
server_ca_root_cert_data = """
MIIBcTCCARagAwIBAgIUDcAf1oIQV+6WRaW7NPcSnECQ/lUwCgYIKoZIzj0EAwIw
@@ -128,7 +134,7 @@ class EthernetInterfaceTest(BasicInterfaceTest.TestCase):
cls._macs[interface] = read_file(f'/sys/class/net/{interface}/address')
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(EthernetInterfaceTest, cls).setUpClass()
def tearDown(self):
for interface in self._interfaces:
@@ -140,13 +146,20 @@ class EthernetInterfaceTest(BasicInterfaceTest.TestCase):
self.cli_set(self._base_path + [interface, 'speed', 'auto'])
self.cli_set(self._base_path + [interface, 'hw-id', self._macs[interface]])
- # Tear down mirror interfaces for SPAN (Switch Port Analyzer)
- for span in self._mirror_interfaces:
- section = Section.section(span)
- self.cli_delete(['interfaces', section, span])
-
self.cli_commit()
+ # Verify that no address remains on the system as this is an eternal
+ # interface.
+ for intf in self._interfaces:
+ self.assertNotIn(AF_INET, ifaddresses(intf))
+ # required for IPv6 link-local address
+ self.assertIn(AF_INET6, ifaddresses(intf))
+ for addr in ifaddresses(intf)[AF_INET6]:
+ # checking link local addresses makes no sense
+ if is_ipv6_link_local(addr['addr']):
+ continue
+ self.assertFalse(is_intf_addr_assigned(intf, addr['addr']))
+
def test_offloading_rps(self):
# enable RPS on all available CPUs, RPS works woth a CPU bitmask,
# where each bit represents a CPU (core/thread). The formula below
diff --git a/smoketest/scripts/cli/test_interfaces_geneve.py b/smoketest/scripts/cli/test_interfaces_geneve.py
index 430085e7f..0e5098aa7 100755
--- a/smoketest/scripts/cli/test_interfaces_geneve.py
+++ b/smoketest/scripts/cli/test_interfaces_geneve.py
@@ -34,7 +34,7 @@ class GeneveInterfaceTest(BasicInterfaceTest.TestCase):
}
cls._interfaces = list(cls._options)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(GeneveInterfaceTest, cls).setUpClass()
def test_geneve_parameters(self):
tos = '40'
diff --git a/smoketest/scripts/cli/test_interfaces_l2tpv3.py b/smoketest/scripts/cli/test_interfaces_l2tpv3.py
index 06ced5c40..aed8e6f15 100755
--- a/smoketest/scripts/cli/test_interfaces_l2tpv3.py
+++ b/smoketest/scripts/cli/test_interfaces_l2tpv3.py
@@ -39,7 +39,7 @@ class L2TPv3InterfaceTest(BasicInterfaceTest.TestCase):
}
cls._interfaces = list(cls._options)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(L2TPv3InterfaceTest, cls).setUpClass()
def test_add_single_ip_address(self):
super().test_add_single_ip_address()
diff --git a/smoketest/scripts/cli/test_interfaces_loopback.py b/smoketest/scripts/cli/test_interfaces_loopback.py
index 85b5ca6d6..5ff9c250e 100755
--- a/smoketest/scripts/cli/test_interfaces_loopback.py
+++ b/smoketest/scripts/cli/test_interfaces_loopback.py
@@ -29,7 +29,7 @@ class LoopbackInterfaceTest(BasicInterfaceTest.TestCase):
cls._base_path = ['interfaces', 'loopback']
cls._interfaces = ['lo']
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(LoopbackInterfaceTest, cls).setUpClass()
def tearDown(self):
self.cli_delete(self._base_path)
diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py
index 5b10bfa44..e5e5a558e 100755
--- a/smoketest/scripts/cli/test_interfaces_macsec.py
+++ b/smoketest/scripts/cli/test_interfaces_macsec.py
@@ -53,7 +53,7 @@ class MACsecInterfaceTest(BasicInterfaceTest.TestCase):
cls._interfaces = list(cls._options)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(MACsecInterfaceTest, cls).setUpClass()
def test_macsec_encryption(self):
# MACsec can be operating in authentication and encryption mode - both
diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py
index f8a6ae986..b2143d16e 100755
--- a/smoketest/scripts/cli/test_interfaces_openvpn.py
+++ b/smoketest/scripts/cli/test_interfaces_openvpn.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2020 VyOS maintainers and contributors
+# Copyright (C) 2020-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -37,10 +37,46 @@ PROCESS_NAME = 'openvpn'
base_path = ['interfaces', 'openvpn']
-cert_data = 'MIICFDCCAbugAwIBAgIUfMbIsB/ozMXijYgUYG80T1ry+mcwCgYIKoZIzj0EAwIwWTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MB4XDTIxMDcyMDEyNDUxMloXDTI2MDcxOTEyNDUxMlowWTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE01HrLcNttqq4/PtoMua8rMWEkOdBu7vP94xzDO7A8C92ls1v86eePy4QllKCzIw3QxBIoCuH2peGRfWgPRdFsKNhMF8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSu+JnU5ZC4mkuEpqg2+Mk4K79oeDAKBggqhkjOPQQDAgNHADBEAiBEFdzQ/Bc3LftzngrY605UhA6UprHhAogKgROv7iR4QgIgEFUxTtW3xXJcnUPWhhUFhyZoqfn8dE93+dm/LDnp7C0='
-key_data = 'MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPLpD0Ohhoq0g4nhx2KMIuze7ucKUt/lBEB2wc03IxXyhRANCAATTUestw222qrj8+2gy5rysxYSQ50G7u8/3jHMM7sDwL3aWzW/zp54/LhCWUoLMjDdDEEigK4fal4ZF9aA9F0Ww'
-dh_data = 'MIIBCAKCAQEApzGAPcQlLJiOyfGZgl1qxNgufXkdpjG7lMaOrO4TGr1giFe3jIFOFxJNC/G9Dn+KSukaWssVVR+Jwr/JesZFPawihS03wC7cZsccykNRIjiteqJDwYJZUHieOxyCuCeY4pqOUCl1uswRGjLvIFtwynpnXKKuz2YtjNifma90PEgv/vVWKix+Q0TAbdbzJzO5xp8UVn9DuYfSr10k3LbDqDM7w5ezHZxFk24S5pN/yoOpdbxB8TS67q3IYXxR3F+RseKu4J3AvkxXSP1j7COXddPpLnvbJT/SW8NrjuC/n0eKGvmeyqNv108Y89jnT79MxMMRQk66iwlsd1m4pa/OYwIBAg=='
-ovpn_key_data = '443f2a710ac411c36894b2531e62c4550b079b8f3f08997f4be57c64abfdaaa431d2396b01ecec3a2c0618959e8186d99f489742d25673ffb3268841ebb2e7042a2daabe584e79d51d2b1d7409bf8840f7e42efa3e660a521719b04ee88b9043e6315ae12da7c9abd55f67eeed71a9ee8c6e163b5d2661fc332cf90cb45658b4adf892f79537d37d3a3d90da283ce885adf325ffd2b5be92067cdf0345c7712c9d36b642c170351b6d9ce9f6230c7a2617b0c181121bce7d5373404fb68e65210b36e6d40ef2769cf8990503859f6f2db3c85ba74420430a6250d6a74ca51ece4b85124bfdfec0c8a530cefa7350378d81a4539f74bed832a902ae4798142e4a'
+cert_data = """
+MIICFDCCAbugAwIBAgIUfMbIsB/ozMXijYgUYG80T1ry+mcwCgYIKoZIzj0EAwIw
+WTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNv
+bWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MB4XDTIx
+MDcyMDEyNDUxMloXDTI2MDcxOTEyNDUxMlowWTELMAkGA1UEBhMCR0IxEzARBgNV
+BAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlP
+UzESMBAGA1UEAwwJVnlPUyBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+01HrLcNttqq4/PtoMua8rMWEkOdBu7vP94xzDO7A8C92ls1v86eePy4QllKCzIw3
+QxBIoCuH2peGRfWgPRdFsKNhMF8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSu
++JnU5ZC4mkuEpqg2+Mk4K79oeDAKBggqhkjOPQQDAgNHADBEAiBEFdzQ/Bc3Lftz
+ngrY605UhA6UprHhAogKgROv7iR4QgIgEFUxTtW3xXJcnUPWhhUFhyZoqfn8dE93
++dm/LDnp7C0=
+"""
+
+key_data = """
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPLpD0Ohhoq0g4nhx
+2KMIuze7ucKUt/lBEB2wc03IxXyhRANCAATTUestw222qrj8+2gy5rysxYSQ50G7
+u8/3jHMM7sDwL3aWzW/zp54/LhCWUoLMjDdDEEigK4fal4ZF9aA9F0Ww
+"""
+
+dh_data = """
+MIIBCAKCAQEApzGAPcQlLJiOyfGZgl1qxNgufXkdpjG7lMaOrO4TGr1giFe3jIFO
+FxJNC/G9Dn+KSukaWssVVR+Jwr/JesZFPawihS03wC7cZsccykNRIjiteqJDwYJZ
+UHieOxyCuCeY4pqOUCl1uswRGjLvIFtwynpnXKKuz2YtjNifma90PEgv/vVWKix+
+Q0TAbdbzJzO5xp8UVn9DuYfSr10k3LbDqDM7w5ezHZxFk24S5pN/yoOpdbxB8TS6
+7q3IYXxR3F+RseKu4J3AvkxXSP1j7COXddPpLnvbJT/SW8NrjuC/n0eKGvmeyqNv
+108Y89jnT79MxMMRQk66iwlsd1m4pa/OYwIBAg==
+"""
+
+ovpn_key_data = """
+443f2a710ac411c36894b2531e62c4550b079b8f3f08997f4be57c64abfdaaa4
+31d2396b01ecec3a2c0618959e8186d99f489742d25673ffb3268841ebb2e704
+2a2daabe584e79d51d2b1d7409bf8840f7e42efa3e660a521719b04ee88b9043
+e6315ae12da7c9abd55f67eeed71a9ee8c6e163b5d2661fc332cf90cb45658b4
+adf892f79537d37d3a3d90da283ce885adf325ffd2b5be92067cdf0345c7712c
+9d36b642c170351b6d9ce9f6230c7a2617b0c181121bce7d5373404fb68e6521
+0b36e6d40ef2769cf8990503859f6f2db3c85ba74420430a6250d6a74ca51ece
+4b85124bfdfec0c8a530cefa7350378d81a4539f74bed832a902ae4798142e4a
+"""
remote_port = '1194'
protocol = 'udp'
@@ -59,20 +95,28 @@ def get_vrf(interface):
return tmp
class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
- def setUp(self):
- self.cli_set(['interfaces', 'dummy', dummy_if, 'address', '192.0.2.1/32'])
- self.cli_set(['vrf', 'name', vrf_name, 'table', '12345'])
+ @classmethod
+ def setUpClass(cls):
+ super(TestInterfacesOpenVPN, cls).setUpClass()
- self.cli_set(['pki', 'ca', 'ovpn_test', 'certificate', cert_data])
- self.cli_set(['pki', 'certificate', 'ovpn_test', 'certificate', cert_data])
- self.cli_set(['pki', 'certificate', 'ovpn_test', 'private', 'key', key_data])
- self.cli_set(['pki', 'dh', 'ovpn_test', 'parameters', dh_data])
- self.cli_set(['pki', 'openvpn', 'shared-secret', 'ovpn_test', 'key', ovpn_key_data])
+ cls.cli_set(cls, ['interfaces', 'dummy', dummy_if, 'address', '192.0.2.1/32'])
+ cls.cli_set(cls, ['vrf', 'name', vrf_name, 'table', '12345'])
+
+ cls.cli_set(cls, ['pki', 'ca', 'ovpn_test', 'certificate', cert_data.replace('\n','')])
+ cls.cli_set(cls, ['pki', 'certificate', 'ovpn_test', 'certificate', cert_data.replace('\n','')])
+ cls.cli_set(cls, ['pki', 'certificate', 'ovpn_test', 'private', 'key', key_data.replace('\n','')])
+ cls.cli_set(cls, ['pki', 'dh', 'ovpn_test', 'parameters', dh_data.replace('\n','')])
+ cls.cli_set(cls, ['pki', 'openvpn', 'shared-secret', 'ovpn_test', 'key', ovpn_key_data.replace('\n','')])
+
+ @classmethod
+ def tearDownClass(cls):
+ cls.cli_delete(cls, ['interfaces', 'dummy', dummy_if])
+ cls.cli_delete(cls, ['vrf'])
+
+ super(TestInterfacesOpenVPN, cls).tearDownClass()
def tearDown(self):
self.cli_delete(base_path)
- self.cli_delete(['interfaces', 'dummy', dummy_if])
- self.cli_delete(['vrf'])
self.cli_commit()
def test_openvpn_client_verify(self):
@@ -532,6 +576,46 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
+ def test_openvpn_options(self):
+ # Ensure OpenVPN process restart on openvpn-option CLI node change
+
+ interface = 'vtun5001'
+ path = base_path + [interface]
+
+ self.cli_set(path + ['mode', 'site-to-site'])
+ self.cli_set(path + ['local-address', '10.0.0.2'])
+ self.cli_set(path + ['remote-address', '192.168.0.3'])
+ self.cli_set(path + ['shared-secret-key', 'ovpn_test'])
+
+ self.cli_commit()
+
+ # Now verify the OpenVPN "raw" option passing. Once an openvpn-option is
+ # added, modified or deleted from the CLI, OpenVPN daemon must be restarted
+ cur_pid = process_named_running('openvpn')
+ self.cli_set(path + ['openvpn-option', '--persist-tun'])
+ self.cli_commit()
+
+ # PID must be different as OpenVPN Must be restarted
+ new_pid = process_named_running('openvpn')
+ self.assertNotEqual(cur_pid, new_pid)
+ cur_pid = new_pid
+
+ self.cli_set(path + ['openvpn-option', '--persist-key'])
+ self.cli_commit()
+
+ # PID must be different as OpenVPN Must be restarted
+ new_pid = process_named_running('openvpn')
+ self.assertNotEqual(cur_pid, new_pid)
+ cur_pid = new_pid
+
+ self.cli_delete(path + ['openvpn-option'])
+ self.cli_commit()
+
+ # PID must be different as OpenVPN Must be restarted
+ new_pid = process_named_running('openvpn')
+ self.assertNotEqual(cur_pid, new_pid)
+ cur_pid = new_pid
+
def test_openvpn_site2site_interfaces_tun(self):
# Create two OpenVPN site-to-site interfaces
diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py
index 4f1e1ee99..8927121a8 100755
--- a/smoketest/scripts/cli/test_interfaces_pppoe.py
+++ b/smoketest/scripts/cli/test_interfaces_pppoe.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2019-2021 VyOS maintainers and contributors
+# Copyright (C) 2019-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -34,9 +34,12 @@ def get_config_value(interface, key):
# add a classmethod to setup a temporaray PPPoE server for "proper" validation
class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
- def setUp(self):
- self._interfaces = ['pppoe10', 'pppoe20', 'pppoe30']
- self._source_interface = 'eth0'
+ @classmethod
+ def setUpClass(cls):
+ super(PPPoEInterfaceTest, cls).setUpClass()
+
+ cls._interfaces = ['pppoe10', 'pppoe20', 'pppoe30']
+ cls._source_interface = 'eth0'
def tearDown(self):
# Validate PPPoE client process
@@ -60,7 +63,6 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + [interface, 'authentication', 'user', user])
self.cli_set(base_path + [interface, 'authentication', 'password', passwd])
- self.cli_set(base_path + [interface, 'default-route', 'auto'])
self.cli_set(base_path + [interface, 'mtu', mtu])
self.cli_set(base_path + [interface, 'no-peer-dns'])
@@ -136,7 +138,7 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
for interface in self._interfaces:
self.cli_set(base_path + [interface, 'authentication', 'user', 'vyos'])
self.cli_set(base_path + [interface, 'authentication', 'password', 'vyos'])
- self.cli_set(base_path + [interface, 'default-route', 'none'])
+ self.cli_set(base_path + [interface, 'no-default-route'])
self.cli_set(base_path + [interface, 'no-peer-dns'])
self.cli_set(base_path + [interface, 'source-interface', self._source_interface])
self.cli_set(base_path + [interface, 'ipv6', 'address', 'autoconf'])
diff --git a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py b/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py
index adcadc5eb..a51b8d52c 100755
--- a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py
+++ b/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py
@@ -48,7 +48,7 @@ class PEthInterfaceTest(BasicInterfaceTest.TestCase):
cls._interfaces = list(cls._options)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(PEthInterfaceTest, cls).setUpClass()
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py
index 99c25c374..44bfbb5f0 100755
--- a/smoketest/scripts/cli/test_interfaces_tunnel.py
+++ b/smoketest/scripts/cli/test_interfaces_tunnel.py
@@ -42,7 +42,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase):
}
cls._interfaces = list(cls._options)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(TunnelInterfaceTest, cls).setUpClass()
# create some test interfaces
cls.cli_set(cls, ['interfaces', 'dummy', source_if, 'address', cls.local_v4 + '/32'])
diff --git a/smoketest/scripts/cli/test_interfaces_vxlan.py b/smoketest/scripts/cli/test_interfaces_vxlan.py
index bb85f1936..058f13721 100755
--- a/smoketest/scripts/cli/test_interfaces_vxlan.py
+++ b/smoketest/scripts/cli/test_interfaces_vxlan.py
@@ -39,7 +39,7 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase):
}
cls._interfaces = list(cls._options)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(VXLANInterfaceTest, cls).setUpClass()
def test_vxlan_parameters(self):
tos = '40'
diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py
index aaf27a2c4..f3e9670f7 100755
--- a/smoketest/scripts/cli/test_interfaces_wireguard.py
+++ b/smoketest/scripts/cli/test_interfaces_wireguard.py
@@ -23,10 +23,13 @@ from vyos.configsession import ConfigSessionError
base_path = ['interfaces', 'wireguard']
class WireGuardInterfaceTest(VyOSUnitTestSHIM.TestCase):
- def setUp(self):
- self._test_addr = ['192.0.2.1/26', '192.0.2.255/31', '192.0.2.64/32',
+ @classmethod
+ def setUpClass(cls):
+ super(WireGuardInterfaceTest, cls).setUpClass()
+
+ cls._test_addr = ['192.0.2.1/26', '192.0.2.255/31', '192.0.2.64/32',
'2001:db8:1::ffff/64', '2001:db8:101::1/112']
- self._interfaces = ['wg0', 'wg1']
+ cls._interfaces = ['wg0', 'wg1']
def tearDown(self):
self.cli_delete(base_path)
diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py
index 4f539a23c..a24f37d8d 100755
--- a/smoketest/scripts/cli/test_interfaces_wireless.py
+++ b/smoketest/scripts/cli/test_interfaces_wireless.py
@@ -48,7 +48,7 @@ class WirelessInterfaceTest(BasicInterfaceTest.TestCase):
}
cls._interfaces = list(cls._options)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(WirelessInterfaceTest, cls).setUpClass()
def test_wireless_add_single_ip_address(self):
# derived method to check if member interfaces are enslaved properly
diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py
index 2e1b8d431..408facfb3 100755
--- a/smoketest/scripts/cli/test_nat.py
+++ b/smoketest/scripts/cli/test_nat.py
@@ -30,7 +30,7 @@ dst_path = base_path + ['destination']
class TestNAT(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestNAT, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
@@ -59,36 +59,44 @@ class TestNAT(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
- tmp = cmd('sudo nft -j list table nat')
+ tmp = cmd('sudo nft -j list chain ip nat POSTROUTING')
data_json = jmespath.search('nftables[?rule].rule[?chain]', json.loads(tmp))
for idx in range(0, len(data_json)):
- rule = str(rules[idx])
data = data_json[idx]
- network = f'192.168.{rule}.0/24'
-
- self.assertEqual(data['chain'], 'POSTROUTING')
- self.assertEqual(data['comment'], f'SRC-NAT-{rule}')
- self.assertEqual(data['family'], 'ip')
- self.assertEqual(data['table'], 'nat')
+ if idx == 0:
+ self.assertEqual(data['chain'], 'POSTROUTING')
+ self.assertEqual(data['family'], 'ip')
+ self.assertEqual(data['table'], 'nat')
- iface = dict_search('match.right', data['expr'][0])
- direction = dict_search('match.left.payload.field', data['expr'][1])
- address = dict_search('match.right.prefix.addr', data['expr'][1])
- mask = dict_search('match.right.prefix.len', data['expr'][1])
-
- if int(rule) < 200:
- self.assertEqual(direction, 'saddr')
- self.assertEqual(iface, outbound_iface_100)
- # check for masquerade keyword
- self.assertIn('masquerade', data['expr'][3])
+ jump_target = dict_search('jump.target', data['expr'][1])
+ self.assertEqual(jump_target,'VYOS_PRE_SNAT_HOOK')
else:
- self.assertEqual(direction, 'daddr')
- self.assertEqual(iface, outbound_iface_200)
- # check for return keyword due to 'exclude'
- self.assertIn('return', data['expr'][3])
-
- self.assertEqual(f'{address}/{mask}', network)
+ rule = str(rules[idx - 1])
+ network = f'192.168.{rule}.0/24'
+
+ self.assertEqual(data['chain'], 'POSTROUTING')
+ self.assertEqual(data['comment'], f'SRC-NAT-{rule}')
+ self.assertEqual(data['family'], 'ip')
+ self.assertEqual(data['table'], 'nat')
+
+ iface = dict_search('match.right', data['expr'][0])
+ direction = dict_search('match.left.payload.field', data['expr'][1])
+ address = dict_search('match.right.prefix.addr', data['expr'][1])
+ mask = dict_search('match.right.prefix.len', data['expr'][1])
+
+ if int(rule) < 200:
+ self.assertEqual(direction, 'saddr')
+ self.assertEqual(iface, outbound_iface_100)
+ # check for masquerade keyword
+ self.assertIn('masquerade', data['expr'][3])
+ else:
+ self.assertEqual(direction, 'daddr')
+ self.assertEqual(iface, outbound_iface_200)
+ # check for return keyword due to 'exclude'
+ self.assertIn('return', data['expr'][3])
+
+ self.assertEqual(f'{address}/{mask}', network)
def test_dnat(self):
rules = ['100', '110', '120', '130', '200', '210', '220', '230']
@@ -111,33 +119,42 @@ class TestNAT(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
- tmp = cmd('sudo nft -j list table nat')
+ tmp = cmd('sudo nft -j list chain ip nat PREROUTING')
data_json = jmespath.search('nftables[?rule].rule[?chain]', json.loads(tmp))
for idx in range(0, len(data_json)):
- rule = str(rules[idx])
data = data_json[idx]
- port = int(f'10{rule}')
-
- self.assertEqual(data['chain'], 'PREROUTING')
- self.assertEqual(data['comment'].split()[0], f'DST-NAT-{rule}')
- self.assertEqual(data['family'], 'ip')
- self.assertEqual(data['table'], 'nat')
-
- iface = dict_search('match.right', data['expr'][0])
- direction = dict_search('match.left.payload.field', data['expr'][1])
- protocol = dict_search('match.left.payload.protocol', data['expr'][1])
- dnat_addr = dict_search('dnat.addr', data['expr'][3])
- dnat_port = dict_search('dnat.port', data['expr'][3])
-
- self.assertEqual(direction, 'sport')
- self.assertEqual(dnat_addr, '192.0.2.1')
- self.assertEqual(dnat_port, port)
- if int(rule) < 200:
- self.assertEqual(iface, inbound_iface_100)
- self.assertEqual(protocol, inbound_proto_100)
+ if idx == 0:
+ self.assertEqual(data['chain'], 'PREROUTING')
+ self.assertEqual(data['family'], 'ip')
+ self.assertEqual(data['table'], 'nat')
+
+ jump_target = dict_search('jump.target', data['expr'][1])
+ self.assertEqual(jump_target,'VYOS_PRE_DNAT_HOOK')
else:
- self.assertEqual(iface, inbound_iface_200)
+
+ rule = str(rules[idx - 1])
+ port = int(f'10{rule}')
+
+ self.assertEqual(data['chain'], 'PREROUTING')
+ self.assertEqual(data['comment'].split()[0], f'DST-NAT-{rule}')
+ self.assertEqual(data['family'], 'ip')
+ self.assertEqual(data['table'], 'nat')
+
+ iface = dict_search('match.right', data['expr'][0])
+ direction = dict_search('match.left.payload.field', data['expr'][1])
+ protocol = dict_search('match.left.payload.protocol', data['expr'][1])
+ dnat_addr = dict_search('dnat.addr', data['expr'][3])
+ dnat_port = dict_search('dnat.port', data['expr'][3])
+
+ self.assertEqual(direction, 'sport')
+ self.assertEqual(dnat_addr, '192.0.2.1')
+ self.assertEqual(dnat_port, port)
+ if int(rule) < 200:
+ self.assertEqual(iface, inbound_iface_100)
+ self.assertEqual(protocol, inbound_proto_100)
+ else:
+ self.assertEqual(iface, inbound_iface_200)
def test_snat_required_translation_address(self):
# T2813: Ensure translation address is specified
diff --git a/smoketest/scripts/cli/test_nat66.py b/smoketest/scripts/cli/test_nat66.py
index 6b7b49792..aac6a30f9 100755
--- a/smoketest/scripts/cli/test_nat66.py
+++ b/smoketest/scripts/cli/test_nat66.py
@@ -32,7 +32,7 @@ dst_path = base_path + ['destination']
class TestNAT66(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestNAT66, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
diff --git a/smoketest/scripts/cli/test_pki.py b/smoketest/scripts/cli/test_pki.py
index 45a4bd61e..e92123dbc 100755
--- a/smoketest/scripts/cli/test_pki.py
+++ b/smoketest/scripts/cli/test_pki.py
@@ -129,8 +129,13 @@ xGsJxVHfSKeooUQn6q76sg==
"""
class TestPKI(VyOSUnitTestSHIM.TestCase):
- def setUp(self):
- self.cli_delete(base_path)
+ @classmethod
+ def setUpClass(cls):
+ super(TestPKI, cls).setUpClass()
+
+ # ensure we can also run this test on a live system - so lets clean
+ # out the current configuration :)
+ cls.cli_delete(cls, base_path)
def tearDown(self):
self.cli_delete(base_path)
diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py
index b232a2241..e8c6ff19b 100755
--- a/smoketest/scripts/cli/test_policy.py
+++ b/smoketest/scripts/cli/test_policy.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -800,27 +800,28 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
'10' : {
'action' : 'deny',
'set' : {
- 'aggregator-as' : '1234567890',
- 'aggregator-ip' : '10.255.255.0',
- 'as-path-exclude' : '1234',
- 'as-path-prepend' : '1234567890 987654321',
- 'atomic-aggregate' : '',
- 'distance' : '110',
- 'extcommunity-bw' : '20000',
- 'extcommunity-rt' : '123:456',
- 'extcommunity-soo' : '456:789',
- 'ipv6-next-hop-global': '2001::1',
- 'ipv6-next-hop-local' : 'fe80::1',
- 'ip-next-hop' : '192.168.1.1',
- 'large-community' : '100:200:300',
- 'local-preference' : '500',
- 'metric' : '150',
- 'metric-type' : 'type-1',
- 'origin' : 'incomplete',
- 'originator-id' : '172.16.10.1',
- 'src' : '100.0.0.1',
- 'tag' : '65530',
- 'weight' : '2',
+ 'aggregator-as' : '1234567890',
+ 'aggregator-ip' : '10.255.255.0',
+ 'as-path-exclude' : '1234',
+ 'as-path-prepend' : '1234567890 987654321',
+ 'as-path-prepend-last-as' : '5',
+ 'atomic-aggregate' : '',
+ 'distance' : '110',
+ 'extcommunity-bw' : '20000',
+ 'extcommunity-rt' : '123:456',
+ 'extcommunity-soo' : '456:789',
+ 'ipv6-next-hop-global' : '2001::1',
+ 'ipv6-next-hop-local' : 'fe80::1',
+ 'ip-next-hop' : '192.168.1.1',
+ 'large-community' : '100:200:300',
+ 'local-preference' : '500',
+ 'metric' : '150',
+ 'metric-type' : 'type-1',
+ 'origin' : 'incomplete',
+ 'originator-id' : '172.16.10.1',
+ 'src' : '100.0.0.1',
+ 'tag' : '65530',
+ 'weight' : '2',
},
},
},
@@ -848,6 +849,13 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
'evpn-vni' : '1234',
},
},
+ '20' : {
+ 'action' : 'permit',
+ 'set' : {
+ 'evpn-gateway-ipv4' : '192.0.2.99',
+ 'evpn-gateway-ipv6' : '2001:db8:f00::1',
+ },
+ },
},
},
}
@@ -958,9 +966,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
if 'aggregator-ip' in rule_config['set']:
self.cli_set(path + ['rule', rule, 'set', 'aggregator', 'ip', rule_config['set']['aggregator-ip']])
if 'as-path-exclude' in rule_config['set']:
- self.cli_set(path + ['rule', rule, 'set', 'as-path-exclude', rule_config['set']['as-path-exclude']])
+ self.cli_set(path + ['rule', rule, 'set', 'as-path', 'exclude', rule_config['set']['as-path-exclude']])
if 'as-path-prepend' in rule_config['set']:
- self.cli_set(path + ['rule', rule, 'set', 'as-path-prepend', rule_config['set']['as-path-prepend']])
+ self.cli_set(path + ['rule', rule, 'set', 'as-path', 'prepend', rule_config['set']['as-path-prepend']])
if 'atomic-aggregate' in rule_config['set']:
self.cli_set(path + ['rule', rule, 'set', 'atomic-aggregate'])
if 'distance' in rule_config['set']:
@@ -995,6 +1003,10 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
self.cli_set(path + ['rule', rule, 'set', 'tag', rule_config['set']['tag']])
if 'weight' in rule_config['set']:
self.cli_set(path + ['rule', rule, 'set', 'weight', rule_config['set']['weight']])
+ if 'evpn-gateway-ipv4' in rule_config['set']:
+ self.cli_set(path + ['rule', rule, 'set', 'evpn', 'gateway', 'ipv4', rule_config['set']['evpn-gateway-ipv4']])
+ if 'evpn-gateway-ipv6' in rule_config['set']:
+ self.cli_set(path + ['rule', rule, 'set', 'evpn', 'gateway', 'ipv6', rule_config['set']['evpn-gateway-ipv6']])
self.cli_commit()
@@ -1118,6 +1130,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
tmp += 'as-path exclude ' + rule_config['set']['as-path-exclude']
elif 'as-path-prepend' in rule_config['set']:
tmp += 'as-path prepend ' + rule_config['set']['as-path-prepend']
+ elif 'as-path-prepend-last-as' in rule_config['set']:
+ tmp += 'as-path prepend last-as' + rule_config['set']['as-path-prepend-last-as']
elif 'atomic-aggregate' in rule_config['set']:
tmp += 'atomic-aggregate'
elif 'distance' in rule_config['set']:
@@ -1152,6 +1166,10 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
tmp += 'tag ' + rule_config['set']['tag']
elif 'weight' in rule_config['set']:
tmp += 'weight ' + rule_config['set']['weight']
+ elif 'vpn-gateway-ipv4' in rule_config['set']:
+ tmp += 'evpn gateway ipv4 ' + rule_config['set']['vpn-gateway-ipv4']
+ elif 'vpn-gateway-ipv6' in rule_config['set']:
+ tmp += 'evpn gateway ipv6 ' + rule_config['set']['vpn-gateway-ipv6']
self.assertIn(tmp, config)
diff --git a/smoketest/scripts/cli/test_policy_route.py b/smoketest/scripts/cli/test_policy_route.py
index 9035f0832..e2d70f289 100755
--- a/smoketest/scripts/cli/test_policy_route.py
+++ b/smoketest/scripts/cli/test_policy_route.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -23,15 +23,26 @@ from vyos.util import cmd
mark = '100'
table_mark_offset = 0x7fffffff
table_id = '101'
+interface = 'eth0'
+interface_ip = '172.16.10.1/24'
class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
- def setUp(self):
- self.cli_set(['interfaces', 'ethernet', 'eth0', 'address', '172.16.10.1/24'])
- self.cli_set(['protocols', 'static', 'table', '101', 'route', '0.0.0.0/0', 'interface', 'eth0'])
+ @classmethod
+ def setUpClass(cls):
+ super(TestPolicyRoute, cls).setUpClass()
+
+ cls.cli_set(cls, ['interfaces', 'ethernet', interface, 'address', interface_ip])
+ cls.cli_set(cls, ['protocols', 'static', 'table', table_id, 'route', '0.0.0.0/0', 'interface', interface])
+
+ @classmethod
+ def tearDownClass(cls):
+ cls.cli_delete(cls, ['interfaces', 'ethernet', interface, 'address', interface_ip])
+ cls.cli_delete(cls, ['protocols', 'static', 'table', table_id])
+
+ super(TestPolicyRoute, cls).tearDownClass()
def tearDown(self):
- self.cli_delete(['interfaces', 'ethernet', 'eth0'])
- self.cli_delete(['protocols', 'static'])
+ self.cli_delete(['interfaces', 'ethernet', interface, 'policy'])
self.cli_delete(['policy', 'route'])
self.cli_delete(['policy', 'route6'])
self.cli_commit()
@@ -41,14 +52,14 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'destination', 'address', '172.16.10.10'])
self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'set', 'mark', mark])
- self.cli_set(['interfaces', 'ethernet', 'eth0', 'policy', 'route', 'smoketest'])
+ self.cli_set(['interfaces', 'ethernet', interface, 'policy', 'route', 'smoketest'])
self.cli_commit()
mark_hex = "{0:#010x}".format(int(mark))
nftables_search = [
- ['iifname "eth0"', 'jump VYOS_PBR_smoketest'],
+ [f'iifname "{interface}"','jump VYOS_PBR_smoketest'],
['ip daddr 172.16.10.10', 'ip saddr 172.16.20.10', 'meta mark set ' + mark_hex],
]
@@ -72,8 +83,8 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '1', 'destination', 'port', '8888'])
self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '1', 'set', 'table', table_id])
- self.cli_set(['interfaces', 'ethernet', 'eth0', 'policy', 'route', 'smoketest'])
- self.cli_set(['interfaces', 'ethernet', 'eth0', 'policy', 'route6', 'smoketest6'])
+ self.cli_set(['interfaces', 'ethernet', interface, 'policy', 'route', 'smoketest'])
+ self.cli_set(['interfaces', 'ethernet', interface, 'policy', 'route6', 'smoketest6'])
self.cli_commit()
@@ -82,7 +93,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
# IPv4
nftables_search = [
- ['iifname "eth0"', 'jump VYOS_PBR_smoketest'],
+ [f'iifname "{interface}"', 'jump VYOS_PBR_smoketest'],
['tcp flags & (syn | ack) == syn', 'tcp dport { 8888 }', 'meta mark set ' + mark_hex]
]
@@ -99,7 +110,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
# IPv6
nftables6_search = [
- ['iifname "eth0"', 'jump VYOS_PBR6_smoketest'],
+ [f'iifname "{interface}"', 'jump VYOS_PBR6_smoketest'],
['meta l4proto { tcp, udp }', 'th dport { 8888 }', 'meta mark set ' + mark_hex]
]
diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py
index f1db5350a..9c0c93779 100755
--- a/smoketest/scripts/cli/test_protocols_bgp.py
+++ b/smoketest/scripts/cli/test_protocols_bgp.py
@@ -154,7 +154,7 @@ peer_group_config = {
class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestProtocolsBGP, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
@@ -882,5 +882,44 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase):
self.assertIn(f' rt vpn import {rt_import}', afi_config)
self.assertIn(f' exit-address-family', afi_config)
+ def test_bgp_14_remote_as_peer_group_override(self):
+ # Peer-group member cannot override remote-as of peer-group
+ remote_asn = str(int(ASN) + 150)
+ neighbor = '192.0.2.1'
+ peer_group = 'bar'
+ interface = 'eth0'
+
+ self.cli_set(base_path + ['local-as', ASN])
+ self.cli_set(base_path + ['neighbor', neighbor, 'remote-as', remote_asn])
+ self.cli_set(base_path + ['neighbor', neighbor, 'peer-group', peer_group])
+ self.cli_set(base_path + ['peer-group', peer_group, 'remote-as', remote_asn])
+
+ # Peer-group member cannot override remote-as of peer-group
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_delete(base_path + ['neighbor', neighbor, 'remote-as'])
+
+ # re-test with interface based peer-group
+ self.cli_set(base_path + ['neighbor', interface, 'interface', 'peer-group', peer_group])
+ self.cli_set(base_path + ['neighbor', interface, 'interface', 'remote-as', 'external'])
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_delete(base_path + ['neighbor', interface, 'interface', 'remote-as'])
+
+ # re-test with interface based v6only peer-group
+ self.cli_set(base_path + ['neighbor', interface, 'interface', 'v6only', 'peer-group', peer_group])
+ self.cli_set(base_path + ['neighbor', interface, 'interface', 'v6only', 'remote-as', 'external'])
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_delete(base_path + ['neighbor', interface, 'interface', 'v6only', 'remote-as'])
+
+ self.cli_commit()
+
+ frrconfig = self.getFRRconfig(f'router bgp {ASN}')
+ self.assertIn(f'router bgp {ASN}', frrconfig)
+ self.assertIn(f' neighbor {neighbor} peer-group {peer_group}', frrconfig)
+ self.assertIn(f' neighbor {peer_group} peer-group', frrconfig)
+ self.assertIn(f' neighbor {peer_group} remote-as {remote_asn}', frrconfig)
+
if __name__ == '__main__':
- unittest.main(verbosity=2, failfast=True)
+ unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_protocols_isis.py b/smoketest/scripts/cli/test_protocols_isis.py
index 11c765793..ee4be0b37 100755
--- a/smoketest/scripts/cli/test_protocols_isis.py
+++ b/smoketest/scripts/cli/test_protocols_isis.py
@@ -33,7 +33,7 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase):
cls._interfaces = Section.interfaces('ethernet')
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(TestProtocolsISIS, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
diff --git a/smoketest/scripts/cli/test_protocols_mpls.py b/smoketest/scripts/cli/test_protocols_mpls.py
index c6751cc42..76e6ca35a 100755
--- a/smoketest/scripts/cli/test_protocols_mpls.py
+++ b/smoketest/scripts/cli/test_protocols_mpls.py
@@ -68,7 +68,7 @@ profiles = {
class TestProtocolsMPLS(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestProtocolsMPLS, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
diff --git a/smoketest/scripts/cli/test_protocols_ospf.py b/smoketest/scripts/cli/test_protocols_ospf.py
index e433d06d0..e15ea478b 100755
--- a/smoketest/scripts/cli/test_protocols_ospf.py
+++ b/smoketest/scripts/cli/test_protocols_ospf.py
@@ -35,7 +35,7 @@ log = logging.getLogger('TestProtocolsOSPF')
class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestProtocolsOSPF, cls).setUpClass()
cls.cli_set(cls, ['policy', 'route-map', route_map, 'rule', '10', 'action', 'permit'])
cls.cli_set(cls, ['policy', 'route-map', route_map, 'rule', '20', 'action', 'permit'])
@@ -47,7 +47,7 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase):
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['policy', 'route-map', route_map])
- super(cls, cls).tearDownClass()
+ super(TestProtocolsOSPF, cls).tearDownClass()
def tearDown(self):
# Check for running process
diff --git a/smoketest/scripts/cli/test_protocols_ospfv3.py b/smoketest/scripts/cli/test_protocols_ospfv3.py
index 944190089..fa80ad555 100755
--- a/smoketest/scripts/cli/test_protocols_ospfv3.py
+++ b/smoketest/scripts/cli/test_protocols_ospfv3.py
@@ -33,7 +33,7 @@ default_area = '0'
class TestProtocolsOSPFv3(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestProtocolsOSPFv3, cls).setUpClass()
cls.cli_set(cls, ['policy', 'route-map', route_map, 'rule', '10', 'action', 'permit'])
cls.cli_set(cls, ['policy', 'route-map', route_map, 'rule', '20', 'action', 'permit'])
@@ -45,7 +45,7 @@ class TestProtocolsOSPFv3(VyOSUnitTestSHIM.TestCase):
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['policy', 'route-map', route_map])
- super(cls, cls).tearDownClass()
+ super(TestProtocolsOSPFv3, cls).tearDownClass()
def tearDown(self):
# Check for running process
diff --git a/smoketest/scripts/cli/test_protocols_static.py b/smoketest/scripts/cli/test_protocols_static.py
index 3ef9c76d8..19efe7786 100755
--- a/smoketest/scripts/cli/test_protocols_static.py
+++ b/smoketest/scripts/cli/test_protocols_static.py
@@ -94,13 +94,13 @@ tables = ['80', '81', '82']
class TestProtocolsStatic(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestProtocolsStatic, cls).setUpClass()
cls.cli_set(cls, ['vrf', 'name', 'black', 'table', '43210'])
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['vrf'])
- super(cls, cls).tearDownClass()
+ super(TestProtocolsStatic, cls).tearDownClass()
def tearDown(self):
for route, route_config in routes.items():
diff --git a/smoketest/scripts/cli/test_protocols_static_arp.py b/smoketest/scripts/cli/test_protocols_static_arp.py
new file mode 100755
index 000000000..b61d8f854
--- /dev/null
+++ b/smoketest/scripts/cli/test_protocols_static_arp.py
@@ -0,0 +1,88 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import json
+import unittest
+
+from base_vyostest_shim import VyOSUnitTestSHIM
+
+from vyos.util import cmd
+
+base_path = ['protocols', 'static', 'arp']
+interface = 'eth0'
+address = '192.0.2.1/24'
+
+class TestARP(VyOSUnitTestSHIM.TestCase):
+ @classmethod
+ def setUpClass(cls):
+ super(TestARP, cls).setUpClass()
+
+ # ensure we can also run this test on a live system - so lets clean
+ # out the current configuration :)
+ cls.cli_delete(cls, base_path)
+
+ # we need a L2 interface with a L3 address to properly configure ARP entries
+ cls.cli_set(cls, ['interfaces', 'ethernet', interface, 'address', address])
+
+ @classmethod
+ def tearDownClass(cls):
+ # cleanuop L2 interface
+ cls.cli_delete(cls, ['interfaces', 'ethernet', interface, 'address', address])
+ cls.cli_commit(cls)
+
+ super(TestARP, cls).tearDownClass()
+
+ def tearDown(self):
+ # delete test config
+ self.cli_delete(base_path)
+ self.cli_commit()
+
+ def test_static_arp(self):
+ test_data = {
+ '192.0.2.10' : { 'mac' : '00:01:02:03:04:0a' },
+ '192.0.2.11' : { 'mac' : '00:01:02:03:04:0b' },
+ '192.0.2.12' : { 'mac' : '00:01:02:03:04:0c' },
+ '192.0.2.13' : { 'mac' : '00:01:02:03:04:0d' },
+ '192.0.2.14' : { 'mac' : '00:01:02:03:04:0e' },
+ '192.0.2.15' : { 'mac' : '00:01:02:03:04:0f' },
+ }
+
+ for host, host_config in test_data.items():
+ self.cli_set(base_path + ['interface', interface, 'address', host, 'mac', host_config['mac']])
+
+ self.cli_commit()
+
+ arp_table = json.loads(cmd('ip -j -4 neigh show'))
+ for host, host_config in test_data.items():
+ # As we search within a list of hosts we need to mark if it was
+ # found or not. This ensures all hosts from test_data are processed
+ found = False
+ for entry in arp_table:
+ # Other ARP entry - not related to this testcase
+ if entry['dst'] not in list(test_data):
+ continue
+
+ if entry['dst'] == host:
+ self.assertEqual(entry['lladdr'], host_config['mac'])
+ self.assertEqual(entry['dev'], interface)
+ found = True
+
+ if found == False:
+ print(entry)
+ self.assertTrue(found)
+
+if __name__ == '__main__':
+ unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py
index 9adb9c042..9c9d6d9f1 100755
--- a/smoketest/scripts/cli/test_service_dhcp-server.py
+++ b/smoketest/scripts/cli/test_service_dhcp-server.py
@@ -38,7 +38,7 @@ domain_name = 'vyos.net'
class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestServiceDHCPServer, cls).setUpClass()
cidr_mask = subnet.split('/')[-1]
cls.cli_set(cls, ['interfaces', 'dummy', 'dum8765', 'address', f'{router}/{cidr_mask}'])
@@ -46,7 +46,7 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['interfaces', 'dummy', 'dum8765'])
- super(cls, cls).tearDownClass()
+ super(TestServiceDHCPServer, cls).tearDownClass()
def tearDown(self):
self.cli_delete(base_path)
diff --git a/smoketest/scripts/cli/test_service_dhcpv6-server.py b/smoketest/scripts/cli/test_service_dhcpv6-server.py
index 7177f1505..f83453323 100755
--- a/smoketest/scripts/cli/test_service_dhcpv6-server.py
+++ b/smoketest/scripts/cli/test_service_dhcpv6-server.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2020 VyOS maintainers and contributors
+# Copyright (C) 2020-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -32,16 +32,24 @@ dns_1 = '2001:db8::1'
dns_2 = '2001:db8::2'
domain = 'vyos.net'
nis_servers = ['2001:db8:ffff::1', '2001:db8:ffff::2']
-interface = 'eth1'
+interface = 'eth0'
interface_addr = inc_ip(subnet, 1) + '/64'
-class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
- def setUp(self):
- self.cli_set(['interfaces', 'ethernet', interface, 'address', interface_addr])
+class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase):
+ @classmethod
+ def setUpClass(cls):
+ super(TestServiceDHCPv6Server, cls).setUpClass()
+ cls.cli_set(cls, ['interfaces', 'ethernet', interface, 'address', interface_addr])
+
+ @classmethod
+ def tearDownClass(cls):
+ cls.cli_delete(cls, ['interfaces', 'ethernet', interface, 'address', interface_addr])
+ cls.cli_commit(cls)
+
+ super(TestServiceDHCPv6Server, cls).tearDownClass()
def tearDown(self):
self.cli_delete(base_path)
- self.cli_delete(['interfaces', 'ethernet', interface, 'address', interface_addr])
self.cli_commit()
def test_single_pool(self):
diff --git a/smoketest/scripts/cli/test_service_https.py b/smoketest/scripts/cli/test_service_https.py
index 9413d22d1..71fb3e177 100755
--- a/smoketest/scripts/cli/test_service_https.py
+++ b/smoketest/scripts/cli/test_service_https.py
@@ -15,16 +15,15 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
-import urllib3
from requests import request
+from urllib3.exceptions import InsecureRequestWarning
from base_vyostest_shim import VyOSUnitTestSHIM
+from base_vyostest_shim import ignore_warning
from vyos.util import read_file
from vyos.util import run
-urllib3.disable_warnings()
-
base_path = ['service', 'https']
pki_base = ['pki']
@@ -100,6 +99,7 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase):
ret = run('sudo /usr/sbin/nginx -t')
self.assertEqual(ret, 0)
+ @ignore_warning(InsecureRequestWarning)
def test_api_auth(self):
vhost_id = 'example'
address = '127.0.0.1'
diff --git a/smoketest/scripts/cli/test_service_ids.py b/smoketest/scripts/cli/test_service_ids.py
index ddb42e8f8..18f1b8ec5 100755
--- a/smoketest/scripts/cli/test_service_ids.py
+++ b/smoketest/scripts/cli/test_service_ids.py
@@ -30,7 +30,7 @@ base_path = ['service', 'ids', 'ddos-protection']
class TestServiceIDS(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestServiceIDS, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
diff --git a/smoketest/scripts/cli/test_service_lldp.py b/smoketest/scripts/cli/test_service_lldp.py
index 64fdd9d1b..439c96c33 100755
--- a/smoketest/scripts/cli/test_service_lldp.py
+++ b/smoketest/scripts/cli/test_service_lldp.py
@@ -37,7 +37,7 @@ class TestServiceLLDP(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(TestServiceLLDP, cls).setUpClass()
# create a test interfaces
for addr in mgmt_addr:
@@ -50,7 +50,7 @@ class TestServiceLLDP(VyOSUnitTestSHIM.TestCase):
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['interfaces', 'dummy', mgmt_if])
- super().tearDownClass()
+ super(TestServiceLLDP, cls).tearDownClass()
def tearDown(self):
# service must be running after it was configured
diff --git a/smoketest/scripts/cli/test_service_salt.py b/smoketest/scripts/cli/test_service_salt.py
index d89861342..00a4f2020 100755
--- a/smoketest/scripts/cli/test_service_salt.py
+++ b/smoketest/scripts/cli/test_service_salt.py
@@ -32,7 +32,7 @@ interface = 'dum4456'
class TestServiceSALT(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestServiceSALT, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
@@ -43,7 +43,7 @@ class TestServiceSALT(VyOSUnitTestSHIM.TestCase):
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['interfaces', 'dummy', interface])
- super(cls, cls).tearDownClass()
+ super(TestServiceSALT, cls).tearDownClass()
def tearDown(self):
# Check for running process
diff --git a/smoketest/scripts/cli/test_service_snmp.py b/smoketest/scripts/cli/test_service_snmp.py
index fc24fd54e..e80c689cc 100755
--- a/smoketest/scripts/cli/test_service_snmp.py
+++ b/smoketest/scripts/cli/test_service_snmp.py
@@ -49,7 +49,7 @@ def get_config_value(key):
class TestSNMPService(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestSNMPService, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py
index 9ed263655..0b029dd00 100755
--- a/smoketest/scripts/cli/test_service_ssh.py
+++ b/smoketest/scripts/cli/test_service_ssh.py
@@ -46,7 +46,7 @@ def get_config_value(key):
class TestServiceSSH(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestServiceSSH, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
@@ -213,5 +213,54 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase):
usernames = [x[0] for x in getpwall()]
self.assertNotIn(test_user, usernames)
+ def test_ssh_dynamic_protection(self):
+ # check sshguard service
+
+ SSHGUARD_CONFIG = '/etc/sshguard/sshguard.conf'
+ SSHGUARD_WHITELIST = '/etc/sshguard/whitelist'
+ SSHGUARD_PROCESS = 'sshguard'
+ block_time = '123'
+ detect_time = '1804'
+ port = '22'
+ threshold = '10'
+ allow_list = ['192.0.2.0/24', '2001:db8::/48']
+
+ self.cli_set(base_path + ['dynamic-protection', 'block-time', block_time])
+ self.cli_set(base_path + ['dynamic-protection', 'detect-time', detect_time])
+ self.cli_set(base_path + ['dynamic-protection', 'threshold', threshold])
+ for allow in allow_list:
+ self.cli_set(base_path + ['dynamic-protection', 'allow-from', allow])
+
+ # commit changes
+ self.cli_commit()
+
+ # Check configured port
+ tmp = get_config_value('Port')
+ self.assertIn(port, tmp)
+
+ # Check sshgurad service
+ self.assertTrue(process_named_running(SSHGUARD_PROCESS))
+
+ sshguard_lines = [
+ f'THRESHOLD={threshold}',
+ f'BLOCK_TIME={block_time}',
+ f'DETECTION_TIME={detect_time}'
+ ]
+
+ tmp_sshguard_conf = read_file(SSHGUARD_CONFIG)
+ for line in sshguard_lines:
+ self.assertIn(line, tmp_sshguard_conf)
+
+ tmp_whitelist_conf = read_file(SSHGUARD_WHITELIST)
+ for allow in allow_list:
+ self.assertIn(allow, tmp_whitelist_conf)
+
+ # Delete service ssh dynamic-protection
+ # but not service ssh itself
+ self.cli_delete(base_path + ['dynamic-protection'])
+ self.cli_commit()
+
+ self.assertFalse(process_named_running(SSHGUARD_PROCESS))
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_service_upnp.py b/smoketest/scripts/cli/test_service_upnp.py
index c3e9b600f..e4df88c1e 100755
--- a/smoketest/scripts/cli/test_service_upnp.py
+++ b/smoketest/scripts/cli/test_service_upnp.py
@@ -37,7 +37,7 @@ ipv6_addr = '2001:db8::1/64'
class TestServiceUPnP(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestServiceUPnP, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
@@ -51,7 +51,7 @@ class TestServiceUPnP(VyOSUnitTestSHIM.TestCase):
cls.cli_delete(cls, address_base)
cls._session.commit()
- super(cls, cls).tearDownClass()
+ super(TestServiceUPnP, cls).tearDownClass()
def tearDown(self):
# Check for running process
diff --git a/smoketest/scripts/cli/test_service_webproxy.py b/smoketest/scripts/cli/test_service_webproxy.py
index ebbd9fe55..772d6ab16 100755
--- a/smoketest/scripts/cli/test_service_webproxy.py
+++ b/smoketest/scripts/cli/test_service_webproxy.py
@@ -33,14 +33,14 @@ class TestServiceWebProxy(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(TestServiceWebProxy, cls).setUpClass()
# create a test interfaces
cls.cli_set(cls, ['interfaces', 'dummy', listen_if, 'address', listen_ip + '/32'])
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['interfaces', 'dummy', listen_if])
- super().tearDownClass()
+ super(TestServiceWebProxy, cls).tearDownClass()
def tearDown(self):
self.cli_delete(base_path)
diff --git a/smoketest/scripts/cli/test_system_flow-accounting.py b/smoketest/scripts/cli/test_system_flow-accounting.py
index 84f17bcb0..5a73ebc7d 100755
--- a/smoketest/scripts/cli/test_system_flow-accounting.py
+++ b/smoketest/scripts/cli/test_system_flow-accounting.py
@@ -32,7 +32,7 @@ uacctd_conf = '/run/pmacct/uacctd.conf'
class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestSystemFlowAccounting, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
diff --git a/smoketest/scripts/cli/test_system_ntp.py b/smoketest/scripts/cli/test_system_ntp.py
index c8cf04b7d..e2821687c 100755
--- a/smoketest/scripts/cli/test_system_ntp.py
+++ b/smoketest/scripts/cli/test_system_ntp.py
@@ -31,7 +31,7 @@ base_path = ['system', 'ntp']
class TestSystemNTP(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestSystemNTP, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index 1338fe81c..8a6514d57 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -114,7 +114,7 @@ rgiyCHemtMepq57Pl1Nmj49eEA==
class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestVPNIPsec, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
cls.cli_delete(cls, base_path)
@@ -123,8 +123,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
@classmethod
def tearDownClass(cls):
- super(cls, cls).tearDownClass()
-
+ super(TestVPNIPsec, cls).tearDownClass()
cls.cli_delete(cls, base_path + ['interface', f'{interface}.{vif}'])
def setUp(self):
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index 1f2c36f0d..bda279342 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -24,8 +24,27 @@ OCSERV_CONF = '/run/ocserv/ocserv.conf'
base_path = ['vpn', 'openconnect']
pki_path = ['pki']
-cert_data = 'MIICFDCCAbugAwIBAgIUfMbIsB/ozMXijYgUYG80T1ry+mcwCgYIKoZIzj0EAwIwWTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MB4XDTIxMDcyMDEyNDUxMloXDTI2MDcxOTEyNDUxMlowWTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE01HrLcNttqq4/PtoMua8rMWEkOdBu7vP94xzDO7A8C92ls1v86eePy4QllKCzIw3QxBIoCuH2peGRfWgPRdFsKNhMF8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSu+JnU5ZC4mkuEpqg2+Mk4K79oeDAKBggqhkjOPQQDAgNHADBEAiBEFdzQ/Bc3LftzngrY605UhA6UprHhAogKgROv7iR4QgIgEFUxTtW3xXJcnUPWhhUFhyZoqfn8dE93+dm/LDnp7C0='
-key_data = 'MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPLpD0Ohhoq0g4nhx2KMIuze7ucKUt/lBEB2wc03IxXyhRANCAATTUestw222qrj8+2gy5rysxYSQ50G7u8/3jHMM7sDwL3aWzW/zp54/LhCWUoLMjDdDEEigK4fal4ZF9aA9F0Ww'
+
+cert_data = """
+MIICFDCCAbugAwIBAgIUfMbIsB/ozMXijYgUYG80T1ry+mcwCgYIKoZIzj0EAwIw
+WTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNv
+bWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MB4XDTIx
+MDcyMDEyNDUxMloXDTI2MDcxOTEyNDUxMlowWTELMAkGA1UEBhMCR0IxEzARBgNV
+BAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlP
+UzESMBAGA1UEAwwJVnlPUyBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+01HrLcNttqq4/PtoMua8rMWEkOdBu7vP94xzDO7A8C92ls1v86eePy4QllKCzIw3
+QxBIoCuH2peGRfWgPRdFsKNhMF8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSu
++JnU5ZC4mkuEpqg2+Mk4K79oeDAKBggqhkjOPQQDAgNHADBEAiBEFdzQ/Bc3Lftz
+ngrY605UhA6UprHhAogKgROv7iR4QgIgEFUxTtW3xXJcnUPWhhUFhyZoqfn8dE93
++dm/LDnp7C0=
+"""
+
+key_data = """
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPLpD0Ohhoq0g4nhx
+2KMIuze7ucKUt/lBEB2wc03IxXyhRANCAATTUestw222qrj8+2gy5rysxYSQ50G7
+u8/3jHMM7sDwL3aWzW/zp54/LhCWUoLMjDdDEEigK4fal4ZF9aA9F0Ww
+"""
class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase):
def tearDown(self):
@@ -42,16 +61,16 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase):
self.cli_delete(pki_path)
self.cli_delete(base_path)
- self.cli_set(pki_path + ['ca', 'openconnect', 'certificate', cert_data])
- self.cli_set(pki_path + ['certificate', 'openconnect', 'certificate', cert_data])
- self.cli_set(pki_path + ['certificate', 'openconnect', 'private', 'key', key_data])
+ self.cli_set(pki_path + ['ca', 'openconnect', 'certificate', cert_data.replace('\n','')])
+ self.cli_set(pki_path + ['certificate', 'openconnect', 'certificate', cert_data.replace('\n','')])
+ self.cli_set(pki_path + ['certificate', 'openconnect', 'private', 'key', key_data.replace('\n','')])
- self.cli_set(base_path + ["authentication", "local-users", "username", user, "password", password])
- self.cli_set(base_path + ["authentication", "local-users", "username", user, "otp", "key", otp])
- self.cli_set(base_path + ["authentication", "mode", "local", "password-otp"])
- self.cli_set(base_path + ["network-settings", "client-ip-settings", "subnet", "192.0.2.0/24"])
- self.cli_set(base_path + ["ssl", "ca-certificate", 'openconnect'])
- self.cli_set(base_path + ["ssl", "certificate", 'openconnect'])
+ self.cli_set(base_path + ['authentication', 'local-users', 'username', user, 'password', password])
+ self.cli_set(base_path + ['authentication', 'local-users', 'username', user, 'otp', 'key', otp])
+ self.cli_set(base_path + ['authentication', 'mode', 'local', 'password-otp'])
+ self.cli_set(base_path + ['network-settings', 'client-ip-settings', 'subnet', '192.0.2.0/24'])
+ self.cli_set(base_path + ['ssl', 'ca-certificate', 'openconnect'])
+ self.cli_set(base_path + ['ssl', 'certificate', 'openconnect'])
self.cli_commit()
diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py
index c591d6cf5..176c095fb 100755
--- a/smoketest/scripts/cli/test_vrf.py
+++ b/smoketest/scripts/cli/test_vrf.py
@@ -49,7 +49,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase):
if not '.' in tmp:
cls._interfaces.append(tmp)
# call base-classes classmethod
- super(cls, cls).setUpClass()
+ super(VRFTest, cls).setUpClass()
def tearDown(self):
# delete all VRFs
@@ -127,6 +127,9 @@ class VRFTest(VyOSUnitTestSHIM.TestCase):
for vrf in vrfs:
# Ensure VRF was created
self.assertIn(vrf, interfaces())
+ # Verify IP forwarding is 1 (enabled)
+ self.assertEqual(read_file(f'/proc/sys/net/ipv4/conf/{vrf}/forwarding'), '1')
+ self.assertEqual(read_file(f'/proc/sys/net/ipv6/conf/{vrf}/forwarding'), '1')
# Test for proper loopback IP assignment
for addr in loopbacks:
self.assertTrue(is_intf_addr_assigned(vrf, addr))
@@ -267,5 +270,26 @@ class VRFTest(VyOSUnitTestSHIM.TestCase):
self.cli_delete(['interfaces', 'dummy', interface])
self.cli_commit()
+ def test_vrf_disable_forwarding(self):
+ table = '2000'
+ for vrf in vrfs:
+ base = base_path + ['name', vrf]
+ self.cli_set(base + ['table', table])
+ self.cli_set(base + ['ip', 'disable-forwarding'])
+ self.cli_set(base + ['ipv6', 'disable-forwarding'])
+ table = str(int(table) + 1)
+
+ # commit changes
+ self.cli_commit()
+
+ # Verify VRF configuration
+ loopbacks = ['127.0.0.1', '::1']
+ for vrf in vrfs:
+ # Ensure VRF was created
+ self.assertIn(vrf, interfaces())
+ # Verify IP forwarding is 0 (disabled)
+ self.assertEqual(read_file(f'/proc/sys/net/ipv4/conf/{vrf}/forwarding'), '0')
+ self.assertEqual(read_file(f'/proc/sys/net/ipv6/conf/{vrf}/forwarding'), '0')
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_zone_policy.py b/smoketest/scripts/cli/test_zone_policy.py
index 6e34f3179..2c580e2f1 100755
--- a/smoketest/scripts/cli/test_zone_policy.py
+++ b/smoketest/scripts/cli/test_zone_policy.py
@@ -23,13 +23,13 @@ from vyos.util import cmd
class TestZonePolicy(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
- super(cls, cls).setUpClass()
+ super(TestZonePolicy, cls).setUpClass()
cls.cli_set(cls, ['firewall', 'name', 'smoketest', 'default-action', 'drop'])
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['firewall'])
- super(cls, cls).tearDownClass()
+ super(TestZonePolicy, cls).tearDownClass()
def tearDown(self):
self.cli_delete(['zone-policy'])
diff --git a/src/conf_mode/arp.py b/src/conf_mode/arp.py
index aac07bd80..1cd8f5451 100755
--- a/src/conf_mode/arp.py
+++ b/src/conf_mode/arp.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -13,92 +13,62 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
-import sys
-import os
-import re
-import syslog as sl
+from sys import exit
from vyos.config import Config
+from vyos.configdict import node_changed
from vyos.util import call
from vyos import ConfigError
-
from vyos import airbag
airbag.enable()
-arp_cmd = '/usr/sbin/arp'
-
-def get_config():
- c = Config()
- if not c.exists('protocols static arp'):
- return None
-
- c.set_level('protocols static')
- config_data = {}
-
- for ip_addr in c.list_nodes('arp'):
- config_data.update(
- {
- ip_addr : c.return_value('arp ' + ip_addr + ' hwaddr')
- }
- )
+def get_config(config=None):
+ if config:
+ conf = config
+ else:
+ conf = Config()
- return config_data
+ base = ['protocols', 'static', 'arp']
+ arp = conf.get_config_dict(base, get_first_key=True)
-def generate(c):
- c_eff = Config()
- c_eff.set_level('protocols static')
- c_eff_cnf = {}
- for ip_addr in c_eff.list_effective_nodes('arp'):
- c_eff_cnf.update(
- {
- ip_addr : c_eff.return_effective_value('arp ' + ip_addr + ' hwaddr')
- }
- )
+ if 'interface' in arp:
+ for interface in arp['interface']:
+ tmp = node_changed(conf, base + ['interface', interface, 'address'], recursive=True)
+ if tmp: arp['interface'][interface].update({'address_old' : tmp})
- config_data = {
- 'remove' : [],
- 'update' : {}
- }
- ### removal
- if c == None:
- for ip_addr in c_eff_cnf:
- config_data['remove'].append(ip_addr)
- else:
- for ip_addr in c_eff_cnf:
- if not ip_addr in c or c[ip_addr] == None:
- config_data['remove'].append(ip_addr)
+ return arp
- ### add/update
- if c != None:
- for ip_addr in c:
- if not ip_addr in c_eff_cnf:
- config_data['update'][ip_addr] = c[ip_addr]
- if ip_addr in c_eff_cnf:
- if c[ip_addr] != c_eff_cnf[ip_addr] and c[ip_addr] != None:
- config_data['update'][ip_addr] = c[ip_addr]
+def verify(arp):
+ pass
- return config_data
+def generate(arp):
+ pass
-def apply(c):
- for ip_addr in c['remove']:
- sl.syslog(sl.LOG_NOTICE, "arp -d " + ip_addr)
- call(f'{arp_cmd} -d {ip_addr} >/dev/null 2>&1')
+def apply(arp):
+ if not arp:
+ return None
- for ip_addr in c['update']:
- sl.syslog(sl.LOG_NOTICE, "arp -s " + ip_addr + " " + c['update'][ip_addr])
- updated = c['update'][ip_addr]
- call(f'{arp_cmd} -s {ip_addr} {updated}')
+ if 'interface' in arp:
+ for interface, interface_config in arp['interface'].items():
+ # Delete old static ARP assignments first
+ if 'address_old' in interface_config:
+ for address in interface_config['address_old']:
+ call(f'ip neigh del {address} dev {interface}')
+ # Add new static ARP entries to interface
+ if 'address' not in interface_config:
+ continue
+ for address, address_config in interface_config['address'].items():
+ mac = address_config['mac']
+ call(f'ip neigh add {address} lladdr {mac} dev {interface}')
if __name__ == '__main__':
- try:
- c = get_config()
- ## syntax verification is done via cli
- config = generate(c)
- apply(config)
- except ConfigError as e:
- print(e)
- sys.exit(1)
+ try:
+ c = get_config()
+ verify(c)
+ generate(c)
+ apply(c)
+ except ConfigError as e:
+ print(e)
+ exit(1)
diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/bcast_relay.py
index d93a2a8f4..39a2971ce 100755
--- a/src/conf_mode/bcast_relay.py
+++ b/src/conf_mode/bcast_relay.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2017-2020 VyOS maintainers and contributors
+# Copyright (C) 2017-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -78,7 +78,7 @@ def generate(relay):
continue
config['instance'] = instance
- render(config_file_base + instance, 'bcast-relay/udp-broadcast-relay.tmpl',
+ render(config_file_base + instance, 'bcast-relay/udp-broadcast-relay.j2',
config)
return None
diff --git a/src/conf_mode/conntrack.py b/src/conf_mode/conntrack.py
index aabf2bdf5..82289526f 100755
--- a/src/conf_mode/conntrack.py
+++ b/src/conf_mode/conntrack.py
@@ -101,9 +101,9 @@ def verify(conntrack):
return None
def generate(conntrack):
- render(conntrack_config, 'conntrack/vyos_nf_conntrack.conf.tmpl', conntrack)
- render(sysctl_file, 'conntrack/sysctl.conf.tmpl', conntrack)
- render(nftables_ct_file, 'conntrack/nftables-ct.tmpl', conntrack)
+ render(conntrack_config, 'conntrack/vyos_nf_conntrack.conf.j2', conntrack)
+ render(sysctl_file, 'conntrack/sysctl.conf.j2', conntrack)
+ render(nftables_ct_file, 'conntrack/nftables-ct.j2', conntrack)
# dry-run newly generated configuration
tmp = run(f'nft -c -f {nftables_ct_file}')
diff --git a/src/conf_mode/conntrack_sync.py b/src/conf_mode/conntrack_sync.py
index 34d1f7398..c4b2bb488 100755
--- a/src/conf_mode/conntrack_sync.py
+++ b/src/conf_mode/conntrack_sync.py
@@ -111,11 +111,12 @@ def generate(conntrack):
os.unlink(config_file)
return None
- render(config_file, 'conntrackd/conntrackd.conf.tmpl', conntrack)
+ render(config_file, 'conntrackd/conntrackd.conf.j2', conntrack)
return None
def apply(conntrack):
+ systemd_service = 'conntrackd.service'
if not conntrack:
# Failover mechanism daemon should be indicated that it no longer needs
# to execute conntrackd actions on transition. This is only required
@@ -123,7 +124,7 @@ def apply(conntrack):
if process_named_running('conntrackd'):
resync_vrrp()
- call('systemctl stop conntrackd.service')
+ call(f'systemctl stop {systemd_service}')
return None
# Failover mechanism daemon should be indicated that it needs to execute
@@ -132,7 +133,7 @@ def apply(conntrack):
if not process_named_running('conntrackd'):
resync_vrrp()
- call('systemctl restart conntrackd.service')
+ call(f'systemctl reload-or-restart {systemd_service}')
return None
if __name__ == '__main__':
diff --git a/src/conf_mode/containers.py b/src/conf_mode/container.py
index 516671844..2110fd9e0 100755
--- a/src/conf_mode/containers.py
+++ b/src/conf_mode/container.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -15,20 +15,19 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
-import json
from ipaddress import ip_address
from ipaddress import ip_network
from time import sleep
from json import dumps as json_write
+from vyos.base import Warning
from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configdict import node_changed
from vyos.util import call
from vyos.util import cmd
from vyos.util import run
-from vyos.util import read_file
from vyos.util import write_file
from vyos.template import inc_ip
from vyos.template import is_ipv4
@@ -42,6 +41,20 @@ airbag.enable()
config_containers_registry = '/etc/containers/registries.conf'
config_containers_storage = '/etc/containers/storage.conf'
+def _run_rerun(container_cmd):
+ counter = 0
+ while True:
+ if counter >= 10:
+ break
+ try:
+ _cmd(container_cmd)
+ break
+ except:
+ counter = counter +1
+ sleep(0.5)
+
+ return None
+
def _cmd(command):
if os.path.exists('/tmp/vyos.container.debug'):
print(command)
@@ -77,10 +90,10 @@ def get_config(config=None):
container['name'][name] = dict_merge(default_values, container['name'][name])
# Delete container network, delete containers
- tmp = node_changed(conf, ['container', 'network'])
+ tmp = node_changed(conf, base + ['container', 'network'])
if tmp: container.update({'network_remove' : tmp})
- tmp = node_changed(conf, ['container', 'name'])
+ tmp = node_changed(conf, base + ['container', 'name'])
if tmp: container.update({'container_remove' : tmp})
return container
@@ -93,6 +106,26 @@ def verify(container):
# Add new container
if 'name' in container:
for name, container_config in container['name'].items():
+ # Container image is a mandatory option
+ if 'image' not in container_config:
+ raise ConfigError(f'Container image for "{name}" is mandatory!')
+
+ # Check if requested container image exists locally. If it does not
+ # exist locally - inform the user. This is required as there is a
+ # shared container image storage accross all VyOS images. A user can
+ # delete a container image from the system, boot into another version
+ # of VyOS and then it would fail to boot. This is to prevent any
+ # configuration error when container images are deleted from the
+ # global storage. A per image local storage would be a super waste
+ # of diskspace as there will be a full copy (up tu several GB/image)
+ # on upgrade. This is the "cheapest" and fastest solution in terms
+ # of image upgrade and deletion.
+ image = container_config['image']
+ if run(f'podman image exists {image}') != 0:
+ Warning(f'Image "{image}" used in contianer "{name}" does not exist '\
+ f'locally. Please use "add container image {image}" to add it '\
+ f'to the system! Container "{name}" will not be started!')
+
if 'network' in container_config:
if len(container_config['network']) > 1:
raise ConfigError(f'Only one network can be specified for container "{name}"!')
@@ -151,10 +184,6 @@ def verify(container):
if not os.path.exists(source):
raise ConfigError(f'Volume "{volume}" source path "{source}" does not exist!')
- # Container image is a mandatory option
- if 'image' not in container_config:
- raise ConfigError(f'Container image for "{name}" is mandatory!')
-
# If 'allow-host-networks' or 'network' not set.
if 'allow_host_networks' not in container_config and 'network' not in container_config:
raise ConfigError(f'Must either set "network" or "allow-host-networks" for container "{name}"!')
@@ -194,6 +223,10 @@ def verify(container):
def generate(container):
# bail out early - looks like removal from running config
if not container:
+ if os.path.exists(config_containers_registry):
+ os.unlink(config_containers_registry)
+ if os.path.exists(config_containers_storage):
+ os.unlink(config_containers_storage)
return None
if 'network' in container:
@@ -227,8 +260,8 @@ def generate(container):
write_file(f'/etc/cni/net.d/{network}.conflist', json_write(tmp, indent=2))
- render(config_containers_registry, 'containers/registry.tmpl', container)
- render(config_containers_storage, 'containers/storage.tmpl', container)
+ render(config_containers_registry, 'container/registries.conf.j2', container)
+ render(config_containers_storage, 'container/storage.conf.j2', container)
return None
@@ -252,6 +285,11 @@ def apply(container):
for name, container_config in container['name'].items():
image = container_config['image']
+ if run(f'podman image exists {image}') != 0:
+ # container image does not exist locally - user already got
+ # informed by a WARNING in verfiy() - bail out early
+ continue
+
if 'disable' in container_config:
# check if there is a container by that name running
tmp = _cmd('podman ps -a --format "{{.Names}}"')
@@ -263,13 +301,6 @@ def apply(container):
memory = container_config['memory']
restart = container_config['restart']
- # Check if requested container image exists locally. If it does not, we
- # pull it. print() is the best way to have a good response from the
- # polling process to the user to display progress. If the image exists
- # locally, a user can update it running `update container image <name>`
- tmp = run(f'podman image exists {image}')
- if tmp != 0: print(os.system(f'podman pull {image}'))
-
# Add capability options. Should be in uppercase
cap_add = ''
if 'cap_add' in container_config:
@@ -318,7 +349,7 @@ def apply(container):
f'--memory {memory}m --memory-swap 0 --restart {restart} ' \
f'--name {name} {device} {port} {volume} {env_opt}'
if 'allow_host_networks' in container_config:
- run(f'{container_base_cmd} --net host {image}')
+ _run_rerun(f'{container_base_cmd} --net host {image}')
else:
for network in container_config['network']:
ipparam = ''
@@ -326,25 +357,10 @@ def apply(container):
address = container_config['network'][network]['address']
ipparam = f'--ip {address}'
- run(f'{container_base_cmd} --net {network} {ipparam} {image}')
-
- return None
-
-def run(container_cmd):
- counter = 0
- while True:
- if counter >= 10:
- break
- try:
- _cmd(container_cmd)
- break
- except:
- counter = counter +1
- sleep(0.5)
+ _run_rerun(f'{container_base_cmd} --net {network} {ipparam} {image}')
return None
-
if __name__ == '__main__':
try:
c = get_config()
diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py
index 9922f2c5c..078ff327c 100755
--- a/src/conf_mode/dhcpv6_server.py
+++ b/src/conf_mode/dhcpv6_server.py
@@ -41,7 +41,9 @@ def get_config(config=None):
if not conf.exists(base):
return None
- dhcpv6 = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True)
+ dhcpv6 = conf.get_config_dict(base, key_mangling=('-', '_'),
+ get_first_key=True,
+ no_tag_node_value_mangle=True)
return dhcpv6
def verify(dhcpv6):
@@ -51,7 +53,7 @@ def verify(dhcpv6):
# If DHCP is enabled we need one share-network
if 'shared_network_name' not in dhcpv6:
- raise ConfigError('No DHCPv6 shared networks configured. At least\n' \
+ raise ConfigError('No DHCPv6 shared networks configured. At least '\
'one DHCPv6 shared network must be configured.')
# Inspect shared-network/subnet
@@ -60,8 +62,9 @@ def verify(dhcpv6):
for network, network_config in dhcpv6['shared_network_name'].items():
# A shared-network requires a subnet definition
if 'subnet' not in network_config:
- raise ConfigError(f'No DHCPv6 lease subnets configured for "{network}". At least one\n' \
- 'lease subnet must be configured for each shared network!')
+ raise ConfigError(f'No DHCPv6 lease subnets configured for "{network}". '\
+ 'At least one lease subnet must be configured for '\
+ 'each shared network!')
for subnet, subnet_config in network_config['subnet'].items():
if 'address_range' in subnet_config:
@@ -83,20 +86,20 @@ def verify(dhcpv6):
# Stop address must be greater or equal to start address
if not ip_address(stop) >= ip_address(start):
- raise ConfigError(f'address-range stop address "{stop}" must be greater or equal\n' \
+ raise ConfigError(f'address-range stop address "{stop}" must be greater then or equal ' \
f'to the range start address "{start}"!')
# DHCPv6 range start address must be unique - two ranges can't
# start with the same address - makes no sense
if start in range6_start:
- raise ConfigError(f'Conflicting DHCPv6 lease range:\n' \
+ raise ConfigError(f'Conflicting DHCPv6 lease range: '\
f'Pool start address "{start}" defined multipe times!')
range6_start.append(start)
# DHCPv6 range stop address must be unique - two ranges can't
# end with the same address - makes no sense
if stop in range6_stop:
- raise ConfigError(f'Conflicting DHCPv6 lease range:\n' \
+ raise ConfigError(f'Conflicting DHCPv6 lease range: '\
f'Pool stop address "{stop}" defined multipe times!')
range6_stop.append(stop)
@@ -112,7 +115,7 @@ def verify(dhcpv6):
for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items():
if 'stop' not in prefix_config:
- raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}"\n'
+ raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\
f'must be configured')
if 'prefix_length' not in prefix_config:
@@ -126,6 +129,10 @@ def verify(dhcpv6):
if ip_address(mapping_config['ipv6_address']) not in ip_network(subnet):
raise ConfigError(f'static-mapping address for mapping "{mapping}" is not in subnet "{subnet}"!')
+ if 'vendor_option' in subnet_config:
+ if len(dict_search('vendor_option.cisco.tftp_server', subnet_config)) > 2:
+ raise ConfigError(f'No more then two Cisco tftp-servers should be defined for subnet "{subnet}"!')
+
# Subnets must be unique
if subnet in subnets:
raise ConfigError(f'DHCPv6 subnets must be unique! Subnet {subnet} defined multiple times!')
@@ -149,8 +156,8 @@ def verify(dhcpv6):
raise ConfigError('DHCPv6 conflicting subnet ranges: {0} overlaps {1}'.format(net, net2))
if not listen_ok:
- raise ConfigError('None of the DHCPv6 subnets are connected to a subnet6 on\n' \
- 'this machine. At least one subnet6 must be connected such that\n' \
+ raise ConfigError('None of the DHCPv6 subnets are connected to a subnet6 on '\
+ 'this machine. At least one subnet6 must be connected such that '\
'DHCPv6 listens on an interface!')
@@ -166,15 +173,15 @@ def generate(dhcpv6):
def apply(dhcpv6):
# bail out early - looks like removal from running config
+ service_name = 'isc-dhcp-server6.service'
if not dhcpv6 or 'disable' in dhcpv6:
# DHCP server is removed in the commit
- call('systemctl stop isc-dhcp-server6.service')
+ call(f'systemctl stop {service_name}')
if os.path.exists(config_file):
os.unlink(config_file)
-
return None
- call('systemctl restart isc-dhcp-server6.service')
+ call(f'systemctl restart {service_name}')
return None
if __name__ == '__main__':
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index de78d53a8..6924bf555 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -327,8 +327,8 @@ def generate(firewall):
else:
firewall['cleanup_commands'] = cleanup_commands(firewall)
- render(nftables_conf, 'firewall/nftables.tmpl', firewall)
- render(nftables_defines_conf, 'firewall/nftables-defines.tmpl', firewall)
+ render(nftables_conf, 'firewall/nftables.j2', firewall)
+ render(nftables_defines_conf, 'firewall/nftables-defines.j2', firewall)
return None
def apply_sysfs(firewall):
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py
index 25bf54790..7f7a98b04 100755
--- a/src/conf_mode/flow_accounting_conf.py
+++ b/src/conf_mode/flow_accounting_conf.py
@@ -239,8 +239,8 @@ def generate(flow_config):
if not flow_config:
return None
- render(uacctd_conf_path, 'pmacct/uacctd.conf.tmpl', flow_config)
- render(systemd_override, 'pmacct/override.conf.tmpl', flow_config)
+ render(uacctd_conf_path, 'pmacct/uacctd.conf.j2', flow_config)
+ render(systemd_override, 'pmacct/override.conf.j2', flow_config)
# Reload systemd manager configuration
call('systemctl daemon-reload')
diff --git a/src/conf_mode/high-availability.py b/src/conf_mode/high-availability.py
index 7d51bb393..e14050dd3 100755
--- a/src/conf_mode/high-availability.py
+++ b/src/conf_mode/high-availability.py
@@ -28,7 +28,6 @@ from vyos.template import render
from vyos.template import is_ipv4
from vyos.template import is_ipv6
from vyos.util import call
-from vyos.util import is_systemd_service_running
from vyos.xml import defaults
from vyos import ConfigError
from vyos import airbag
@@ -152,7 +151,7 @@ def generate(ha):
if not ha:
return None
- render(VRRP.location['config'], 'high-availability/keepalived.conf.tmpl', ha)
+ render(VRRP.location['config'], 'high-availability/keepalived.conf.j2', ha)
return None
def apply(ha):
@@ -161,12 +160,7 @@ def apply(ha):
call(f'systemctl stop {service_name}')
return None
- # XXX: T3944 - reload keepalived configuration if service is already running
- # to not cause any service disruption when applying changes.
- if is_systemd_service_running(service_name):
- call(f'systemctl reload {service_name}')
- else:
- call(f'systemctl restart {service_name}')
+ call(f'systemctl reload-or-restart {service_name}')
return None
if __name__ == '__main__':
diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index 00f3d4f7f..4a7906c17 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -117,7 +117,7 @@ def generate(http_api):
with open(api_conf_file, 'w') as f:
json.dump(http_api, f, indent=2)
- render(systemd_service, 'https/vyos-http-api.service.tmpl', http_api)
+ render(systemd_service, 'https/vyos-http-api.service.j2', http_api)
return None
def apply(http_api):
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 37fa36797..3057357fc 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -214,8 +214,8 @@ def generate(https):
'certbot': certbot
}
- render(config_file, 'https/nginx.default.tmpl', data)
- render(systemd_override, 'https/override.conf.tmpl', https)
+ render(config_file, 'https/nginx.default.j2', data)
+ render(systemd_override, 'https/override.conf.j2', https)
return None
def apply(https):
diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/igmp_proxy.py
index 37df3dc92..de6a51c64 100755
--- a/src/conf_mode/igmp_proxy.py
+++ b/src/conf_mode/igmp_proxy.py
@@ -96,7 +96,7 @@ def generate(igmp_proxy):
Warning('IGMP Proxy will be deactivated because it is disabled')
return None
- render(config_file, 'igmp-proxy/igmpproxy.conf.tmpl', igmp_proxy)
+ render(config_file, 'igmp-proxy/igmpproxy.conf.j2', igmp_proxy)
return None
diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py
index ad5a0f499..4167594e3 100755
--- a/src/conf_mode/interfaces-bonding.py
+++ b/src/conf_mode/interfaces-bonding.py
@@ -68,7 +68,7 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'bonding']
- bond = get_interface_dict(conf, base)
+ ifname, bond = get_interface_dict(conf, base)
# To make our own life easier transfor the list of member interfaces
# into a dictionary - we will use this to add additional information
@@ -81,14 +81,14 @@ def get_config(config=None):
if 'mode' in bond:
bond['mode'] = get_bond_mode(bond['mode'])
- tmp = leaf_node_changed(conf, ['mode'])
+ tmp = leaf_node_changed(conf, base + [ifname, 'mode'])
if tmp: bond.update({'shutdown_required': {}})
- tmp = leaf_node_changed(conf, ['lacp-rate'])
+ tmp = leaf_node_changed(conf, base + [ifname, 'lacp-rate'])
if tmp: bond.update({'shutdown_required': {}})
# determine which members have been removed
- interfaces_removed = leaf_node_changed(conf, ['member', 'interface'])
+ interfaces_removed = leaf_node_changed(conf, base + [ifname, 'member', 'interface'])
if interfaces_removed:
bond.update({'shutdown_required': {}})
if 'member' not in bond:
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index b1f7e6d7c..38ae727c1 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -50,15 +50,15 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'bridge']
- bridge = get_interface_dict(conf, base)
+ ifname, bridge = get_interface_dict(conf, base)
# determine which members have been removed
- tmp = node_changed(conf, ['member', 'interface'], key_mangling=('-', '_'))
+ tmp = node_changed(conf, base + [ifname, 'member', 'interface'], key_mangling=('-', '_'))
if tmp:
if 'member' in bridge:
- bridge['member'].update({'interface_remove': tmp })
+ bridge['member'].update({'interface_remove' : tmp })
else:
- bridge.update({'member': {'interface_remove': tmp }})
+ bridge.update({'member' : {'interface_remove' : tmp }})
if dict_search('member.interface', bridge):
# XXX: T2665: we need a copy of the dict keys for iteration, else we will get:
diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces-dummy.py
index 4a1eb7b93..e771581e1 100755
--- a/src/conf_mode/interfaces-dummy.py
+++ b/src/conf_mode/interfaces-dummy.py
@@ -37,7 +37,7 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'dummy']
- dummy = get_interface_dict(conf, base)
+ _, dummy = get_interface_dict(conf, base)
return dummy
def verify(dummy):
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index 333d39e0e..fec4456fb 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -65,7 +65,7 @@ def get_config(config=None):
get_first_key=True, no_tag_node_value_mangle=True)
base = ['interfaces', 'ethernet']
- ethernet = get_interface_dict(conf, base)
+ _, ethernet = get_interface_dict(conf, base)
if 'deleted' not in ethernet:
if pki: ethernet['pki'] = pki
diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces-geneve.py
index 26d248579..b9cf2fa3c 100755
--- a/src/conf_mode/interfaces-geneve.py
+++ b/src/conf_mode/interfaces-geneve.py
@@ -22,7 +22,7 @@ from netifaces import interfaces
from vyos.config import Config
from vyos.configdict import get_interface_dict
from vyos.configdict import leaf_node_changed
-from vyos.configdict import node_changed
+from vyos.configdict import is_node_changed
from vyos.configverify import verify_address
from vyos.configverify import verify_mtu_ipv6
from vyos.configverify import verify_bridge_delete
@@ -43,16 +43,16 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'geneve']
- geneve = get_interface_dict(conf, base)
+ ifname, geneve = get_interface_dict(conf, base)
# GENEVE interfaces are picky and require recreation if certain parameters
# change. But a GENEVE interface should - of course - not be re-created if
# it's description or IP address is adjusted. Feels somehow logic doesn't it?
for cli_option in ['remote', 'vni']:
- if leaf_node_changed(conf, cli_option):
+ if leaf_node_changed(conf, base + [ifname, cli_option]):
geneve.update({'rebuild_required': {}})
- if node_changed(conf, ['parameters'], recursive=True):
+ if is_node_changed(conf, base + [ifname, 'parameters']):
geneve.update({'rebuild_required': {}})
return geneve
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py
index 22256bf4f..6a486f969 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces-l2tpv3.py
@@ -45,15 +45,15 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'l2tpv3']
- l2tpv3 = get_interface_dict(conf, base)
+ ifname, l2tpv3 = get_interface_dict(conf, base)
# To delete an l2tpv3 interface we need the current tunnel and session-id
if 'deleted' in l2tpv3:
- tmp = leaf_node_changed(conf, ['tunnel-id'])
+ tmp = leaf_node_changed(conf, base + [ifname, 'tunnel-id'])
# leaf_node_changed() returns a list
l2tpv3.update({'tunnel_id': tmp[0]})
- tmp = leaf_node_changed(conf, ['session-id'])
+ tmp = leaf_node_changed(conf, base + [ifname, 'session-id'])
l2tpv3.update({'session_id': tmp[0]})
return l2tpv3
diff --git a/src/conf_mode/interfaces-loopback.py b/src/conf_mode/interfaces-loopback.py
index e4bc15bb5..08d34477a 100755
--- a/src/conf_mode/interfaces-loopback.py
+++ b/src/conf_mode/interfaces-loopback.py
@@ -36,7 +36,7 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'loopback']
- loopback = get_interface_dict(conf, base)
+ _, loopback = get_interface_dict(conf, base)
return loopback
def verify(loopback):
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index c71863e61..279dd119b 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -48,7 +48,7 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'macsec']
- macsec = get_interface_dict(conf, base)
+ ifname, macsec = get_interface_dict(conf, base)
# Check if interface has been removed
if 'deleted' in macsec:
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index a9be093c2..4750ca3e8 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -32,7 +32,7 @@ from shutil import rmtree
from vyos.config import Config
from vyos.configdict import get_interface_dict
-from vyos.configdict import leaf_node_changed
+from vyos.configdict import is_node_changed
from vyos.configverify import verify_vrf
from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_mirror_redirect
@@ -85,13 +85,12 @@ def get_config(config=None):
tmp_pki = conf.get_config_dict(['pki'], key_mangling=('-', '_'),
get_first_key=True, no_tag_node_value_mangle=True)
- openvpn = get_interface_dict(conf, base)
+ ifname, openvpn = get_interface_dict(conf, base)
if 'deleted' not in openvpn:
openvpn['pki'] = tmp_pki
-
- tmp = leaf_node_changed(conf, ['openvpn-option'])
- if tmp: openvpn['restart_required'] = ''
+ if is_node_changed(conf, base + [ifname, 'openvpn-option']):
+ openvpn.update({'restart_required': {}})
# We have to get the dict using 'get_config_dict' instead of 'get_interface_dict'
# as 'get_interface_dict' merges the defaults in, so we can not check for defaults in there.
diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py
index bfb1fadd5..e2fdc7a42 100755
--- a/src/conf_mode/interfaces-pppoe.py
+++ b/src/conf_mode/interfaces-pppoe.py
@@ -22,7 +22,9 @@ from netifaces import interfaces
from vyos.config import Config
from vyos.configdict import get_interface_dict
+from vyos.configdict import is_node_changed
from vyos.configdict import leaf_node_changed
+from vyos.configdict import get_pppoe_interfaces
from vyos.configverify import verify_authentication
from vyos.configverify import verify_source_interface
from vyos.configverify import verify_interface_exists
@@ -47,33 +49,17 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'pppoe']
- pppoe = get_interface_dict(conf, base)
+ ifname, pppoe = get_interface_dict(conf, base)
# We should only terminate the PPPoE session if critical parameters change.
# All parameters that can be changed on-the-fly (like interface description)
# should not lead to a reconnect!
- tmp = leaf_node_changed(conf, ['access-concentrator'])
- if tmp: pppoe.update({'shutdown_required': {}})
-
- tmp = leaf_node_changed(conf, ['connect-on-demand'])
- if tmp: pppoe.update({'shutdown_required': {}})
-
- tmp = leaf_node_changed(conf, ['service-name'])
- if tmp: pppoe.update({'shutdown_required': {}})
-
- tmp = leaf_node_changed(conf, ['source-interface'])
- if tmp: pppoe.update({'shutdown_required': {}})
-
- tmp = leaf_node_changed(conf, ['vrf'])
- # leaf_node_changed() returns a list, as VRF is a non-multi node, there
- # will be only one list element
- if tmp: pppoe.update({'vrf_old': tmp[0]})
-
- tmp = leaf_node_changed(conf, ['authentication', 'user'])
- if tmp: pppoe.update({'shutdown_required': {}})
-
- tmp = leaf_node_changed(conf, ['authentication', 'password'])
- if tmp: pppoe.update({'shutdown_required': {}})
+ for options in ['access-concentrator', 'connect-on-demand', 'service-name',
+ 'source-interface', 'vrf', 'no-default-route', 'authentication']:
+ if is_node_changed(conf, base + [ifname, options]):
+ pppoe.update({'shutdown_required': {}})
+ # bail out early - no need to further process other nodes
+ break
return pppoe
@@ -106,7 +92,7 @@ def generate(pppoe):
return None
# Create PPP configuration files
- render(config_pppoe, 'pppoe/peer.tmpl', pppoe, permission=0o640)
+ render(config_pppoe, 'pppoe/peer.j2', pppoe, permission=0o640)
return None
@@ -120,7 +106,7 @@ def apply(pppoe):
return None
# reconnect should only be necessary when certain config options change,
- # like ACS name, authentication, no-peer-dns, source-interface
+ # like ACS name, authentication ... (see get_config() for details)
if ((not is_systemd_service_running(f'ppp@{ifname}.service')) or
'shutdown_required' in pppoe):
@@ -130,6 +116,9 @@ def apply(pppoe):
p.remove()
call(f'systemctl restart ppp@{ifname}.service')
+ # When interface comes "live" a hook is called:
+ # /etc/ppp/ip-up.d/99-vyos-pppoe-callback
+ # which triggers PPPoEIf.update()
else:
if os.path.isdir(f'/sys/class/net/{ifname}'):
p = PPPoEIf(ifname)
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index f2c85554f..1cd3fe276 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -18,7 +18,7 @@ from sys import exit
from vyos.config import Config
from vyos.configdict import get_interface_dict
-from vyos.configdict import leaf_node_changed
+from vyos.configdict import is_node_changed
from vyos.configverify import verify_vrf
from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
@@ -42,14 +42,14 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'pseudo-ethernet']
- peth = get_interface_dict(conf, base)
+ ifname, peth = get_interface_dict(conf, base)
- mode = leaf_node_changed(conf, ['mode'])
- if mode: peth.update({'mode_old' : mode})
+ mode = is_node_changed(conf, ['mode'])
+ if mode: peth.update({'shutdown_required' : {}})
if 'source_interface' in peth:
- peth['parent'] = get_interface_dict(conf, ['interfaces', 'ethernet'],
- peth['source_interface'])
+ _, peth['parent'] = get_interface_dict(conf, ['interfaces', 'ethernet'],
+ peth['source_interface'])
return peth
def verify(peth):
diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py
index f4668d976..eff7f373c 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces-tunnel.py
@@ -48,10 +48,10 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'tunnel']
- tunnel = get_interface_dict(conf, base)
+ ifname, tunnel = get_interface_dict(conf, base)
if 'deleted' not in tunnel:
- tmp = leaf_node_changed(conf, ['encapsulation'])
+ tmp = leaf_node_changed(conf, base + [ifname, 'encapsulation'])
if tmp: tunnel.update({'encapsulation_changed': {}})
# We also need to inspect other configured tunnels as there are Kernel
diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py
index f06fdff1b..f4b0436af 100755
--- a/src/conf_mode/interfaces-vti.py
+++ b/src/conf_mode/interfaces-vti.py
@@ -36,7 +36,7 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'vti']
- vti = get_interface_dict(conf, base)
+ _, vti = get_interface_dict(conf, base)
return vti
def verify(vti):
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index 53704827e..f44d754ba 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -23,7 +23,7 @@ from vyos.base import Warning
from vyos.config import Config
from vyos.configdict import get_interface_dict
from vyos.configdict import leaf_node_changed
-from vyos.configdict import node_changed
+from vyos.configdict import is_node_changed
from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_mtu_ipv6
@@ -46,17 +46,17 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'vxlan']
- vxlan = get_interface_dict(conf, base)
+ ifname, vxlan = get_interface_dict(conf, base)
# VXLAN interfaces are picky and require recreation if certain parameters
# change. But a VXLAN interface should - of course - not be re-created if
# it's description or IP address is adjusted. Feels somehow logic doesn't it?
for cli_option in ['external', 'gpe', 'group', 'port', 'remote',
'source-address', 'source-interface', 'vni']:
- if leaf_node_changed(conf, cli_option):
+ if leaf_node_changed(conf, base + [ifname, cli_option]):
vxlan.update({'rebuild_required': {}})
- if node_changed(conf, ['parameters'], recursive=True):
+ if is_node_changed(conf, base + [ifname, 'parameters']):
vxlan.update({'rebuild_required': {}})
# We need to verify that no other VXLAN tunnel is configured when external
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index b404375d6..180ffa507 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018-2020 VyOS maintainers and contributors
+# Copyright (C) 2018-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -46,17 +46,17 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'wireguard']
- wireguard = get_interface_dict(conf, base)
+ ifname, wireguard = get_interface_dict(conf, base)
# Check if a port was changed
- wireguard['port_changed'] = leaf_node_changed(conf, ['port'])
+ wireguard['port_changed'] = leaf_node_changed(conf, base + [ifname, 'port'])
# Determine which Wireguard peer has been removed.
# Peers can only be removed with their public key!
dict = {}
- tmp = node_changed(conf, ['peer'], key_mangling=('-', '_'))
+ tmp = node_changed(conf, base + [ifname, 'peer'], key_mangling=('-', '_'))
for peer in (tmp or []):
- public_key = leaf_node_changed(conf, ['peer', peer, 'public_key'])
+ public_key = leaf_node_changed(conf, base + [ifname, 'peer', peer, 'public_key'])
if public_key:
dict = dict_merge({'peer_remove' : {peer : {'public_key' : public_key[0]}}}, dict)
wireguard.update(dict)
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 7fc22cdab..d34297063 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -76,15 +76,19 @@ def get_config(config=None):
conf = Config()
base = ['interfaces', 'wireless']
- wifi = get_interface_dict(conf, base)
+ ifname, wifi = get_interface_dict(conf, base)
# Cleanup "delete" default values when required user selectable values are
# not defined at all
- tmp = conf.get_config_dict([], key_mangling=('-', '_'), get_first_key=True)
+ tmp = conf.get_config_dict(base + [ifname], key_mangling=('-', '_'),
+ get_first_key=True)
if not (dict_search('security.wpa.passphrase', tmp) or
dict_search('security.wpa.radius', tmp)):
if 'deleted' not in wifi:
del wifi['security']['wpa']
+ # if 'security' key is empty, drop it too
+ if len(wifi['security']) == 0:
+ del wifi['security']
# defaults include RADIUS server specifics per TAG node which need to be
# added to individual RADIUS servers instead - so we can simply delete them
diff --git a/src/conf_mode/interfaces-wwan.py b/src/conf_mode/interfaces-wwan.py
index 9a33039a3..e275ace84 100755
--- a/src/conf_mode/interfaces-wwan.py
+++ b/src/conf_mode/interfaces-wwan.py
@@ -21,7 +21,7 @@ from time import sleep
from vyos.config import Config
from vyos.configdict import get_interface_dict
-from vyos.configdict import leaf_node_changed
+from vyos.configdict import is_node_changed
from vyos.configverify import verify_authentication
from vyos.configverify import verify_interface_exists
from vyos.configverify import verify_mirror_redirect
@@ -50,42 +50,36 @@ def get_config(config=None):
else:
conf = Config()
base = ['interfaces', 'wwan']
- wwan = get_interface_dict(conf, base)
+ ifname, wwan = get_interface_dict(conf, base)
# We should only terminate the WWAN session if critical parameters change.
# All parameters that can be changed on-the-fly (like interface description)
# should not lead to a reconnect!
- tmp = leaf_node_changed(conf, ['address'])
+ tmp = is_node_changed(conf, base + [ifname, 'address'])
if tmp: wwan.update({'shutdown_required': {}})
- tmp = leaf_node_changed(conf, ['apn'])
+ tmp = is_node_changed(conf, base + [ifname, 'apn'])
if tmp: wwan.update({'shutdown_required': {}})
- tmp = leaf_node_changed(conf, ['disable'])
+ tmp = is_node_changed(conf, base + [ifname, 'disable'])
if tmp: wwan.update({'shutdown_required': {}})
- tmp = leaf_node_changed(conf, ['vrf'])
- # leaf_node_changed() returns a list, as VRF is a non-multi node, there
- # will be only one list element
- if tmp: wwan.update({'vrf_old': tmp[0]})
-
- tmp = leaf_node_changed(conf, ['authentication', 'user'])
+ tmp = is_node_changed(conf, base + [ifname, 'vrf'])
if tmp: wwan.update({'shutdown_required': {}})
- tmp = leaf_node_changed(conf, ['authentication', 'password'])
+ tmp = is_node_changed(conf, base + [ifname, 'authentication'])
if tmp: wwan.update({'shutdown_required': {}})
- tmp = leaf_node_changed(conf, ['ipv6', 'address', 'autoconf'])
+ tmp = is_node_changed(conf, base + [ifname, 'ipv6', 'address', 'autoconf'])
if tmp: wwan.update({'shutdown_required': {}})
# We need to know the amount of other WWAN interfaces as ModemManager needs
# to be started or stopped.
conf.set_level(base)
- wwan['other_interfaces'] = conf.get_config_dict([], key_mangling=('-', '_'),
- get_first_key=True,
- no_tag_node_value_mangle=True)
+ _, wwan['other_interfaces'] = conf.get_config_dict([], key_mangling=('-', '_'),
+ get_first_key=True,
+ no_tag_node_value_mangle=True)
- ifname = wwan['ifname']
# This if-clause is just to be sure - it will always evaluate to true
if ifname in wwan['other_interfaces']:
del wwan['other_interfaces'][ifname]
diff --git a/src/conf_mode/lldp.py b/src/conf_mode/lldp.py
index 2bb615eb7..c703c1fe0 100755
--- a/src/conf_mode/lldp.py
+++ b/src/conf_mode/lldp.py
@@ -111,8 +111,8 @@ def generate(lldp):
if lldp is None:
return
- render(config_file, 'lldp/lldpd.tmpl', lldp)
- render(vyos_config_file, 'lldp/vyos.conf.tmpl', lldp)
+ render(config_file, 'lldp/lldpd.j2', lldp)
+ render(vyos_config_file, 'lldp/vyos.conf.j2', lldp)
def apply(lldp):
systemd_service = 'lldpd.service'
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 8aaebf9ff..85819a77e 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -181,7 +181,7 @@ def verify(nat):
return None
def generate(nat):
- render(nftables_nat_config, 'firewall/nftables-nat.tmpl', nat)
+ render(nftables_nat_config, 'firewall/nftables-nat.j2', nat)
# dry-run newly generated configuration
tmp = run(f'nft -c -f {nftables_nat_config}')
diff --git a/src/conf_mode/nat66.py b/src/conf_mode/nat66.py
index 1cd15811f..0972151a0 100755
--- a/src/conf_mode/nat66.py
+++ b/src/conf_mode/nat66.py
@@ -146,8 +146,8 @@ def verify(nat):
return None
def generate(nat):
- render(nftables_nat66_config, 'firewall/nftables-nat66.tmpl', nat, permission=0o755)
- render(ndppd_config, 'ndppd/ndppd.conf.tmpl', nat, permission=0o755)
+ render(nftables_nat66_config, 'firewall/nftables-nat66.j2', nat, permission=0o755)
+ render(ndppd_config, 'ndppd/ndppd.conf.j2', nat, permission=0o755)
return None
def apply(nat):
diff --git a/src/conf_mode/policy-route.py b/src/conf_mode/policy-route.py
index 09d181d43..5de341beb 100755
--- a/src/conf_mode/policy-route.py
+++ b/src/conf_mode/policy-route.py
@@ -204,7 +204,7 @@ def generate(policy):
else:
policy['cleanup_commands'] = cleanup_commands(policy)
- render(nftables_conf, 'firewall/nftables-policy.tmpl', policy)
+ render(nftables_conf, 'firewall/nftables-policy.j2', policy)
return None
def apply_table_marks(policy):
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 8d9d3e99a..cd46cbcb4 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -164,6 +164,22 @@ def verify(bgp):
if not verify_remote_as(peer_config, bgp):
raise ConfigError(f'Neighbor "{peer}" remote-as must be set!')
+ # Peer-group member cannot override remote-as of peer-group
+ if 'peer_group' in peer_config:
+ peer_group = peer_config['peer_group']
+ if 'remote_as' in peer_config and 'remote_as' in bgp['peer_group'][peer_group]:
+ raise ConfigError(f'Peer-group member "{peer}" cannot override remote-as of peer-group "{peer_group}"!')
+ if 'interface' in peer_config:
+ if 'peer_group' in peer_config['interface']:
+ peer_group = peer_config['interface']['peer_group']
+ if 'remote_as' in peer_config['interface'] and 'remote_as' in bgp['peer_group'][peer_group]:
+ raise ConfigError(f'Peer-group member "{peer}" cannot override remote-as of peer-group "{peer_group}"!')
+ if 'v6only' in peer_config['interface']:
+ if 'peer_group' in peer_config['interface']['v6only']:
+ peer_group = peer_config['interface']['v6only']['peer_group']
+ if 'remote_as' in peer_config['interface']['v6only'] and 'remote_as' in bgp['peer_group'][peer_group]:
+ raise ConfigError(f'Peer-group member "{peer}" cannot override remote-as of peer-group "{peer_group}"!')
+
# Only checks for ipv4 and ipv6 neighbors
# Check if neighbor address is assigned as system interface address
vrf = None
diff --git a/src/conf_mode/protocols_nhrp.py b/src/conf_mode/protocols_nhrp.py
index 7eeb5cd30..b6371d09f 100755
--- a/src/conf_mode/protocols_nhrp.py
+++ b/src/conf_mode/protocols_nhrp.py
@@ -84,7 +84,7 @@ def verify(nhrp):
return None
def generate(nhrp):
- render(opennhrp_conf, 'nhrp/opennhrp.conf.tmpl', nhrp)
+ render(opennhrp_conf, 'nhrp/opennhrp.conf.j2', nhrp)
return None
def apply(nhrp):
diff --git a/src/conf_mode/protocols_static.py b/src/conf_mode/protocols_static.py
index 87432bc1c..58e202928 100755
--- a/src/conf_mode/protocols_static.py
+++ b/src/conf_mode/protocols_static.py
@@ -22,6 +22,7 @@ from sys import argv
from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configdict import get_dhcp_interfaces
+from vyos.configdict import get_pppoe_interfaces
from vyos.configverify import verify_common_route_maps
from vyos.configverify import verify_vrf
from vyos.template import render_to_string
@@ -59,7 +60,9 @@ def get_config(config=None):
# T3680 - get a list of all interfaces currently configured to use DHCP
tmp = get_dhcp_interfaces(conf, vrf)
- if tmp: static['dhcp'] = tmp
+ if tmp: static.update({'dhcp' : tmp})
+ tmp = get_pppoe_interfaces(conf, vrf)
+ if tmp: static.update({'pppoe' : tmp})
return static
diff --git a/src/conf_mode/service_console-server.py b/src/conf_mode/service_console-server.py
index 51050e702..a2e411e49 100755
--- a/src/conf_mode/service_console-server.py
+++ b/src/conf_mode/service_console-server.py
@@ -81,7 +81,7 @@ def generate(proxy):
if not proxy:
return None
- render(config_file, 'conserver/conserver.conf.tmpl', proxy)
+ render(config_file, 'conserver/conserver.conf.j2', proxy)
if 'device' in proxy:
for device, device_config in proxy['device'].items():
if 'ssh' not in device_config:
@@ -92,7 +92,7 @@ def generate(proxy):
'port' : device_config['ssh']['port'],
}
render(dropbear_systemd_file.format(**tmp),
- 'conserver/dropbear@.service.tmpl', tmp)
+ 'conserver/dropbear@.service.j2', tmp)
return None
diff --git a/src/conf_mode/service_ids_fastnetmon.py b/src/conf_mode/service_ids_fastnetmon.py
index 67edeb630..ae7e582ec 100755
--- a/src/conf_mode/service_ids_fastnetmon.py
+++ b/src/conf_mode/service_ids_fastnetmon.py
@@ -67,8 +67,8 @@ def generate(fastnetmon):
return
- render(config_file, 'ids/fastnetmon.tmpl', fastnetmon)
- render(networks_list, 'ids/fastnetmon_networks_list.tmpl', fastnetmon)
+ render(config_file, 'ids/fastnetmon.j2', fastnetmon)
+ render(networks_list, 'ids/fastnetmon_networks_list.j2', fastnetmon)
return None
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 2ebee8018..559d1bcd5 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -296,10 +296,10 @@ def generate(ipoe):
if not ipoe:
return None
- render(ipoe_conf, 'accel-ppp/ipoe.config.tmpl', ipoe)
+ render(ipoe_conf, 'accel-ppp/ipoe.config.j2', ipoe)
if ipoe['auth_mode'] == 'local':
- render(ipoe_chap_secrets, 'accel-ppp/chap-secrets.ipoe.tmpl', ipoe)
+ render(ipoe_chap_secrets, 'accel-ppp/chap-secrets.ipoe.j2', ipoe)
os.chmod(ipoe_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP)
else:
diff --git a/src/conf_mode/service_mdns-repeater.py b/src/conf_mode/service_mdns-repeater.py
index d31a0c49e..2383a53fb 100755
--- a/src/conf_mode/service_mdns-repeater.py
+++ b/src/conf_mode/service_mdns-repeater.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2017-2020 VyOS maintainers and contributors
+# Copyright (C) 2017-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -92,7 +92,7 @@ def generate(mdns):
if len(mdns['interface']) < 2:
return None
- render(config_file, 'mdns-repeater/avahi-daemon.tmpl', mdns)
+ render(config_file, 'mdns-repeater/avahi-daemon.j2', mdns)
return None
def apply(mdns):
diff --git a/src/conf_mode/service_monitoring_telegraf.py b/src/conf_mode/service_monitoring_telegraf.py
index 8a972b9fe..102a87318 100755
--- a/src/conf_mode/service_monitoring_telegraf.py
+++ b/src/conf_mode/service_monitoring_telegraf.py
@@ -99,6 +99,15 @@ def get_config(config=None):
monitoring['interfaces_ethernet'] = get_interfaces('ethernet', vlan=False)
monitoring['nft_chains'] = get_nft_filter_chains()
+ if 'authentication' in monitoring or \
+ 'url' in monitoring:
+ monitoring['influxdb_configured'] = True
+
+ # Ignore default XML values if config doesn't exists
+ # Delete key from dict
+ if not conf.exists(base + ['prometheus-client']):
+ del monitoring['prometheus_client']
+
return monitoring
def verify(monitoring):
@@ -106,13 +115,23 @@ def verify(monitoring):
if not monitoring:
return None
- if 'authentication' not in monitoring or \
- 'organization' not in monitoring['authentication'] or \
- 'token' not in monitoring['authentication']:
- raise ConfigError(f'Authentication "organization and token" are mandatory!')
+ if 'influxdb_configured' in monitoring:
+ if 'authentication' not in monitoring or \
+ 'organization' not in monitoring['authentication'] or \
+ 'token' not in monitoring['authentication']:
+ raise ConfigError(f'Authentication "organization and token" are mandatory!')
+
+ if 'url' not in monitoring:
+ raise ConfigError(f'Monitoring "url" is mandatory!')
+
+ # Verify Splunk
+ if 'splunk' in monitoring:
+ if 'authentication' not in monitoring['splunk'] or \
+ 'token' not in monitoring['splunk']['authentication']:
+ raise ConfigError(f'Authentication "organization and token" are mandatory!')
- if 'url' not in monitoring:
- raise ConfigError(f'Monitoring "url" is mandatory!')
+ if 'url' not in monitoring['splunk']:
+ raise ConfigError(f'Monitoring splunk "url" is mandatory!')
return None
@@ -145,10 +164,10 @@ def generate(monitoring):
os.mkdir(custom_scripts_dir)
# Render telegraf configuration and systemd override
- render(config_telegraf, 'monitoring/telegraf.tmpl', monitoring)
- render(systemd_telegraf_service, 'monitoring/systemd_vyos_telegraf_service.tmpl', monitoring)
- render(systemd_override, 'monitoring/override.conf.tmpl', monitoring, permission=0o640)
- render(syslog_telegraf, 'monitoring/syslog_telegraf.tmpl', monitoring)
+ render(config_telegraf, 'monitoring/telegraf.j2', monitoring)
+ render(systemd_telegraf_service, 'monitoring/systemd_vyos_telegraf_service.j2', monitoring)
+ render(systemd_override, 'monitoring/override.conf.j2', monitoring, permission=0o640)
+ render(syslog_telegraf, 'monitoring/syslog_telegraf.j2', monitoring)
chown(base_dir, 'telegraf', 'telegraf')
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index 1f31d132d..6086ef859 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -88,10 +88,10 @@ def generate(pppoe):
for vlan_range in pppoe['interface'][iface]['vlan_range']:
pppoe['interface'][iface]['regex'].append(range_to_regex(vlan_range))
- render(pppoe_conf, 'accel-ppp/pppoe.config.tmpl', pppoe)
+ render(pppoe_conf, 'accel-ppp/pppoe.config.j2', pppoe)
if dict_search('authentication.mode', pppoe) == 'local':
- render(pppoe_chap_secrets, 'accel-ppp/chap-secrets.config_dict.tmpl',
+ render(pppoe_chap_secrets, 'accel-ppp/chap-secrets.config_dict.j2',
pppoe, permission=0o640)
else:
if os.path.exists(pppoe_chap_secrets):
diff --git a/src/conf_mode/service_router-advert.py b/src/conf_mode/service_router-advert.py
index 9afcdd63e..71b758399 100755
--- a/src/conf_mode/service_router-advert.py
+++ b/src/conf_mode/service_router-advert.py
@@ -101,7 +101,7 @@ def generate(rtradv):
if not rtradv:
return None
- render(config_file, 'router-advert/radvd.conf.tmpl', rtradv, permission=0o644)
+ render(config_file, 'router-advert/radvd.conf.j2', rtradv, permission=0o644)
return None
def apply(rtradv):
diff --git a/src/conf_mode/service_upnp.py b/src/conf_mode/service_upnp.py
index d21b31990..36f3e18a7 100755
--- a/src/conf_mode/service_upnp.py
+++ b/src/conf_mode/service_upnp.py
@@ -135,7 +135,7 @@ def generate(upnpd):
if os.path.isfile(config_file):
os.unlink(config_file)
- render(config_file, 'firewall/upnpd.conf.tmpl', upnpd)
+ render(config_file, 'firewall/upnpd.conf.j2', upnpd)
def apply(upnpd):
systemd_service_name = 'miniupnpd.service'
diff --git a/src/conf_mode/service_webproxy.py b/src/conf_mode/service_webproxy.py
index a16cc4aeb..32af31bde 100755
--- a/src/conf_mode/service_webproxy.py
+++ b/src/conf_mode/service_webproxy.py
@@ -61,7 +61,7 @@ def generate_sg_localdb(category, list_type, role, proxy):
user=user_group, group=user_group)
# temporary config file, deleted after generation
- render(sg_tmp_file, 'squid/sg_acl.conf.tmpl', tmp,
+ render(sg_tmp_file, 'squid/sg_acl.conf.j2', tmp,
user=user_group, group=user_group)
call(f'su - {user_group} -c "squidGuard -d -c {sg_tmp_file} -C {db_file}"')
@@ -166,8 +166,8 @@ def generate(proxy):
if not proxy:
return None
- render(squid_config_file, 'squid/squid.conf.tmpl', proxy)
- render(squidguard_config_file, 'squid/squidGuard.conf.tmpl', proxy)
+ render(squid_config_file, 'squid/squid.conf.j2', proxy)
+ render(squidguard_config_file, 'squid/squidGuard.conf.j2', proxy)
cat_dict = {
'local-block' : 'domains',
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index e35bb8a0c..ae060580d 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -270,15 +270,15 @@ def generate(snmp):
call(f'/opt/vyatta/sbin/my_delete service snmp v3 user "{user}" privacy plaintext-password > /dev/null')
# Write client config file
- render(config_file_client, 'snmp/etc.snmp.conf.tmpl', snmp)
+ render(config_file_client, 'snmp/etc.snmp.conf.j2', snmp)
# Write server config file
- render(config_file_daemon, 'snmp/etc.snmpd.conf.tmpl', snmp)
+ render(config_file_daemon, 'snmp/etc.snmpd.conf.j2', snmp)
# Write access rights config file
- render(config_file_access, 'snmp/usr.snmpd.conf.tmpl', snmp)
+ render(config_file_access, 'snmp/usr.snmpd.conf.j2', snmp)
# Write access rights config file
- render(config_file_user, 'snmp/var.snmpd.conf.tmpl', snmp)
+ render(config_file_user, 'snmp/var.snmpd.conf.j2', snmp)
# Write daemon configuration file
- render(systemd_override, 'snmp/override.conf.tmpl', snmp)
+ render(systemd_override, 'snmp/override.conf.j2', snmp)
return None
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index 487e8c229..28669694b 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018-2021 VyOS maintainers and contributors
+# Copyright (C) 2018-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -33,6 +33,9 @@ airbag.enable()
config_file = r'/run/sshd/sshd_config'
systemd_override = r'/etc/systemd/system/ssh.service.d/override.conf'
+sshguard_config_file = '/etc/sshguard/sshguard.conf'
+sshguard_whitelist = '/etc/sshguard/whitelist'
+
key_rsa = '/etc/ssh/ssh_host_rsa_key'
key_dsa = '/etc/ssh/ssh_host_dsa_key'
key_ed25519 = '/etc/ssh/ssh_host_ed25519_key'
@@ -54,6 +57,11 @@ def get_config(config=None):
# pass config file path - used in override template
ssh['config_file'] = config_file
+ # Ignore default XML values if config doesn't exists
+ # Delete key from dict
+ if not conf.exists(base + ['dynamic-protection']):
+ del ssh['dynamic_protection']
+
return ssh
def verify(ssh):
@@ -86,6 +94,10 @@ def generate(ssh):
render(config_file, 'ssh/sshd_config.j2', ssh)
render(systemd_override, 'ssh/override.conf.j2', ssh)
+
+ if 'dynamic_protection' in ssh:
+ render(sshguard_config_file, 'ssh/sshguard_config.j2', ssh)
+ render(sshguard_whitelist, 'ssh/sshguard_whitelist.j2', ssh)
# Reload systemd manager configuration
call('systemctl daemon-reload')
@@ -95,7 +107,12 @@ def apply(ssh):
if not ssh:
# SSH access is removed in the commit
call('systemctl stop ssh.service')
+ call('systemctl stop sshguard.service')
return None
+ if 'dynamic_protection' not in ssh:
+ call('systemctl stop sshguard.service')
+ else:
+ call('systemctl restart sshguard.service')
call('systemctl restart ssh.service')
return None
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index c9c6aa187..c717286ae 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -197,7 +197,7 @@ def generate(login):
pass
if 'radius' in login:
- render(radius_config_file, 'login/pam_radius_auth.conf.tmpl', login,
+ render(radius_config_file, 'login/pam_radius_auth.conf.j2', login,
permission=0o600, user='root', group='root')
else:
if os.path.isfile(radius_config_file):
@@ -241,7 +241,7 @@ def apply(login):
#
# XXX: Should we deny using root at all?
home_dir = getpwnam(user).pw_dir
- render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.tmpl',
+ render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',
user_config, permission=0o600,
formater=lambda _: _.replace("&quot;", '"'),
user=user, group='users')
diff --git a/src/conf_mode/system-logs.py b/src/conf_mode/system-logs.py
index e6296656d..c71938a79 100755
--- a/src/conf_mode/system-logs.py
+++ b/src/conf_mode/system-logs.py
@@ -57,13 +57,13 @@ def generate(logs_config):
logrotate_atop = dict_search('logrotate.atop', logs_config)
# generate new config file for atop
syslog.debug('Adding logrotate config for atop')
- render(logrotate_atop_file, 'logs/logrotate/vyos-atop.tmpl', logrotate_atop)
+ render(logrotate_atop_file, 'logs/logrotate/vyos-atop.j2', logrotate_atop)
# get configuration for logrotate rsyslog
logrotate_rsyslog = dict_search('logrotate.messages', logs_config)
# generate new config file for rsyslog
syslog.debug('Adding logrotate config for rsyslog')
- render(logrotate_rsyslog_file, 'logs/logrotate/vyos-rsyslog.tmpl',
+ render(logrotate_rsyslog_file, 'logs/logrotate/vyos-rsyslog.j2',
logrotate_rsyslog)
diff --git a/src/conf_mode/system-option.py b/src/conf_mode/system-option.py
index b1c63e316..36dbf155b 100755
--- a/src/conf_mode/system-option.py
+++ b/src/conf_mode/system-option.py
@@ -74,8 +74,8 @@ def verify(options):
return None
def generate(options):
- render(curlrc_config, 'system/curlrc.tmpl', options)
- render(ssh_config, 'system/ssh_config.tmpl', options)
+ render(curlrc_config, 'system/curlrc.j2', options)
+ render(ssh_config, 'system/ssh_config.j2', options)
return None
def apply(options):
diff --git a/src/conf_mode/system-proxy.py b/src/conf_mode/system-proxy.py
index 02536c2ab..079c43e7e 100755
--- a/src/conf_mode/system-proxy.py
+++ b/src/conf_mode/system-proxy.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -13,83 +13,59 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
-import sys
import os
-import re
-from vyos import ConfigError
-from vyos.config import Config
+from sys import exit
+from vyos.config import Config
+from vyos.template import render
+from vyos import ConfigError
from vyos import airbag
airbag.enable()
proxy_def = r'/etc/profile.d/vyos-system-proxy.sh'
-
-def get_config():
- c = Config()
- if not c.exists('system proxy'):
+def get_config(config=None):
+ if config:
+ conf = config
+ else:
+ conf = Config()
+ base = ['system', 'proxy']
+ if not conf.exists(base):
return None
- c.set_level('system proxy')
+ proxy = conf.get_config_dict(base, get_first_key=True)
+ return proxy
- cnf = {
- 'url': None,
- 'port': None,
- 'usr': None,
- 'passwd': None
- }
+def verify(proxy):
+ if not proxy:
+ return
- if c.exists('url'):
- cnf['url'] = c.return_value('url')
- if c.exists('port'):
- cnf['port'] = c.return_value('port')
- if c.exists('username'):
- cnf['usr'] = c.return_value('username')
- if c.exists('password'):
- cnf['passwd'] = c.return_value('password')
+ if 'url' not in proxy or 'port' not in proxy:
+ raise ConfigError('Proxy URL and port require a value')
- return cnf
+ if ('username' in proxy and 'password' not in proxy) or \
+ ('username' not in proxy and 'password' in proxy):
+ raise ConfigError('Both username and password need to be defined!')
+def generate(proxy):
+ if not proxy:
+ if os.path.isfile(proxy_def):
+ os.unlink(proxy_def)
+ return
-def verify(c):
- if not c:
- return None
- if not c['url'] or not c['port']:
- raise ConfigError("proxy url and port requires a value")
- elif c['usr'] and not c['passwd']:
- raise ConfigError("proxy password requires a value")
- elif not c['usr'] and c['passwd']:
- raise ConfigError("proxy username requires a value")
-
+ render(proxy_def, 'system/proxy.j2', proxy, permission=0o755)
-def generate(c):
- if not c:
- return None
- if not c['usr']:
- return str("export http_proxy={url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy"
- .format(url=c['url'], port=c['port']))
- else:
- return str("export http_proxy=http://{usr}:{passwd}@{url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy"
- .format(url=re.sub('http://', '', c['url']), port=c['port'], usr=c['usr'], passwd=c['passwd']))
-
-
-def apply(ln):
- if not ln and os.path.exists(proxy_def):
- os.remove(proxy_def)
- else:
- open(proxy_def, 'w').write(
- "# generated by system-proxy.py\n{}\n".format(ln))
+def apply(proxy):
+ pass
if __name__ == '__main__':
try:
c = get_config()
verify(c)
- ln = generate(c)
- apply(ln)
+ generate(c)
+ apply(c)
except ConfigError as e:
print(e)
- sys.exit(1)
+ exit(1)
diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py
index 309b4bdb0..a9d3bbe31 100755
--- a/src/conf_mode/system-syslog.py
+++ b/src/conf_mode/system-syslog.py
@@ -204,7 +204,7 @@ def generate(c):
return None
conf = '/etc/rsyslog.d/vyos-rsyslog.conf'
- render(conf, 'syslog/rsyslog.conf.tmpl', c)
+ render(conf, 'syslog/rsyslog.conf.j2', c)
# cleanup current logrotate config files
logrotate_files = Path('/etc/logrotate.d/').glob('vyos-rsyslog-generated-*')
@@ -216,7 +216,7 @@ def generate(c):
for filename, fileconfig in c.get('files', {}).items():
if fileconfig['log-file'].startswith('/var/log/user/'):
conf = '/etc/logrotate.d/vyos-rsyslog-generated-' + filename
- render(conf, 'syslog/logrotate.tmpl', { 'config_render': fileconfig })
+ render(conf, 'syslog/logrotate.j2', { 'config_render': fileconfig })
def verify(c):
diff --git a/src/conf_mode/system_console.py b/src/conf_mode/system_console.py
index 19b252513..86985d765 100755
--- a/src/conf_mode/system_console.py
+++ b/src/conf_mode/system_console.py
@@ -103,7 +103,7 @@ def generate(console):
config_file = base_dir + f'/serial-getty@{device}.service'
getty_wants_symlink = base_dir + f'/getty.target.wants/serial-getty@{device}.service'
- render(config_file, 'getty/serial-getty.service.tmpl', device_config)
+ render(config_file, 'getty/serial-getty.service.j2', device_config)
os.symlink(config_file, getty_wants_symlink)
# GRUB
diff --git a/src/conf_mode/system_lcd.py b/src/conf_mode/system_lcd.py
index b5ce32beb..3341dd738 100755
--- a/src/conf_mode/system_lcd.py
+++ b/src/conf_mode/system_lcd.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2020-2022 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -61,9 +61,9 @@ def generate(lcd):
lcd['device'] = find_device_file(lcd['device'])
# Render config file for daemon LCDd
- render(lcdd_conf, 'lcd/LCDd.conf.tmpl', lcd)
+ render(lcdd_conf, 'lcd/LCDd.conf.j2', lcd)
# Render config file for client lcdproc
- render(lcdproc_conf, 'lcd/lcdproc.conf.tmpl', lcd)
+ render(lcdproc_conf, 'lcd/lcdproc.conf.j2', lcd)
return None
diff --git a/src/conf_mode/system_sysctl.py b/src/conf_mode/system_sysctl.py
index 4f16d1ed6..2e0004ffa 100755
--- a/src/conf_mode/system_sysctl.py
+++ b/src/conf_mode/system_sysctl.py
@@ -50,7 +50,7 @@ def generate(sysctl):
os.unlink(config_file)
return None
- render(config_file, 'system/sysctl.conf.tmpl', sysctl)
+ render(config_file, 'system/sysctl.conf.j2', sysctl)
return None
def apply(sysctl):
diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/tftp_server.py
index 95050624e..c5daccb7f 100755
--- a/src/conf_mode/tftp_server.py
+++ b/src/conf_mode/tftp_server.py
@@ -98,7 +98,7 @@ def generate(tftpd):
config['vrf'] = address_config['vrf']
file = config_file + str(idx)
- render(file, 'tftp-server/default.tmpl', config)
+ render(file, 'tftp-server/default.j2', config)
idx = idx + 1
return None
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 99b82ca2d..bad9cfbd8 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -503,7 +503,7 @@ def generate(ipsec):
charon_radius_conf, interface_conf, swanctl_conf]:
if os.path.isfile(config_file):
os.unlink(config_file)
- render(charon_conf, 'ipsec/charon.tmpl', {'install_routes': default_install_routes})
+ render(charon_conf, 'ipsec/charon.j2', {'install_routes': default_install_routes})
return
if ipsec['dhcp_no_address']:
@@ -553,25 +553,27 @@ def generate(ipsec):
if not local_prefixes or not remote_prefixes:
continue
- passthrough = []
+ passthrough = None
for local_prefix in local_prefixes:
for remote_prefix in remote_prefixes:
local_net = ipaddress.ip_network(local_prefix)
remote_net = ipaddress.ip_network(remote_prefix)
if local_net.overlaps(remote_net):
+ if passthrough is None:
+ passthrough = []
passthrough.append(local_prefix)
ipsec['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough
- render(ipsec_conf, 'ipsec/ipsec.conf.tmpl', ipsec)
- render(ipsec_secrets, 'ipsec/ipsec.secrets.tmpl', ipsec)
- render(charon_conf, 'ipsec/charon.tmpl', ipsec)
- render(charon_dhcp_conf, 'ipsec/charon/dhcp.conf.tmpl', ipsec)
- render(charon_radius_conf, 'ipsec/charon/eap-radius.conf.tmpl', ipsec)
- render(interface_conf, 'ipsec/interfaces_use.conf.tmpl', ipsec)
- render(swanctl_conf, 'ipsec/swanctl.conf.tmpl', ipsec)
+ render(ipsec_conf, 'ipsec/ipsec.conf.j2', ipsec)
+ render(ipsec_secrets, 'ipsec/ipsec.secrets.j2', ipsec)
+ render(charon_conf, 'ipsec/charon.j2', ipsec)
+ render(charon_dhcp_conf, 'ipsec/charon/dhcp.conf.j2', ipsec)
+ render(charon_radius_conf, 'ipsec/charon/eap-radius.conf.j2', ipsec)
+ render(interface_conf, 'ipsec/interfaces_use.conf.j2', ipsec)
+ render(swanctl_conf, 'ipsec/swanctl.conf.j2', ipsec)
def resync_nhrp(ipsec):
if ipsec and not ipsec['nhrp_exists']:
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index 818e8fa0b..fd5a4acd8 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -358,10 +358,10 @@ def generate(l2tp):
if not l2tp:
return None
- render(l2tp_conf, 'accel-ppp/l2tp.config.tmpl', l2tp)
+ render(l2tp_conf, 'accel-ppp/l2tp.config.j2', l2tp)
if l2tp['auth_mode'] == 'local':
- render(l2tp_chap_secrets, 'accel-ppp/chap-secrets.tmpl', l2tp)
+ render(l2tp_chap_secrets, 'accel-ppp/chap-secrets.j2', l2tp)
os.chmod(l2tp_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP)
else:
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 84d31f9a5..8e0e30bbf 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -157,9 +157,9 @@ def generate(ocserv):
if "radius" in ocserv["authentication"]["mode"]:
# Render radius client configuration
- render(radius_cfg, 'ocserv/radius_conf.tmpl', ocserv["authentication"]["radius"])
+ render(radius_cfg, 'ocserv/radius_conf.j2', ocserv["authentication"]["radius"])
# Render radius servers
- render(radius_servers, 'ocserv/radius_servers.tmpl', ocserv["authentication"]["radius"])
+ render(radius_servers, 'ocserv/radius_servers.j2', ocserv["authentication"]["radius"])
elif "local" in ocserv["authentication"]["mode"]:
# if mode "OTP", generate OTP users file parameters
if "otp" in ocserv["authentication"]["mode"]["local"]:
@@ -184,24 +184,24 @@ def generate(ocserv):
if "password-otp" in ocserv["authentication"]["mode"]["local"]:
# Render local users ocpasswd
- render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"])
+ render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"])
# Render local users OTP keys
- render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.tmpl', ocserv["authentication"]["local_users"])
+ render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.j2', ocserv["authentication"]["local_users"])
elif "password" in ocserv["authentication"]["mode"]["local"]:
# Render local users ocpasswd
- render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"])
+ render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"])
elif "otp" in ocserv["authentication"]["mode"]["local"]:
# Render local users OTP keys
- render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.tmpl', ocserv["authentication"]["local_users"])
+ render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.j2', ocserv["authentication"]["local_users"])
else:
# Render local users ocpasswd
- render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"])
+ render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"])
else:
if "local_users" in ocserv["authentication"]:
for user in ocserv["authentication"]["local_users"]["username"]:
ocserv["authentication"]["local_users"]["username"][user]["hash"] = get_hash(ocserv["authentication"]["local_users"]["username"][user]["password"])
# Render local users
- render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"])
+ render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"])
if "ssl" in ocserv:
cert_file_path = os.path.join(cfg_dir, 'cert.pem')
@@ -227,7 +227,7 @@ def generate(ocserv):
f.write(wrap_certificate(pki_ca_cert['certificate']))
# Render config
- render(ocserv_conf, 'ocserv/ocserv_config.tmpl', ocserv)
+ render(ocserv_conf, 'ocserv/ocserv_config.j2', ocserv)
def apply(ocserv):
diff --git a/src/conf_mode/vpn_pptp.py b/src/conf_mode/vpn_pptp.py
index 30abe4782..7550c411e 100755
--- a/src/conf_mode/vpn_pptp.py
+++ b/src/conf_mode/vpn_pptp.py
@@ -264,10 +264,10 @@ def generate(pptp):
if not pptp:
return None
- render(pptp_conf, 'accel-ppp/pptp.config.tmpl', pptp)
+ render(pptp_conf, 'accel-ppp/pptp.config.j2', pptp)
if pptp['local_users']:
- render(pptp_chap_secrets, 'accel-ppp/chap-secrets.tmpl', pptp)
+ render(pptp_chap_secrets, 'accel-ppp/chap-secrets.j2', pptp)
os.chmod(pptp_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP)
else:
if os.path.exists(pptp_chap_secrets):
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 68980e5ab..db53463cf 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -114,7 +114,7 @@ def generate(sstp):
return None
# accel-cmd reload doesn't work so any change results in a restart of the daemon
- render(sstp_conf, 'accel-ppp/sstp.config.tmpl', sstp)
+ render(sstp_conf, 'accel-ppp/sstp.config.j2', sstp)
cert_name = sstp['ssl']['certificate']
pki_cert = sstp['pki']['certificate'][cert_name]
@@ -127,7 +127,7 @@ def generate(sstp):
write_file(ca_cert_file_path, wrap_certificate(pki_ca['certificate']))
if dict_search('authentication.mode', sstp) == 'local':
- render(sstp_chap_secrets, 'accel-ppp/chap-secrets.config_dict.tmpl',
+ render(sstp_chap_secrets, 'accel-ppp/chap-secrets.config_dict.j2',
sstp, permission=0o640)
else:
if os.path.exists(sstp_chap_secrets):
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index f79c8a21e..972d0289b 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -83,7 +83,8 @@ def get_config(config=None):
conf = Config()
base = ['vrf']
- vrf = conf.get_config_dict(base, get_first_key=True)
+ vrf = conf.get_config_dict(base, key_mangling=('-', '_'),
+ no_tag_node_value_mangle=True, get_first_key=True)
# determine which VRF has been removed
for name in node_changed(conf, base + ['name']):
@@ -133,10 +134,10 @@ def verify(vrf):
def generate(vrf):
- render(config_file, 'vrf/vrf.conf.tmpl', vrf)
+ render(config_file, 'vrf/vrf.conf.j2', vrf)
# Render nftables zones config
- render(nft_vrf_config, 'firewall/nftables-vrf-zones.tmpl', vrf)
+ render(nft_vrf_config, 'firewall/nftables-vrf-zones.j2', vrf)
return None
@@ -152,7 +153,7 @@ def apply(vrf):
# set the default VRF global behaviour
bind_all = '0'
- if 'bind-to-all' in vrf:
+ if 'bind_to_all' in vrf:
bind_all = '1'
sysctl_write('net.ipv4.tcp_l3mdev_accept', bind_all)
sysctl_write('net.ipv4.udp_l3mdev_accept', bind_all)
@@ -222,6 +223,15 @@ def apply(vrf):
# add VRF description if available
vrf_if.set_alias(config.get('description', ''))
+ # Enable/Disable IPv4 forwarding
+ tmp = dict_search('ip.disable_forwarding', config)
+ value = '0' if (tmp != None) else '1'
+ vrf_if.set_ipv4_forwarding(value)
+ # Enable/Disable IPv6 forwarding
+ tmp = dict_search('ipv6.disable_forwarding', config)
+ value = '0' if (tmp != None) else '1'
+ vrf_if.set_ipv6_forwarding(value)
+
# Enable/Disable of an interface must always be done at the end of the
# derived class to make use of the ref-counting set_admin_state()
# function. We will only enable the interface if 'up' was called as
diff --git a/src/conf_mode/zone_policy.py b/src/conf_mode/zone_policy.py
index dc0617353..070a4deea 100755
--- a/src/conf_mode/zone_policy.py
+++ b/src/conf_mode/zone_policy.py
@@ -192,7 +192,7 @@ def generate(zone_policy):
if 'local_zone' in zone_conf:
zone_conf['from_local'] = get_local_from(data, zone)
- render(nftables_conf, 'zone_policy/nftables.tmpl', data)
+ render(nftables_conf, 'zone_policy/nftables.j2', data)
return None
def apply(zone_policy):
diff --git a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper
index 74a7e83bf..5d879471d 100644
--- a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper
+++ b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper
@@ -26,7 +26,7 @@ function iptovtysh () {
local VTYSH_GATEWAY=""
local VTYSH_DEV=""
local VTYSH_TAG="210"
- local VTYSH_DISTANCE=""
+ local VTYSH_DISTANCE=$IF_METRIC
# convert default route to 0.0.0.0/0
if [ "$4" == "default" ] ; then
VTYSH_NETADDR="0.0.0.0/0"
diff --git a/src/etc/ppp/ip-up.d/99-vyos-pppoe-callback b/src/etc/ppp/ip-up.d/99-vyos-pppoe-callback
index bb918a468..fa1917ab1 100755
--- a/src/etc/ppp/ip-up.d/99-vyos-pppoe-callback
+++ b/src/etc/ppp/ip-up.d/99-vyos-pppoe-callback
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -23,14 +23,9 @@
from sys import argv
from sys import exit
-from syslog import syslog
-from syslog import openlog
-from syslog import LOG_PID
-from syslog import LOG_INFO
-
from vyos.configquery import ConfigTreeQuery
+from vyos.configdict import get_interface_dict
from vyos.ifconfig import PPPoEIf
-from vyos.util import read_file
# When the ppp link comes up, this script is called with the following
# parameters
@@ -45,15 +40,10 @@ if (len(argv) < 7):
exit(1)
interface = argv[6]
-dialer_pid = read_file(f'/var/run/{interface}.pid')
-
-openlog(ident=f'pppd[{dialer_pid}]', facility=LOG_INFO)
-syslog('executing ' + argv[0])
conf = ConfigTreeQuery()
-pppoe = conf.get_config_dict(['interfaces', 'pppoe', argv[6]],
- get_first_key=True, key_mangling=('-', '_'))
-pppoe['ifname'] = argv[6]
+_, pppoe = get_interface_dict(conf.config, ['interfaces', 'pppoe'], interface)
-p = PPPoEIf(pppoe['ifname'])
+# Update the config
+p = PPPoEIf(interface)
p.update(pppoe)
diff --git a/src/migration-scripts/interfaces/25-to-26 b/src/migration-scripts/interfaces/25-to-26
new file mode 100755
index 000000000..a8936235e
--- /dev/null
+++ b/src/migration-scripts/interfaces/25-to-26
@@ -0,0 +1,54 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# T4384: pppoe: replace default-route CLI option with common CLI nodes already
+# present for DHCP
+
+from sys import argv
+
+from vyos.ethtool import Ethtool
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 1):
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['interfaces', 'pppoe']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+ exit(0)
+
+for ifname in config.list_nodes(base):
+ tmp_config = base + [ifname, 'default-route']
+ if config.exists(tmp_config):
+ # Retrieve current config value
+ value = config.return_value(tmp_config)
+ # Delete old Config node
+ config.delete(tmp_config)
+ if value == 'none':
+ config.set(base + [ifname, 'no-default-route'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print(f'Failed to save the modified config: {e}')
+ exit(1)
diff --git a/src/migration-scripts/quagga/9-to-10 b/src/migration-scripts/quagga/9-to-10
new file mode 100755
index 000000000..249738822
--- /dev/null
+++ b/src/migration-scripts/quagga/9-to-10
@@ -0,0 +1,62 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# re-organize route-map as-path
+
+from sys import argv
+from sys import exit
+
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 2):
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['policy', 'route-map']
+
+config = ConfigTree(config_file)
+if not config.exists(base):
+ # Nothing to do
+ exit(0)
+
+for route_map in config.list_nodes(base):
+ # Bail out Early
+ if not config.exists(base + [route_map, 'rule']):
+ continue
+
+ for rule in config.list_nodes(base + [route_map, 'rule']):
+ rule_base = base + [route_map, 'rule', rule]
+ if config.exists(rule_base + ['set', 'as-path-exclude']):
+ tmp = config.return_value(rule_base + ['set', 'as-path-exclude'])
+ config.delete(rule_base + ['set', 'as-path-exclude'])
+ config.set(rule_base + ['set', 'as-path', 'exclude'], value=tmp)
+
+ if config.exists(rule_base + ['set', 'as-path-prepend']):
+ tmp = config.return_value(rule_base + ['set', 'as-path-prepend'])
+ config.delete(rule_base + ['set', 'as-path-prepend'])
+ config.set(rule_base + ['set', 'as-path', 'prepend'], value=tmp)
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)
diff --git a/src/migration-scripts/system/23-to-24 b/src/migration-scripts/system/23-to-24
new file mode 100755
index 000000000..5ea71d51a
--- /dev/null
+++ b/src/migration-scripts/system/23-to-24
@@ -0,0 +1,85 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from ipaddress import ip_interface
+from ipaddress import ip_address
+from sys import exit, argv
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 1):
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['protocols', 'static', 'arp']
+tmp_base = ['protocols', 'static', 'arp-tmp']
+config = ConfigTree(config_file)
+
+def fixup_cli(config, path, interface):
+ if config.exists(path + ['address']):
+ for address in config.return_values(path + ['address']):
+ tmp = ip_interface(address)
+ if ip_address(host) in tmp.network.hosts():
+ mac = config.return_value(tmp_base + [host, 'hwaddr'])
+ iface_path = ['protocols', 'static', 'arp', 'interface']
+ config.set(iface_path + [interface, 'address', host, 'mac'], value=mac)
+ config.set_tag(iface_path)
+ config.set_tag(iface_path + [interface, 'address'])
+ continue
+
+if not config.exists(base):
+ # Nothing to do
+ exit(0)
+
+# We need a temporary copy of the config tree as the original one needs to be
+# deleted first due to a change iun thge tagNode structure.
+config.copy(base, tmp_base)
+config.delete(base)
+
+for host in config.list_nodes(tmp_base):
+ for type in config.list_nodes(['interfaces']):
+ for interface in config.list_nodes(['interfaces', type]):
+ if_base = ['interfaces', type, interface]
+ fixup_cli(config, if_base, interface)
+
+ if config.exists(if_base + ['vif']):
+ for vif in config.list_nodes(if_base + ['vif']):
+ vif_base = ['interfaces', type, interface, 'vif', vif]
+ fixup_cli(config, vif_base, f'{interface}.{vif}')
+
+ if config.exists(if_base + ['vif-s']):
+ for vif_s in config.list_nodes(if_base + ['vif-s']):
+ vif_s_base = ['interfaces', type, interface, 'vif-s', vif_s]
+ fixup_cli(config, vif_s_base, f'{interface}.{vif_s}')
+
+ if config.exists(if_base + ['vif-s', vif_s, 'vif-c']):
+ for vif_c in config.list_nodes(if_base + ['vif-s', vif_s, 'vif-c']):
+ vif_c_base = ['interfaces', type, interface, 'vif-s', vif_s, 'vif-c', vif_c]
+ fixup_cli(config, vif_c_base, f'{interface}.{vif_s}.{vif_c}')
+
+config.delete(tmp_base)
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print(f'Failed to save the modified config: {e}')
+ exit(1)
diff --git a/src/op_mode/conntrack_sync.py b/src/op_mode/conntrack_sync.py
index 89f6df4b9..e45c38f07 100755
--- a/src/op_mode/conntrack_sync.py
+++ b/src/op_mode/conntrack_sync.py
@@ -77,7 +77,7 @@ def xml_to_stdout(xml):
parsed = xmltodict.parse(line)
out.append(parsed)
- print(render_to_string('conntrackd/conntrackd.op-mode.tmpl', {'data' : out}))
+ print(render_to_string('conntrackd/conntrackd.op-mode.j2', {'data' : out}))
if __name__ == '__main__':
args = parser.parse_args()
diff --git a/src/op_mode/containers_op.py b/src/op_mode/containers_op.py
deleted file mode 100755
index bc317029c..000000000
--- a/src/op_mode/containers_op.py
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2021 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 or later as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-import argparse
-
-from getpass import getuser
-from vyos.configquery import ConfigTreeQuery
-from vyos.util import cmd
-
-parser = argparse.ArgumentParser()
-parser.add_argument("-a", "--all", action="store_true", help="Show all containers")
-parser.add_argument("-i", "--image", action="store_true", help="Show container images")
-parser.add_argument("-n", "--networks", action="store_true", help="Show container images")
-parser.add_argument("-p", "--pull", action="store", help="Pull image for container")
-parser.add_argument("-d", "--remove", action="store", help="Delete container image")
-parser.add_argument("-u", "--update", action="store", help="Update given container image")
-
-config = ConfigTreeQuery()
-base = ['container']
-if not config.exists(base):
- print('Containers not configured')
- exit(0)
-
-if getuser() != 'root':
- raise OSError('This functions needs to be run as root to return correct results!')
-
-if __name__ == '__main__':
- args = parser.parse_args()
-
- if args.all:
- print(cmd('podman ps --all'))
-
- elif args.image:
- print(cmd('podman image ls'))
-
- elif args.networks:
- print(cmd('podman network ls'))
-
- elif args.pull:
- image = args.pull
- try:
- print(cmd(f'podman image pull {image}'))
- except:
- print(f'Can\'t find or download image "{image}"')
-
- elif args.remove:
- image = args.remove
- try:
- print(cmd(f'podman image rm {image}'))
- except:
- print(f'Can\'t delete image "{image}"')
-
- elif args.update:
- tmp = config.get_config_dict(base + ['name', args.update],
- key_mangling=('-', '_'), get_first_key=True)
- try:
- image = tmp['image']
- print(cmd(f'podman image pull {image}'))
- except:
- print(f'Can\'t find or download image "{image}"')
- else:
- parser.print_help()
- exit(1)
-
- exit(0)
diff --git a/src/op_mode/generate_openconnect_otp_key.py b/src/op_mode/generate_openconnect_otp_key.py
new file mode 100755
index 000000000..363bcf3ea
--- /dev/null
+++ b/src/op_mode/generate_openconnect_otp_key.py
@@ -0,0 +1,65 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import argparse
+import os
+
+from vyos.util import popen
+from secrets import token_hex
+from base64 import b32encode
+
+if os.geteuid() != 0:
+ exit("You need to have root privileges to run this script.\nPlease try again, this time using 'sudo'. Exiting.")
+
+if __name__ == '__main__':
+ parser = argparse.ArgumentParser()
+ parser.add_argument("-u", "--username", type=str, help='Username used for authentication', required=True)
+ parser.add_argument("-i", "--interval", type=str, help='Duration of single time interval', default="30", required=False)
+ parser.add_argument("-d", "--digits", type=str, help='The number of digits in the one-time password', default="6", required=False)
+ args = parser.parse_args()
+
+ hostname = os.uname()[1]
+ username = args.username
+ digits = args.digits
+ period = args.interval
+
+ # check variables:
+ if int(digits) < 6 or int(digits) > 8:
+ print("")
+ quit("The number of digits in the one-time password must be between '6' and '8'")
+
+ if int(period) < 5 or int(period) > 86400:
+ print("")
+ quit("Time token interval must be between '5' and '86400' seconds")
+
+ # generate OTP key, URL & QR:
+ key_hex = token_hex(20)
+ key_base32 = b32encode(bytes.fromhex(key_hex)).decode()
+
+ otp_url=''.join(["otpauth://totp/",username,"@",hostname,"?secret=",key_base32,"&digits=",digits,"&period=",period])
+ qrcode,err = popen('qrencode -t ansiutf8', input=otp_url)
+
+ print("# You can share it with the user, he just needs to scan the QR in his OTP app")
+ print("# username: ", username)
+ print("# OTP KEY: ", key_base32)
+ print("# OTP URL: ", otp_url)
+ print(qrcode)
+ print('# To add this OTP key to configuration, run the following commands:')
+ print(f"set vpn openconnect authentication local-users username {username} otp key '{key_hex}'")
+ if period != "30":
+ print(f"set vpn openconnect authentication local-users username {username} otp interval '{period}'")
+ if digits != "6":
+ print(f"set vpn openconnect authentication local-users username {username} otp otp-length '{digits}'")
diff --git a/src/op_mode/generate_ovpn_client_file.py b/src/op_mode/generate_ovpn_client_file.py
index 29db41e37..0628e6135 100755
--- a/src/op_mode/generate_ovpn_client_file.py
+++ b/src/op_mode/generate_ovpn_client_file.py
@@ -18,6 +18,7 @@ import argparse
import os
from jinja2 import Template
+from textwrap import fill
from vyos.configquery import ConfigTreeQuery
from vyos.ifconfig import Section
@@ -117,8 +118,11 @@ if __name__ == '__main__':
exit(f'OpenVPN certificate key "{key}" does not exist!')
ca = config.value(['pki', 'ca', ca, 'certificate'])
+ ca = fill(ca, width=64)
cert = config.value(['pki', 'certificate', cert, 'certificate'])
+ cert = fill(cert, width=64)
key = config.value(['pki', 'certificate', key, 'private', 'key'])
+ key = fill(key, width=64)
remote_host = config.value(base + [interface, 'local-host'])
ovpn_conf = config.get_config_dict(base + [interface], key_mangling=('-', '_'), get_first_key=True)
diff --git a/src/op_mode/ikev2_profile_generator.py b/src/op_mode/ikev2_profile_generator.py
index 990b06c12..21561d16f 100755
--- a/src/op_mode/ikev2_profile_generator.py
+++ b/src/op_mode/ikev2_profile_generator.py
@@ -222,9 +222,9 @@ except KeyboardInterrupt:
print('\n\n==== <snip> ====')
if args.os == 'ios':
- print(render_to_string('ipsec/ios_profile.tmpl', data))
+ print(render_to_string('ipsec/ios_profile.j2', data))
print('==== </snip> ====\n')
print('Save the XML from above to a new file named "vyos.mobileconfig" and E-Mail it to your phone.')
elif args.os == 'windows':
- print(render_to_string('ipsec/windows_profile.tmpl', data))
+ print(render_to_string('ipsec/windows_profile.j2', data))
print('==== </snip> ====\n')
diff --git a/src/op_mode/show_openvpn.py b/src/op_mode/show_openvpn.py
index f7b99cc0d..9a5adcffb 100755
--- a/src/op_mode/show_openvpn.py
+++ b/src/op_mode/show_openvpn.py
@@ -26,10 +26,10 @@ outp_tmpl = """
{% if clients %}
OpenVPN status on {{ intf }}
-Client CN Remote Host Local Host TX bytes RX bytes Connected Since
---------- ----------- ---------- -------- -------- ---------------
+Client CN Remote Host Tunnel IP Local Host TX bytes RX bytes Connected Since
+--------- ----------- --------- ---------- -------- -------- ---------------
{% for c in clients %}
-{{ "%-15s"|format(c.name) }} {{ "%-21s"|format(c.remote) }} {{ "%-21s"|format(local) }} {{ "%-9s"|format(c.tx_bytes) }} {{ "%-9s"|format(c.rx_bytes) }} {{ c.online_since }}
+{{ "%-15s"|format(c.name) }} {{ "%-21s"|format(c.remote) }} {{ "%-15s"|format(c.tunnel) }} {{ "%-21s"|format(local) }} {{ "%-9s"|format(c.tx_bytes) }} {{ "%-9s"|format(c.rx_bytes) }} {{ c.online_since }}
{% endfor %}
{% endif %}
"""
@@ -50,6 +50,19 @@ def bytes2HR(size):
output="{0:.1f} {1}".format(size, suff[suffIdx])
return output
+def get_vpn_tunnel_address(peer, interface):
+ lst = []
+ status_file = '/var/run/openvpn/{}.status'.format(interface)
+
+ with open(status_file, 'r') as f:
+ lines = f.readlines()
+ for line in lines:
+ if peer in line:
+ lst.append(line)
+ tunnel_ip = lst[1].split(',')[0]
+
+ return tunnel_ip
+
def get_status(mode, interface):
status_file = '/var/run/openvpn/{}.status'.format(interface)
# this is an empirical value - I assume we have no more then 999999
@@ -110,7 +123,7 @@ def get_status(mode, interface):
'tx_bytes': bytes2HR(line.split(',')[3]),
'online_since': line.split(',')[4]
}
-
+ client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface)
data['clients'].append(client)
continue
else:
@@ -173,5 +186,7 @@ if __name__ == '__main__':
if len(remote_host) >= 1:
client['remote'] = str(remote_host[0]) + ':' + remote_port
+ client['tunnel'] = 'N/A'
+
tmpl = jinja2.Template(outp_tmpl)
print(tmpl.render(data))
diff --git a/src/op_mode/traceroute.py b/src/op_mode/traceroute.py
new file mode 100755
index 000000000..4299d6e5f
--- /dev/null
+++ b/src/op_mode/traceroute.py
@@ -0,0 +1,207 @@
+#! /usr/bin/env python3
+
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import sys
+import socket
+import ipaddress
+
+options = {
+ 'backward-hops': {
+ 'traceroute': '{command} --back',
+ 'type': 'noarg',
+ 'help': 'Display number of backward hops when they different from the forwarded path'
+ },
+ 'bypass': {
+ 'traceroute': '{command} -r',
+ 'type': 'noarg',
+ 'help': 'Bypass the normal routing tables and send directly to a host on an attached network'
+ },
+ 'do-not-fragment': {
+ 'traceroute': '{command} -F',
+ 'type': 'noarg',
+ 'help': 'Do not fragment probe packets.'
+ },
+ 'first-ttl': {
+ 'traceroute': '{command} -f {value}',
+ 'type': '<ttl>',
+ 'help': 'Specifies with what TTL to start. Defaults to 1.'
+ },
+ 'icmp': {
+ 'traceroute': '{command} -I',
+ 'type': 'noarg',
+ 'help': 'Use ICMP ECHO for tracerouting'
+ },
+ 'interface': {
+ 'traceroute': '{command} -i {value}',
+ 'type': '<interface>',
+ 'help': 'Source interface'
+ },
+ 'lookup-as': {
+ 'traceroute': '{command} -A',
+ 'type': 'noarg',
+ 'help': 'Perform AS path lookups'
+ },
+ 'mark': {
+ 'traceroute': '{command} --fwmark={value}',
+ 'type': '<fwmark>',
+ 'help': 'Set the firewall mark for outgoing packets'
+ },
+ 'no-resolve': {
+ 'traceroute': '{command} -n',
+ 'type': 'noarg',
+ 'help': 'Do not resolve hostnames'
+ },
+ 'port': {
+ 'traceroute': '{command} -p {value}',
+ 'type': '<port>',
+ 'help': 'Destination port'
+ },
+ 'source-address': {
+ 'traceroute': '{command} -s {value}',
+ 'type': '<x.x.x.x> <h:h:h:h:h:h:h:h>',
+ 'help': 'Specify source IP v4/v6 address'
+ },
+ 'tcp': {
+ 'traceroute': '{command} -T',
+ 'type': 'noarg',
+ 'help': 'Use TCP SYN for tracerouting (default port is 80)'
+ },
+ 'tos': {
+ 'traceroute': '{commad} -t {value}',
+ 'type': '<tos>',
+ 'help': 'Mark packets with specified TOS'
+ },
+ 'ttl': {
+ 'traceroute': '{command} -m {value}',
+ 'type': '<ttl>',
+ 'help': 'Maximum number of hops'
+ },
+ 'udp': {
+ 'traceroute': '{command} -U',
+ 'type': 'noarg',
+ 'help': 'Use UDP to particular port for tracerouting (default port is 53)'
+ },
+ 'vrf': {
+ 'traceroute': 'sudo ip vrf exec {value} {command}',
+ 'type': '<vrf>',
+ 'help': 'Use specified VRF table',
+ 'dflt': 'default'}
+}
+
+traceroute = {
+ 4: '/bin/traceroute -4',
+ 6: '/bin/traceroute -6',
+}
+
+
+class List (list):
+ def first (self):
+ return self.pop(0) if self else ''
+
+ def last(self):
+ return self.pop() if self else ''
+
+ def prepend(self,value):
+ self.insert(0,value)
+
+
+def expension_failure(option, completions):
+ reason = 'Ambiguous' if completions else 'Invalid'
+ sys.stderr.write('\n\n {} command: {} [{}]\n\n'.format(reason,' '.join(sys.argv), option))
+ if completions:
+ sys.stderr.write(' Possible completions:\n ')
+ sys.stderr.write('\n '.join(completions))
+ sys.stderr.write('\n')
+ sys.stdout.write('<nocomps>')
+ sys.exit(1)
+
+
+def complete(prefix):
+ return [o for o in options if o.startswith(prefix)]
+
+
+def convert(command, args):
+ while args:
+ shortname = args.first()
+ longnames = complete(shortname)
+ if len(longnames) != 1:
+ expension_failure(shortname, longnames)
+ longname = longnames[0]
+ if options[longname]['type'] == 'noarg':
+ command = options[longname]['traceroute'].format(
+ command=command, value='')
+ elif not args:
+ sys.exit(f'traceroute: missing argument for {longname} option')
+ else:
+ command = options[longname]['traceroute'].format(
+ command=command, value=args.first())
+ return command
+
+
+if __name__ == '__main__':
+ args = List(sys.argv[1:])
+ host = args.first()
+
+ if not host:
+ sys.exit("traceroute: Missing host")
+
+ if host == '--get-options':
+ args.first() # pop traceroute
+ args.first() # pop IP
+ while args:
+ option = args.first()
+
+ matched = complete(option)
+ if not args:
+ sys.stdout.write(' '.join(matched))
+ sys.exit(0)
+
+ if len(matched) > 1 :
+ sys.stdout.write(' '.join(matched))
+ sys.exit(0)
+
+ if options[matched[0]]['type'] == 'noarg':
+ continue
+
+ value = args.first()
+ if not args:
+ matched = complete(option)
+ sys.stdout.write(options[matched[0]]['type'])
+ sys.exit(0)
+
+ for name,option in options.items():
+ if 'dflt' in option and name not in args:
+ args.append(name)
+ args.append(option['dflt'])
+
+ try:
+ ip = socket.gethostbyname(host)
+ except UnicodeError:
+ sys.exit(f'tracroute: Unknown host: {host}')
+ except socket.gaierror:
+ ip = host
+
+ try:
+ version = ipaddress.ip_address(ip).version
+ except ValueError:
+ sys.exit(f'traceroute: Unknown host: {host}')
+
+ command = convert(traceroute[version],args)
+
+ # print(f'{command} {host}')
+ os.system(f'{command} {host}')
+
diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py
index 40854fa8f..8955e5a59 100755
--- a/src/op_mode/vpn_ipsec.py
+++ b/src/op_mode/vpn_ipsec.py
@@ -88,7 +88,22 @@ def reset_profile(profile, tunnel):
def debug_peer(peer, tunnel):
if not peer or peer == "all":
- call('sudo /usr/sbin/ipsec statusall')
+ debug_commands = [
+ "sudo ipsec statusall",
+ "sudo swanctl -L",
+ "sudo swanctl -l",
+ "sudo swanctl -P",
+ "sudo ip x sa show",
+ "sudo ip x policy show",
+ "sudo ip tunnel show",
+ "sudo ip address",
+ "sudo ip rule show",
+ "sudo ip route | head -100",
+ "sudo ip route show table 220"
+ ]
+ for debug_cmd in debug_commands:
+ print(f'\n### {debug_cmd} ###')
+ call(debug_cmd)
return
if not tunnel or tunnel == 'all':
diff --git a/src/validators/as-number-list b/src/validators/as-number-list
new file mode 100755
index 000000000..432d44180
--- /dev/null
+++ b/src/validators/as-number-list
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+if [ $# -lt 1 ]; then
+ echo "Illegal number of parameters"
+ exit 1
+fi
+
+for var in "$@"; do
+ ${vyos_validators_dir}/numeric --range 1-4294967294 $var
+ if [ $? -ne 0 ]; then
+ exit 1
+ fi
+done
+
+exit 0
diff --git a/src/validators/port-multi b/src/validators/port-multi
index cef371563..bd6f0ef60 100755
--- a/src/validators/port-multi
+++ b/src/validators/port-multi
@@ -1,6 +1,7 @@
#!/usr/bin/python3
-import sys
+from sys import argv
+from sys import exit
import re
from vyos.util import read_file
@@ -13,12 +14,18 @@ def get_services():
for line in service_data.split("\n"):
if not line or line[0] == '#':
continue
- names.append(line.split(None, 1)[0])
+ tmp = line.split()
+ names.append(tmp[0])
+ if len(tmp) > 2:
+ # Add port aliases to service list, too
+ names.extend(tmp[2:])
+ # remove duplicate entries (e.g. echo) from list
+ names = list(dict.fromkeys(names))
return names
if __name__ == '__main__':
- if len(sys.argv)>1:
- ports = sys.argv[1].split(",")
+ if len(argv)>1:
+ ports = argv[1].split(",")
services = get_services()
for port in ports:
@@ -28,18 +35,18 @@ if __name__ == '__main__':
port_1, port_2 = port.split('-')
if int(port_1) not in range(1, 65536) or int(port_2) not in range(1, 65536):
print(f'Error: {port} is not a valid port range')
- sys.exit(1)
+ exit(1)
if int(port_1) > int(port_2):
print(f'Error: {port} is not a valid port range')
- sys.exit(1)
+ exit(1)
elif port.isnumeric():
if int(port) not in range(1, 65536):
print(f'Error: {port} is not a valid port')
- sys.exit(1)
+ exit(1)
elif port not in services:
print(f'Error: {port} is not a valid service name')
- sys.exit(1)
+ exit(1)
else:
- sys.exit(2)
+ exit(2)
- sys.exit(0)
+ exit(0)