diff options
373 files changed, 48462 insertions, 3464 deletions
@@ -60,9 +60,10 @@ op_mode_definitions: $(op_xml_obj) rm -f $(OP_TMPL_DIR)/show/node.def rm -f $(OP_TMPL_DIR)/show/system/node.def - # XXX: ping must be able to recursivly call itself as the + # XXX: ping and traceroute must be able to recursivly call itself as the # options are provided from the script itself ln -s ../node.tag $(OP_TMPL_DIR)/ping/node.tag/node.tag/ + ln -s ../node.tag $(OP_TMPL_DIR)/traceroute/node.tag/node.tag/ # XXX: test if there are empty node.def files - this is not allowed as these # could mask help strings or mandatory priority statements @@ -77,7 +78,18 @@ vyxdp: $(MAKE) -C $(XDP_DIR) .PHONY: all -all: clean interface_definitions op_mode_definitions test j2lint vyshim +all: clean interface_definitions op_mode_definitions check test j2lint vyshim + +.PHONY: check +.ONESHELL: +check: + @echo "Checking which CLI scripts are not enabled to work with vyos-configd..." + @for file in `ls src/conf_mode -I__pycache__` + do + if ! grep -q $$file data/configd-include.json; then + echo "* $$file" + fi + done .PHONY: clean clean: diff --git a/data/configd-include.json b/data/configd-include.json index b77d48001..5a4912e30 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -1,11 +1,16 @@ [ +"arp.py", "bcast_relay.py", +"container.py", "conntrack.py", "conntrack_sync.py", "dhcp_relay.py", +"dhcp_server.py", "dhcpv6_relay.py", +"dhcpv6_server.py", "dns_forwarding.py", "dynamic_dns.py", +"firewall.py", "flow_accounting_conf.py", "high-availability.py", "host_name.py", @@ -24,6 +29,7 @@ "interfaces-pppoe.py", "interfaces-pseudo-ethernet.py", "interfaces-tunnel.py", +"interfaces-vti.py", "interfaces-vxlan.py", "interfaces-wireguard.py", "interfaces-wireless.py", @@ -31,6 +37,7 @@ "lldp.py", "nat.py", "nat66.py", +"netns.py", "ntp.py", "pki.py", "policy.py", @@ -46,6 +53,7 @@ "protocols_pim.py", "protocols_rip.py", "protocols_ripng.py", +"protocols_rpki.py", "protocols_static.py", "protocols_static_multicast.py", "qos.py", @@ -54,6 +62,7 @@ "service_ids_fastnetmon.py", "service_ipoe-server.py", "service_mdns-repeater.py", +"service_monitoring_telegraf.py", "service_pppoe-server.py", "service_router-advert.py", "service_upnp.py", @@ -61,7 +70,10 @@ "system-ip.py", "system-ipv6.py", "system-login-banner.py", +"system-logs.py", "system-option.py", +"system-proxy.py", +"system_sysctl.py", "system-syslog.py", "system-timezone.py", "system_console.py", diff --git a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl b/data/templates/accel-ppp/chap-secrets.config_dict.j2 index d4e8bb2aa..51e66d57c 100644 --- a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl +++ b/data/templates/accel-ppp/chap-secrets.config_dict.j2 @@ -1,10 +1,10 @@ # username server password acceptable local IP addresses shaper {% if authentication.local_users.username is vyos_defined %} -{% for user, user_config in authentication.local_users.username.items() if user_config.disabled is not vyos_defined %} -{% if user_config.rate_limit is vyos_defined %} +{% for user, user_config in authentication.local_users.username.items() if user_config.disabled is not vyos_defined %} +{% if user_config.rate_limit is vyos_defined %} {{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }} {{ user_config.rate_limit.download }}/{{ user_config.rate_limit.upload }} -{% else %} +{% else %} {{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endif %} diff --git a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl b/data/templates/accel-ppp/chap-secrets.ipoe.j2 index 1df878fcf..a1430ec22 100644 --- a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl +++ b/data/templates/accel-ppp/chap-secrets.ipoe.j2 @@ -1,18 +1,18 @@ # username server password acceptable local IP addresses shaper {% for interface in auth_interfaces %} -{% for mac in interface.mac %} -{% if mac.rate_upload and mac.rate_download %} -{% if mac.vlan_id %} +{% for mac in interface.mac %} +{% if mac.rate_upload and mac.rate_download %} +{% if mac.vlan_id %} {{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }} -{% else %} +{% else %} {{ interface.name }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }} -{% endif %} -{% else %} -{% if mac.vlan_id %} +{% endif %} +{% else %} +{% if mac.vlan_id %} {{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * -{% else %} +{% else %} {{ interface.name }} * {{ mac.address | lower }} * -{% endif %} -{% endif %} -{% endfor %} +{% endif %} +{% endif %} +{% endfor %} {% endfor %} diff --git a/data/templates/accel-ppp/chap-secrets.tmpl b/data/templates/accel-ppp/chap-secrets.j2 index 6cace5401..cc3ddc28f 100644 --- a/data/templates/accel-ppp/chap-secrets.tmpl +++ b/data/templates/accel-ppp/chap-secrets.j2 @@ -1,10 +1,10 @@ # username server password acceptable local IP addresses shaper {% for user in local_users %} -{% if user.state == 'enabled' %} -{% if user.upload and user.download %} +{% if user.state == 'enabled' %} +{% if user.upload and user.download %} {{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} {{ user.download }}/{{ user.upload }} -{% else %} +{% else %} {{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} -{% endif %} -{% endif %} +{% endif %} +{% endif %} {% endfor %} diff --git a/data/templates/accel-ppp/ipoe.config.tmpl b/data/templates/accel-ppp/ipoe.config.j2 index 92c2d5715..3c0d47b27 100644 --- a/data/templates/accel-ppp/ipoe.config.tmpl +++ b/data/templates/accel-ppp/ipoe.config.j2 @@ -1,3 +1,4 @@ +{# j2lint: disable=operator-enclosed-by-spaces #} ### generated by ipoe.py ### [modules] log_syslog @@ -24,45 +25,50 @@ level=5 [ipoe] verbose=1 {% for interface in interfaces %} -{% if interface.vlan_mon %} -interface=re:{{ interface.name }}\.\d+,{% else %}interface={{ interface.name }},{% endif %}shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }}{{ ',range=' + interface.range if interface.range is defined and interface.range is not none }},start={{ interface.sess_start }},ipv6=1 +{% set tmp = 'interface=' %} +{% if interface.vlan_mon %} +{% set tmp = tmp ~ 're:' ~ interface.name ~ '\.\d+' %} +{% else %} +{% set tmp = tmp ~ interface.name %} +{% endif %} +{{ tmp }},shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }}{{ ',range=' ~ interface.range if interface.range is defined and interface.range is not none }},start={{ interface.sess_start }},ipv6=1 {% endfor %} -{% if auth_mode == 'noauth' %} +{% if auth_mode == 'noauth' %} noauth=1 {% if client_named_ip_pool %} -{% for pool in client_named_ip_pool %} -{% if pool.subnet is defined %} +{% for pool in client_named_ip_pool %} +{% if pool.subnet is defined %} ip-pool={{ pool.name }} -{% endif %} -{% if pool.gateway_address is defined %} +{% endif %} +{% if pool.gateway_address is defined %} gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }} -{% endif %} -{% endfor%} +{% endif %} +{% endfor %} {% endif %} -{% elif auth_mode == 'local' %} +{% elif auth_mode == 'local' %} username=ifname password=csid {% endif %} proxy-arp=1 {% for interface in interfaces %} -{% if (interface.shared == '0') and (interface.vlan_mon) %} +{% if (interface.shared == '0') and (interface.vlan_mon) %} vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }} -{% endif %} +{% endif %} {% endfor %} {% if dnsv4 %} [dns] -{% for dns in dnsv4 %} +{% for dns in dnsv4 %} dns{{ loop.index }}={{ dns }} -{% endfor %} +{% endfor %} {% endif %} {% if dnsv6 %} [ipv6-dns] -{% for dns in dnsv6 %} +{% for dns in dnsv6 %} {{ dns }} -{% endfor %} +{% endfor %} {% endif %} [ipv6-nd] @@ -73,24 +79,24 @@ verbose=1 {% if client_named_ip_pool %} [ip-pool] -{% for pool in client_named_ip_pool %} -{% if pool.subnet is defined %} +{% for pool in client_named_ip_pool %} +{% if pool.subnet is defined %} {{ pool.subnet }},name={{ pool.name }} -{% endif %} -{% if pool.gateway_address is defined %} +{% endif %} +{% if pool.gateway_address is defined %} gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }} -{% endif %} -{% endfor%} +{% endif %} +{% endfor %} {% endif %} {% if client_ipv6_pool %} [ipv6-pool] -{% for p in client_ipv6_pool %} +{% for p in client_ipv6_pool %} {{ p.prefix }},{{ p.mask }} -{% endfor %} -{% for p in client_ipv6_delegate_prefix %} +{% endfor %} +{% for p in client_ipv6_delegate_prefix %} delegate={{ p.prefix }},{{ p.mask }} -{% endfor %} +{% endfor %} {% endif %} {% if auth_mode == 'local' %} @@ -99,39 +105,37 @@ chap-secrets={{ chap_secrets_file }} {% elif auth_mode == 'radius' %} [radius] verbose=1 -{% for r in radius_server %} +{% for r in radius_server %} server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor %} +{% endfor %} -{% if radius_acct_inter_jitter %} +{% if radius_acct_inter_jitter %} acct-interim-jitter={{ radius_acct_inter_jitter }} -{% endif %} +{% endif %} acct-timeout={{ radius_acct_tmo }} timeout={{ radius_timeout }} max-try={{ radius_max_try }} -{% if radius_nas_id %} +{% if radius_nas_id %} nas-identifier={{ radius_nas_id }} -{% endif %} -{% if radius_nas_ip %} +{% endif %} +{% if radius_nas_ip %} nas-ip-address={{ radius_nas_ip }} -{% endif %} -{% if radius_source_address %} +{% endif %} +{% if radius_source_address %} bind={{ radius_source_address }} -{% endif %} - -{% if radius_dynamic_author %} +{% endif %} +{% if radius_dynamic_author %} dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} -{% endif %} - -{% if radius_shaper_attr %} +{% endif %} +{% if radius_shaper_attr %} [shaper] verbose=1 attr={{ radius_shaper_attr }} -{% if radius_shaper_vendor %} +{% if radius_shaper_vendor %} vendor={{ radius_shaper_vendor }} -{% endif %} -{% endif %} +{% endif %} +{% endif %} {% endif %} [cli] diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.j2 index 9fcda76d4..9eeaf7622 100644 --- a/data/templates/accel-ppp/l2tp.config.tmpl +++ b/data/templates/accel-ppp/l2tp.config.j2 @@ -3,9 +3,9 @@ log_syslog l2tp chap-secrets -{% for proto in auth_proto: %} -{{proto}} -{% endfor%} +{% for proto in auth_proto %} +{{ proto }} +{% endfor %} {% if auth_mode == 'radius' %} radius @@ -18,7 +18,7 @@ ipv6_nd ipv6_dhcp [core] -thread-count={{thread_cnt}} +thread-count={{ thread_cnt }} [log] syslog=accel-l2tp,daemon @@ -27,23 +27,23 @@ level=5 {% if dnsv4 %} [dns] -{% for dns in dnsv4 %} +{% for dns in dnsv4 %} dns{{ loop.index }}={{ dns }} -{% endfor %} +{% endfor %} {% endif %} {% if dnsv6 %} [ipv6-dns] -{% for dns in dnsv6 %} +{% for dns in dnsv6 %} {{ dns }} -{% endfor %} +{% endfor %} {% endif %} {% if wins %} [wins] -{% for server in wins %} +{% for server in wins %} wins{{ loop.index }}={{ server }} -{% endfor %} +{% endfor %} {% endif %} [l2tp] @@ -66,14 +66,14 @@ host-name={{ lns_host_name }} {% if client_ip_pool or client_ip_subnets %} [ip-pool] -{% if client_ip_pool %} +{% if client_ip_pool %} {{ client_ip_pool }} -{% endif %} -{% if client_ip_subnets %} -{% for sn in client_ip_subnets %} -{{sn}} -{% endfor %} -{% endif %} +{% endif %} +{% if client_ip_subnets %} +{% for sn in client_ip_subnets %} +{{ sn }} +{% endfor %} +{% endif %} {% endif %} {% if gateway_address %} gw-ip-address={{ gateway_address }} @@ -85,27 +85,24 @@ chap-secrets={{ chap_secrets_file }} {% elif auth_mode == 'radius' %} [radius] verbose=1 -{% for r in radius_server %} +{% for r in radius_server %} server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor %} - -{% if radius_acct_inter_jitter %} +{% endfor %} +{% if radius_acct_inter_jitter %} acct-interim-jitter={{ radius_acct_inter_jitter }} -{% endif %} - +{% endif %} acct-timeout={{ radius_acct_tmo }} timeout={{ radius_timeout }} max-try={{ radius_max_try }} - -{% if radius_nas_id %} +{% if radius_nas_id %} nas-identifier={{ radius_nas_id }} -{% endif %} -{% if radius_nas_ip %} +{% endif %} +{% if radius_nas_ip %} nas-ip-address={{ radius_nas_ip }} -{% endif %} -{% if radius_source_address %} +{% endif %} +{% if radius_source_address %} bind={{ radius_source_address }} -{% endif %} +{% endif %} {% endif %} {% if gateway_address %} gw-ip-address={{ gateway_address }} @@ -128,12 +125,12 @@ ipv6=allow {% if client_ipv6_pool %} [ipv6-pool] -{% for p in client_ipv6_pool %} +{% for p in client_ipv6_pool %} {{ p.prefix }},{{ p.mask }} -{% endfor %} -{% for p in client_ipv6_delegate_prefix %} +{% endfor %} +{% for p in client_ipv6_delegate_prefix %} delegate={{ p.prefix }},{{ p.mask }} -{% endfor %} +{% endfor %} {% endif %} {% if client_ipv6_delegate_prefix %} @@ -145,9 +142,9 @@ verbose=1 [shaper] verbose=1 attr={{ radius_shaper_attr }} -{% if radius_shaper_vendor %} +{% if radius_shaper_vendor %} vendor={{ radius_shaper_vendor }} -{% endif %} +{% endif %} {% endif %} [cli] diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.j2 index 81b98cc81..0a92e2d54 100644 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ b/data/templates/accel-ppp/pppoe.config.j2 @@ -49,9 +49,9 @@ disable {% if wins_server is vyos_defined %} [wins] -{% for server in wins_server %} +{% for server in wins_server %} wins{{ loop.index }}={{ server }} -{% endfor %} +{% endfor %} {% endif %} {# Common chap-secrets and RADIUS server/option definitions #} @@ -85,12 +85,12 @@ ipv4={{ ppp_options.ipv4 }} {# IPv6 #} {% if ppp_options.ipv6 is vyos_defined %} ipv6={{ ppp_options.ipv6 }} -{% if ppp_options.ipv6_intf_id is vyos_defined %} +{% if ppp_options.ipv6_intf_id is vyos_defined %} ipv6-intf-id={{ ppp_options.ipv6_intf_id }} -{% endif %} -{% if ppp_options.ipv6_peer_intf_id is vyos_defined %} +{% endif %} +{% if ppp_options.ipv6_peer_intf_id is vyos_defined %} ipv6-peer-intf-id={{ ppp_options.ipv6_peer_intf_id }} -{% endif %} +{% endif %} ipv6-accept-peer-intf-id={{ "1" if ppp_options.ipv6_accept_peer_intf_id is vyos_defined else "0" }} {% endif %} {# MTU #} @@ -104,23 +104,23 @@ verbose=1 ac-name={{ access_concentrator }} {% if interface is vyos_defined %} -{% for iface, iface_config in interface.items() %} -{% if iface_config.vlan_id is not vyos_defined and iface_config.vlan_range is not vyos_defined %} +{% for iface, iface_config in interface.items() %} +{% if iface_config.vlan_id is not vyos_defined and iface_config.vlan_range is not vyos_defined %} interface={{ iface }} -{% endif %} -{% if iface_config.vlan_range is vyos_defined %} -{% for regex in iface_config.regex %} +{% endif %} +{% if iface_config.vlan_range is vyos_defined %} +{% for regex in iface_config.regex %} interface=re:^{{ iface | replace('.', '\\.') }}\.({{ regex }})$ -{% endfor %} +{% endfor %} vlan-mon={{ iface }},{{ iface_config.vlan_range | join(',') }} -{% endif %} -{% if iface_config.vlan_id is vyos_defined %} -{% for vlan in iface_config.vlan_id %} +{% endif %} +{% if iface_config.vlan_id is vyos_defined %} +{% for vlan in iface_config.vlan_id %} vlan-mon={{ iface }},{{ vlan }} interface=re:^{{ iface | replace('.', '\\.') }}\.{{ vlan }}$ -{% endfor %} -{% endif %} -{% endfor %} +{% endfor %} +{% endif %} +{% endfor %} {% endif %} {% if service_name %} @@ -128,14 +128,14 @@ service-name={{ service_name | join(',') }} {% endif %} {% if pado_delay %} -{% set pado_delay_param = namespace(value='0') %} -{% for delay in pado_delay|sort(attribute='0') %} -{% if not loop.last %} -{% set pado_delay_param.value = pado_delay_param.value + ',' + delay + ':' + pado_delay[delay].sessions %} -{% else %} -{% set pado_delay_param.value = pado_delay_param.value + ',-1:' + pado_delay[delay].sessions %} -{% endif %} -{% endfor %} +{% set pado_delay_param = namespace(value='0') %} +{% for delay in pado_delay | sort(attribute='0') %} +{% if not loop.last %} +{% set pado_delay_param.value = pado_delay_param.value + ',' + delay + ':' + pado_delay[delay].sessions %} +{% else %} +{% set pado_delay_param.value = pado_delay_param.value + ',-1:' + pado_delay[delay].sessions %} +{% endif %} +{% endfor %} pado-delay={{ pado_delay_param.value }} {% endif %} {% if authentication.radius.called_sid_format is vyos_defined %} @@ -144,15 +144,15 @@ called-sid={{ authentication.radius.called_sid_format }} {% if limits is vyos_defined %} [connlimit] -{% if limits.connection_limit is vyos_defined %} +{% if limits.connection_limit is vyos_defined %} limit={{ limits.connection_limit }} -{% endif %} -{% if limits.burst is vyos_defined %} +{% endif %} +{% if limits.burst is vyos_defined %} burst={{ limits.burst }} -{% endif %} -{% if limits.timeout is vyos_defined %} +{% endif %} +{% if limits.timeout is vyos_defined %} timeout={{ limits.timeout }} -{% endif %} +{% endif %} {% endif %} {# Common RADIUS shaper configuration #} @@ -162,10 +162,10 @@ timeout={{ limits.timeout }} [pppd-compat] verbose=1 radattr-prefix=/run/accel-pppd/radattr -{% set script_name = {'on_up': 'ip-up', 'on_down': 'ip-down', 'on_change':'ip-change', 'on_pre_up':'ip-pre-up'} %} -{% for script in extended_scripts %} +{% set script_name = {'on_up': 'ip-up', 'on_down': 'ip-down', 'on_change':'ip-change', 'on_pre_up':'ip-pre-up'} %} +{% for script in extended_scripts %} {{ script_name[script] }}={{ extended_scripts[script] }} -{% endfor %} +{% endfor %} {% endif %} [cli] diff --git a/data/templates/accel-ppp/pptp.config.tmpl b/data/templates/accel-ppp/pptp.config.j2 index 3cfc4a906..cc1a45d6b 100644 --- a/data/templates/accel-ppp/pptp.config.tmpl +++ b/data/templates/accel-ppp/pptp.config.j2 @@ -10,7 +10,7 @@ radius {% endif %} ippool {% for proto in auth_proto %} -{{proto}} +{{ proto }} {% endfor %} [core] @@ -23,16 +23,16 @@ level=5 {% if dnsv4 %} [dns] -{% for dns in dnsv4 %} +{% for dns in dnsv4 %} dns{{ loop.index }}={{ dns }} -{% endfor %} +{% endfor %} {% endif %} {% if wins %} [wins] -{% for server in wins %} +{% for server in wins %} wins{{ loop.index }}={{ server }} -{% endfor %} +{% endfor %} {% endif %} @@ -42,7 +42,7 @@ ifname=pptp%d bind={{ outside_addr }} {% endif %} verbose=1 -ppp-max-mtu={{mtu}} +ppp-max-mtu={{ mtu }} mppe={{ ppp_mppe }} echo-interval=10 echo-failure=3 @@ -66,27 +66,27 @@ chap-secrets={{ chap_secrets_file }} {% elif auth_mode == 'radius' %} [radius] verbose=1 -{% for r in radius_server %} +{% for r in radius_server %} server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor %} +{% endfor %} -{% if radius_acct_inter_jitter %} +{% if radius_acct_inter_jitter %} acct-interim-jitter={{ radius_acct_inter_jitter }} -{% endif %} +{% endif %} acct-timeout={{ radius_acct_tmo }} timeout={{ radius_timeout }} max-try={{ radius_max_try }} -{% if radius_nas_id %} +{% if radius_nas_id %} nas-identifier={{ radius_nas_id }} -{% endif %} -{% if radius_nas_ip %} +{% endif %} +{% if radius_nas_ip %} nas-ip-address={{ radius_nas_ip }} -{% endif %} -{% if radius_source_address %} +{% endif %} +{% if radius_source_address %} bind={{ radius_source_address }} -{% endif %} +{% endif %} {% endif %} {# Both chap-secrets and radius block required the gw-ip-address #} {% if gw_ip is defined and gw_ip is not none %} diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.j2 index 5c6f19306..5c6f19306 100644 --- a/data/templates/accel-ppp/sstp.config.tmpl +++ b/data/templates/accel-ppp/sstp.config.j2 diff --git a/data/templates/bcast-relay/udp-broadcast-relay.tmpl b/data/templates/bcast-relay/udp-broadcast-relay.j2 index 75740e04c..75740e04c 100644 --- a/data/templates/bcast-relay/udp-broadcast-relay.tmpl +++ b/data/templates/bcast-relay/udp-broadcast-relay.j2 diff --git a/data/templates/conntrack/nftables-ct.j2 b/data/templates/conntrack/nftables-ct.j2 new file mode 100644 index 000000000..16a03fc6e --- /dev/null +++ b/data/templates/conntrack/nftables-ct.j2 @@ -0,0 +1,48 @@ +#!/usr/sbin/nft -f + +{% set nft_ct_ignore_name = 'VYOS_CT_IGNORE' %} +{% set nft_ct_timeout_name = 'VYOS_CT_TIMEOUT' %} + +# we first flush all chains and render the content from scratch - this makes +# any delta check obsolete +flush chain raw {{ nft_ct_ignore_name }} +flush chain raw {{ nft_ct_timeout_name }} + +table raw { + chain {{ nft_ct_ignore_name }} { +{% if ignore.rule is vyos_defined %} +{% for rule, rule_config in ignore.rule.items() %} + # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }} +{% set nft_command = '' %} +{% if rule_config.inbound_interface is vyos_defined %} +{% set nft_command = nft_command ~ ' iifname ' ~ rule_config.inbound_interface %} +{% endif %} +{% if rule_config.protocol is vyos_defined %} +{% set nft_command = nft_command ~ ' ip protocol ' ~ rule_config.protocol %} +{% endif %} +{% if rule_config.destination.address is vyos_defined %} +{% set nft_command = nft_command ~ ' ip daddr ' ~ rule_config.destination.address %} +{% endif %} +{% if rule_config.destination.port is vyos_defined %} +{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' dport { ' ~ rule_config.destination.port ~ ' }' %} +{% endif %} +{% if rule_config.source.address is vyos_defined %} +{% set nft_command = nft_command ~ ' ip saddr ' ~ rule_config.source.address %} +{% endif %} +{% if rule_config.source.port is vyos_defined %} +{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' sport { ' ~ rule_config.source.port ~ ' }' %} +{% endif %} + {{ nft_command }} counter notrack comment ignore-{{ rule }} +{% endfor %} +{% endif %} + return + } + chain {{ nft_ct_timeout_name }} { +{% if timeout.custom.rule is vyos_defined %} +{% for rule, rule_config in timeout.custom.rule.items() %} + # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }} +{% endfor %} +{% endif %} + return + } +} diff --git a/data/templates/conntrack/nftables-ct.tmpl b/data/templates/conntrack/nftables-ct.tmpl deleted file mode 100644 index 569e73df1..000000000 --- a/data/templates/conntrack/nftables-ct.tmpl +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/sbin/nft -f - -{% set nft_ct_ignore_name = 'VYOS_CT_IGNORE' %} -{% set nft_ct_timeout_name = 'VYOS_CT_TIMEOUT' %} - -# we first flush all chains and render the content from scratch - this makes -# any delta check obsolete -flush chain raw {{ nft_ct_ignore_name }} -flush chain raw {{ nft_ct_timeout_name }} - -table raw { - chain {{ nft_ct_ignore_name }} { -{% if ignore.rule is vyos_defined %} -{% for rule, rule_config in ignore.rule.items() %} - # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }} -{% set nft_command = '' %} -{% if rule_config.inbound_interface is vyos_defined %} -{% set nft_command = nft_command ~ ' iifname ' ~ rule_config.inbound_interface %} -{% endif %} -{% if rule_config.protocol is vyos_defined %} -{% set nft_command = nft_command ~ ' ip protocol ' ~ rule_config.protocol %} -{% endif %} -{% if rule_config.destination.address is vyos_defined %} -{% set nft_command = nft_command ~ ' ip daddr ' ~ rule_config.destination.address %} -{% endif %} -{% if rule_config.destination.port is vyos_defined %} -{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' dport { ' ~ rule_config.destination.port ~ ' }' %} -{% endif %} -{% if rule_config.source.address is vyos_defined %} -{% set nft_command = nft_command ~ ' ip saddr ' ~ rule_config.source.address %} -{% endif %} -{% if rule_config.source.port is vyos_defined %} -{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' sport { ' ~ rule_config.source.port ~ ' }' %} -{% endif %} - {{ nft_command }} counter notrack comment ignore-{{ rule }} -{% endfor %} -{% endif %} - return - } - chain {{ nft_ct_timeout_name }} { -{% if timeout.custom.rule is vyos_defined %} -{% for rule, rule_config in timeout.custom.rule.items() %} - # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }} -{% endfor %} -{% endif %} - return - } -} diff --git a/data/templates/conntrack/sysctl.conf.tmpl b/data/templates/conntrack/sysctl.conf.j2 index 075402c04..075402c04 100644 --- a/data/templates/conntrack/sysctl.conf.tmpl +++ b/data/templates/conntrack/sysctl.conf.j2 diff --git a/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl b/data/templates/conntrack/vyos_nf_conntrack.conf.j2 index 111459485..111459485 100644 --- a/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl +++ b/data/templates/conntrack/vyos_nf_conntrack.conf.j2 diff --git a/data/templates/conntrackd/conntrackd.conf.tmpl b/data/templates/conntrackd/conntrackd.conf.j2 index 80e7254a0..66024869d 100644 --- a/data/templates/conntrackd/conntrackd.conf.tmpl +++ b/data/templates/conntrackd/conntrackd.conf.j2 @@ -6,11 +6,11 @@ Sync { DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }} } {% for iface, iface_config in interface.items() %} -{% if iface_config.peer is vyos_defined %} +{% if iface_config.peer is vyos_defined %} UDP { -{% if listen_address is vyos_defined %} +{% if listen_address is vyos_defined %} IPv4_address {{ listen_address }} -{% endif %} +{% endif %} IPv4_Destination_Address {{ iface_config.peer }} Port {{ iface_config.port if iface_config.port is vyos_defined else '3780' }} Interface {{ iface }} @@ -18,9 +18,9 @@ Sync { RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }} Checksum on } -{% else %} +{% else %} Multicast { -{% set ip_address = iface | get_ipv4 %} +{% set ip_address = iface | get_ipv4 %} IPv4_address {{ mcast_group }} Group {{ iface_config.port if iface_config.port is vyos_defined else '3780' }} IPv4_interface {{ ip_address[0] | ip_from_cidr }} @@ -29,19 +29,19 @@ Sync { RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }} Checksum on } -{% endif %} +{% endif %} {% endfor %} {% if expect_sync is vyos_defined %} Options { -{% if 'all' in expect_sync %} +{% if 'all' in expect_sync %} ExpectationSync on -{% else %} +{% else %} ExpectationSync { -{% for protocol in expect_sync %} +{% for protocol in expect_sync %} {{ protocol }} -{% endfor %} +{% endfor %} } -{% endif %} +{% endif %} } {% endif %} } @@ -85,27 +85,27 @@ General { NetlinkEventsReliable on {% if ignore_address is vyos_defined or accept_protocol is vyos_defined %} Filter From Userspace { -{% if ignore_address is vyos_defined %} +{% if ignore_address is vyos_defined %} Address Ignore { -{% for address in ignore_address if address | is_ipv4 %} +{% for address in ignore_address if address | is_ipv4 %} IPv4_address {{ address }} -{% endfor %} -{% for address in ignore_address if address | is_ipv6 %} +{% endfor %} +{% for address in ignore_address if address | is_ipv6 %} IPv6_address {{ address }} -{% endfor %} +{% endfor %} } -{% endif %} -{% if accept_protocol is vyos_defined %} +{% endif %} +{% if accept_protocol is vyos_defined %} Protocol Accept { -{% for protocol in accept_protocol %} -{% if protocol == 'icmp6' %} +{% for protocol in accept_protocol %} +{% if protocol == 'icmp6' %} IPv6-ICMP -{% else %} +{% else %} {{ protocol | upper }} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} } -{% endif %} +{% endif %} } {% endif %} } diff --git a/data/templates/conntrackd/conntrackd.op-mode.j2 b/data/templates/conntrackd/conntrackd.op-mode.j2 new file mode 100644 index 000000000..82f7e2859 --- /dev/null +++ b/data/templates/conntrackd/conntrackd.op-mode.j2 @@ -0,0 +1,13 @@ +Source Destination Protocol +{% for parsed in data if parsed.flow.meta is vyos_defined %} +{% for key in parsed.flow.meta %} +{% if key['@direction'] == 'original' %} +{% set saddr = key.layer3.src | bracketize_ipv6 %} +{% set sport = key.layer4.sport %} +{% set daddr = key.layer3.dst | bracketize_ipv6 %} +{% set dport = key.layer4.dport %} +{% set protocol = key.layer4['@protoname'] %} +{{ "%-48s" | format(saddr ~ ':' ~ sport) }} {{ "%-48s" | format(daddr ~ ':' ~ dport) }} {{ protocol }} +{% endif %} +{% endfor %} +{% endfor %} diff --git a/data/templates/conntrackd/conntrackd.op-mode.tmpl b/data/templates/conntrackd/conntrackd.op-mode.tmpl deleted file mode 100644 index c3f6911ce..000000000 --- a/data/templates/conntrackd/conntrackd.op-mode.tmpl +++ /dev/null @@ -1,13 +0,0 @@ -Source Destination Protocol -{% for parsed in data if parsed.flow.meta is vyos_defined %} -{% for key in parsed.flow.meta %} -{% if key['@direction'] == 'original' %} -{% set saddr = key.layer3.src | bracketize_ipv6 %} -{% set sport = key.layer4.sport %} -{% set daddr = key.layer3.dst | bracketize_ipv6 %} -{% set dport = key.layer4.dport %} -{% set protocol = key.layer4['@protoname'] %} -{{ "%-48s" | format(saddr ~ ':' ~ sport) }} {{ "%-48s" | format(daddr ~ ':' ~ dport) }} {{ protocol }} -{% endif %} -{% endfor %} -{% endfor %} diff --git a/data/templates/conserver/conserver.conf.tmpl b/data/templates/conserver/conserver.conf.j2 index 4e7b5d8d7..1823657d7 100644 --- a/data/templates/conserver/conserver.conf.tmpl +++ b/data/templates/conserver/conserver.conf.j2 @@ -17,7 +17,7 @@ default * { ## {% for key, value in device.items() %} {# Depending on our USB serial console we could require a path adjustment #} -{% set path = '/dev' if key.startswith('ttyS') else '/dev/serial/by-bus' %} +{% set path = '/dev' if key.startswith('ttyS') else '/dev/serial/by-bus' %} console {{ key }} { master localhost; type device; diff --git a/data/templates/conserver/dropbear@.service.tmpl b/data/templates/conserver/dropbear@.service.j2 index e355dab43..e355dab43 100644 --- a/data/templates/conserver/dropbear@.service.tmpl +++ b/data/templates/conserver/dropbear@.service.j2 diff --git a/data/templates/container/registries.conf.j2 b/data/templates/container/registries.conf.j2 new file mode 100644 index 000000000..2e86466a1 --- /dev/null +++ b/data/templates/container/registries.conf.j2 @@ -0,0 +1,27 @@ +### Autogenerated by container.py ### + +# For more information on this configuration file, see containers-registries.conf(5). +# +# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES +# We recommend always using fully qualified image names including the registry +# server (full dns name), namespace, image name, and tag +# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e., +# quay.io/repository/name@digest) further eliminates the ambiguity of tags. +# When using short names, there is always an inherent risk that the image being +# pulled could be spoofed. For example, a user wants to pull an image named +# `foobar` from a registry and expects it to come from myregistry.com. If +# myregistry.com is not first in the search list, an attacker could place a +# different `foobar` image at a registry earlier in the search list. The user +# would accidentally pull and run the attacker's image and code rather than the +# intended content. We recommend only adding registries which are completely +# trusted (i.e., registries which don't allow unknown or anonymous users to +# create accounts with arbitrary names). This will prevent an image from being +# spoofed, squatted or otherwise made insecure. If it is necessary to use one +# of these registries, it should be added at the end of the list. +# +# An array of host[:port] registries to try when pulling an unqualified image, in order. +# unqualified-search-registries = ["example.com"] + +{% if registry is vyos_defined %} +unqualified-search-registries = {{ registry }} +{% endif %} diff --git a/data/templates/container/storage.conf.j2 b/data/templates/container/storage.conf.j2 new file mode 100644 index 000000000..665f9bf95 --- /dev/null +++ b/data/templates/container/storage.conf.j2 @@ -0,0 +1,4 @@ +### Autogenerated by container.py ### +[storage] + driver = "vfs" + graphroot = "/usr/lib/live/mount/persistence/container/storage" diff --git a/data/templates/containers/registry.tmpl b/data/templates/containers/registry.tmpl deleted file mode 100644 index 0cbd9ecc2..000000000 --- a/data/templates/containers/registry.tmpl +++ /dev/null @@ -1,5 +0,0 @@ -### Autogenerated by /usr/libexec/vyos/conf_mode/containers.py ### - -{% if registry is vyos_defined %} -unqualified-search-registries = {{ registry }} -{% endif %} diff --git a/data/templates/containers/storage.tmpl b/data/templates/containers/storage.tmpl deleted file mode 100644 index 3a69b7252..000000000 --- a/data/templates/containers/storage.tmpl +++ /dev/null @@ -1,5 +0,0 @@ -### Autogenerated by /usr/libexec/vyos/conf_mode/containers.py ### - -[storage] - driver = "vfs" - graphroot = "/config/containers/storage" diff --git a/data/templates/dhcp-server/dhcpd.conf.j2 b/data/templates/dhcp-server/dhcpd.conf.j2 index 40575cea2..4c2da0aa5 100644 --- a/data/templates/dhcp-server/dhcpd.conf.j2 +++ b/data/templates/dhcp-server/dhcpd.conf.j2 @@ -23,6 +23,15 @@ option rfc3442-static-route code 121 = array of integer 8; option windows-static-route code 249 = array of integer 8; option wpad-url code 252 = text; +# Vendor specific options - Ubiquiti Networks +option space ubnt; +option ubnt.unifi-controller code 1 = ip-address; +class "ubnt" { + match if substring (option vendor-class-identifier , 0, 4) = "ubnt"; + option vendor-class-identifier "ubnt"; + vendor-option-space ubnt; +} + {% if global_parameters is vyos_defined %} # The following {{ global_parameters | length }} line(s) have been added as # global-parameters in the CLI and have not been validated !!! @@ -194,6 +203,9 @@ shared-network {{ network }} { } {% endfor %} {% endif %} +{% if subnet_config.vendor_option.ubiquiti.unifi_controller is vyos_defined %} + option ubnt.unifi-controller {{ subnet_config.vendor_option.ubiquiti.unifi_controller }}; +{% endif %} {% if subnet_config.range is vyos_defined %} {# pool configuration can only be used if there follows a range option #} pool { diff --git a/data/templates/dhcp-server/dhcpdv6.conf.j2 b/data/templates/dhcp-server/dhcpdv6.conf.j2 index 284b7f269..5c3471316 100644 --- a/data/templates/dhcp-server/dhcpdv6.conf.j2 +++ b/data/templates/dhcp-server/dhcpdv6.conf.j2 @@ -12,6 +12,11 @@ option dhcp6.preference {{ preference }}; option dhcp6.name-servers {{ global_parameters.name_server | join(', ') }}; {% endif %} +# Vendor specific options - Cisco +option space cisco code width 2 length width 2; +option cisco.tftp-servers code 1 = array of ip6-address; +option vsio.cisco code 9 = encapsulate cisco; + # Shared network configration(s) {% if shared_network_name is vyos_defined %} {% for network, network_config in shared_network_name.items() if network_config.disable is not vyos_defined %} @@ -113,6 +118,9 @@ shared-network {{ network }} { } {% endfor %} {% endif %} +{% if subnet_config.vendor_option.cisco.tftp_server is vyos_defined %} + option cisco.tftp-servers {{ subnet_config.vendor_option.cisco.tftp_server | join(', ') }}; +{% endif %} } {% endfor %} {% endif %} diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2 new file mode 100644 index 000000000..4fa92f2e3 --- /dev/null +++ b/data/templates/firewall/nftables-defines.j2 @@ -0,0 +1,32 @@ +{% if group is vyos_defined %} +{% if group.address_group is vyos_defined %} +{% for group_name, group_conf in group.address_group.items() %} +define A_{{ group_name }} = { {{ group_conf.address | join(",") }} } +{% endfor %} +{% endif %} +{% if group.ipv6_address_group is vyos_defined %} +{% for group_name, group_conf in group.ipv6_address_group.items() %} +define A6_{{ group_name }} = { {{ group_conf.address | join(",") }} } +{% endfor %} +{% endif %} +{% if group.mac_group is vyos_defined %} +{% for group_name, group_conf in group.mac_group.items() %} +define M_{{ group_name }} = { {{ group_conf.mac_address | join(",") }} } +{% endfor %} +{% endif %} +{% if group.network_group is vyos_defined %} +{% for group_name, group_conf in group.network_group.items() %} +define N_{{ group_name }} = { {{ group_conf.network | join(",") }} } +{% endfor %} +{% endif %} +{% if group.ipv6_network_group is vyos_defined %} +{% for group_name, group_conf in group.ipv6_network_group.items() %} +define N6_{{ group_name }} = { {{ group_conf.network | join(",") }} } +{% endfor %} +{% endif %} +{% if group.port_group is vyos_defined %} +{% for group_name, group_conf in group.port_group.items() %} +define P_{{ group_name }} = { {{ group_conf.port | join(",") }} } +{% endfor %} +{% endif %} +{% endif %}
\ No newline at end of file diff --git a/data/templates/firewall/nftables-defines.tmpl b/data/templates/firewall/nftables-defines.tmpl deleted file mode 100644 index 66d31093b..000000000 --- a/data/templates/firewall/nftables-defines.tmpl +++ /dev/null @@ -1,32 +0,0 @@ -{% if group is vyos_defined %} -{% if group.address_group is vyos_defined %} -{% for group_name, group_conf in group.address_group.items() %} -define A_{{ group_name }} = { {{ group_conf.address | join(",") }} } -{% endfor %} -{% endif %} -{% if group.ipv6_address_group is vyos_defined %} -{% for group_name, group_conf in group.ipv6_address_group.items() %} -define A6_{{ group_name }} = { {{ group_conf.address | join(",") }} } -{% endfor %} -{% endif %} -{% if group.mac_group is vyos_defined %} -{% for group_name, group_conf in group.mac_group.items() %} -define M_{{ group_name }} = { {{ group_conf.mac_address | join(",") }} } -{% endfor %} -{% endif %} -{% if group.network_group is vyos_defined %} -{% for group_name, group_conf in group.network_group.items() %} -define N_{{ group_name }} = { {{ group_conf.network | join(",") }} } -{% endfor %} -{% endif %} -{% if group.ipv6_network_group is vyos_defined %} -{% for group_name, group_conf in group.ipv6_network_group.items() %} -define N6_{{ group_name }} = { {{ group_conf.network | join(",") }} } -{% endfor %} -{% endif %} -{% if group.port_group is vyos_defined %} -{% for group_name, group_conf in group.port_group.items() %} -define P_{{ group_name }} = { {{ group_conf.port | join(",") }} } -{% endfor %} -{% endif %} -{% endif %}
\ No newline at end of file diff --git a/data/templates/firewall/nftables-nat.j2 b/data/templates/firewall/nftables-nat.j2 new file mode 100644 index 000000000..1481e9104 --- /dev/null +++ b/data/templates/firewall/nftables-nat.j2 @@ -0,0 +1,182 @@ +#!/usr/sbin/nft -f + +{% macro nat_rule(rule, config, chain) %} +{% set comment = '' %} +{% set base_log = '' %} +{% set src_addr = 'ip saddr ' ~ config.source.address.replace('!','!= ') if config.source.address is vyos_defined %} +{% set dst_addr = 'ip daddr ' ~ config.destination.address.replace('!','!= ') if config.destination.address is vyos_defined %} +{# negated port groups need special treatment, move != in front of { } group #} +{% if config.source.port is vyos_defined and config.source.port.startswith('!') %} +{% set src_port = 'sport != { ' ~ config.source.port.replace('!','') ~ ' }' %} +{% else %} +{% set src_port = 'sport { ' ~ config.source.port ~ ' }' if config.source.port is vyos_defined %} +{% endif %} +{# negated port groups need special treatment, move != in front of { } group #} +{% if config.destination.port is vyos_defined and config.destination.port.startswith('!') %} +{% set dst_port = 'dport != { ' ~ config.destination.port.replace('!','') ~ ' }' %} +{% else %} +{% set dst_port = 'dport { ' ~ config.destination.port ~ ' }' if config.destination.port is vyos_defined %} +{% endif %} +{% if chain is vyos_defined('PREROUTING') %} +{% set comment = 'DST-NAT-' ~ rule %} +{% set base_log = '[NAT-DST-' ~ rule %} +{% set interface = ' iifname "' ~ config.inbound_interface ~ '"' if config.inbound_interface is vyos_defined and config.inbound_interface is not vyos_defined('any') else '' %} +{% if config.translation.address is vyos_defined %} +{# support 1:1 network translation #} +{% if config.translation.address | is_ip_network %} +{% set trns_addr = 'dnat ip prefix to ip daddr map { ' ~ config.destination.address ~ ' : ' ~ config.translation.address ~ ' }' %} +{# we can now clear out the dst_addr part as it's already covered in aboves map #} +{% set dst_addr = '' %} +{% else %} +{% set trns_addr = 'dnat to ' ~ config.translation.address %} +{% endif %} +{% endif %} +{% elif chain is vyos_defined('POSTROUTING') %} +{% set comment = 'SRC-NAT-' ~ rule %} +{% set base_log = '[NAT-SRC-' ~ rule %} +{% set interface = ' oifname "' ~ config.outbound_interface ~ '"' if config.outbound_interface is vyos_defined and config.outbound_interface is not vyos_defined('any') else '' %} +{% if config.translation.address is vyos_defined %} +{% if config.translation.address is vyos_defined('masquerade') %} +{% set trns_addr = config.translation.address %} +{% if config.translation.port is vyos_defined %} +{% set trns_addr = trns_addr ~ ' to ' %} +{% endif %} +{# support 1:1 network translation #} +{% elif config.translation.address | is_ip_network %} +{% set trns_addr = 'snat ip prefix to ip saddr map { ' ~ config.source.address ~ ' : ' ~ config.translation.address ~ ' }' %} +{# we can now clear out the src_addr part as it's already covered in aboves map #} +{% set src_addr = '' %} +{% else %} +{% set trns_addr = 'snat to ' ~ config.translation.address %} +{% endif %} +{% endif %} +{% endif %} +{% set trns_port = ':' ~ config.translation.port if config.translation.port is vyos_defined %} +{# protocol has a default value thus it is always present #} +{% if config.protocol is vyos_defined('tcp_udp') %} +{% set protocol = 'tcp' %} +{% set comment = comment ~ ' tcp_udp' %} +{% else %} +{% set protocol = config.protocol %} +{% endif %} +{% if config.log is vyos_defined %} +{% if config.exclude is vyos_defined %} +{% set log = base_log ~ '-EXCL]' %} +{% elif config.translation.address is vyos_defined('masquerade') %} +{% set log = base_log ~ '-MASQ]' %} +{% else %} +{% set log = base_log ~ ']' %} +{% endif %} +{% endif %} +{% if config.exclude is vyos_defined %} +{# rule has been marked as 'exclude' thus we simply return here #} +{% set trns_addr = 'return' %} +{% set trns_port = '' %} +{% endif %} +{# T1083: NAT address and port translation options #} +{% if config.translation.options is vyos_defined %} +{% if config.translation.options.address_mapping is vyos_defined('persistent') %} +{% set trns_opts_addr = 'persistent' %} +{% endif %} +{% if config.translation.options.port_mapping is vyos_defined('random') %} +{% set trns_opts_port = 'random' %} +{% elif config.translation.options.port_mapping is vyos_defined('fully-random') %} +{% set trns_opts_port = 'fully-random' %} +{% endif %} +{% endif %} +{% if trns_opts_addr is vyos_defined and trns_opts_port is vyos_defined %} +{% set trns_opts = trns_opts_addr ~ ',' ~ trns_opts_port %} +{% elif trns_opts_addr is vyos_defined %} +{% set trns_opts = trns_opts_addr %} +{% elif trns_opts_port is vyos_defined %} +{% set trns_opts = trns_opts_port %} +{% endif %} +{% set output = 'add rule ip nat ' ~ chain ~ interface %} +{% if protocol is not vyos_defined('all') %} +{% set output = output ~ ' ip protocol ' ~ protocol %} +{% endif %} +{% if src_addr is vyos_defined %} +{% set output = output ~ ' ' ~ src_addr %} +{% endif %} +{% if src_port is vyos_defined %} +{% set output = output ~ ' ' ~ protocol ~ ' ' ~ src_port %} +{% endif %} +{% if dst_addr is vyos_defined %} +{% set output = output ~ ' ' ~ dst_addr %} +{% endif %} +{% if dst_port is vyos_defined %} +{% set output = output ~ ' ' ~ protocol ~ ' ' ~ dst_port %} +{% endif %} +{# Count packets #} +{% set output = output ~ ' counter' %} +{# Special handling of log option, we must repeat the entire rule before the #} +{# NAT translation options are added, this is essential #} +{% if log is vyos_defined %} +{% set log_output = output ~ ' log prefix "' ~ log ~ '" comment "' ~ comment ~ '"' %} +{% endif %} +{% if trns_addr is vyos_defined %} +{% set output = output ~ ' ' ~ trns_addr %} +{% endif %} +{% if trns_port is vyos_defined %} +{# Do not add a whitespace here, translation port must be directly added after IP address #} +{# e.g. 192.0.2.10:3389 #} +{% set output = output ~ trns_port %} +{% endif %} +{% if trns_opts is vyos_defined %} +{% set output = output ~ ' ' ~ trns_opts %} +{% endif %} +{% if comment is vyos_defined %} +{% set output = output ~ ' comment "' ~ comment ~ '"' %} +{% endif %} +{{ log_output if log_output is vyos_defined }} +{{ output }} +{# Special handling if protocol is tcp_udp, we must repeat the entire rule with udp as protocol #} +{% if config.protocol is vyos_defined('tcp_udp') %} +{# Beware of trailing whitespace, without it the comment tcp_udp will be changed to udp_udp #} +{{ log_output | replace('tcp ', 'udp ') if log_output is vyos_defined }} +{{ output | replace('tcp ', 'udp ') }} +{% endif %} +{% endmacro %} + +# Start with clean SNAT and DNAT chains +flush chain ip nat PREROUTING +flush chain ip nat POSTROUTING +{% if helper_functions is vyos_defined('remove') %} +{# NAT if going to be disabled - remove rules and targets from nftables #} +{% set base_command = 'delete rule ip raw' %} +{{ base_command }} PREROUTING handle {{ pre_ct_ignore }} +{{ base_command }} OUTPUT handle {{ out_ct_ignore }} +{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }} +{{ base_command }} OUTPUT handle {{ out_ct_conntrack }} + +delete chain ip raw NAT_CONNTRACK + +{% elif helper_functions is vyos_defined('add') %} +{# NAT if enabled - add targets to nftables #} +add chain ip raw NAT_CONNTRACK +add rule ip raw NAT_CONNTRACK counter accept +{% set base_command = 'add rule ip raw' %} +{{ base_command }} PREROUTING position {{ pre_ct_ignore }} counter jump VYOS_CT_HELPER +{{ base_command }} OUTPUT position {{ out_ct_ignore }} counter jump VYOS_CT_HELPER +{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK +{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK +{% endif %} + +# +# Destination NAT rules build up here +# +add rule ip nat PREROUTING counter jump VYOS_PRE_DNAT_HOOK +{% if destination.rule is vyos_defined %} +{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %} +{{ nat_rule(rule, config, 'PREROUTING') }} +{% endfor %} +{% endif %} +# +# Source NAT rules build up here +# +add rule ip nat POSTROUTING counter jump VYOS_PRE_SNAT_HOOK +{% if source.rule is vyos_defined %} +{% for rule, config in source.rule.items() if config.disable is not vyos_defined %} +{{ nat_rule(rule, config, 'POSTROUTING') }} +{% endfor %} +{% endif %} diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl deleted file mode 100644 index 922f3dcb4..000000000 --- a/data/templates/firewall/nftables-nat.tmpl +++ /dev/null @@ -1,179 +0,0 @@ -#!/usr/sbin/nft -f - -{% macro nat_rule(rule, config, chain) %} -{% set comment = '' %} -{% set base_log = '' %} -{% set src_addr = 'ip saddr ' ~ config.source.address.replace('!','!= ') if config.source.address is vyos_defined %} -{% set dst_addr = 'ip daddr ' ~ config.destination.address.replace('!','!= ') if config.destination.address is vyos_defined %} -{# negated port groups need special treatment, move != in front of { } group #} -{% if config.source.port is vyos_defined and config.source.port.startswith('!=') %} -{% set src_port = 'sport != { ' ~ config.source.port.replace('!=','') ~ ' }' %} -{% else %} -{% set src_port = 'sport { ' ~ config.source.port ~ ' }' if config.source.port is vyos_defined %} -{% endif %} -{# negated port groups need special treatment, move != in front of { } group #} -{% if config.destination.port is vyos_defined and config.destination.port.startswith('!=') %} -{% set dst_port = 'dport != { ' ~ config.destination.port.replace('!=','') ~ ' }' %} -{% else %} -{% set dst_port = 'dport { ' ~ config.destination.port ~ ' }' if config.destination.port is vyos_defined %} -{% endif %} -{% if chain is vyos_defined('PREROUTING') %} -{% set comment = 'DST-NAT-' ~ rule %} -{% set base_log = '[NAT-DST-' ~ rule %} -{% set interface = ' iifname "' ~ config.inbound_interface ~ '"' if config.inbound_interface is vyos_defined and config.inbound_interface is not vyos_defined('any') else '' %} -{% if config.translation.address is vyos_defined %} -{# support 1:1 network translation #} -{% if config.translation.address | is_ip_network %} -{% set trns_addr = 'dnat ip prefix to ip daddr map { ' ~ config.destination.address ~ ' : ' ~ config.translation.address ~ ' }' %} -{# we can now clear out the dst_addr part as it's already covered in aboves map #} -{% set dst_addr = '' %} -{% else %} -{% set trns_addr = 'dnat to ' ~ config.translation.address %} -{% endif %} -{% endif %} -{% elif chain is vyos_defined('POSTROUTING') %} -{% set comment = 'SRC-NAT-' ~ rule %} -{% set base_log = '[NAT-SRC-' ~ rule %} -{% set interface = ' oifname "' ~ config.outbound_interface ~ '"' if config.outbound_interface is vyos_defined and config.outbound_interface is not vyos_defined('any') else '' %} -{% if config.translation.address is vyos_defined %} -{% if config.translation.address is vyos_defined('masquerade') %} -{% set trns_addr = config.translation.address %} -{% if config.translation.port is vyos_defined %} -{% set trns_addr = trns_addr ~ ' to ' %} -{% endif %} -{# support 1:1 network translation #} -{% elif config.translation.address | is_ip_network %} -{% set trns_addr = 'snat ip prefix to ip saddr map { ' ~ config.source.address ~ ' : ' ~ config.translation.address ~ ' }' %} -{# we can now clear out the src_addr part as it's already covered in aboves map #} -{% set src_addr = '' %} -{% else %} -{% set trns_addr = 'snat to ' ~ config.translation.address %} -{% endif %} -{% endif %} -{% endif %} -{% set trns_port = ':' ~ config.translation.port if config.translation.port is vyos_defined %} -{# protocol has a default value thus it is always present #} -{% if config.protocol is vyos_defined('tcp_udp') %} -{% set protocol = 'tcp' %} -{% set comment = comment ~ ' tcp_udp' %} -{% else %} -{% set protocol = config.protocol %} -{% endif %} -{% if config.log is vyos_defined %} -{% if config.exclude is vyos_defined %} -{% set log = base_log ~ '-EXCL]' %} -{% elif config.translation.address is vyos_defined('masquerade') %} -{% set log = base_log +'-MASQ]' %} -{% else %} -{% set log = base_log ~ ']' %} -{% endif %} -{% endif %} -{% if config.exclude is vyos_defined %} -{# rule has been marked as 'exclude' thus we simply return here #} -{% set trns_addr = 'return' %} -{% set trns_port = '' %} -{% endif %} -{# T1083: NAT address and port translation options #} -{% if config.translation.options is vyos_defined %} -{% if config.translation.options.address_mapping is vyos_defined('persistent') %} -{% set trns_opts_addr = 'persistent' %} -{% endif %} -{% if config.translation.options.port_mapping is vyos_defined('random') %} -{% set trns_opts_port = 'random' %} -{% elif config.translation.options.port_mapping is vyos_defined('fully-random') %} -{% set trns_opts_port = 'fully-random' %} -{% endif %} -{% endif %} -{% if trns_opts_addr is vyos_defined and trns_opts_port is vyos_defined %} -{% set trns_opts = trns_opts_addr ~ ',' ~ trns_opts_port %} -{% elif trns_opts_addr is vyos_defined %} -{% set trns_opts = trns_opts_addr %} -{% elif trns_opts_port is vyos_defined %} -{% set trns_opts = trns_opts_port %} -{% endif %} -{% set output = 'add rule ip nat ' ~ chain ~ interface %} -{% if protocol is not vyos_defined('all') %} -{% set output = output ~ ' ip protocol ' ~ protocol %} -{% endif %} -{% if src_addr is vyos_defined %} -{% set output = output ~ ' ' ~ src_addr %} -{% endif %} -{% if src_port is vyos_defined %} -{% set output = output ~ ' ' ~ protocol ~ ' ' ~ src_port %} -{% endif %} -{% if dst_addr is vyos_defined %} -{% set output = output ~ ' ' ~ dst_addr %} -{% endif %} -{% if dst_port is vyos_defined %} -{% set output = output ~ ' ' ~ protocol ~ ' ' ~ dst_port %} -{% endif %} -{# Count packets #} -{% set output = output ~ ' counter' %} -{# Special handling of log option, we must repeat the entire rule before the #} -{# NAT translation options are added, this is essential #} -{% if log is vyos_defined %} -{% set log_output = output ~ ' log prefix "' ~ log ~ '" comment "' ~ comment ~ '"' %} -{% endif %} -{% if trns_addr is vyos_defined %} -{% set output = output ~ ' ' ~ trns_addr %} -{% endif %} -{% if trns_port is vyos_defined %} -{# Do not add a whitespace here, translation port must be directly added after IP address #} -{# e.g. 192.0.2.10:3389 #} -{% set output = output ~ trns_port %} -{% endif %} -{% if trns_opts is vyos_defined %} -{% set output = output ~ ' ' ~ trns_opts %} -{% endif %} -{% if comment is vyos_defined %} -{% set output = output ~ ' comment "' ~ comment ~ '"' %} -{% endif %} -{{ log_output if log_output is vyos_defined}} -{{ output }} -{# Special handling if protocol is tcp_udp, we must repeat the entire rule with udp as protocol #} -{% if config.protocol is vyos_defined('tcp_udp') %} -{# Beware of trailing whitespace, without it the comment tcp_udp will be changed to udp_udp #} -{{ log_output | replace('tcp ', 'udp ') if log_output is vyos_defined }} -{{ output | replace('tcp ', 'udp ') }} -{% endif %} -{% endmacro %} - -# Start with clean NAT table -flush table ip nat -{% if helper_functions is vyos_defined('remove') %} -{# NAT if going to be disabled - remove rules and targets from nftables #} -{% set base_command = 'delete rule ip raw' %} -{{ base_command }} PREROUTING handle {{ pre_ct_ignore }} -{{ base_command }} OUTPUT handle {{ out_ct_ignore }} -{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }} -{{ base_command }} OUTPUT handle {{ out_ct_conntrack }} - -delete chain ip raw NAT_CONNTRACK - -{% elif helper_functions is vyos_defined('add') %} -{# NAT if enabled - add targets to nftables #} -add chain ip raw NAT_CONNTRACK -add rule ip raw NAT_CONNTRACK counter accept -{% set base_command = 'add rule ip raw' %} -{{ base_command }} PREROUTING position {{ pre_ct_ignore }} counter jump VYOS_CT_HELPER -{{ base_command }} OUTPUT position {{ out_ct_ignore }} counter jump VYOS_CT_HELPER -{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK -{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK -{% endif %} - -# -# Destination NAT rules build up here -# -{% if destination.rule is vyos_defined %} -{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %} -{{ nat_rule(rule, config, 'PREROUTING') }} -{% endfor %} -{% endif %} -# -# Source NAT rules build up here -# -{% if source.rule is vyos_defined %} -{% for rule, config in source.rule.items() if config.disable is not vyos_defined %} -{{ nat_rule(rule, config, 'POSTROUTING') }} -{% endfor %} -{% endif %} diff --git a/data/templates/firewall/nftables-nat66.tmpl b/data/templates/firewall/nftables-nat66.j2 index ed98b888a..003b138b2 100644 --- a/data/templates/firewall/nftables-nat66.tmpl +++ b/data/templates/firewall/nftables-nat66.j2 @@ -1,22 +1,22 @@ #!/usr/sbin/nft -f {% macro nptv6_rule(rule,config, chain) %} -{% set comment = '' %} -{% set base_log = '' %} -{% set src_prefix = 'ip6 saddr ' ~ config.source.prefix if config.source.prefix is vyos_defined %} -{% set dest_address = 'ip6 daddr ' ~ config.destination.address if config.destination.address is vyos_defined %} -{% if chain is vyos_defined('PREROUTING') %} +{% set comment = '' %} +{% set base_log = '' %} +{% set src_prefix = 'ip6 saddr ' ~ config.source.prefix if config.source.prefix is vyos_defined %} +{% set dest_address = 'ip6 daddr ' ~ config.destination.address if config.destination.address is vyos_defined %} +{% if chain is vyos_defined('PREROUTING') %} {% set comment = 'DST-NAT66-' ~ rule %} {% set base_log = '[NAT66-DST-' ~ rule %} {% set interface = ' iifname "' ~ config.inbound_interface ~ '"' if config.inbound_interface is vyos_defined and config.inbound_interface is not vyos_defined('any') else '' %} {% if config.translation.address | is_ip_network %} -{# support 1:1 network translation #} -{% set dnat_type = 'dnat prefix to ' %} +{# support 1:1 network translation #} +{% set dnat_type = 'dnat prefix to ' %} {% else %} -{% set dnat_type = 'dnat to ' %} +{% set dnat_type = 'dnat to ' %} {% endif %} {% set trns_address = dnat_type ~ config.translation.address if config.translation.address is vyos_defined %} -{% elif chain is vyos_defined('POSTROUTING') %} +{% elif chain is vyos_defined('POSTROUTING') %} {% set comment = 'SRC-NAT66-' ~ rule %} {% set base_log = '[NAT66-SRC-' ~ rule %} {% if config.translation.address is vyos_defined %} @@ -33,34 +33,34 @@ {% endif %} {% endif %} {% set interface = ' oifname "' ~ config.outbound_interface ~ '"' if config.outbound_interface is vyos_defined else '' %} -{% endif %} -{% if config.log is vyos_defined %} +{% endif %} +{% if config.log is vyos_defined %} {% if config.translation.address is vyos_defined('masquerade') %} -{% set log = base_log +'-MASQ]' %} +{% set log = base_log ~ '-MASQ]' %} {% else %} -{% set log = base_log ~ ']' %} +{% set log = base_log ~ ']' %} {% endif %} -{% endif %} -{% set output = 'add rule ip6 nat ' ~ chain ~ interface %} -{# Count packets #} -{% set output = output ~ ' counter' %} -{# Special handling of log option, we must repeat the entire rule before the #} -{# NAT translation options are added, this is essential #} -{% if log is vyos_defined %} +{% endif %} +{% set output = 'add rule ip6 nat ' ~ chain ~ interface %} +{# Count packets #} +{% set output = output ~ ' counter' %} +{# Special handling of log option, we must repeat the entire rule before the #} +{# NAT translation options are added, this is essential #} +{% if log is vyos_defined %} {% set log_output = output ~ ' log prefix "' ~ log ~ '" comment "' ~ comment ~ '"' %} -{% endif %} -{% if src_prefix is vyos_defined %} +{% endif %} +{% if src_prefix is vyos_defined %} {% set output = output ~ ' ' ~ src_prefix %} -{% endif %} -{% if dest_address is vyos_defined %} +{% endif %} +{% if dest_address is vyos_defined %} {% set output = output ~ ' ' ~ dest_address %} -{% endif %} -{% if trns_address is vyos_defined %} +{% endif %} +{% if trns_address is vyos_defined %} {% set output = output ~ ' ' ~ trns_address %} -{% endif %} -{% if comment is vyos_defined %} +{% endif %} +{% if comment is vyos_defined %} {% set output = output ~ ' comment "' ~ comment ~ '"' %} -{% endif %} +{% endif %} {{ log_output if log_output is vyos_defined }} {{ output }} {% endmacro %} @@ -69,9 +69,9 @@ flush table ip6 nat {% if helper_functions is vyos_defined('remove') %} {# NAT if going to be disabled - remove rules and targets from nftables #} -{% set base_command = 'delete rule ip6 raw' %} -{{base_command}} PREROUTING handle {{ pre_ct_conntrack }} -{{base_command}} OUTPUT handle {{ out_ct_conntrack }} +{% set base_command = 'delete rule ip6 raw' %} +{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }} +{{ base_command }} OUTPUT handle {{ out_ct_conntrack }} delete chain ip6 raw NAT_CONNTRACK @@ -79,7 +79,7 @@ delete chain ip6 raw NAT_CONNTRACK {# NAT if enabled - add targets to nftables #} add chain ip6 raw NAT_CONNTRACK add rule ip6 raw NAT_CONNTRACK counter accept -{% set base_command = 'add rule ip6 raw' %} +{% set base_command = 'add rule ip6 raw' %} {{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK {{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK {% endif %} @@ -88,15 +88,15 @@ add rule ip6 raw NAT_CONNTRACK counter accept # Destination NAT66 rules build up here # {% if destination.rule is vyos_defined %} -{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %} +{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %} {{ nptv6_rule(rule, config, 'PREROUTING') }} -{% endfor %} +{% endfor %} {% endif %} # # Source NAT66 rules build up here # {% if source.rule is vyos_defined %} -{% for rule, config in source.rule.items() if config.disable is not vyos_defined %} +{% for rule, config in source.rule.items() if config.disable is not vyos_defined %} {{ nptv6_rule(rule, config, 'POSTROUTING') }} -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/firewall/nftables-policy.tmpl b/data/templates/firewall/nftables-policy.j2 index d1b0fa56e..0154c9f7e 100644 --- a/data/templates/firewall/nftables-policy.tmpl +++ b/data/templates/firewall/nftables-policy.j2 @@ -1,9 +1,9 @@ #!/usr/sbin/nft -f {% if cleanup_commands is vyos_defined %} -{% for command in cleanup_commands %} +{% for command in cleanup_commands %} {{ command }} -{% endfor %} +{% endfor %} {% endif %} include "/run/nftables_defines.conf" @@ -18,17 +18,17 @@ table ip mangle { } {% endif %} {% if route is vyos_defined %} -{% for route_text, conf in route.items() %} +{% for route_text, conf in route.items() %} chain VYOS_PBR_{{ route_text }} { -{% if conf.rule is vyos_defined %} -{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} +{% if conf.rule is vyos_defined %} +{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} {{ rule_conf | nft_rule(route_text, rule_id, 'ip') }} -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} {{ conf | nft_default_rule(route_text) }} } -{% endfor %} -{%- endif %} +{% endfor %} +{% endif %} } table ip6 mangle { @@ -41,15 +41,15 @@ table ip6 mangle { } {% endif %} {% if route6 is vyos_defined %} -{% for route_text, conf in route6.items() %} +{% for route_text, conf in route6.items() %} chain VYOS_PBR6_{{ route_text }} { -{% if conf.rule is vyos_defined %} -{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} +{% if conf.rule is vyos_defined %} +{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} {{ rule_conf | nft_rule(route_text, rule_id, 'ip6') }} -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} {{ conf | nft_default_rule(route_text) }} } -{% endfor %} +{% endfor %} {% endif %} } diff --git a/data/templates/firewall/nftables-vrf-zones.tmpl b/data/templates/firewall/nftables-vrf-zones.j2 index eecf47b78..eecf47b78 100644 --- a/data/templates/firewall/nftables-vrf-zones.tmpl +++ b/data/templates/firewall/nftables-vrf-zones.j2 diff --git a/data/templates/firewall/nftables.tmpl b/data/templates/firewall/nftables.j2 index 3a3f2e04c..fac3fad03 100644 --- a/data/templates/firewall/nftables.tmpl +++ b/data/templates/firewall/nftables.j2 @@ -1,9 +1,9 @@ #!/usr/sbin/nft -f {% if cleanup_commands is vyos_defined %} -{% for command in cleanup_commands %} +{% for command in cleanup_commands %} {{ command }} -{% endfor %} +{% endfor %} {% endif %} include "/run/nftables_defines.conf" @@ -31,39 +31,39 @@ table ip filter { } {% endif %} {% if name is vyos_defined %} -{% set ns = namespace(sets=[]) %} -{% for name_text, conf in name.items() %} +{% set ns = namespace(sets=[]) %} +{% for name_text, conf in name.items() %} chain NAME_{{ name_text }} { -{% if conf.rule is vyos_defined %} -{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} +{% if conf.rule is vyos_defined %} +{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} {{ rule_conf | nft_rule(name_text, rule_id) }} -{% if rule_conf.recent is vyos_defined %} -{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %} +{% if rule_conf.recent is vyos_defined %} +{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %} +{% endif %} +{% endfor %} {% endif %} -{% endfor %} -{% endif %} {{ conf | nft_default_rule(name_text) }} } -{% endfor %} -{% for set_name in ns.sets %} +{% endfor %} +{% for set_name in ns.sets %} set RECENT_{{ set_name }} { type ipv4_addr size 65535 flags dynamic } -{% endfor %} +{% endfor %} {% endif %} {% if state_policy is vyos_defined %} chain VYOS_STATE_POLICY { -{% if state_policy.established is vyos_defined %} +{% if state_policy.established is vyos_defined %} {{ state_policy.established | nft_state_policy('established') }} -{% endif %} -{% if state_policy.invalid is vyos_defined %} +{% endif %} +{% if state_policy.invalid is vyos_defined %} {{ state_policy.invalid | nft_state_policy('invalid') }} -{% endif %} -{% if state_policy.related is vyos_defined %} +{% endif %} +{% if state_policy.related is vyos_defined %} {{ state_policy.related | nft_state_policy('related') }} -{% endif %} +{% endif %} return } {% endif %} @@ -92,39 +92,39 @@ table ip6 filter { } {% endif %} {% if ipv6_name is vyos_defined %} -{% set ns = namespace(sets=[]) %} -{% for name_text, conf in ipv6_name.items() %} +{% set ns = namespace(sets=[]) %} +{% for name_text, conf in ipv6_name.items() %} chain NAME6_{{ name_text }} { -{% if conf.rule is vyos_defined %} -{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} +{% if conf.rule is vyos_defined %} +{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} {{ rule_conf | nft_rule(name_text, rule_id, 'ip6') }} -{% if rule_conf.recent is vyos_defined %} -{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %} +{% if rule_conf.recent is vyos_defined %} +{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %} +{% endif %} +{% endfor %} {% endif %} -{% endfor %} -{% endif %} {{ conf | nft_default_rule(name_text) }} } -{% endfor %} -{% for set_name in ns.sets %} +{% endfor %} +{% for set_name in ns.sets %} set RECENT6_{{ set_name }} { type ipv6_addr size 65535 flags dynamic } -{% endfor %} +{% endfor %} {% endif %} {% if state_policy is vyos_defined %} chain VYOS_STATE_POLICY6 { -{% if state_policy.established is vyos_defined %} +{% if state_policy.established is vyos_defined %} {{ state_policy.established | nft_state_policy('established', ipv6=True) }} -{% endif %} -{% if state_policy.invalid is vyos_defined %} +{% endif %} +{% if state_policy.invalid is vyos_defined %} {{ state_policy.invalid | nft_state_policy('invalid', ipv6=True) }} -{% endif %} -{% if state_policy.related is vyos_defined %} +{% endif %} +{% if state_policy.related is vyos_defined %} {{ state_policy.related | nft_state_policy('related', ipv6=True) }} -{% endif %} +{% endif %} return } {% endif %} diff --git a/data/templates/firewall/upnpd.conf.tmpl b/data/templates/firewall/upnpd.conf.j2 index 6e73995fa..27573cbf9 100644 --- a/data/templates/firewall/upnpd.conf.tmpl +++ b/data/templates/firewall/upnpd.conf.j2 @@ -5,9 +5,9 @@ ext_ifname={{ wan_interface }} {% if wan_ip is vyos_defined %} # If the WAN interface has several IP addresses, you # can specify the one to use below -{% for addr in wan_ip %} +{% for addr in wan_ip %} ext_ip={{ addr }} -{% endfor %} +{% endfor %} {% endif %} # LAN network interfaces IPs / networks @@ -20,15 +20,15 @@ ext_ip={{ addr }} # When MULTIPLE_EXTERNAL_IP is enabled, the external IP # address associated with the subnet follows. For example: # listening_ip=192.168.0.1/24 88.22.44.13 -{% for addr in listen %} -{% if addr | is_ipv4 %} +{% for addr in listen %} +{% if addr | is_ipv4 %} listening_ip={{ addr }} -{% elif addr | is_ipv6 %} +{% elif addr | is_ipv6 %} ipv6_listening_ip={{ addr }} -{% else %} +{% else %} listening_ip={{ addr }} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endif %} # CAUTION: mixing up WAN and LAN interfaces may introduce security risks! @@ -57,12 +57,12 @@ enable_upnp=yes # PCP # Configure the minimum and maximum lifetime of a port mapping in seconds # 120s and 86400s (24h) are suggested values from PCP-base -{% if pcp_lifetime.max is vyos_defined %} +{% if pcp_lifetime.max is vyos_defined %} max_lifetime={{ pcp_lifetime.max }} -{% endif %} -{% if pcp_lifetime.min is vyos_defined %} +{% endif %} +{% if pcp_lifetime.min is vyos_defined %} min_lifetime={{ pcp_lifetime.min }} -{% endif %} +{% endif %} {% endif %} @@ -142,11 +142,11 @@ lease_file=/config/upnp.leases # modify the IP ranges to match their own internal networks, and # also consider implementing network-specific restrictions # CAUTION: failure to enforce any rules may permit insecure requests to be made! -{% for rule, config in rules.items() %} -{% if config.disable is vyos_defined %} -{{ config.action}} {{ config.external_port_range }} {{ config.ip }} {{ config.internal_port_range }} -{% endif %} -{% endfor %} +{% for rule, config in rules.items() %} +{% if config.disable is vyos_defined %} +{{ config.action }} {{ config.external_port_range }} {{ config.ip }} {{ config.internal_port_range }} +{% endif %} +{% endfor %} {% endif %} {% if stun is vyos_defined %} diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2 index 9f3097f82..a42b73e98 100644 --- a/data/templates/frr/policy.frr.j2 +++ b/data/templates/frr/policy.frr.j2 @@ -238,11 +238,14 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }} {% if rule_config.set.aggregator.as is vyos_defined and rule_config.set.aggregator.ip is vyos_defined %} set aggregator as {{ rule_config.set.aggregator.as }} {{ rule_config.set.aggregator.ip }} {% endif %} -{% if rule_config.set.as_path_exclude is vyos_defined %} - set as-path exclude {{ rule_config.set.as_path_exclude }} +{% if rule_config.set.as_path.exclude is vyos_defined %} + set as-path exclude {{ rule_config.set.as_path.exclude }} {% endif %} -{% if rule_config.set.as_path_prepend is vyos_defined %} - set as-path prepend {{ rule_config.set.as_path_prepend }} +{% if rule_config.set.as_path.prepend is vyos_defined %} + set as-path prepend {{ rule_config.set.as_path.prepend }} +{% endif %} +{% if rule_config.set.as_path.prepend_last_as is vyos_defined %} + set as-path prepend last-as {{ rule_config.set.as_path.prepend_last_as }} {% endif %} {% if rule_config.set.atomic_aggregate is vyos_defined %} set atomic-aggregate @@ -256,6 +259,12 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }} {% if rule_config.set.distance is vyos_defined %} set distance {{ rule_config.set.distance }} {% endif %} +{% if rule_config.set.evpn.gateway.ipv4 is vyos_defined %} + set evpn gateway-ip ipv4 {{ rule_config.set.evpn.gateway.ipv4 }} +{% endif %} +{% if rule_config.set.evpn.gateway.ipv6 is vyos_defined %} + set evpn gateway-ip ipv6 {{ rule_config.set.evpn.gateway.ipv6 }} +{% endif %} {% if rule_config.set.extcommunity.bandwidth is vyos_defined %} set extcommunity bandwidth {{ rule_config.set.extcommunity.bandwidth }} {% endif %} diff --git a/data/templates/frr/staticd.frr.j2 b/data/templates/frr/staticd.frr.j2 index 08b2a3dab..589f03c2c 100644 --- a/data/templates/frr/staticd.frr.j2 +++ b/data/templates/frr/staticd.frr.j2 @@ -20,10 +20,16 @@ vrf {{ vrf }} {% for interface, interface_config in dhcp.items() %} {% set next_hop = interface | get_dhcp_router %} {% if next_hop is vyos_defined %} -{{ ip_prefix }} route 0.0.0.0/0 {{ next_hop }} {{ interface }} tag 210 {{ interface_config.distance }} +{{ ip_prefix }} route 0.0.0.0/0 {{ next_hop }} {{ interface }} tag 210 {{ interface_config.dhcp_options.default_route_distance if interface_config.dhcp_options.default_route_distance is vyos_defined }} {% endif %} {% endfor %} {% endif %} +{# IPv4 default routes from PPPoE interfaces #} +{% if pppoe is vyos_defined %} +{% for interface, interface_config in pppoe.items() %} +{{ ip_prefix }} route 0.0.0.0/0 {{ interface }} tag 210 {{ interface_config.default_route_distance if interface_config.default_route_distance is vyos_defined }} +{% endfor %} +{% endif %} {# IPv6 routing #} {% if route6 is vyos_defined %} {% for prefix, prefix_config in route6.items() %} diff --git a/data/templates/getty/serial-getty.service.tmpl b/data/templates/getty/serial-getty.service.j2 index 0183eae7d..0183eae7d 100644 --- a/data/templates/getty/serial-getty.service.tmpl +++ b/data/templates/getty/serial-getty.service.j2 diff --git a/data/templates/high-availability/keepalived.conf.j2 b/data/templates/high-availability/keepalived.conf.j2 new file mode 100644 index 000000000..6684dbc2c --- /dev/null +++ b/data/templates/high-availability/keepalived.conf.j2 @@ -0,0 +1,169 @@ +# Autogenerated by VyOS +# Do not edit this file, all your changes will be lost +# on next commit or reboot + +global_defs { + dynamic_interfaces + script_user root + notify_fifo /run/keepalived/keepalived_notify_fifo + notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py +} + +{% if vrrp.group is vyos_defined %} +{% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %} +{% if group_config.health_check.script is vyos_defined %} +vrrp_script healthcheck_{{ name }} { + script "{{ group_config.health_check.script }}" + interval {{ group_config.health_check.interval }} + fall {{ group_config.health_check.failure_count }} + rise 1 +} +{% endif %} +vrrp_instance {{ name }} { +{% if group_config.description is vyos_defined %} + # {{ group_config.description }} +{% endif %} + state BACKUP + interface {{ group_config.interface }} + virtual_router_id {{ group_config.vrid }} + priority {{ group_config.priority }} + advert_int {{ group_config.advertise_interval }} +{% if group_config.track.exclude_vrrp_interface is vyos_defined %} + dont_track_primary +{% endif %} +{% if group_config.no_preempt is not vyos_defined and group_config.preempt_delay is vyos_defined %} + preempt_delay {{ group_config.preempt_delay }} +{% elif group_config.no_preempt is vyos_defined %} + nopreempt +{% endif %} +{% if group_config.peer_address is vyos_defined %} + unicast_peer { {{ group_config.peer_address }} } +{% endif %} +{% if group_config.hello_source_address is vyos_defined %} +{% if group_config.peer_address is vyos_defined %} + unicast_src_ip {{ group_config.hello_source_address }} +{% else %} + mcast_src_ip {{ group_config.hello_source_address }} +{% endif %} +{% endif %} +{% if group_config.rfc3768_compatibility is vyos_defined and group_config.peer_address is vyos_defined %} + use_vmac {{ group_config.interface }}v{{ group_config.vrid }} + vmac_xmit_base +{% elif group_config.rfc3768_compatibility is vyos_defined %} + use_vmac {{ group_config.interface }}v{{ group_config.vrid }} +{% endif %} +{% if group_config.authentication is vyos_defined %} + authentication { + auth_pass "{{ group_config.authentication.password }}" +{% if group_config.authentication.type is vyos_defined('plaintext-password') %} + auth_type PASS +{% else %} + auth_type {{ group_config.authentication.type | upper }} +{% endif %} + } +{% endif %} +{% if group_config.address is vyos_defined %} + virtual_ipaddress { +{% for addr, addr_config in group_config.address.items() %} + {{ addr }}{{ ' dev ' + addr_config.interface if addr_config.interface is vyos_defined }} +{% endfor %} + } +{% endif %} +{% if group_config.excluded_address is vyos_defined %} + virtual_ipaddress_excluded { +{% for addr in group_config.excluded_address %} + {{ addr }} +{% endfor %} + } +{% endif %} +{% if group_config.track.interface is vyos_defined %} + track_interface { +{% for interface in group_config.track.interface %} + {{ interface }} +{% endfor %} + } +{% endif %} +{% if group_config.health_check.script is vyos_defined %} + track_script { + healthcheck_{{ name }} + } +{% endif %} +} +{% endfor %} +{% endif %} + +{% if vrrp.sync_group is vyos_defined %} +{% for name, sync_group_config in vrrp.sync_group.items() if sync_group_config.disable is not vyos_defined %} +vrrp_sync_group {{ name }} { + group { +{% if sync_group_config.member is vyos_defined %} +{% for member in sync_group_config.member %} + {{ member }} +{% endfor %} +{% endif %} + } + +{# Health-check scripts should be in section sync-group if member is part of the sync-group T4081 #} +{% if vrrp.group is vyos_defined %} +{% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %} +{% if group_config.health_check.script is vyos_defined and name in sync_group_config.member %} + track_script { + healthcheck_{{ name }} + } +{% endif %} +{% endfor %} +{% endif %} +{% if conntrack_sync_group is vyos_defined(name) %} +{% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %} + notify_master "{{ vyos_helper }} master {{ name }}" + notify_backup "{{ vyos_helper }} backup {{ name }}" + notify_fault "{{ vyos_helper }} fault {{ name }}" +{% endif %} +} +{% endfor %} +{% endif %} + +{% if virtual_server is vyos_defined %} +# Virtual-server configuration +{% for vserver, vserver_config in virtual_server.items() %} +virtual_server {{ vserver }} {{ vserver_config.port }} { + delay_loop {{ vserver_config.delay_loop }} +{% if vserver_config.algorithm is vyos_defined('round-robin') %} + lb_algo rr +{% elif vserver_config.algorithm is vyos_defined('weighted-round-robin') %} + lb_algo wrr +{% elif vserver_config.algorithm is vyos_defined('least-connection') %} + lb_algo lc +{% elif vserver_config.algorithm is vyos_defined('weighted-least-connection') %} + lb_algo wlc +{% elif vserver_config.algorithm is vyos_defined('source-hashing') %} + lb_algo sh +{% elif vserver_config.algorithm is vyos_defined('destination-hashing') %} + lb_algo dh +{% elif vserver_config.algorithm is vyos_defined('locality-based-least-connection') %} + lb_algo lblc +{% endif %} +{% if vserver_config.forward_method is vyos_defined('nat') %} + lb_kind NAT +{% elif vserver_config.forward_method is vyos_defined('direct') %} + lb_kind DR +{% elif vserver_config.forward_method is vyos_defined('tunnel') %} + lb_kind TUN +{% endif %} + persistence_timeout {{ vserver_config.persistence_timeout }} + protocol {{ vserver_config.protocol | upper }} +{% if vserver_config.real_server is vyos_defined %} +{% for rserver, rserver_config in vserver_config.real_server.items() %} + real_server {{ rserver }} {{ rserver_config.port }} { + weight 1 + {{ vserver_config.protocol | upper }}_CHECK { +{% if rserver_config.connection_timeout is vyos_defined %} + connect_timeout {{ rserver_config.connection_timeout }} +{% endif %} + } + } +{% endfor %} +{% endif %} +} +{% endfor %} +{% endif %} diff --git a/data/templates/high-availability/keepalived.conf.tmpl b/data/templates/high-availability/keepalived.conf.tmpl deleted file mode 100644 index 202760251..000000000 --- a/data/templates/high-availability/keepalived.conf.tmpl +++ /dev/null @@ -1,169 +0,0 @@ -# Autogenerated by VyOS -# Do not edit this file, all your changes will be lost -# on next commit or reboot - -global_defs { - dynamic_interfaces - script_user root - notify_fifo /run/keepalived/keepalived_notify_fifo - notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py -} - -{% if vrrp.group is vyos_defined %} -{% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %} -{% if group_config.health_check.script is vyos_defined %} -vrrp_script healthcheck_{{ name }} { - script "{{ group_config.health_check.script }}" - interval {{ group_config.health_check.interval }} - fall {{ group_config.health_check.failure_count }} - rise 1 -} -{% endif %} -vrrp_instance {{ name }} { -{% if group_config.description is vyos_defined %} - # {{ group_config.description }} -{% endif %} - state BACKUP - interface {{ group_config.interface }} - virtual_router_id {{ group_config.vrid }} - priority {{ group_config.priority }} - advert_int {{ group_config.advertise_interval }} -{% if group_config.track.exclude_vrrp_interface is vyos_defined %} - dont_track_primary -{% endif %} -{% if group_config.no_preempt is not vyos_defined and group_config.preempt_delay is vyos_defined %} - preempt_delay {{ group_config.preempt_delay }} -{% elif group_config.no_preempt is vyos_defined %} - nopreempt -{% endif %} -{% if group_config.peer_address is vyos_defined %} - unicast_peer { {{ group_config.peer_address }} } -{% endif %} -{% if group_config.hello_source_address is vyos_defined %} -{% if group_config.peer_address is vyos_defined %} - unicast_src_ip {{ group_config.hello_source_address }} -{% else %} - mcast_src_ip {{ group_config.hello_source_address }} -{% endif %} -{% endif %} -{% if group_config.rfc3768_compatibility is vyos_defined and group_config.peer_address is vyos_defined %} - use_vmac {{ group_config.interface }}v{{ group_config.vrid }} - vmac_xmit_base -{% elif group_config.rfc3768_compatibility is vyos_defined %} - use_vmac {{ group_config.interface }}v{{ group_config.vrid }} -{% endif %} -{% if group_config.authentication is vyos_defined %} - authentication { - auth_pass "{{ group_config.authentication.password }}" -{% if group_config.authentication.type is vyos_defined('plaintext-password') %} - auth_type PASS -{% else %} - auth_type {{ group_config.authentication.type | upper }} -{% endif %} - } -{% endif %} -{% if group_config.address is vyos_defined %} - virtual_ipaddress { -{% for addr, addr_config in group_config.address.items() %} - {{ addr }}{{ ' dev ' + addr_config.interface if addr_config.interface is vyos_defined }} -{% endfor %} - } -{% endif %} -{% if group_config.excluded_address is vyos_defined %} - virtual_ipaddress_excluded { -{% for addr in group_config.excluded_address %} - {{ addr }} -{% endfor %} - } -{% endif %} -{% if group_config.track.interface is vyos_defined %} - track_interface { -{% for interface in group_config.track.interface %} - {{ interface }} -{% endfor %} - } -{% endif %} -{% if group_config.health_check.script is vyos_defined %} - track_script { - healthcheck_{{ name }} - } -{% endif %} -} -{% endfor %} -{% endif %} - -{% if vrrp.sync_group is vyos_defined %} -{% for name, sync_group_config in vrrp.sync_group.items() if sync_group_config.disable is not vyos_defined %} -vrrp_sync_group {{ name }} { - group { -{% if sync_group_config.member is vyos_defined %} -{% for member in sync_group_config.member %} - {{ member }} -{% endfor %} -{% endif %} - } - -{# Health-check scripts should be in section sync-group if member is part of the sync-group T4081 #} -{% if vrrp.group is vyos_defined %} -{% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %} -{% if group_config.health_check.script is vyos_defined and name in sync_group_config.member %} - track_script { - healthcheck_{{ name }} - } -{% endif %} -{% endfor %} -{% endif %} -{% if conntrack_sync_group is vyos_defined(name) %} -{% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %} - notify_master "{{ vyos_helper }} master {{ name }}" - notify_backup "{{ vyos_helper }} backup {{ name }}" - notify_fault "{{ vyos_helper }} fault {{ name }}" -{% endif %} -} -{% endfor %} -{% endif %} - -{% if virtual_server is vyos_defined %} -# Virtual-server configuration -{% for vserver, vserver_config in virtual_server.items() %} -virtual_server {{ vserver }} {{ vserver_config.port }} { - delay_loop {{ vserver_config.delay_loop }} -{% if vserver_config.algorithm is vyos_defined('round-robin') %} - lb_algo rr -{% elif vserver_config.algorithm is vyos_defined('weighted-round-robin') %} - lb_algo wrr -{% elif vserver_config.algorithm is vyos_defined('least-connection') %} - lb_algo lc -{% elif vserver_config.algorithm is vyos_defined('weighted-least-connection') %} - lb_algo wlc -{% elif vserver_config.algorithm is vyos_defined('source-hashing') %} - lb_algo sh -{% elif vserver_config.algorithm is vyos_defined('destination-hashing') %} - lb_algo dh -{% elif vserver_config.algorithm is vyos_defined('locality-based-least-connection') %} - lb_algo lblc -{% endif %} -{% if vserver_config.forward_method is vyos_defined('nat') %} - lb_kind NAT -{% elif vserver_config.forward_method is vyos_defined('direct') %} - lb_kind DR -{% elif vserver_config.forward_method is vyos_defined('tunnel') %} - lb_kind TUN -{% endif %} - persistence_timeout {{ vserver_config.persistence_timeout }} - protocol {{ vserver_config.protocol | upper }} -{% if vserver_config.real_server is vyos_defined %} -{% for rserver, rserver_config in vserver_config.real_server.items() %} - real_server {{ rserver }} {{ rserver_config.port }} { - weight 1 - {{ vserver_config.protocol | upper }}_CHECK { -{% if rserver_config.connection_timeout is vyos_defined %} - connect_timeout {{ rserver_config.connection_timeout }} -{% endif %} - } - } -{% endfor %} -{% endif %} -} -{% endfor %} -{% endif %} diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.j2 index a51505270..70e62ae7a 100644 --- a/data/templates/https/nginx.default.tmpl +++ b/data/templates/https/nginx.default.j2 @@ -1,59 +1,56 @@ ### Autogenerated by https.py ### # Default server configuration -# {% for server in server_block_list %} server { - # SSL configuration # -{% if server.address == '*' %} +{% if server.address == '*' %} listen {{ server.port }} ssl; listen [::]:{{ server.port }} ssl; -{% else %} +{% else %} listen {{ server.address | bracketize_ipv6 }}:{{ server.port }} ssl; -{% endif %} +{% endif %} -{% for name in server.name %} +{% for name in server.name %} server_name {{ name }}; -{% endfor %} +{% endfor %} -{% if server.certbot %} +{% if server.certbot %} ssl_certificate {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/fullchain.pem; ssl_certificate_key {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/privkey.pem; include {{ server.certbot_dir }}/options-ssl-nginx.conf; ssl_dhparam {{ server.certbot_dir }}/ssl-dhparams.pem; -{% elif server.vyos_cert %} +{% elif server.vyos_cert %} ssl_certificate {{ server.vyos_cert.crt }}; ssl_certificate_key {{ server.vyos_cert.key }}; -{% else %} +{% else %} # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # include snippets/snakeoil.conf; -{% endif %} +{% endif %} ssl_protocols TLSv1.2 TLSv1.3; # proxy settings for HTTP API, if enabled; 503, if not location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) { -{% if server.api %} -{% if server.api.socket %} +{% if server.api %} +{% if server.api.socket %} proxy_pass http://unix:/run/api.sock; -{% else %} +{% else %} proxy_pass http://localhost:{{ server.api.port }}; -{% endif %} +{% endif %} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 600; proxy_buffering off; -{% else %} +{% else %} return 503; -{% endif %} +{% endif %} } error_page 497 =301 https://$host:{{ server.port }}$request_uri; - } {% endfor %} diff --git a/data/templates/https/override.conf.tmpl b/data/templates/https/override.conf.j2 index c2c191b06..c2c191b06 100644 --- a/data/templates/https/override.conf.tmpl +++ b/data/templates/https/override.conf.j2 diff --git a/data/templates/https/vyos-http-api.service.tmpl b/data/templates/https/vyos-http-api.service.j2 index fb424e06c..fb424e06c 100644 --- a/data/templates/https/vyos-http-api.service.tmpl +++ b/data/templates/https/vyos-http-api.service.j2 diff --git a/data/templates/ids/fastnetmon.tmpl b/data/templates/ids/fastnetmon.j2 index b6bef9a68..c482002fa 100644 --- a/data/templates/ids/fastnetmon.tmpl +++ b/data/templates/ids/fastnetmon.j2 @@ -29,22 +29,22 @@ enable_subnet_counters = off mirror_afpacket = on {% endif %} -process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off '}} -process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off '}} +process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off' }} +process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }} {% if threshold is vyos_defined %} -{% for thr, thr_value in threshold.items() %} -{% if thr is vyos_defined('fps') %} +{% for thr, thr_value in threshold.items() %} +{% if thr is vyos_defined('fps') %} ban_for_flows = on threshold_flows = {{ thr_value }} -{% elif thr is vyos_defined('mbps') %} +{% elif thr is vyos_defined('mbps') %} ban_for_bandwidth = on threshold_mbps = {{ thr_value }} -{% elif thr is vyos_defined('pps') %} +{% elif thr is vyos_defined('pps') %} ban_for_pps = on threshold_pps = {{ thr_value }} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endif %} {% if listen_interface is vyos_defined %} diff --git a/data/templates/ids/fastnetmon_networks_list.tmpl b/data/templates/ids/fastnetmon_networks_list.j2 index ab9add22c..1c81180be 100644 --- a/data/templates/ids/fastnetmon_networks_list.tmpl +++ b/data/templates/ids/fastnetmon_networks_list.j2 @@ -1,7 +1,7 @@ {% if network is vyos_defined(var_type=str) %} {{ network }} {% else %} -{% for net in network %} +{% for net in network %} {{ net }} -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/igmp-proxy/igmpproxy.conf.tmpl b/data/templates/igmp-proxy/igmpproxy.conf.j2 index f32d68e43..ab3c9fd31 100644 --- a/data/templates/igmp-proxy/igmpproxy.conf.tmpl +++ b/data/templates/igmp-proxy/igmpproxy.conf.j2 @@ -18,23 +18,23 @@ quickleave {% endif %} {% if interface is vyos_defined %} -{% for iface, config in interface.items() %} +{% for iface, config in interface.items() %} # Configuration for {{ iface }} ({{ config.role }} interface) -{% if config.role is vyos_defined('disabled') %} +{% if config.role is vyos_defined('disabled') %} phyint {{ iface }} disabled -{% else %} +{% else %} phyint {{ iface }} {{ config.role }} ratelimit 0 threshold {{ config.threshold }} -{% endif %} -{% if config.alt_subnet is vyos_defined %} -{% for subnet in config.alt_subnet %} +{% endif %} +{% if config.alt_subnet is vyos_defined %} +{% for subnet in config.alt_subnet %} altnet {{ subnet }} -{% endfor %} -{% endif %} -{% if config.whitelist is vyos_defined %} -{% for subnet in config.whitelist %} +{% endfor %} +{% endif %} +{% if config.whitelist is vyos_defined %} +{% for subnet in config.whitelist %} whitelist {{ subnet }} -{% endfor %} -{% endif %} -{% endfor %} +{% endfor %} +{% endif %} +{% endfor %} {% endif %} diff --git a/data/templates/ipsec/charon.tmpl b/data/templates/ipsec/charon.j2 index 2eac24eaa..388559af8 100644 --- a/data/templates/ipsec/charon.tmpl +++ b/data/templates/ipsec/charon.j2 @@ -1,6 +1,5 @@ # Options for the charon IKE daemon. charon { - # Accept unencrypted ID and HASH payloads in IKEv1 Main Mode. # accept_unencrypted_mainmode_messages = no @@ -23,13 +22,13 @@ charon { # Cisco FlexVPN {% if options is vyos_defined %} cisco_flexvpn = {{ 'yes' if options.flexvpn is vyos_defined else 'no' }} -{% if options.virtual_ip is vyos_defined %} +{% if options.virtual_ip is vyos_defined %} install_virtual_ip = yes -{% endif %} -{% if options.interface is vyos_defined %} +{% endif %} +{% if options.interface is vyos_defined %} install_virtual_ip_on = {{ options.interface }} -{% endif %} -{% endif %} +{% endif %} +{% endif %} # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed. # close_ike_on_child_failure = no diff --git a/data/templates/ipsec/charon/dhcp.conf.tmpl b/data/templates/ipsec/charon/dhcp.conf.j2 index aaa5613fb..aaa5613fb 100644 --- a/data/templates/ipsec/charon/dhcp.conf.tmpl +++ b/data/templates/ipsec/charon/dhcp.conf.j2 diff --git a/data/templates/ipsec/charon/eap-radius.conf.tmpl b/data/templates/ipsec/charon/eap-radius.conf.j2 index b58022521..8495011fe 100644 --- a/data/templates/ipsec/charon/eap-radius.conf.tmpl +++ b/data/templates/ipsec/charon/eap-radius.conf.j2 @@ -94,19 +94,19 @@ eap-radius { # Section to specify multiple RADIUS servers. servers { -{% if remote_access.radius.server is vyos_defined %} -{% for server, server_options in remote_access.radius.server.items() if server_options.disable is not vyos_defined %} +{% if remote_access.radius.server is vyos_defined %} +{% for server, server_options in remote_access.radius.server.items() if server_options.disable is not vyos_defined %} {{ server | replace('.', '-') }} { address = {{ server }} secret = {{ server_options.key }} auth_port = {{ server_options.port }} -{% if server_options.disable_accounting is not vyos_defined %} - acct_port = {{ server_options.port | int +1 }} -{% endif %} +{% if server_options.disable_accounting is not vyos_defined %} + acct_port = {{ server_options.port | int + 1 }} +{% endif %} sockets = 20 } -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} } # Section to configure multiple XAuth authentication rounds via RADIUS. diff --git a/data/templates/ipsec/interfaces_use.conf.tmpl b/data/templates/ipsec/interfaces_use.conf.j2 index 55c3ce4f3..c1bf8270d 100644 --- a/data/templates/ipsec/interfaces_use.conf.tmpl +++ b/data/templates/ipsec/interfaces_use.conf.j2 @@ -1,5 +1,5 @@ -{% if interface is vyos_defined %} +{% if interface is vyos_defined %} charon { interfaces_use = {{ ', '.join(interface) }} } -{% endif %}
\ No newline at end of file +{% endif %}
\ No newline at end of file diff --git a/data/templates/ipsec/ios_profile.tmpl b/data/templates/ipsec/ios_profile.j2 index c8e17729a..c8e17729a 100644 --- a/data/templates/ipsec/ios_profile.tmpl +++ b/data/templates/ipsec/ios_profile.j2 diff --git a/data/templates/ipsec/ipsec.conf.j2 b/data/templates/ipsec/ipsec.conf.j2 new file mode 100644 index 000000000..f63995b38 --- /dev/null +++ b/data/templates/ipsec/ipsec.conf.j2 @@ -0,0 +1,19 @@ +# Created by VyOS - manual changes will be overwritten + +config setup +{% set charondebug = '' %} +{% if log.subsystem is vyos_defined %} +{% set subsystem = log.subsystem %} +{% if 'any' in log.subsystem %} +{% set subsystem = ['dmn', 'mgr', 'ike', 'chd','job', 'cfg', 'knl', + 'net', 'asn', 'enc', 'lib', 'esp', 'tls', 'tnc', + 'imc', 'imv', 'pts'] %} +{% endif %} +{% set charondebug = subsystem | join (' ' ~ log.level ~ ', ') ~ ' ' ~ log.level %} +{% endif %} + charondebug = "{{ charondebug }}" + uniqueids = {{ "no" if disable_uniqreqids is vyos_defined else "yes" }} + +{% if include_ipsec_conf is vyos_defined %} +include {{ include_ipsec_conf }} +{% endif %} diff --git a/data/templates/ipsec/ipsec.conf.tmpl b/data/templates/ipsec/ipsec.conf.tmpl deleted file mode 100644 index 0f7131dff..000000000 --- a/data/templates/ipsec/ipsec.conf.tmpl +++ /dev/null @@ -1,18 +0,0 @@ -# Created by VyOS - manual changes will be overwritten - -config setup -{% set charondebug = '' %} -{% if log.subsystem is vyos_defined %} -{% set subsystem = log.subsystem %} -{% if 'any' in log.subsystem %} -{% set subsystem = ['dmn', 'mgr', 'ike', 'chd','job', 'cfg', 'knl', 'net', 'asn', - 'enc', 'lib', 'esp', 'tls', 'tnc', 'imc', 'imv', 'pts'] %} -{% endif %} -{% set charondebug = subsystem | join (' ' ~ log.level ~ ', ') ~ ' ' ~ log.level %} -{% endif %} - charondebug = "{{ charondebug }}" - uniqueids = {{ "no" if disable_uniqreqids is vyos_defined else "yes" }} - -{% if include_ipsec_conf is vyos_defined %} -include {{ include_ipsec_conf }} -{% endif %} diff --git a/data/templates/ipsec/ipsec.secrets.tmpl b/data/templates/ipsec/ipsec.secrets.j2 index 865c1ab17..a87ac9bc7 100644 --- a/data/templates/ipsec/ipsec.secrets.tmpl +++ b/data/templates/ipsec/ipsec.secrets.j2 @@ -1,5 +1,5 @@ # Created by VyOS - manual changes will be overwritten -{% if include_ipsec_secrets is vyos_defined %} +{% if include_ipsec_secrets is vyos_defined %} include {{ include_ipsec_secrets }} -{% endif %} +{% endif %} diff --git a/data/templates/ipsec/swanctl.conf.j2 b/data/templates/ipsec/swanctl.conf.j2 new file mode 100644 index 000000000..bf6b8259c --- /dev/null +++ b/data/templates/ipsec/swanctl.conf.j2 @@ -0,0 +1,131 @@ +### Autogenerated by vpn_ipsec.py ### +{% import 'ipsec/swanctl/l2tp.j2' as l2tp_tmpl %} +{% import 'ipsec/swanctl/profile.j2' as profile_tmpl %} +{% import 'ipsec/swanctl/peer.j2' as peer_tmpl %} +{% import 'ipsec/swanctl/remote_access.j2' as remote_access_tmpl %} + +connections { +{% if profile is vyos_defined %} +{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %} +{{ profile_tmpl.conn(name, profile_conf, ike_group, esp_group) }} +{% endfor %} +{% endif %} +{% if site_to_site.peer is vyos_defined %} +{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %} +{{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }} +{% endfor %} +{% endif %} +{% if remote_access.connection is vyos_defined %} +{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not vyos_defined %} +{{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }} +{% endfor %} +{% endif %} +{% if l2tp %} +{{ l2tp_tmpl.conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) }} +{% endif %} +} + +pools { +{% if remote_access.pool is vyos_defined %} +{% for pool, pool_config in remote_access.pool.items() %} + {{ pool }} { +{% if pool_config.prefix is vyos_defined %} + addrs = {{ pool_config.prefix }} +{% endif %} +{% if pool_config.name_server is vyos_defined %} + dns = {{ pool_config.name_server | join(',') }} +{% endif %} +{% if pool_config.exclude is vyos_defined %} + split_exclude = {{ pool_config.exclude | join(',') }} +{% endif %} + } +{% endfor %} +{% endif %} +} + +secrets { +{% if profile is vyos_defined %} +{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %} +{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %} +{% for interface in profile_conf.bind.tunnel %} + ike-dmvpn-{{ interface }} { + secret = {{ profile_conf.authentication.pre_shared_secret }} + } +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +{% if site_to_site.peer is vyos_defined %} +{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %} +{% set peer_name = peer.replace("@", "") | dot_colon_to_dash %} +{% if peer_conf.authentication.mode is vyos_defined('pre-shared-secret') %} + ike_{{ peer_name }} { +{% if peer_conf.local_address is vyos_defined %} + id-local = {{ peer_conf.local_address }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} +{% endif %} + id-remote = {{ peer }} +{% if peer_conf.authentication.id is vyos_defined %} + id-localid = {{ peer_conf.authentication.id }} +{% endif %} +{% if peer_conf.authentication.remote_id is vyos_defined %} + id-remoteid = {{ peer_conf.authentication.remote_id }} +{% endif %} + secret = "{{ peer_conf.authentication.pre_shared_secret }}" + } +{% elif peer_conf.authentication.mode is vyos_defined('x509') %} + private_{{ peer_name }} { + file = {{ peer_conf.authentication.x509.certificate }}.pem +{% if peer_conf.authentication.x509.passphrase is vyos_defined %} + secret = "{{ peer_conf.authentication.x509.passphrase }}" +{% endif %} + } +{% elif peer_conf.authentication.mode is vyos_defined('rsa') %} + rsa_{{ peer_name }}_local { + file = {{ peer_conf.authentication.rsa.local_key }}.pem +{% if peer_conf.authentication.rsa.passphrase is vyos_defined %} + secret = "{{ peer_conf.authentication.rsa.passphrase }}" +{% endif %} + } +{% endif %} +{% endfor %} +{% endif %} +{% if remote_access.connection is vyos_defined %} +{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not vyos_defined %} +{% if ra_conf.authentication.server_mode is vyos_defined('pre-shared-secret') %} + ike_{{ ra }} { +{% if ra_conf.authentication.id is vyos_defined %} + id = "{{ ra_conf.authentication.id }}" +{% elif ra_conf.local_address is vyos_defined %} + id = "{{ ra_conf.local_address }}" +{% endif %} + secret = "{{ ra_conf.authentication.pre_shared_secret }}" + } +{% endif %} +{% if ra_conf.authentication.client_mode is vyos_defined('eap-mschapv2') and ra_conf.authentication.local_users.username is vyos_defined %} +{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not vyos_defined %} + eap-{{ ra }}-{{ user }} { + secret = "{{ user_conf.password }}" + id-{{ ra }}-{{ user }} = "{{ user }}" + } +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} +{% if l2tp %} +{% if l2tp.authentication.mode is vyos_defined('pre-shared-secret') %} + ike_l2tp_remote_access { + id = "{{ l2tp_outside_address }}" + secret = "{{ l2tp.authentication.pre_shared_secret }}" + } +{% elif l2tp.authentication.mode is vyos_defined('x509') %} + private_l2tp_remote_access { + id = "{{ l2tp_outside_address }}" + file = {{ l2tp.authentication.x509.certificate }}.pem +{% if l2tp.authentication.x509.passphrase is vyos_defined %} + secret = "{{ l2tp.authentication.x509.passphrase }}" +{% endif %} + } +{% endif %} +{% endif %} +} + diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl deleted file mode 100644 index 6ba93dd1f..000000000 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ /dev/null @@ -1,131 +0,0 @@ -### Autogenerated by vpn_ipsec.py ### -{% import 'ipsec/swanctl/l2tp.tmpl' as l2tp_tmpl %} -{% import 'ipsec/swanctl/profile.tmpl' as profile_tmpl %} -{% import 'ipsec/swanctl/peer.tmpl' as peer_tmpl %} -{% import 'ipsec/swanctl/remote_access.tmpl' as remote_access_tmpl %} - -connections { -{% if profile is vyos_defined %} -{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %} -{{ profile_tmpl.conn(name, profile_conf, ike_group, esp_group) }} -{% endfor %} -{% endif %} -{% if site_to_site.peer is vyos_defined %} -{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %} -{{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }} -{% endfor %} -{% endif %} -{% if remote_access.connection is vyos_defined %} -{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not vyos_defined %} -{{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }} -{% endfor %} -{% endif %} -{% if l2tp %} -{{ l2tp_tmpl.conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) }} -{% endif %} -} - -pools { -{% if remote_access.pool is vyos_defined %} -{% for pool, pool_config in remote_access.pool.items() %} - {{ pool }} { -{% if pool_config.prefix is vyos_defined %} - addrs = {{ pool_config.prefix }} -{% endif %} -{% if pool_config.name_server is vyos_defined %} - dns = {{ pool_config.name_server | join(',') }} -{% endif %} -{% if pool_config.exclude is vyos_defined %} - split_exclude = {{ pool_config.exclude | join(',') }} -{% endif %} - } -{% endfor %} -{% endif %} -} - -secrets { -{% if profile is vyos_defined %} -{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %} -{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %} -{% for interface in profile_conf.bind.tunnel %} - ike-dmvpn-{{ interface }} { - secret = {{ profile_conf.authentication.pre_shared_secret }} - } -{% endfor %} -{% endif %} -{% endfor %} -{% endif %} -{% if site_to_site.peer is vyos_defined %} -{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %} -{% set peer_name = peer.replace("@", "") | dot_colon_to_dash %} -{% if peer_conf.authentication.mode is vyos_defined('pre-shared-secret') %} - ike_{{ peer_name }} { -{% if peer_conf.local_address is vyos_defined %} - id-local = {{ peer_conf.local_address }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} -{% endif %} - id-remote = {{ peer }} -{% if peer_conf.authentication.id is vyos_defined %} - id-localid = {{ peer_conf.authentication.id }} -{% endif %} -{% if peer_conf.authentication.remote_id is vyos_defined %} - id-remoteid = {{ peer_conf.authentication.remote_id }} -{% endif %} - secret = "{{ peer_conf.authentication.pre_shared_secret }}" - } -{% elif peer_conf.authentication.mode is vyos_defined('x509') %} - private_{{ peer_name }} { - file = {{ peer_conf.authentication.x509.certificate }}.pem -{% if peer_conf.authentication.x509.passphrase is vyos_defined %} - secret = "{{ peer_conf.authentication.x509.passphrase }}" -{% endif %} - } -{% elif peer_conf.authentication.mode is vyos_defined('rsa') %} - rsa_{{ peer_name }}_local { - file = {{ peer_conf.authentication.rsa.local_key }}.pem -{% if peer_conf.authentication.rsa.passphrase is vyos_defined %} - secret = "{{ peer_conf.authentication.rsa.passphrase }}" -{% endif %} - } -{% endif %} -{% endfor %} -{% endif %} -{% if remote_access.connection is vyos_defined %} -{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not vyos_defined %} -{% if ra_conf.authentication.server_mode is vyos_defined('pre-shared-secret') %} - ike_{{ ra }} { -{% if ra_conf.authentication.id is vyos_defined %} - id = "{{ ra_conf.authentication.id }}" -{% elif ra_conf.local_address is vyos_defined %} - id = "{{ ra_conf.local_address }}" -{% endif %} - secret = "{{ ra_conf.authentication.pre_shared_secret }}" - } -{% endif %} -{% if ra_conf.authentication.client_mode is vyos_defined('eap-mschapv2') and ra_conf.authentication.local_users.username is vyos_defined %} -{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not vyos_defined %} - eap-{{ ra }}-{{ user }} { - secret = "{{ user_conf.password }}" - id-{{ ra }}-{{ user }} = "{{ user }}" - } -{% endfor %} -{% endif %} -{% endfor %} -{% endif %} -{% if l2tp %} -{% if l2tp.authentication.mode is vyos_defined('pre-shared-secret') %} - ike_l2tp_remote_access { - id = "{{ l2tp_outside_address }}" - secret = "{{ l2tp.authentication.pre_shared_secret }}" - } -{% elif l2tp.authentication.mode is vyos_defined('x509') %} - private_l2tp_remote_access { - id = "{{ l2tp_outside_address }}" - file = {{ l2tp.authentication.x509.certificate }}.pem -{% if l2tp.authentication.x509.passphrase is vyos_defined %} - secret = "{{ l2tp.authentication.x509.passphrase }}" -{% endif %} - } -{% endif %} -{% endif %} -} - diff --git a/data/templates/ipsec/swanctl/l2tp.tmpl b/data/templates/ipsec/swanctl/l2tp.j2 index c0e81e0aa..7e63865cc 100644 --- a/data/templates/ipsec/swanctl/l2tp.tmpl +++ b/data/templates/ipsec/swanctl/l2tp.j2 @@ -1,6 +1,6 @@ {% macro conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) %} -{% set l2tp_ike = ike_group[l2tp.ike_group] if l2tp.ike_group is vyos_defined else None %} -{% set l2tp_esp = esp_group[l2tp.esp_group] if l2tp.esp_group is vyos_defined else None %} +{% set l2tp_ike = ike_group[l2tp.ike_group] if l2tp.ike_group is vyos_defined else None %} +{% set l2tp_esp = esp_group[l2tp.esp_group] if l2tp.esp_group is vyos_defined else None %} l2tp_remote_access { proposals = {{ l2tp_ike | get_esp_ike_cipher | join(',') if l2tp_ike else l2tp_ike_default }} local_addrs = {{ l2tp_outside_address }} @@ -10,9 +10,9 @@ reauth_time = 0 local { auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }} -{% if l2tp.authentication.mode == 'x509' %} +{% if l2tp.authentication.mode == 'x509' %} certs = {{ l2tp.authentication.x509.certificate }}.pem -{% endif %} +{% endif %} } remote { auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }} diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.j2 index b21dce9f0..90d2c774f 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.j2 @@ -1,78 +1,78 @@ {% macro conn(peer, peer_conf, ike_group, esp_group) %} -{% set name = peer.replace("@", "") | dot_colon_to_dash %} -{# peer needs to reference the global IKE configuration for certain values #} -{% set ike = ike_group[peer_conf.ike_group] %} +{% set name = peer.replace("@", "") | dot_colon_to_dash %} +{# peer needs to reference the global IKE configuration for certain values #} +{% set ike = ike_group[peer_conf.ike_group] %} peer_{{ name }} { proposals = {{ ike | get_esp_ike_cipher | join(',') }} version = {{ ike.key_exchange[4:] if ike.key_exchange is vyos_defined else "0" }} -{% if peer_conf.virtual_address is vyos_defined %} +{% if peer_conf.virtual_address is vyos_defined %} vips = {{ peer_conf.virtual_address | join(', ') }} -{% endif %} +{% endif %} local_addrs = {{ peer_conf.local_address if peer_conf.local_address != 'any' else '0.0.0.0/0' }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} remote_addrs = {{ peer if peer not in ['any', '0.0.0.0'] and peer[0:1] != '@' else '0.0.0.0/0' }} -{% if peer_conf.authentication.mode is vyos_defined('x509') %} +{% if peer_conf.authentication.mode is vyos_defined('x509') %} send_cert = always -{% endif %} -{% if ike.dead_peer_detection is vyos_defined %} +{% endif %} +{% if ike.dead_peer_detection is vyos_defined %} dpd_timeout = {{ ike.dead_peer_detection.timeout }} dpd_delay = {{ ike.dead_peer_detection.interval }} -{% endif %} -{% if ike.key_exchange is vyos_defined('ikev1') and ike.mode is vyos_defined('aggressive') %} +{% endif %} +{% if ike.key_exchange is vyos_defined('ikev1') and ike.mode is vyos_defined('aggressive') %} aggressive = yes -{% endif %} +{% endif %} rekey_time = {{ ike.lifetime }}s mobike = {{ "yes" if ike.mobike is not defined or ike.mobike == "enable" else "no" }} -{% if peer[0:1] == '@' %} +{% if peer[0:1] == '@' %} keyingtries = 0 reauth_time = 0 -{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %} +{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %} keyingtries = 0 -{% elif peer_conf.connection_type is vyos_defined('respond') %} +{% elif peer_conf.connection_type is vyos_defined('respond') %} keyingtries = 1 -{% endif %} -{% if peer_conf.force_encapsulation is vyos_defined('enable') %} +{% endif %} +{% if peer_conf.force_encapsulation is vyos_defined('enable') %} encap = yes -{% endif %} +{% endif %} local { -{% if peer_conf.authentication.id is vyos_defined %} +{% if peer_conf.authentication.id is vyos_defined %} id = "{{ peer_conf.authentication.id }}" -{% endif %} +{% endif %} auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }} -{% if peer_conf.authentication.mode == 'x509' %} +{% if peer_conf.authentication.mode == 'x509' %} certs = {{ peer_conf.authentication.x509.certificate }}.pem -{% elif peer_conf.authentication.mode == 'rsa' %} +{% elif peer_conf.authentication.mode == 'rsa' %} pubkeys = {{ peer_conf.authentication.rsa.local_key }}.pem -{% endif %} +{% endif %} } remote { -{% if peer_conf.authentication.remote_id is vyos_defined %} +{% if peer_conf.authentication.remote_id is vyos_defined %} id = "{{ peer_conf.authentication.remote_id }}" -{% else %} +{% else %} id = "{{ peer }}" -{% endif %} +{% endif %} auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }} -{% if peer_conf.authentication.mode == 'rsa' %} +{% if peer_conf.authentication.mode == 'rsa' %} pubkeys = {{ peer_conf.authentication.rsa.remote_key }}.pem -{% endif %} +{% endif %} } children { -{% if peer_conf.vti.bind is vyos_defined and peer_conf.tunnel is not vyos_defined %} +{% if peer_conf.vti.bind is vyos_defined and peer_conf.tunnel is not vyos_defined %} {% set vti_esp = esp_group[ peer_conf.vti.esp_group ] if peer_conf.vti.esp_group is vyos_defined else esp_group[ peer_conf.default_esp_group ] %} peer_{{ name }}_vti { esp_proposals = {{ vti_esp | get_esp_ike_cipher(ike) | join(',') }} -{% if vti_esp.life_bytes is vyos_defined %} +{% if vti_esp.life_bytes is vyos_defined %} life_bytes = {{ vti_esp.life_bytes }} -{% endif %} -{% if vti_esp.life_packets is vyos_defined %} +{% endif %} +{% if vti_esp.life_packets is vyos_defined %} life_packets = {{ vti_esp.life_packets }} -{% endif %} +{% endif %} life_time = {{ vti_esp.lifetime }}s local_ts = 0.0.0.0/0,::/0 remote_ts = 0.0.0.0/0,::/0 updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}" - {# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} - {# Thus we simply shift the key by one to also support a vti0 interface #} -{% set if_id = peer_conf.vti.bind | replace('vti', '') | int +1 %} +{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} +{# Thus we simply shift the key by one to also support a vti0 interface #} +{% set if_id = peer_conf.vti.bind | replace('vti', '') | int + 1 %} if_id_in = {{ if_id }} if_id_out = {{ if_id }} ipcomp = {{ 'yes' if vti_esp.compression is vyos_defined('enable') else 'no' }} @@ -87,80 +87,80 @@ start_action = none {% endif %} {% if ike.dead_peer_detection is vyos_defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} +{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} {% endif %} close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} } -{% elif peer_conf.tunnel is vyos_defined %} +{% elif peer_conf.tunnel is vyos_defined %} {% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() if tunnel_conf.disable is not defined %} -{% set tunnel_esp_name = tunnel_conf.esp_group if tunnel_conf.esp_group is vyos_defined else peer_conf.default_esp_group %} -{% set tunnel_esp = esp_group[tunnel_esp_name] %} -{% set proto = tunnel_conf.protocol if tunnel_conf.protocol is vyos_defined else '' %} -{% set local_port = tunnel_conf.local.port if tunnel_conf.local.port is vyos_defined else '' %} -{% set local_suffix = '[{0}/{1}]'.format(proto, local_port) if proto or local_port else '' %} -{% set remote_port = tunnel_conf.remote.port if tunnel_conf.remote.port is vyos_defined else '' %} -{% set remote_suffix = '[{0}/{1}]'.format(proto, remote_port) if proto or remote_port else '' %} +{% set tunnel_esp_name = tunnel_conf.esp_group if tunnel_conf.esp_group is vyos_defined else peer_conf.default_esp_group %} +{% set tunnel_esp = esp_group[tunnel_esp_name] %} +{% set proto = tunnel_conf.protocol if tunnel_conf.protocol is vyos_defined else '' %} +{% set local_port = tunnel_conf.local.port if tunnel_conf.local.port is vyos_defined else '' %} +{% set local_suffix = '[{0}/{1}]'.format(proto, local_port) if proto or local_port else '' %} +{% set remote_port = tunnel_conf.remote.port if tunnel_conf.remote.port is vyos_defined else '' %} +{% set remote_suffix = '[{0}/{1}]'.format(proto, remote_port) if proto or remote_port else '' %} peer_{{ name }}_tunnel_{{ tunnel_id }} { esp_proposals = {{ tunnel_esp | get_esp_ike_cipher(ike) | join(',') }} -{% if tunnel_esp.life_bytes is vyos_defined %} +{% if tunnel_esp.life_bytes is vyos_defined %} life_bytes = {{ tunnel_esp.life_bytes }} -{% endif %} -{% if tunnel_esp.life_packets is vyos_defined %} +{% endif %} +{% if tunnel_esp.life_packets is vyos_defined %} life_packets = {{ tunnel_esp.life_packets }} -{% endif %} +{% endif %} life_time = {{ tunnel_esp.lifetime }}s -{% if tunnel_esp.mode is not defined or tunnel_esp.mode == 'tunnel' %} -{% if tunnel_conf.local.prefix is vyos_defined %} -{% set local_prefix = tunnel_conf.local.prefix if 'any' not in tunnel_conf.local.prefix else ['0.0.0.0/0', '::/0'] %} +{% if tunnel_esp.mode is not defined or tunnel_esp.mode == 'tunnel' %} +{% if tunnel_conf.local.prefix is vyos_defined %} +{% set local_prefix = tunnel_conf.local.prefix if 'any' not in tunnel_conf.local.prefix else ['0.0.0.0/0', '::/0'] %} local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }} -{% endif %} -{% if tunnel_conf.remote.prefix is vyos_defined %} -{% set remote_prefix = tunnel_conf.remote.prefix if 'any' not in tunnel_conf.remote.prefix else ['0.0.0.0/0', '::/0'] %} +{% endif %} +{% if tunnel_conf.remote.prefix is vyos_defined %} +{% set remote_prefix = tunnel_conf.remote.prefix if 'any' not in tunnel_conf.remote.prefix else ['0.0.0.0/0', '::/0'] %} remote_ts = {{ remote_prefix | join(remote_suffix + ",") }}{{ remote_suffix }} -{% endif %} -{% if tunnel_conf.priority is vyos_defined %} +{% endif %} +{% if tunnel_conf.priority is vyos_defined %} priority = {{ tunnel_conf.priority }} -{% endif %} -{% elif tunnel_esp.mode == 'transport' %} +{% endif %} +{% elif tunnel_esp.mode == 'transport' %} local_ts = {{ peer_conf.local_address }}{{ local_suffix }} remote_ts = {{ peer }}{{ remote_suffix }} -{% endif %} +{% endif %} ipcomp = {{ 'yes' if tunnel_esp.compression is vyos_defined('enable') else 'no' }} mode = {{ tunnel_esp.mode }} -{% if peer[0:1] == '@' %} +{% if peer[0:1] == '@' %} start_action = none -{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %} +{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %} start_action = start -{% elif peer_conf.connection_type is vyos_defined('respond') %} +{% elif peer_conf.connection_type is vyos_defined('respond') %} start_action = trap -{% elif peer_conf.connection_type is vyos_defined('none') %} +{% elif peer_conf.connection_type is vyos_defined('none') %} start_action = none -{% endif %} -{% if ike.dead_peer_detection is vyos_defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} +{% endif %} +{% if ike.dead_peer_detection is vyos_defined %} +{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} -{% endif %} +{% endif %} close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} -{% if peer_conf.vti.bind is vyos_defined %} +{% if peer_conf.vti.bind is vyos_defined %} +{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} +{# Thus we simply shift the key by one to also support a vti0 interface #} +{% set if_id = peer_conf.vti.bind | replace('vti', '') | int + 1 %} updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}" - {# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} - {# Thus we simply shift the key by one to also support a vti0 interface #} -{% set if_id = peer_conf.vti.bind | replace('vti', '') | int +1 %} if_id_in = {{ if_id }} if_id_out = {{ if_id }} -{% endif %} +{% endif %} } -{% if tunnel_conf.passthrough is vyos_defined %} - peer_{{ name }}_tunnel_{{ tunnel_id }}_passthough { +{% if tunnel_conf.passthrough is vyos_defined %} + peer_{{ name }}_tunnel_{{ tunnel_id }}_passthrough { local_ts = {{ tunnel_conf.passthrough | join(",") }} remote_ts = {{ tunnel_conf.passthrough | join(",") }} start_action = trap mode = pass } -{% endif %} +{% endif %} {% endfor %} -{% endif %} +{% endif %} } } {% endmacro %} diff --git a/data/templates/ipsec/swanctl/profile.tmpl b/data/templates/ipsec/swanctl/profile.j2 index 0f1c2fda2..d4f417378 100644 --- a/data/templates/ipsec/swanctl/profile.tmpl +++ b/data/templates/ipsec/swanctl/profile.j2 @@ -1,39 +1,39 @@ {% macro conn(name, profile_conf, ike_group, esp_group) %} -{# peer needs to reference the global IKE configuration for certain values #} -{% set ike = ike_group[profile_conf.ike_group] %} -{% set esp = esp_group[profile_conf.esp_group] %} -{% if profile_conf.bind.tunnel is vyos_defined %} +{# peer needs to reference the global IKE configuration for certain values #} +{% set ike = ike_group[profile_conf.ike_group] %} +{% set esp = esp_group[profile_conf.esp_group] %} +{% if profile_conf.bind.tunnel is vyos_defined %} {% for interface in profile_conf.bind.tunnel %} dmvpn-{{ name }}-{{ interface }} { proposals = {{ ike_group[profile_conf.ike_group] | get_esp_ike_cipher | join(',') }} version = {{ ike.key_exchange[4:] if ike.key_exchange is vyos_defined else "0" }} rekey_time = {{ ike.lifetime }}s keyingtries = 0 -{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %} +{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %} local { auth = psk } remote { auth = psk } -{% endif %} +{% endif %} children { dmvpn { - esp_proposals = {{ esp | get_esp_ike_cipher(ike) | join(',') }} + esp_proposals = {{ esp | get_esp_ike_cipher(ike) | join(',') }} rekey_time = {{ esp.lifetime }}s rand_time = 540s local_ts = dynamic[gre] remote_ts = dynamic[gre] mode = {{ esp.mode }} -{% if ike.dead_peer_detection.action is vyos_defined %} +{% if ike.dead_peer_detection.action is vyos_defined %} dpd_action = {{ ike.dead_peer_detection.action }} -{% endif %} -{% if esp.compression is vyos_defined('enable') %} +{% endif %} +{% if esp.compression is vyos_defined('enable') %} ipcomp = yes -{% endif %} +{% endif %} } } } {% endfor %} -{% endif %} +{% endif %} {% endmacro %} diff --git a/data/templates/ipsec/swanctl/remote_access.tmpl b/data/templates/ipsec/swanctl/remote_access.j2 index 059984139..d2760ec1f 100644 --- a/data/templates/ipsec/swanctl/remote_access.tmpl +++ b/data/templates/ipsec/swanctl/remote_access.j2 @@ -1,7 +1,7 @@ {% macro conn(name, rw_conf, ike_group, esp_group) %} -{# peer needs to reference the global IKE configuration for certain values #} -{% set ike = ike_group[rw_conf.ike_group] %} -{% set esp = esp_group[rw_conf.esp_group] %} +{# peer needs to reference the global IKE configuration for certain values #} +{% set ike = ike_group[rw_conf.ike_group] %} +{% set esp = esp_group[rw_conf.esp_group] %} ra-{{ name }} { remote_addrs = %any local_addrs = {{ rw_conf.local_address if rw_conf.local_address is vyos_defined else '%any' }} @@ -10,28 +10,29 @@ send_certreq = no rekey_time = {{ ike.lifetime }}s keyingtries = 0 -{% if rw_conf.unique is vyos_defined %} +{% if rw_conf.unique is vyos_defined %} unique = {{ rw_conf.unique }} -{% endif %} -{% if rw_conf.pool is vyos_defined %} +{% endif %} +{% if rw_conf.pool is vyos_defined %} pools = {{ rw_conf.pool | join(',') }} -{% endif %} +{% endif %} local { -{% if rw_conf.authentication.id is vyos_defined and rw_conf.authentication.use_x509_id is not vyos_defined %} - id = '{{ rw_conf.authentication.id }}' -{% endif %} -{% if rw_conf.authentication.server_mode == 'x509' %} +{% if rw_conf.authentication.id is vyos_defined and rw_conf.authentication.use_x509_id is not vyos_defined %} +{# please use " quotes - else Apple iOS goes crazy #} + id = "{{ rw_conf.authentication.id }}" +{% endif %} +{% if rw_conf.authentication.server_mode == 'x509' %} auth = pubkey certs = {{ rw_conf.authentication.x509.certificate }}.pem -{% elif rw_conf.authentication.server_mode == 'pre-shared-secret' %} +{% elif rw_conf.authentication.server_mode == 'pre-shared-secret' %} auth = psk -{% endif %} +{% endif %} } remote { auth = {{ rw_conf.authentication.client_mode }} -{% if rw_conf.authentication.client_mode.startswith("eap") %} +{% if rw_conf.authentication.client_mode.startswith("eap") %} eap_id = %any -{% endif %} +{% endif %} } children { ikev2-vpn { @@ -40,9 +41,9 @@ rand_time = 540s dpd_action = clear inactivity = {{ rw_conf.timeout }} -{% set local_prefix = rw_conf.local.prefix if rw_conf.local.prefix is vyos_defined else ['0.0.0.0/0', '::/0'] %} -{% set local_port = rw_conf.local.port if rw_conf.local.port is vyos_defined else '' %} -{% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %} +{% set local_prefix = rw_conf.local.prefix if rw_conf.local.prefix is vyos_defined else ['0.0.0.0/0', '::/0'] %} +{% set local_port = rw_conf.local.port if rw_conf.local.port is vyos_defined else '' %} +{% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %} local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }} } } diff --git a/data/templates/ipsec/windows_profile.tmpl b/data/templates/ipsec/windows_profile.j2 index 8c26944be..8c26944be 100644 --- a/data/templates/ipsec/windows_profile.tmpl +++ b/data/templates/ipsec/windows_profile.j2 diff --git a/data/templates/lcd/LCDd.conf.tmpl b/data/templates/lcd/LCDd.conf.j2 index 2c8c6602d..3631add1d 100644 --- a/data/templates/lcd/LCDd.conf.tmpl +++ b/data/templates/lcd/LCDd.conf.j2 @@ -49,13 +49,13 @@ DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/ # text, tyan, ula200, vlsys_m428, xosd, yard2LCD {% if model is vyos_defined %} -{% if model.startswith('cfa-') %} +{% if model.startswith('cfa-') %} Driver=CFontzPacket -{% elif model == 'sdec' %} +{% elif model == 'sdec' %} Driver=sdeclcd -{% elif model == 'hd44780' %} +{% elif model == 'hd44780' %} Driver=hd44780 -{% endif %} +{% endif %} {% endif %} # Tells the driver to bind to the given interface. [default: 127.0.0.1] @@ -116,7 +116,7 @@ Heartbeat=off TitleSpeed=10 {% if model is vyos_defined %} -{% if model.startswith('cfa-') %} +{% if model.startswith('cfa-') %} ## CrystalFontz packet driver (for CFA533, CFA631, CFA633 & CFA635) ## [CFontzPacket] Model={{ model.split('-')[1] }} @@ -126,14 +126,14 @@ Brightness=500 OffBrightness=50 Reboot=yes USB=yes -{% elif model == 'sdec' %} +{% elif model == 'sdec' %} ## SDEC driver for Lanner, Watchguard, Sophos sppliances ## [sdeclcd] # No options -{% elif model == 'hd44780' %} +{% elif model == 'hd44780' %} [hd44780] ConnectionType=ezio Device={{ device }} Size=16x2 -{% endif %} +{% endif %} {% endif %} diff --git a/data/templates/lcd/lcdproc.conf.tmpl b/data/templates/lcd/lcdproc.conf.j2 index c79f3cd0d..c79f3cd0d 100644 --- a/data/templates/lcd/lcdproc.conf.tmpl +++ b/data/templates/lcd/lcdproc.conf.j2 diff --git a/data/templates/lldp/lldpd.j2 b/data/templates/lldp/lldpd.j2 new file mode 100644 index 000000000..3c499197d --- /dev/null +++ b/data/templates/lldp/lldpd.j2 @@ -0,0 +1,2 @@ +### Autogenerated by lldp.py ### +DAEMON_ARGS="-M 4 {{ '-x' if snmp.enable is vyos_defined }} {{ '-c' if legacy_protocols.cdp is vyos_defined }} {{ '-e' if legacy_protocols.edp is vyos_defined }} {{ '-f' if legacy_protocols.fdp is vyos_defined }} {{ '-s' if legacy_protocols.sonmp is vyos_defined }}" diff --git a/data/templates/lldp/lldpd.tmpl b/data/templates/lldp/lldpd.tmpl deleted file mode 100644 index 9ab1e4367..000000000 --- a/data/templates/lldp/lldpd.tmpl +++ /dev/null @@ -1,2 +0,0 @@ -### Autogenerated by lldp.py ### -DAEMON_ARGS="-M 4{% if snmp.enable is vyos_defined %} -x{% endif %}{% if legacy_protocols.cdp is vyos_defined %} -c{% endif %}{% if legacy_protocols.edp is vyos_defined %} -e{% endif %}{% if legacy_protocols.fdp is vyos_defined %} -f{% endif %}{% if legacy_protocols.sonmp is vyos_defined %} -s{% endif %}" diff --git a/data/templates/lldp/vyos.conf.tmpl b/data/templates/lldp/vyos.conf.j2 index c34a851aa..ec84231d8 100644 --- a/data/templates/lldp/vyos.conf.tmpl +++ b/data/templates/lldp/vyos.conf.j2 @@ -3,21 +3,21 @@ configure system platform VyOS configure system description "VyOS {{ version }}" {% if interface is vyos_defined %} -{% set tmp = [] %} -{% for iface, iface_options in interface.items() if not iface_options.disable %} -{% if iface == 'all' %} -{% set iface = '*' %} -{% endif %} -{% set _ = tmp.append(iface) %} -{% if iface_options.location is vyos_defined %} -{% if iface_options.location.elin is vyos_defined %} +{% set tmp = [] %} +{% for iface, iface_options in interface.items() if not iface_options.disable %} +{% if iface == 'all' %} +{% set iface = '*' %} +{% endif %} +{% set _ = tmp.append(iface) %} +{% if iface_options.location is vyos_defined %} +{% if iface_options.location.elin is vyos_defined %} configure ports {{ iface }} med location elin "{{ iface_options.location.elin }}" -{% endif %} -{% if iface_options.location.coordinate_based is vyos_defined %} +{% endif %} +{% if iface_options.location.coordinate_based is vyos_defined %} configure ports {{ iface }} med location coordinate latitude "{{ iface_options.location.coordinate_based.latitude }}" longitude "{{ iface_options.location.coordinate_based.longitude }}" altitude "{{ iface_options.location.coordinate_based.altitude }}m" datum "{{ iface_options.location.coordinate_based.datum }}" -{% endif %} -{% endif %} -{% endfor %} +{% endif %} +{% endif %} +{% endfor %} configure system interface pattern "{{ tmp | join(",") }}" {% endif %} {% if management_address is vyos_defined %} diff --git a/data/templates/login/authorized_keys.tmpl b/data/templates/login/authorized_keys.j2 index 9402c8719..aabca47cf 100644 --- a/data/templates/login/authorized_keys.tmpl +++ b/data/templates/login/authorized_keys.j2 @@ -1,9 +1,9 @@ ### Automatically generated by system-login.py ### {% if authentication.public_keys is vyos_defined %} -{% for key, key_options in authentication.public_keys.items() %} +{% for key, key_options in authentication.public_keys.items() %} {# The whitespace after options is wisely chosen #} {{ key_options.options ~ ' ' if key_options.options is vyos_defined }}{{ key_options.type }} {{ key_options.key }} {{ key }} -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/login/pam_radius_auth.conf.j2 b/data/templates/login/pam_radius_auth.conf.j2 new file mode 100644 index 000000000..1105b60e5 --- /dev/null +++ b/data/templates/login/pam_radius_auth.conf.j2 @@ -0,0 +1,36 @@ +# Automatically generated by system-login.py +# RADIUS configuration file + +{% if radius is vyos_defined %} +{# RADIUS IPv6 source address must be specified in [] notation #} +{% set source_address = namespace() %} +{% if radius.source_address is vyos_defined %} +{% for address in radius.source_address %} +{% if address | is_ipv4 %} +{% set source_address.ipv4 = address %} +{% elif address | is_ipv6 %} +{% set source_address.ipv6 = "[" + address + "]" %} +{% endif %} +{% endfor %} +{% endif %} +{% if radius.server is vyos_defined %} +# server[:port] shared_secret timeout source_ip +{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #} +{% for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %} +{# RADIUS IPv6 servers must be specified in [] notation #} +{% if server | is_ipv4 %} +{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }} +{% else %} +[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }} +{% endif %} +{% endfor %} +{% endif %} + +priv-lvl 15 +mapped_priv_user radius_priv_user + +{% if radius.vrf is vyos_defined %} +vrf-name {{ radius.vrf }} +{% endif %} +{% endif %} + diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl deleted file mode 100644 index 4e34ade41..000000000 --- a/data/templates/login/pam_radius_auth.conf.tmpl +++ /dev/null @@ -1,36 +0,0 @@ -# Automatically generated by system-login.py -# RADIUS configuration file - -{% if radius is vyos_defined %} -{# RADIUS IPv6 source address must be specified in [] notation #} -{% set source_address = namespace() %} -{% if radius.source_address is vyos_defined %} -{% for address in radius.source_address %} -{% if address | is_ipv4 %} -{% set source_address.ipv4 = address %} -{% elif address | is_ipv6 %} -{% set source_address.ipv6 = "[" + address + "]" %} -{% endif %} -{% endfor %} -{% endif %} -{% if radius.server is vyos_defined %} -# server[:port] shared_secret timeout source_ip -{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #} -{% for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %} -{# RADIUS IPv6 servers must be specified in [] notation #} -{% if server | is_ipv4 %} -{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }} -{% else %} -[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }} -{% endif %} -{% endfor %} -{% endif %} - -priv-lvl 15 -mapped_priv_user radius_priv_user - -{% if radius.vrf is vyos_defined %} -vrf-name {{ radius.vrf }} -{% endif %} -{% endif %} - diff --git a/data/templates/logs/logrotate/vyos-atop.tmpl b/data/templates/logs/logrotate/vyos-atop.j2 index 2d078f379..2d078f379 100644 --- a/data/templates/logs/logrotate/vyos-atop.tmpl +++ b/data/templates/logs/logrotate/vyos-atop.j2 diff --git a/data/templates/logs/logrotate/vyos-rsyslog.tmpl b/data/templates/logs/logrotate/vyos-rsyslog.j2 index f2e4d2ab2..f2e4d2ab2 100644 --- a/data/templates/logs/logrotate/vyos-rsyslog.tmpl +++ b/data/templates/logs/logrotate/vyos-rsyslog.j2 diff --git a/data/templates/mdns-repeater/avahi-daemon.tmpl b/data/templates/mdns-repeater/avahi-daemon.j2 index 65bb5a306..65bb5a306 100644 --- a/data/templates/mdns-repeater/avahi-daemon.tmpl +++ b/data/templates/mdns-repeater/avahi-daemon.j2 diff --git a/data/templates/monitoring/override.conf.tmpl b/data/templates/monitoring/override.conf.j2 index f8f150791..f8f150791 100644 --- a/data/templates/monitoring/override.conf.tmpl +++ b/data/templates/monitoring/override.conf.j2 diff --git a/data/templates/monitoring/syslog_telegraf.tmpl b/data/templates/monitoring/syslog_telegraf.j2 index cdcbd92a4..cdcbd92a4 100644 --- a/data/templates/monitoring/syslog_telegraf.tmpl +++ b/data/templates/monitoring/syslog_telegraf.j2 diff --git a/data/templates/monitoring/systemd_vyos_telegraf_service.tmpl b/data/templates/monitoring/systemd_vyos_telegraf_service.j2 index 234ef5586..234ef5586 100644 --- a/data/templates/monitoring/systemd_vyos_telegraf_service.tmpl +++ b/data/templates/monitoring/systemd_vyos_telegraf_service.j2 diff --git a/data/templates/monitoring/telegraf.j2 b/data/templates/monitoring/telegraf.j2 new file mode 100644 index 000000000..d1a94366b --- /dev/null +++ b/data/templates/monitoring/telegraf.j2 @@ -0,0 +1,105 @@ +# Generated by /usr/libexec/vyos/conf_mode/service_monitoring_telegraf.py + +[agent] + interval = "15s" + round_interval = true + metric_batch_size = 1000 + metric_buffer_limit = 10000 + collection_jitter = "5s" + flush_interval = "15s" + flush_jitter = "0s" + precision = "" + debug = false + quiet = false + logfile = "" + hostname = "" + omit_hostname = false +{% if influxdb_configured is vyos_defined %} +### InfluxDB2 ### +[[outputs.influxdb_v2]] + urls = ["{{ url }}:{{ port }}"] + insecure_skip_verify = true + token = "$INFLUX_TOKEN" + organization = "{{ authentication.organization }}" + bucket = "{{ bucket }}" +### End InfluxDB2 ### +{% endif %} +{% if prometheus_client is vyos_defined %} +### Prometheus ### +[[outputs.prometheus_client]] + ## Address to listen on + listen = "{{ prometheus_client.listen_address if prometheus_client.listen_address is vyos_defined else '' }}:{{ prometheus_client.port }}" + metric_version = {{ prometheus_client.metric_version }} +{% if prometheus_client.authentication.username is vyos_defined and prometheus_client.authentication.password is vyos_defined %} + ## Use HTTP Basic Authentication + basic_username = "{{ prometheus_client.authentication.username }}" + basic_password = "{{ prometheus_client.authentication.password }}" +{% endif %} +{% if prometheus_client.allow_from is vyos_defined %} + ip_range = {{ prometheus_client.allow_from }} +{% endif %} +### End Prometheus ### +{% endif %} +{% if splunk is vyos_defined %} +### Splunk ### +[[outputs.http]] + ## URL is the address to send metrics to + url = "{{ splunk.url }}" + ## Timeout for HTTP message + # timeout = "5s" + ## Use TLS but skip chain & host verification +{% if splunk.authentication.insecure is vyos_defined %} + insecure_skip_verify = true +{% endif %} + ## Data format to output + data_format = "splunkmetric" + ## Provides time, index, source overrides for the HEC + splunkmetric_hec_routing = true + ## Additional HTTP headers + [outputs.http.headers] + # Should be set manually to "application/json" for json data_format + Content-Type = "application/json" + Authorization = "Splunk {{ splunk.authentication.token }}" + X-Splunk-Request-Channel = "{{ splunk.authentication.token }}" +### End Splunk ### +{% endif %} +[[inputs.cpu]] + percpu = true + totalcpu = true + collect_cpu_time = false + report_active = false +[[inputs.disk]] + ignore_fs = ["devtmpfs", "devfs"] +[[inputs.diskio]] +[[inputs.mem]] +[[inputs.net]] +[[inputs.system]] +[[inputs.netstat]] +[[inputs.processes]] +[[inputs.kernel]] +[[inputs.interrupts]] +[[inputs.linux_sysctl_fs]] +[[inputs.systemd_units]] +[[inputs.conntrack]] + files = ["ip_conntrack_count","ip_conntrack_max","nf_conntrack_count","nf_conntrack_max"] + dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"] +[[inputs.ethtool]] + interface_include = {{ interfaces_ethernet }} +[[inputs.ntpq]] + dns_lookup = true +[[inputs.internal]] +[[inputs.nstat]] +[[inputs.syslog]] + server = "unixgram:///run/telegraf/telegraf_syslog.sock" + best_effort = true + syslog_standard = "RFC3164" +{% if influxdb_configured is vyos_defined %} +[[inputs.exec]] + commands = [ + "{{ custom_scripts_dir }}/show_firewall_input_filter.py", + "{{ custom_scripts_dir }}/show_interfaces_input_filter.py", + "{{ custom_scripts_dir }}/vyos_services_input_filter.py" + ] + timeout = "10s" + data_format = "influx" +{% endif %} diff --git a/data/templates/monitoring/telegraf.tmpl b/data/templates/monitoring/telegraf.tmpl deleted file mode 100644 index d3145a500..000000000 --- a/data/templates/monitoring/telegraf.tmpl +++ /dev/null @@ -1,60 +0,0 @@ -# Generated by /usr/libexec/vyos/conf_mode/service_monitoring_telegraf.py - -[agent] - interval = "10s" - round_interval = true - metric_batch_size = 1000 - metric_buffer_limit = 10000 - collection_jitter = "0s" - flush_interval = "10s" - flush_jitter = "0s" - precision = "" - debug = false - quiet = false - logfile = "" - hostname = "" - omit_hostname = false -[[outputs.influxdb_v2]] - urls = ["{{ url }}:{{ port }}"] - insecure_skip_verify = true - token = "$INFLUX_TOKEN" - organization = "{{ authentication.organization }}" - bucket = "{{ bucket }}" -[[inputs.cpu]] - percpu = true - totalcpu = true - collect_cpu_time = false - report_active = false -[[inputs.disk]] - ignore_fs = ["devtmpfs", "devfs"] -[[inputs.diskio]] -[[inputs.mem]] -[[inputs.net]] -[[inputs.system]] -[[inputs.netstat]] -[[inputs.processes]] -[[inputs.kernel]] -[[inputs.interrupts]] -[[inputs.linux_sysctl_fs]] -[[inputs.systemd_units]] -[[inputs.conntrack]] - files = ["ip_conntrack_count","ip_conntrack_max","nf_conntrack_count","nf_conntrack_max"] - dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"] -[[inputs.ethtool]] - interface_include = {{ interfaces_ethernet }} -[[inputs.ntpq]] - dns_lookup = true -[[inputs.internal]] -[[inputs.nstat]] -[[inputs.syslog]] - server = "unixgram:///run/telegraf/telegraf_syslog.sock" - best_effort = true - syslog_standard = "RFC3164" -[[inputs.exec]] - commands = [ - "{{ custom_scripts_dir }}/show_firewall_input_filter.py", - "{{ custom_scripts_dir }}/show_interfaces_input_filter.py", - "{{ custom_scripts_dir }}/vyos_services_input_filter.py" - ] - timeout = "10s" - data_format = "influx" diff --git a/data/templates/ndppd/ndppd.conf.j2 b/data/templates/ndppd/ndppd.conf.j2 new file mode 100644 index 000000000..120fa0a64 --- /dev/null +++ b/data/templates/ndppd/ndppd.conf.j2 @@ -0,0 +1,44 @@ +######################################################## +# +# autogenerated by nat66.py +# +# The configuration file must define one upstream +# interface. +# +# For some services, such as nat66, because it runs +# stateless, it needs to rely on NDP Proxy to respond +# to NDP requests. +# +# When using nat66 source rules, NDP Proxy needs +# to be enabled +# +######################################################## + +{% set global = namespace(ndppd_interfaces = [],ndppd_prefixs = []) %} +{% if source.rule is vyos_defined %} +{% for rule, config in source.rule.items() if config.disable is not defined %} +{% if config.outbound_interface is vyos_defined %} +{% if config.outbound_interface not in global.ndppd_interfaces %} +{% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface] %} +{% endif %} +{% if config.translation.address is vyos_defined and config.translation.address | is_ip_network %} +{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface,'rule':config.translation.address}] %} +{% endif %} +{% endif %} +{% endfor %} +{% endif %} + +{% for interface in global.ndppd_interfaces %} +proxy {{ interface }} { + router yes + timeout 500 + ttl 30000 +{% for map in global.ndppd_prefixs %} +{% if map.interface == interface %} + rule {{ map.rule }} { + static + } +{% endif %} +{% endfor %} +} +{% endfor %} diff --git a/data/templates/ndppd/ndppd.conf.tmpl b/data/templates/ndppd/ndppd.conf.tmpl deleted file mode 100644 index c41392cc7..000000000 --- a/data/templates/ndppd/ndppd.conf.tmpl +++ /dev/null @@ -1,44 +0,0 @@ -######################################################## -# -# autogenerated by nat66.py -# -# The configuration file must define one upstream -# interface. -# -# For some services, such as nat66, because it runs -# stateless, it needs to rely on NDP Proxy to respond -# to NDP requests. -# -# When using nat66 source rules, NDP Proxy needs -# to be enabled -# -######################################################## - -{% set global = namespace(ndppd_interfaces = [],ndppd_prefixs = []) %} -{% if source.rule is vyos_defined %} -{% for rule, config in source.rule.items() if config.disable is not defined %} -{% if config.outbound_interface is vyos_defined %} -{% if config.outbound_interface not in global.ndppd_interfaces %} -{% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface] %} -{% endif %} -{% if config.translation.address is vyos_defined and config.translation.address | is_ip_network %} -{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface,'rule':config.translation.address}] %} -{% endif %} -{% endif %} -{% endfor %} -{% endif %} - -{% for interface in global.ndppd_interfaces %} -proxy {{ interface }} { - router yes - timeout 500 - ttl 30000 -{% for map in global.ndppd_prefixs %} -{% if map.interface == interface %} - rule {{ map.rule }} { - static - } -{% endif %} -{% endfor %} -} -{% endfor %} diff --git a/data/templates/nhrp/opennhrp.conf.j2 b/data/templates/nhrp/opennhrp.conf.j2 new file mode 100644 index 000000000..c040a8f14 --- /dev/null +++ b/data/templates/nhrp/opennhrp.conf.j2 @@ -0,0 +1,42 @@ +{# j2lint: disable=jinja-variable-format #} +# Created by VyOS - manual changes will be overwritten + +{% if tunnel is vyos_defined %} +{% for name, tunnel_conf in tunnel.items() %} +{% set type = 'spoke' if tunnel_conf.map is vyos_defined or tunnel_conf.dynamic_map is vyos_defined else 'hub' %} +{% set profile_name = profile_map[name] if profile_map is vyos_defined and name in profile_map else '' %} +interface {{ name }} #{{ type }} {{ profile_name }} +{% if tunnel_conf.map is vyos_defined %} +{% for map, map_conf in tunnel_conf.map.items() %} +{% set cisco = ' cisco' if map_conf.cisco is vyos_defined else '' %} +{% set register = ' register' if map_conf.register is vyos_defined else '' %} + map {{ map }} {{ map_conf.nbma_address }}{{ register }}{{ cisco }} +{% endfor %} +{% endif %} +{% if tunnel_conf.dynamic_map is vyos_defined %} +{% for map, map_conf in tunnel_conf.dynamic_map.items() %} + dynamic-map {{ map }} {{ map_conf.nbma_domain_name }} +{% endfor %} +{% endif %} +{% if tunnel_conf.cisco_authentication is vyos_defined %} + cisco-authentication {{ tunnel_conf.cisco_authentication }} +{% endif %} +{% if tunnel_conf.holding_time is vyos_defined %} + holding-time {{ tunnel_conf.holding_time }} +{% endif %} +{% if tunnel_conf.multicast is vyos_defined %} + multicast {{ tunnel_conf.multicast }} +{% endif %} +{% for key in ['non_caching', 'redirect', 'shortcut', 'shortcut_destination'] %} +{% if key in tunnel_conf %} + {{ key | replace("_", "-") }} +{% endif %} +{% endfor %} +{% if tunnel_conf.shortcut_target is vyos_defined %} +{% for target, shortcut_conf in tunnel_conf.shortcut_target.items() %} + shortcut-target {{ target }}{{ ' holding-time ' + shortcut_conf.holding_time if shortcut_conf.holding_time is vyos_defined }} +{% endfor %} +{% endif %} + +{% endfor %} +{% endif %} diff --git a/data/templates/nhrp/opennhrp.conf.tmpl b/data/templates/nhrp/opennhrp.conf.tmpl deleted file mode 100644 index 721d41e49..000000000 --- a/data/templates/nhrp/opennhrp.conf.tmpl +++ /dev/null @@ -1,41 +0,0 @@ -# Created by VyOS - manual changes will be overwritten - -{% if tunnel is vyos_defined %} -{% for name, tunnel_conf in tunnel.items() %} -{% set type = 'spoke' if tunnel_conf.map is vyos_defined or tunnel_conf.dynamic_map is vyos_defined else 'hub' %} -{% set profile_name = profile_map[name] if profile_map is vyos_defined and name in profile_map else '' %} -interface {{ name }} #{{ type }} {{ profile_name }} -{% if tunnel_conf.map is vyos_defined %} -{% for map, map_conf in tunnel_conf.map.items() %} -{% set cisco = ' cisco' if map_conf.cisco is vyos_defined else '' %} -{% set register = ' register' if map_conf.register is vyos_defined else '' %} - map {{ map }} {{ map_conf.nbma_address }}{{ register }}{{ cisco }} -{% endfor %} -{% endif %} -{% if tunnel_conf.dynamic_map is vyos_defined %} -{% for map, map_conf in tunnel_conf.dynamic_map.items() %} - dynamic-map {{ map }} {{ map_conf.nbma_domain_name }} -{% endfor %} -{% endif %} -{% if tunnel_conf.cisco_authentication is vyos_defined %} - cisco-authentication {{ tunnel_conf.cisco_authentication }} -{% endif %} -{% if tunnel_conf.holding_time is vyos_defined %} - holding-time {{ tunnel_conf.holding_time }} -{% endif %} -{% if tunnel_conf.multicast is vyos_defined %} - multicast {{ tunnel_conf.multicast }} -{% endif %} -{% for key in ['non_caching', 'redirect', 'shortcut', 'shortcut_destination'] %} -{% if key in tunnel_conf %} - {{ key | replace("_", "-") }} -{% endif %} -{% endfor %} -{% if tunnel_conf.shortcut_target is vyos_defined %} -{% for target, shortcut_conf in tunnel_conf.shortcut_target.items() %} - shortcut-target {{ target }}{{ ' holding-time ' + shortcut_conf.holding_time if shortcut_conf.holding_time is vyos_defined }} -{% endfor %} -{% endif %} - -{% endfor %} -{% endif %} diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.j2 index 05b85a610..8418a2185 100644 --- a/data/templates/ocserv/ocserv_config.tmpl +++ b/data/templates/ocserv/ocserv_config.j2 @@ -9,13 +9,13 @@ run-as-group = daemon {% if "radius" in authentication.mode %} auth = "radius [config=/run/ocserv/radiusclient.conf]" {% elif "local" in authentication.mode %} -{% if authentication.mode.local == "password-otp" %} +{% if authentication.mode.local == "password-otp" %} auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]" -{% elif authentication.mode.local == "otp" %} +{% elif authentication.mode.local == "otp" %} auth = "plain[otp=/run/ocserv/users.oath]" -{% else %} +{% else %} auth = "plain[/run/ocserv/ocpasswd]" -{% endif %} +{% endif %} {% else %} auth = "plain[/run/ocserv/ocpasswd]" {% endif %} @@ -23,9 +23,9 @@ auth = "plain[/run/ocserv/ocpasswd]" {% if ssl.certificate is vyos_defined %} server-cert = /run/ocserv/cert.pem server-key = /run/ocserv/cert.key -{% if ssl.passphrase is vyos_defined %} +{% if ssl.passphrase is vyos_defined %} key-pin = {{ ssl.passphrase }} -{% endif %} +{% endif %} {% endif %} {% if ssl.ca_certificate is vyos_defined %} @@ -59,33 +59,33 @@ device = sslvpn # An alternative way of specifying the network: {% if network_settings %} # DNS settings -{% if network_settings.name_server is string %} +{% if network_settings.name_server is string %} dns = {{ network_settings.name_server }} -{% else %} -{% for dns in network_settings.name_server %} +{% else %} +{% for dns in network_settings.name_server %} dns = {{ dns }} -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} # IPv4 network pool -{% if network_settings.client_ip_settings %} -{% if network_settings.client_ip_settings.subnet %} +{% if network_settings.client_ip_settings %} +{% if network_settings.client_ip_settings.subnet %} ipv4-network = {{ network_settings.client_ip_settings.subnet }} +{% endif %} {% endif %} -{% endif %} # IPv6 network pool -{% if network_settings.client_ipv6_pool %} -{% if network_settings.client_ipv6_pool.prefix %} +{% if network_settings.client_ipv6_pool %} +{% if network_settings.client_ipv6_pool.prefix %} ipv6-network = {{ network_settings.client_ipv6_pool.prefix }} ipv6-subnet-prefix = {{ network_settings.client_ipv6_pool.mask }} +{% endif %} {% endif %} -{% endif %} {% endif %} {% if network_settings.push_route is string %} route = {{ network_settings.push_route }} {% else %} -{% for route in network_settings.push_route %} +{% for route in network_settings.push_route %} route = {{ route }} -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/ocserv/ocserv_otp_usr.tmpl b/data/templates/ocserv/ocserv_otp_usr.j2 index 18de5fec6..b2511ed94 100644 --- a/data/templates/ocserv/ocserv_otp_usr.tmpl +++ b/data/templates/ocserv/ocserv_otp_usr.j2 @@ -1,8 +1,8 @@ #<token_type> <username> <pin> <secret_hex_key> <counter> <lastpass> <time> {% if username is vyos_defined %} -{% for user, user_config in username.items() %} -{% if user_config.disable is not vyos_defined and user_config.otp is vyos_defined %} +{% for user, user_config in username.items() %} +{% if user_config.disable is not vyos_defined and user_config.otp is vyos_defined %} {{ user_config.otp.token_tmpl }} {{ user }} {{ user_config.otp.pin | default("-", true) }} {{ user_config.otp.key }} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endif %} diff --git a/data/templates/ocserv/ocserv_passwd.tmpl b/data/templates/ocserv/ocserv_passwd.j2 index 30c79d66a..30c79d66a 100644 --- a/data/templates/ocserv/ocserv_passwd.tmpl +++ b/data/templates/ocserv/ocserv_passwd.j2 diff --git a/data/templates/ocserv/radius_conf.tmpl b/data/templates/ocserv/radius_conf.j2 index 1712d83ef..b6612fee5 100644 --- a/data/templates/ocserv/radius_conf.tmpl +++ b/data/templates/ocserv/radius_conf.j2 @@ -1,13 +1,13 @@ ### generated by vpn_openconnect.py ### nas-identifier VyOS {% for srv in server %} -{% if not "disable" in server[srv] %} -{% if "port" in server[srv] %} -authserver {{ srv }}:{{server[srv]["port"]}} -{% else %} +{% if not "disable" in server[srv] %} +{% if "port" in server[srv] %} +authserver {{ srv }}:{{ server[srv]["port"] }} +{% else %} authserver {{ srv }} +{% endif %} {% endif %} -{% endif %} {% endfor %} radius_timeout {{ timeout }} {% if source_address %} @@ -15,7 +15,7 @@ bindaddr {{ source_address }} {% else %} bindaddr * {% endif %} -servers /run/ocserv/radius_servers +servers /run/ocserv/radius_servers dictionary /etc/radcli/dictionary default_realm radius_retries 3 diff --git a/data/templates/ocserv/radius_servers.j2 b/data/templates/ocserv/radius_servers.j2 new file mode 100644 index 000000000..302e91600 --- /dev/null +++ b/data/templates/ocserv/radius_servers.j2 @@ -0,0 +1,7 @@ +### generated by vpn_openconnect.py ### +# server key +{% for srv in server %} +{% if not "disable" in server[srv] %} +{{ srv }} {{ server[srv].key }} +{% endif %} +{% endfor %} diff --git a/data/templates/ocserv/radius_servers.tmpl b/data/templates/ocserv/radius_servers.tmpl deleted file mode 100644 index 7bacac992..000000000 --- a/data/templates/ocserv/radius_servers.tmpl +++ /dev/null @@ -1,7 +0,0 @@ -### generated by vpn_openconnect.py ### -# server key -{% for srv in server %} -{% if not "disable" in server[srv] %} -{{ srv }} {{ server[srv].key }} -{% endif %} -{% endfor %} diff --git a/data/templates/pmacct/override.conf.tmpl b/data/templates/pmacct/override.conf.j2 index 213569ddc..213569ddc 100644 --- a/data/templates/pmacct/override.conf.tmpl +++ b/data/templates/pmacct/override.conf.j2 diff --git a/data/templates/pmacct/uacctd.conf.tmpl b/data/templates/pmacct/uacctd.conf.j2 index 7e4f80e95..ea6247005 100644 --- a/data/templates/pmacct/uacctd.conf.tmpl +++ b/data/templates/pmacct/uacctd.conf.j2 @@ -20,14 +20,14 @@ imt_mem_pools_number: 169 {% set plugin = [] %} {% if netflow.server is vyos_defined %} -{% for server in netflow.server %} -{% set _ = plugin.append('nfprobe[nf_' ~ server ~ ']') %} -{% endfor %} +{% for server in netflow.server %} +{% set _ = plugin.append('nfprobe[nf_' ~ server ~ ']') %} +{% endfor %} {% endif %} {% if sflow.server is vyos_defined %} -{% for server in sflow.server %} -{% set _ = plugin.append('sfprobe[sf_' ~ server ~ ']') %} -{% endfor %} +{% for server in sflow.server %} +{% set _ = plugin.append('sfprobe[sf_' ~ server ~ ']') %} +{% endfor %} {% endif %} {% if disable_imt is not defined %} {% set _ = plugin.append('memory') %} @@ -36,39 +36,39 @@ plugins: {{ plugin | join(',') }} {% if netflow.server is vyos_defined %} # NetFlow servers -{% for server, server_config in netflow.server.items() %} +{% for server, server_config in netflow.server.items() %} nfprobe_receiver[nf_{{ server }}]: {{ server }}:{{ server_config.port }} nfprobe_version[nf_{{ server }}]: {{ netflow.version }} -{% if netflow.engine_id is vyos_defined %} +{% if netflow.engine_id is vyos_defined %} nfprobe_engine[nf_{{ server }}]: {{ netflow.engine_id }} -{% endif %} -{% if netflow.max_flows is vyos_defined %} +{% endif %} +{% if netflow.max_flows is vyos_defined %} nfprobe_maxflows[nf_{{ server }}]: {{ netflow.max_flows }} -{% endif %} -{% if netflow.sampling_rate is vyos_defined %} +{% endif %} +{% if netflow.sampling_rate is vyos_defined %} sampling_rate[nf_{{ server }}]: {{ netflow.sampling_rate }} -{% endif %} -{% if netflow.source_address is vyos_defined %} +{% endif %} +{% if netflow.source_address is vyos_defined %} nfprobe_source_ip[nf_{{ server }}]: {{ netflow.source_address }} -{% endif %} -{% if netflow.timeout is vyos_defined %} +{% endif %} +{% if netflow.timeout is vyos_defined %} nfprobe_timeouts[nf_{{ server }}]: expint={{ netflow.timeout.expiry_interval }}:general={{ netflow.timeout.flow_generic }}:icmp={{ netflow.timeout.icmp }}:maxlife={{ netflow.timeout.max_active_life }}:tcp.fin={{ netflow.timeout.tcp_fin }}:tcp={{ netflow.timeout.tcp_generic }}:tcp.rst={{ netflow.timeout.tcp_rst }}:udp={{ netflow.timeout.udp }} -{% endif %} +{% endif %} -{% endfor %} +{% endfor %} {% endif %} {% if sflow.server is vyos_defined %} # sFlow servers -{% for server, server_config in sflow.server.items() %} +{% for server, server_config in sflow.server.items() %} sfprobe_receiver[sf_{{ server }}]: {{ server }}:{{ server_config.port }} sfprobe_agentip[sf_{{ server }}]: {{ sflow.agent_address }} -{% if sflow.sampling_rate is vyos_defined %} +{% if sflow.sampling_rate is vyos_defined %} sampling_rate[sf_{{ server }}]: {{ sflow.sampling_rate }} -{% endif %} -{% if sflow.source_address is vyos_defined %} +{% endif %} +{% if sflow.source_address is vyos_defined %} sfprobe_source_ip[sf_{{ server }}]: {{ sflow.source_address }} -{% endif %} +{% endif %} -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/pppoe/ip-down.script.tmpl b/data/templates/pppoe/ip-down.script.tmpl deleted file mode 100644 index 0be7b03c8..000000000 --- a/data/templates/pppoe/ip-down.script.tmpl +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh - -# As PPPoE is an "on demand" interface we need to re-configure it when it -# becomes up -if [ "$6" != "{{ ifname }}" ]; then - exit -fi - -# add some info to syslog -DIALER_PID=$(cat /var/run/{{ ifname }}.pid) -logger -t pppd[$DIALER_PID] "executing $0" - -{% if connect_on_demand is not defined %} -# See https://phabricator.vyos.net/T2248. Determine if we are enslaved to a -# VRF, this is needed to properly insert the default route. -VRF_NAME="" -if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then - # Determine upper (VRF) interface - VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*)) - # Remove upper_ prefix from result string - VRF=${VRF#"upper_"} - # Populate variable to run in VR context - VRF_NAME="vrf ${VRF_NAME}" -fi - -{% if default_route != 'none' %} -# Always delete default route when interface goes down if we installed it -vtysh -c "conf t" ${VRF_NAME} -c "no ip route 0.0.0.0/0 {{ ifname }} ${VRF_NAME}" -{% if ipv6.address.autoconf is vyos_defined %} -vtysh -c "conf t" ${VRF_NAME} -c "no ipv6 route ::/0 {{ ifname }} ${VRF_NAME}" -{% endif %} -{% endif %} -{% endif %} - -{% if dhcpv6_options.pd is vyos_defined %} -# Stop wide dhcpv6 client -systemctl stop dhcp6c@{{ ifname }}.service -{% endif %} diff --git a/data/templates/pppoe/ip-pre-up.script.tmpl b/data/templates/pppoe/ip-pre-up.script.tmpl deleted file mode 100644 index a54e4e9bd..000000000 --- a/data/templates/pppoe/ip-pre-up.script.tmpl +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -# As PPPoE is an "on demand" interface we need to re-configure it when it -# becomes up -if [ "$6" != "{{ ifname }}" ]; then - exit -fi - -# add some info to syslog -DIALER_PID=$(cat /var/run/{{ ifname }}.pid) -logger -t pppd[$DIALER_PID] "executing $0" - -echo "{{ description }}" > /sys/class/net/{{ ifname }}/ifalias - -{% if vrf %} -logger -t pppd[$DIALER_PID] "configuring dialer interface $6 for VRF {{ vrf }}" -ip link set dev {{ ifname }} master {{ vrf }} -{% endif %} diff --git a/data/templates/pppoe/ip-up.script.tmpl b/data/templates/pppoe/ip-up.script.tmpl deleted file mode 100644 index 302756960..000000000 --- a/data/templates/pppoe/ip-up.script.tmpl +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -# As PPPoE is an "on demand" interface we need to re-configure it when it -# becomes up -if [ "$6" != "{{ ifname }}" ]; then - exit -fi - -{% if connect_on_demand is not defined %} -# add some info to syslog -DIALER_PID=$(cat /var/run/{{ ifname }}.pid) -logger -t pppd[$DIALER_PID] "executing $0" - -{% if default_route != 'none' %} -# See https://phabricator.vyos.net/T2248 & T2220. Determine if we are enslaved -# to a VRF, this is needed to properly insert the default route. - -SED_OPT="^ip route" -VRF_NAME="" -if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then - # Determine upper (VRF) interface - VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*)) - # Remove upper_ prefix from result string - VRF=${VRF#"upper_"} - # generate new SED command - SED_OPT="vrf ${VRF}" - # generate vtysh option - VRF_NAME="vrf ${VRF}" -fi - -{% if default_route == 'auto' %} -# Only insert a new default route if there is no default route configured -routes=$(vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep 0.0.0.0/0 | wc -l) -if [ "$routes" -ne 0 ]; then - exit 1 -fi - -{% elif default_route == 'force' %} -# Retrieve current static default routes and remove it from the routing table -vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep 0.0.0.0/0 | while read route ; do - vtysh -c "conf t" ${VTY_OPT} -c "no ${route} ${VRF_NAME}" -done -{% endif %} - -# Add default route to default or VRF routing table -vtysh -c "conf t" ${VTY_OPT} -c "ip route 0.0.0.0/0 {{ ifname }} ${VRF_NAME}" -logger -t pppd[$DIALER_PID] "added default route via {{ ifname }} ${VRF_NAME}" -{% endif %} -{% endif %} diff --git a/data/templates/pppoe/ipv6-up.script.tmpl b/data/templates/pppoe/ipv6-up.script.tmpl deleted file mode 100644 index da73cb4d5..000000000 --- a/data/templates/pppoe/ipv6-up.script.tmpl +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -# As PPPoE is an "on demand" interface we need to re-configure it when it -# becomes up - -if [ "$6" != "{{ ifname }}" ]; then - exit -fi - - -{% if default_route != 'none' %} -# See https://phabricator.vyos.net/T2248 & T2220. Determine if we are enslaved -# to a VRF, this is needed to properly insert the default route. - -SED_OPT="^ipv6 route" -VRF_NAME="" -if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then - # Determine upper (VRF) interface - VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*)) - # Remove upper_ prefix from result string - VRF=${VRF#"upper_"} - # generate new SED command - SED_OPT="vrf ${VRF}" - # generate vtysh option - VRF_NAME="vrf ${VRF}" -fi - -{% if default_route == 'auto' %} -# Only insert a new default route if there is no default route configured -routes=$(vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep ::/0 | wc -l) -if [ "$routes" -ne 0 ]; then - exit 1 -fi - -{% elif default_route == 'force' %} -# Retrieve current static default routes and remove it from the routing table -vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep ::/0 | while read route ; do - vtysh -c "conf t" ${VTY_OPT} -c "no ${route} ${VRF_NAME}" -done -{% endif %} - -# Add default route to default or VRF routing table -vtysh -c "conf t" ${VTY_OPT} -c "ipv6 route ::/0 {{ ifname }} ${VRF_NAME}" -logger -t pppd[$DIALER_PID] "added default route via {{ ifname }} ${VRF_NAME}" -{% endif %} - diff --git a/data/templates/pppoe/peer.tmpl b/data/templates/pppoe/peer.j2 index d6d63debf..6221abb9b 100644 --- a/data/templates/pppoe/peer.tmpl +++ b/data/templates/pppoe/peer.j2 @@ -67,14 +67,14 @@ demand # See T2249. PPP default route options should only be set when in on-demand # mode. As soon as we are not in on-demand mode the default-route handling is # passed to the ip-up.d/ip-down.s scripts which is required for VRF support. -{% if 'auto' in default_route %} +{% if 'auto' in default_route %} defaultroute {{ 'defaultroute6' if ipv6 is vyos_defined }} -{% elif 'force' in default_route %} +{% elif 'force' in default_route %} defaultroute replacedefaultroute {{ 'defaultroute6' if ipv6 is vyos_defined }} -{% endif %} +{% endif %} {% else %} nodefaultroute noreplacedefaultroute diff --git a/data/templates/router-advert/radvd.conf.tmpl b/data/templates/router-advert/radvd.conf.j2 index b40ba1ee0..6902dc05a 100644 --- a/data/templates/router-advert/radvd.conf.tmpl +++ b/data/templates/router-advert/radvd.conf.j2 @@ -1,66 +1,66 @@ ### Autogenerated by service_router-advert.py ### {% if interface is vyos_defined %} -{% for iface, iface_config in interface.items() %} +{% for iface, iface_config in interface.items() %} interface {{ iface }} { IgnoreIfMissing on; -{% if iface_config.default_preference is vyos_defined %} +{% if iface_config.default_preference is vyos_defined %} AdvDefaultPreference {{ iface_config.default_preference }}; -{% endif %} -{% if iface_config.managed_flag is vyos_defined %} +{% endif %} +{% if iface_config.managed_flag is vyos_defined %} AdvManagedFlag {{ 'on' if iface_config.managed_flag is vyos_defined else 'off' }}; -{% endif %} -{% if iface_config.interval.max is vyos_defined %} +{% endif %} +{% if iface_config.interval.max is vyos_defined %} MaxRtrAdvInterval {{ iface_config.interval.max }}; -{% endif %} -{% if iface_config.interval.min is vyos_defined %} +{% endif %} +{% if iface_config.interval.min is vyos_defined %} MinRtrAdvInterval {{ iface_config.interval.min }}; -{% endif %} -{% if iface_config.reachable_time is vyos_defined %} +{% endif %} +{% if iface_config.reachable_time is vyos_defined %} AdvReachableTime {{ iface_config.reachable_time }}; -{% endif %} +{% endif %} AdvIntervalOpt {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }}; AdvSendAdvert {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }}; -{% if iface_config.default_lifetime is vyos_defined %} +{% if iface_config.default_lifetime is vyos_defined %} AdvDefaultLifetime {{ iface_config.default_lifetime }}; -{% endif %} -{% if iface_config.link_mtu is vyos_defined %} +{% endif %} +{% if iface_config.link_mtu is vyos_defined %} AdvLinkMTU {{ iface_config.link_mtu }}; -{% endif %} +{% endif %} AdvOtherConfigFlag {{ 'on' if iface_config.other_config_flag is vyos_defined else 'off' }}; AdvRetransTimer {{ iface_config.retrans_timer }}; AdvCurHopLimit {{ iface_config.hop_limit }}; -{% if iface_config.route is vyos_defined %} -{% for route, route_options in iface_config.route.items() %} +{% if iface_config.route is vyos_defined %} +{% for route, route_options in iface_config.route.items() %} route {{ route }} { -{% if route_options.valid_lifetime is vyos_defined %} +{% if route_options.valid_lifetime is vyos_defined %} AdvRouteLifetime {{ route_options.valid_lifetime }}; -{% endif %} -{% if route_options.route_preference is vyos_defined %} +{% endif %} +{% if route_options.route_preference is vyos_defined %} AdvRoutePreference {{ route_options.route_preference }}; -{% endif %} +{% endif %} RemoveRoute {{ 'off' if route_options.no_remove_route is vyos_defined else 'on' }}; }; -{% endfor %} -{% endif %} -{% if iface_config.prefix is vyos_defined %} -{% for prefix, prefix_options in iface_config.prefix.items() %} +{% endfor %} +{% endif %} +{% if iface_config.prefix is vyos_defined %} +{% for prefix, prefix_options in iface_config.prefix.items() %} prefix {{ prefix }} { AdvAutonomous {{ 'off' if prefix_options.no_autonomous_flag is vyos_defined else 'on' }}; AdvValidLifetime {{ prefix_options.valid_lifetime }}; AdvOnLink {{ 'off' if prefix_options.no_on_link_flag is vyos_defined else 'on' }}; AdvPreferredLifetime {{ prefix_options.preferred_lifetime }}; }; -{% endfor %} -{% endif %} -{% if iface_config.name_server is vyos_defined %} +{% endfor %} +{% endif %} +{% if iface_config.name_server is vyos_defined %} RDNSS {{ iface_config.name_server | join(" ") }} { }; -{% endif %} -{% if iface_config.dnssl is vyos_defined %} +{% endif %} +{% if iface_config.dnssl is vyos_defined %} DNSSL {{ iface_config.dnssl | join(" ") }} { }; -{% endif %} +{% endif %} }; -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/snmp/etc.snmp.conf.tmpl b/data/templates/snmp/etc.snmp.conf.j2 index 8012cf6bb..8012cf6bb 100644 --- a/data/templates/snmp/etc.snmp.conf.tmpl +++ b/data/templates/snmp/etc.snmp.conf.j2 diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2 new file mode 100644 index 000000000..d7dc0ba5d --- /dev/null +++ b/data/templates/snmp/etc.snmpd.conf.j2 @@ -0,0 +1,182 @@ +### Autogenerated by snmp.py ### + +# non configurable defaults +sysObjectID 1.3.6.1.4.1.44641 +sysServices 14 +master agentx +agentXPerms 0777 0777 +pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias +smuxpeer .1.3.6.1.2.1.83 +smuxpeer .1.3.6.1.2.1.157 +smuxsocket localhost + +# linkUp/Down configure the Event MIB tables to monitor +# the ifTable for network interfaces being taken up or down +# for making internal queries to retrieve any necessary information +iquerySecName {{ vyos_user }} + +# Modified from the default linkUpDownNotification +# to include more OIDs and poll more frequently +notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus +notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus +monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 +monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 + +# Remove all old ifTable entries with the same ifName as newly appeared +# interface (with different ifIndex) - this is the case on e.g. ppp interfaces +interface_replace_old yes + +######################## +# configurable section # +######################## + +# Default system description is VyOS version +sysDescr VyOS {{ version }} + +{% if description is vyos_defined %} +# Description +SysDescr {{ description }} +{% endif %} + +# Listen +{% set options = [] %} +{% if listen_address is vyos_defined %} +{% for address, address_options in listen_address.items() %} +{% if address | is_ipv6 %} +{% set protocol = protocol ~ '6' %} +{% endif %} +{% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %} +{% endfor %} +{% else %} +{% set _ = options.append(protocol ~ ':161') %} +{% set _ = options.append(protocol ~ '6:161') %} +{% endif %} +agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} + +# SNMP communities +{% if community is vyos_defined %} +{% for comm, comm_config in community.items() %} +{% if comm_config.client is vyos_defined %} +{% for client in comm_config.client %} +{% if client | is_ipv4 %} +{{ comm_config.authorization }}community {{ comm }} {{ client }} +{% elif client | is_ipv6 %} +{{ comm_config.authorization }}community6 {{ comm }} {{ client }} +{% endif %} +{% endfor %} +{% endif %} +{% if comm_config.network is vyos_defined %} +{% for network in comm_config.network %} +{% if network | is_ipv4 %} +{{ comm_config.authorization }}community {{ comm }} {{ network }} +{% elif client | is_ipv6 %} +{{ comm_config.authorization }}community6 {{ comm }} {{ network }} +{% endif %} +{% endfor %} +{% endif %} +{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} +{{ comm_config.authorization }}community {{ comm }} +{% endif %} +{% endfor %} +{% endif %} + +{% if contact is vyos_defined %} +# system contact information +SysContact {{ contact }} +{% endif %} + +{% if location is vyos_defined %} +# system location information +SysLocation {{ location }} +{% endif %} + +{% if smux_peer is vyos_defined %} +# additional smux peers +{% for peer in smux_peer %} +smuxpeer {{ peer }} +{% endfor %} +{% endif %} + +{% if trap_target is vyos_defined %} +# if there is a problem - tell someone! +{% for trap, trap_config in trap_target.items() %} +trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }} +{% endfor %} +{% endif %} + +{% if v3 is vyos_defined %} +# +# SNMPv3 stuff goes here +# +{% if v3.view is vyos_defined %} +# views +{% for view, view_config in v3.view.items() %} +{% if view_config.oid is vyos_defined %} +{% for oid in view_config.oid %} +view {{ view }} included .{{ oid }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} + +# access +{% if v3.group is vyos_defined %} +# context sec.model sec.level match read write notif +{% for group, group_config in v3.group.items() %} +access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {{ 'none' if group_config.mode == 'ro' else group_config.view }} none +{% endfor %} +{% endif %} + +# trap-target +{% if v3.trap_target is vyos_defined %} +{% for trap, trap_config in v3.trap_target.items() %} +{% set options = '' %} +{% if trap_config.type == 'inform' %} +{% set options = options ~ ' -Ci' %} +{% endif %} +{% if v3.engineid is vyos_defined %} +{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %} +{% endif %} +{% if trap_config.user is vyos_defined %} +{% set options = options ~ ' -u ' ~ trap_config.user %} +{% endif %} +{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %} +{% set options = options ~ ' -a ' ~ trap_config.auth.type %} +{% if trap_config.auth.plaintext_password is vyos_defined %} +{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %} +{% elif trap_config.auth.encrypted_password is vyos_defined %} +{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %} +{% endif %} +{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %} +{% set options = options ~ ' -x ' ~ trap_config.privacy.type %} +{% if trap_config.privacy.plaintext_password is vyos_defined %} +{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %} +{% elif trap_config.privacy.encrypted_password is vyos_defined %} +{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %} +{% endif %} +{% set options = options ~ ' -l authPriv' %} +{% else %} +{% set options = options ~ ' -l authNoPriv' %} +{% endif %} +{% else %} +{% set options = options ~ ' -l noAuthNoPriv' %} +{% endif %} +trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }} +{% endfor %} +{% endif %} + +# group +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} +group {{ user_config.group }} usm {{ user }} +{% endfor %} +{% endif %} +{# SNMPv3 end #} +{% endif %} + +{% if script_extensions.extension_name is vyos_defined %} +# extension scripts +{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %} +extend {{ script }} {{ script_config.script }} +{% endfor %} +{% endif %} diff --git a/data/templates/snmp/etc.snmpd.conf.tmpl b/data/templates/snmp/etc.snmpd.conf.tmpl deleted file mode 100644 index 510b35097..000000000 --- a/data/templates/snmp/etc.snmpd.conf.tmpl +++ /dev/null @@ -1,182 +0,0 @@ -### Autogenerated by snmp.py ### - -# non configurable defaults -sysObjectID 1.3.6.1.4.1.44641 -sysServices 14 -master agentx -agentXPerms 0777 0777 -pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias -smuxpeer .1.3.6.1.2.1.83 -smuxpeer .1.3.6.1.2.1.157 -smuxsocket localhost - -# linkUp/Down configure the Event MIB tables to monitor -# the ifTable for network interfaces being taken up or down -# for making internal queries to retrieve any necessary information -iquerySecName {{ vyos_user }} - -# Modified from the default linkUpDownNotification -# to include more OIDs and poll more frequently -notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus -notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus -monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 -monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 - -# Remove all old ifTable entries with the same ifName as newly appeared -# interface (with different ifIndex) - this is the case on e.g. ppp interfaces -interface_replace_old yes - -######################## -# configurable section # -######################## - -# Default system description is VyOS version -sysDescr VyOS {{ version }} - -{% if description is vyos_defined %} -# Description -SysDescr {{ description }} -{% endif %} - -# Listen -{% set options = [] %} -{% if listen_address is vyos_defined %} -{% for address, address_options in listen_address.items() %} -{% if address | is_ipv6 %} -{% set protocol = protocol ~ '6' %} -{% endif %} -{% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %} -{% endfor %} -{% else %} -{% set _ = options.append(protocol ~ ':161') %} -{% set _ = options.append(protocol ~ '6:161') %} -{% endif %} -agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} - -# SNMP communities -{% if community is vyos_defined %} -{% for comm, comm_config in community.items() %} -{% if comm_config.client is vyos_defined %} -{% for client in comm_config.client %} -{% if client | is_ipv4 %} -{{ comm_config.authorization }}community {{ comm }} {{ client }} -{% elif client | is_ipv6 %} -{{ comm_config.authorization }}community6 {{ comm }} {{ client }} -{% endif %} -{% endfor %} -{% endif %} -{% if comm_config.network is vyos_defined %} -{% for network in comm_config.network %} -{% if network | is_ipv4 %} -{{ comm_config.authorization }}community {{ comm }} {{ network }} -{% elif client | is_ipv6 %} -{{ comm_config.authorization }}community6 {{ comm }} {{ network }} -{% endif %} -{% endfor %} -{% endif %} -{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} -{{ comm_config.authorization }}community {{ comm }} -{% endif %} -{% endfor %} -{% endif %} - -{% if contact is vyos_defined %} -# system contact information -SysContact {{ contact }} -{% endif %} - -{% if location is vyos_defined %} -# system location information -SysLocation {{ location }} -{% endif %} - -{% if smux_peer is vyos_defined %} -# additional smux peers -{% for peer in smux_peer %} -smuxpeer {{ peer }} -{% endfor %} -{% endif %} - -{% if trap_target is vyos_defined %} -# if there is a problem - tell someone! -{% for trap, trap_config in trap_target.items() %} -trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }} -{% endfor %} -{% endif %} - -{% if v3 is vyos_defined %} -# -# SNMPv3 stuff goes here -# -{% if v3.view is vyos_defined %} -# views -{% for view, view_config in v3.view.items() %} -{% if view_config.oid is vyos_defined %} -{% for oid in view_config.oid %} -view {{ view }} included .{{ oid }} -{% endfor %} -{% endif %} -{% endfor %} -{% endif %} - -# access -{% if v3.group is vyos_defined %} -# context sec.model sec.level match read write notif -{% for group, group_config in v3.group.items() %} -access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {% if group_config.mode == 'ro' %}none{% else %}{{ group_config.view }}{% endif %} none -{% endfor %} -{% endif %} - -# trap-target -{% if v3.trap_target is vyos_defined %} -{% for trap, trap_config in v3.trap_target.items() %} -{% set options = '' %} -{% if trap_config.type == 'inform' %} -{% set options = options ~ ' -Ci' %} -{% endif %} -{% if v3.engineid is vyos_defined %} -{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %} -{% endif %} -{% if trap_config.user is vyos_defined %} -{% set options = options ~ ' -u ' ~ trap_config.user %} -{% endif %} -{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %} -{% set options = options ~ ' -a ' ~ trap_config.auth.type %} -{% if trap_config.auth.plaintext_password is vyos_defined %} -{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %} -{% elif trap_config.auth.encrypted_password is vyos_defined %} -{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %} -{% endif %} -{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %} -{% set options = options ~ ' -x ' ~ trap_config.privacy.type %} -{% if trap_config.privacy.plaintext_password is vyos_defined %} -{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %} -{% elif trap_config.privacy.encrypted_password is vyos_defined %} -{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %} -{% endif %} -{% set options = options ~ ' -l authPriv' %} -{% else %} -{% set options = options ~ ' -l authNoPriv' %} -{% endif %} -{% else %} -{% set options = options ~ ' -l noAuthNoPriv' %} -{% endif %} -trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }} -{% endfor %} -{% endif %} - -# group -{% if v3.user is vyos_defined %} -{% for user, user_config in v3.user.items() %} -group {{ user_config.group }} usm {{ user }} -{% endfor %} -{% endif %} -{# SNMPv3 end #} -{% endif %} - -{% if script_extensions.extension_name is vyos_defined %} -# extension scripts -{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %} -extend {{ script }} {{ script_config.script }} -{% endfor %} -{% endif %} diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.j2 index 5d787de86..5d787de86 100644 --- a/data/templates/snmp/override.conf.tmpl +++ b/data/templates/snmp/override.conf.j2 diff --git a/data/templates/snmp/usr.snmpd.conf.tmpl b/data/templates/snmp/usr.snmpd.conf.j2 index a46b3997f..a713c1cec 100644 --- a/data/templates/snmp/usr.snmpd.conf.tmpl +++ b/data/templates/snmp/usr.snmpd.conf.j2 @@ -1,8 +1,8 @@ ### Autogenerated by snmp.py ### -{% if v3.user is vyos_defined %} +{% if v3.user is vyos_defined %} {% for user, user_config in v3.user.items() %} {{ user_config.mode }}user {{ user }} {% endfor %} -{% endif %} +{% endif %} rwuser {{ vyos_user }} diff --git a/data/templates/snmp/var.snmpd.conf.tmpl b/data/templates/snmp/var.snmpd.conf.j2 index 16d39db89..012f33aeb 100644 --- a/data/templates/snmp/var.snmpd.conf.tmpl +++ b/data/templates/snmp/var.snmpd.conf.j2 @@ -1,16 +1,16 @@ ### Autogenerated by snmp.py ### # user {% if v3 is vyos_defined %} -{% if v3.user is vyos_defined %} -{% for user, user_config in v3.user.items() %} +{% if v3.user is vyos_defined %} +{% for user, user_config in v3.user.items() %} usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.auth.type | snmp_auth_oid }} 0x{{ user_config.auth.encrypted_password }} {{ user_config.privacy.type | snmp_auth_oid }} 0x{{ user_config.privacy.encrypted_password }} 0x -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} # VyOS default user createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES -{% if v3.engineid is vyos_defined %} +{% if v3.engineid is vyos_defined %} oldEngineID 0x{{ v3.engineid }} -{% endif %} +{% endif %} {% endif %} diff --git a/data/templates/squid/sg_acl.conf.tmpl b/data/templates/squid/sg_acl.conf.j2 index ce72b173a..ce72b173a 100644 --- a/data/templates/squid/sg_acl.conf.tmpl +++ b/data/templates/squid/sg_acl.conf.j2 diff --git a/data/templates/squid/squid.conf.tmpl b/data/templates/squid/squid.conf.j2 index e8627b022..a0fdeb20e 100644 --- a/data/templates/squid/squid.conf.tmpl +++ b/data/templates/squid/squid.conf.j2 @@ -16,23 +16,23 @@ acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT {% if authentication is vyos_defined %} -{% if authentication.children is vyos_defined %} +{% if authentication.children is vyos_defined %} auth_param basic children {{ authentication.children }} -{% endif %} -{% if authentication.credentials_ttl is vyos_defined %} +{% endif %} +{% if authentication.credentials_ttl is vyos_defined %} auth_param basic credentialsttl {{ authentication.credentials_ttl }} minute -{% endif %} -{% if authentication.realm is vyos_defined %} +{% endif %} +{% if authentication.realm is vyos_defined %} auth_param basic realm "{{ authentication.realm }}" -{% endif %} +{% endif %} {# LDAP based Authentication #} -{% if authentication.method is vyos_defined %} -{% if authentication.ldap is vyos_defined and authentication.method is vyos_defined('ldap') %} +{% if authentication.method is vyos_defined %} +{% if authentication.ldap is vyos_defined and authentication.method is vyos_defined('ldap') %} auth_param basic program /usr/lib/squid/basic_ldap_auth -v {{ authentication.ldap.version }} -b "{{ authentication.ldap.base_dn }}" {{ '-D "' ~ authentication.ldap.bind_dn ~ '"' if authentication.ldap.bind_dn is vyos_defined }} {{ '-w "' ~ authentication.ldap.password ~ '"' if authentication.ldap.password is vyos_defined }} {{ '-f "' ~ authentication.ldap.filter_expression ~ '"' if authentication.ldap.filter_expression is vyos_defined }} {{ '-u "' ~ authentication.ldap.username_attribute ~ '"' if authentication.ldap.username_attribute is vyos_defined }} -p {{ authentication.ldap.port }} {{ '-ZZ' if authentication.ldap.use_ssl is vyos_defined }} -R -h "{{ authentication.ldap.server }}" -{% endif %} +{% endif %} acl auth proxy_auth REQUIRED http_access allow auth -{% endif %} +{% endif %} {% endif %} http_access allow manager localhost @@ -44,18 +44,18 @@ http_access allow net http_access deny all {% if reply_block_mime is vyos_defined %} -{% for mime_type in reply_block_mime %} +{% for mime_type in reply_block_mime %} acl BLOCK_MIME rep_mime_type {{ mime_type }} -{% endfor %} +{% endfor %} http_reply_access deny BLOCK_MIME {% endif %} {% if cache_size is vyos_defined %} -{% if cache_size | int > 0 %} +{% if cache_size | int > 0 %} cache_dir ufs /var/spool/squid {{ cache_size }} 16 256 -{% else %} +{% else %} # disabling disk cache -{% endif %} +{% endif %} {% endif %} {% if mem_cache_size is vyos_defined %} cache_mem {{ mem_cache_size }} MB @@ -87,9 +87,9 @@ tcp_outgoing_address {{ outgoing_address }} {% if listen_address is vyos_defined %} -{% for address, config in listen_address.items() %} +{% for address, config in listen_address.items() %} http_port {{ address | bracketize_ipv6 }}:{{ config.port if config.port is vyos_defined else default_port }} {{ 'intercept' if config.disable_transparent is not vyos_defined }} -{% endfor %} +{% endfor %} {% endif %} http_port 127.0.0.1:{{ default_port }} @@ -104,8 +104,8 @@ url_rewrite_bypass on {% endif %} {% if cache_peer is vyos_defined %} -{% for peer, config in cache_peer.items() %} +{% for peer, config in cache_peer.items() %} cache_peer {{ config.address }} {{ config.type }} {{ config.http_port }} {{ config.icp_port }} {{ config.options }} -{% endfor %} +{% endfor %} never_direct allow all {% endif %} diff --git a/data/templates/squid/squidGuard.conf.j2 b/data/templates/squid/squidGuard.conf.j2 new file mode 100644 index 000000000..1bc4c984f --- /dev/null +++ b/data/templates/squid/squidGuard.conf.j2 @@ -0,0 +1,124 @@ +### generated by service_webproxy.py ### + +{% macro sg_rule(category, log, db_dir) %} +{% set expressions = db_dir + '/' + category + '/expressions' %} +dest {{ category }}-default { + domainlist {{ category }}/domains + urllist {{ category }}/urls +{% if expressions | is_file %} + expressionlist {{ category }}/expressions +{% endif %} +{% if log is vyos_defined %} + log blacklist.log +{% endif %} +} +{% endmacro %} + +{% if url_filtering is vyos_defined and url_filtering.disable is not vyos_defined %} +{% if url_filtering.squidguard is vyos_defined %} +{% set sg_config = url_filtering.squidguard %} +{% set acl = namespace(value='local-ok-default') %} +{% set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %} +dbhome {{ squidguard_db_dir }} +logdir /var/log/squid + +rewrite safesearch { + s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i + s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i + s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i + s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i + s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i + s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i + log rewrite.log +} + +{% if sg_config.local_ok is vyos_defined %} +{% set acl.value = acl.value + ' local-ok-default' %} +dest local-ok-default { + domainlist local-ok-default/domains +} +{% endif %} +{% if sg_config.local_ok_url is vyos_defined %} +{% set acl.value = acl.value + ' local-ok-url-default' %} +dest local-ok-url-default { + urllist local-ok-url-default/urls +} +{% endif %} +{% if sg_config.local_block is vyos_defined %} +{% set acl.value = acl.value + ' !local-block-default' %} +dest local-block-default { + domainlist local-block-default/domains +} +{% endif %} +{% if sg_config.local_block_url is vyos_defined %} +{% set acl.value = acl.value + ' !local-block-url-default' %} +dest local-block-url-default { + urllist local-block-url-default/urls +} +{% endif %} +{% if sg_config.local_block_keyword is vyos_defined %} +{% set acl.value = acl.value + ' !local-block-keyword-default' %} +dest local-block-keyword-default { + expressionlist local-block-keyword-default/expressions +} +{% endif %} + +{% if sg_config.block_category is vyos_defined %} +{% for category in sg_config.block_category %} +{{ sg_rule(category, sg_config.log, squidguard_db_dir) }} +{% set acl.value = acl.value + ' !' + category + '-default' %} +{% endfor %} +{% endif %} +{% if sg_config.allow_category is vyos_defined %} +{% for category in sg_config.allow_category %} +{{ sg_rule(category, False, squidguard_db_dir) }} +{% set acl.value = acl.value + ' ' + category + '-default' %} +{% endfor %} +{% endif %} +{% if sg_config.source_group is vyos_defined %} +{% for sgroup, sg_config in sg_config.source_group.items() %} +{% if sg_config.address is vyos_defined %} +src {{ sgroup }} { +{% for address in sg_config.address %} + ip {{ address }} +{% endfor %} +} + +{% endif %} +{% endfor %} +{% endif %} +{% if sg_config.rule is vyos_defined %} +{% for rule, rule_config in sg_config.rule.items() %} +{% for b_category in rule_config.block_category %} +dest {{ b_category }} { + domainlist {{ b_category }}/domains + urllist {{ b_category }}/urls +} +{% endfor %} + +{% endfor %} +{% endif %} +acl { +{% if sg_config.rule is vyos_defined %} +{% for rule, rule_config in sg_config.rule.items() %} + {{ rule_config.source_group }} { +{% for b_category in rule_config.block_category %} + pass local-ok-1 !in-addr !{{ b_category }} all +{% endfor %} + } +{% endfor %} +{% endif %} + + default { +{% if sg_config.enable_safe_search is vyos_defined %} + rewrite safesearch +{% endif %} + pass {{ acl.value }} {{ 'none' if sg_config.default_action is vyos_defined('block') else 'allow' }} + redirect 302:http://{{ sg_config.redirect_url }} +{% if sg_config.log is vyos_defined %} + log blacklist.log +{% endif %} + } +} +{% endif %} +{% endif %} diff --git a/data/templates/squid/squidGuard.conf.tmpl b/data/templates/squid/squidGuard.conf.tmpl deleted file mode 100644 index 5e877f01f..000000000 --- a/data/templates/squid/squidGuard.conf.tmpl +++ /dev/null @@ -1,124 +0,0 @@ -### generated by service_webproxy.py ### - -{% macro sg_rule(category, log, db_dir) %} -{% set expressions = db_dir + '/' + category + '/expressions' %} -dest {{ category }}-default { - domainlist {{ category }}/domains - urllist {{ category }}/urls -{% if expressions | is_file %} - expressionlist {{ category }}/expressions -{% endif %} -{% if log is vyos_defined %} - log blacklist.log -{% endif %} -} -{% endmacro %} - -{% if url_filtering is vyos_defined and url_filtering.disable is not vyos_defined %} -{% if url_filtering.squidguard is vyos_defined %} -{% set sg_config = url_filtering.squidguard %} -{% set acl = namespace(value='local-ok-default') %} -{% set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %} -dbhome {{ squidguard_db_dir }} -logdir /var/log/squid - -rewrite safesearch { - s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i - s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i - s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i - s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i - s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i - s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i - log rewrite.log -} - -{% if sg_config.local_ok is vyos_defined %} -{% set acl.value = acl.value + ' local-ok-default' %} -dest local-ok-default { - domainlist local-ok-default/domains -} -{% endif %} -{% if sg_config.local_ok_url is vyos_defined %} -{% set acl.value = acl.value + ' local-ok-url-default' %} -dest local-ok-url-default { - urllist local-ok-url-default/urls -} -{% endif %} -{% if sg_config.local_block is vyos_defined %} -{% set acl.value = acl.value + ' !local-block-default' %} -dest local-block-default { - domainlist local-block-default/domains -} -{% endif %} -{% if sg_config.local_block_url is vyos_defined %} -{% set acl.value = acl.value + ' !local-block-url-default' %} -dest local-block-url-default { - urllist local-block-url-default/urls -} -{% endif %} -{% if sg_config.local_block_keyword is vyos_defined %} -{% set acl.value = acl.value + ' !local-block-keyword-default' %} -dest local-block-keyword-default { - expressionlist local-block-keyword-default/expressions -} -{% endif %} - -{% if sg_config.block_category is vyos_defined %} -{% for category in sg_config.block_category %} -{{ sg_rule(category, sg_config.log, squidguard_db_dir) }} -{% set acl.value = acl.value + ' !' + category + '-default' %} -{% endfor %} -{% endif %} -{% if sg_config.allow_category is vyos_defined %} -{% for category in sg_config.allow_category %} -{{ sg_rule(category, False, squidguard_db_dir) }} -{% set acl.value = acl.value + ' ' + category + '-default' %} -{% endfor %} -{% endif %} -{% if sg_config.source_group is vyos_defined %} -{% for sgroup, sg_config in sg_config.source_group.items() %} -{% if sg_config.address is vyos_defined %} -src {{ sgroup }} { -{% for address in sg_config.address %} - ip {{ address }} -{% endfor %} -} - -{% endif %} -{% endfor %} -{% endif %} -{% if sg_config.rule is vyos_defined %} -{% for rule, rule_config in sg_config.rule.items() %} -{% for b_category in rule_config.block_category%} -dest {{ b_category }} { - domainlist {{ b_category }}/domains - urllist {{ b_category }}/urls -} -{% endfor %} - -{% endfor %} -{% endif %} -acl { -{% if sg_config.rule is vyos_defined %} -{% for rule, rule_config in sg_config.rule.items() %} - {{ rule_config.source_group }} { -{% for b_category in rule_config.block_category%} - pass local-ok-1 !in-addr !{{ b_category }} all -{% endfor %} - } -{% endfor %} -{% endif %} - - default { -{% if sg_config.enable_safe_search is vyos_defined %} - rewrite safesearch -{% endif %} - pass {{ acl.value }} {{ 'none' if sg_config.default_action is vyos_defined('block') else 'allow' }} - redirect 302:http://{{ sg_config.redirect_url }} -{% if sg_config.log is vyos_defined %} - log blacklist.log -{% endif %} - } -} -{% endif %} -{% endif %} diff --git a/data/templates/ssh/sshguard_config.j2 b/data/templates/ssh/sshguard_config.j2 new file mode 100644 index 000000000..58c6ad48d --- /dev/null +++ b/data/templates/ssh/sshguard_config.j2 @@ -0,0 +1,27 @@ +### Autogenerated by ssh.py ### + +{% if dynamic_protection is vyos_defined %} +# Full path to backend executable (required, no default) +BACKEND="/usr/libexec/sshguard/sshg-fw-nft-sets" + +# Shell command that provides logs on standard output. (optional, no default) +# Example 1: ssh and sendmail from systemd journal: +LOGREADER="LANG=C journalctl -afb -p info -n1 -t sshd -o cat" + +#### OPTIONS #### +# Block attackers when their cumulative attack score exceeds THRESHOLD. +# Most attacks have a score of 10. (optional, default 30) +THRESHOLD={{ dynamic_protection.threshold }} + +# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD. +# Subsequent blocks increase by a factor of 1.5. (optional, default 120) +BLOCK_TIME={{ dynamic_protection.block_time }} + +# Remember potential attackers for up to DETECTION_TIME seconds before +# resetting their score. (optional, default 1800) +DETECTION_TIME={{ dynamic_protection.detect_time }} + +# IP addresses listed in the WHITELIST_FILE are considered to be +# friendlies and will never be blocked. +WHITELIST_FILE=/etc/sshguard/whitelist +{% endif %} diff --git a/data/templates/ssh/sshguard_whitelist.j2 b/data/templates/ssh/sshguard_whitelist.j2 new file mode 100644 index 000000000..47a950a2b --- /dev/null +++ b/data/templates/ssh/sshguard_whitelist.j2 @@ -0,0 +1,7 @@ +### Autogenerated by ssh.py ### + +{% if dynamic_protection.allow_from is vyos_defined %} +{% for address in dynamic_protection.allow_from %} +{{ address }} +{% endfor %} +{% endif %} diff --git a/data/templates/syslog/logrotate.tmpl b/data/templates/syslog/logrotate.j2 index c1b951e8b..c1b951e8b 100644 --- a/data/templates/syslog/logrotate.tmpl +++ b/data/templates/syslog/logrotate.j2 diff --git a/data/templates/syslog/rsyslog.conf.tmpl b/data/templates/syslog/rsyslog.conf.j2 index 2fb621760..4445d568b 100644 --- a/data/templates/syslog/rsyslog.conf.tmpl +++ b/data/templates/syslog/rsyslog.conf.j2 @@ -2,9 +2,9 @@ ## file based logging {% if files['global']['marker'] %} $ModLoad immark -{% if files['global']['marker-interval'] %} -$MarkMessagePeriod {{files['global']['marker-interval']}} -{% endif %} +{% if files['global']['marker-interval'] %} +$MarkMessagePeriod {{ files['global']['marker-interval'] }} +{% endif %} {% endif %} {% if files['global']['preserver_fqdn'] %} $PreserveFQDN on @@ -15,40 +15,40 @@ $outchannel {{ file }},{{ file_options['log-file'] }},{{ file_options['max-size' {% endfor %} {% if console is defined and console is not none %} ## console logging -{% for con, con_options in console.items() %} +{% for con, con_options in console.items() %} {{ con_options['selectors'] }} /dev/console -{% endfor %} +{% endfor %} {% endif %} {% if hosts is defined and hosts is not none %} ## remote logging -{% for host, host_options in hosts.items() %} -{% if host_options.proto == 'tcp' %} -{% if host_options.port is defined %} -{% if host_options.oct_count is defined %} +{% for host, host_options in hosts.items() %} +{% if host_options.proto == 'tcp' %} +{% if host_options.port is defined %} +{% if host_options.oct_count is defined %} {{ host_options.selectors }} @@(o){{ host | bracketize_ipv6 }}:{{ host_options.port }};RSYSLOG_SyslogProtocol23Format -{% else %} +{% else %} {{ host_options.selectors }} @@{{ host | bracketize_ipv6 }}:{{ host_options.port }} -{% endif %} -{% else %} +{% endif %} +{% else %} {{ host_options.selectors }} @@{{ host | bracketize_ipv6 }} -{% endif %} -{% elif host_options.proto == 'udp' %} -{% if host_options.port is defined %} +{% endif %} +{% elif host_options.proto == 'udp' %} +{% if host_options.port is defined %} {{ host_options.selectors }} @{{ host | bracketize_ipv6 }}:{{ host_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if host_options.oct_count is sameas true }} -{% else %} +{% else %} {{ host_options.selectors }} @{{ host | bracketize_ipv6 }} -{% endif %} -{% else %} -{% if host_options['port'] %} +{% endif %} +{% else %} +{% if host_options['port'] %} {{ host_options.selectors }} @{{ host | bracketize_ipv6 }}:{{ host_options.port }} -{% else %} +{% else %} {{ host_options.selectors }} @{{ host | bracketize_ipv6 }} -{% endif %} -{% endif %} -{% endfor %} +{% endif %} +{% endif %} +{% endfor %} {% endif %} {% if user is defined and user is not none %} -{% for username, user_options in user.items() %} +{% for username, user_options in user.items() %} {{ user_options.selectors }} :omusrmsg:{{ username }} -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/system/curlrc.tmpl b/data/templates/system/curlrc.j2 index be4efe8ba..be4efe8ba 100644 --- a/data/templates/system/curlrc.tmpl +++ b/data/templates/system/curlrc.j2 diff --git a/data/templates/system/proxy.j2 b/data/templates/system/proxy.j2 new file mode 100644 index 000000000..215c4c5c2 --- /dev/null +++ b/data/templates/system/proxy.j2 @@ -0,0 +1,7 @@ +# generated by system-proxy.py +{% if url is vyos_defined and port is vyos_defined %} +{# remove http:// prefix so we can inject a username/password if present #} +export http_proxy=http://{{ username ~ ':' ~ password ~ '@' if username is vyos_defined and password is vyos_defined }}{{ url | replace('http://', '') }}:{{ port }} +export https_proxy=$http_proxy +export ftp_proxy=$http_proxy +{% endif %} diff --git a/data/templates/system/ssh_config.tmpl b/data/templates/system/ssh_config.j2 index 1449f95b1..1449f95b1 100644 --- a/data/templates/system/ssh_config.tmpl +++ b/data/templates/system/ssh_config.j2 diff --git a/data/templates/system/sysctl.conf.tmpl b/data/templates/system/sysctl.conf.j2 index 3aa857647..59a19e157 100644 --- a/data/templates/system/sysctl.conf.tmpl +++ b/data/templates/system/sysctl.conf.j2 @@ -1,7 +1,7 @@ # autogenerated by system_sysctl.py
{% if parameter is vyos_defined %}
-{% for k, v in parameter.items() %}
+{% for k, v in parameter.items() %}
{{ k }} = {{ v.value }}
-{% endfor %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/tftp-server/default.tmpl b/data/templates/tftp-server/default.j2 index 56784d467..b2676e0aa 100644 --- a/data/templates/tftp-server/default.tmpl +++ b/data/templates/tftp-server/default.j2 @@ -1,3 +1,4 @@ +{# j2lint: disable=jinja-variable-format #} ### Autogenerated by tftp_server.py ### DAEMON_ARGS="--listen --user tftp --address {{ listen_address }} {{ "--create --umask 000" if allow_upload is vyos_defined }} --secure {{ directory }}" {% if vrf is vyos_defined %} diff --git a/data/templates/vrf/vrf.conf.tmpl b/data/templates/vrf/vrf.conf.j2 index a51e11ddf..d31d23574 100644 --- a/data/templates/vrf/vrf.conf.tmpl +++ b/data/templates/vrf/vrf.conf.j2 @@ -3,7 +3,7 @@ # Routing table ID to name mapping reference # id vrf name comment {% if name is vyos_defined %} -{% for vrf, vrf_config in name.items() %} +{% for vrf, vrf_config in name.items() %} {{ "%-10s" | format(vrf_config.table) }} {{ "%-16s" | format(vrf) }} {{ '# ' ~ vrf_config.description if vrf_config.description is vyos_defined }} -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/zone_policy/nftables.tmpl b/data/templates/zone_policy/nftables.j2 index 9e532b79e..e4c4dd7da 100644 --- a/data/templates/zone_policy/nftables.tmpl +++ b/data/templates/zone_policy/nftables.j2 @@ -1,113 +1,113 @@ #!/usr/sbin/nft -f {% if cleanup_commands is vyos_defined %} -{% for command in cleanup_commands %} +{% for command in cleanup_commands %} {{ command }} -{% endfor %} +{% endfor %} {% endif %} {% if zone is vyos_defined %} table ip filter { -{% for zone_name, zone_conf in zone.items() if zone_conf.ipv4 %} -{% if zone_conf.local_zone is vyos_defined %} +{% for zone_name, zone_conf in zone.items() if zone_conf.ipv4 %} +{% if zone_conf.local_zone is vyos_defined %} chain VZONE_{{ zone_name }}_IN { iifname lo counter return -{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %} +{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %} iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }} iifname { {{ zone[from_zone].interface | join(",") }} } counter return -{% endfor %} +{% endfor %} counter {{ zone_conf.default_action }} } chain VZONE_{{ zone_name }}_OUT { oifname lo counter return -{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.name is vyos_defined %} +{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.name is vyos_defined %} oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }} oifname { {{ zone[from_zone].interface | join(",") }} } counter return -{% endfor %} +{% endfor %} counter {{ zone_conf.default_action }} } -{% else %} +{% else %} chain VZONE_{{ zone_name }} { iifname { {{ zone_conf.interface | join(",") }} } counter {{ zone_conf | nft_intra_zone_action(ipv6=False) }} -{% if zone_conf.intra_zone_filtering is vyos_defined %} +{% if zone_conf.intra_zone_filtering is vyos_defined %} iifname { {{ zone_conf.interface | join(",") }} } counter return -{% endif %} -{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %} -{% if zone[from_zone].local_zone is not defined %} +{% endif %} +{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %} +{% if zone[from_zone].local_zone is not defined %} iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }} iifname { {{ zone[from_zone].interface | join(",") }} } counter return -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} counter {{ zone_conf.default_action }} } -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} } table ip6 filter { -{% for zone_name, zone_conf in zone.items() if zone_conf.ipv6 %} -{% if zone_conf.local_zone is vyos_defined %} +{% for zone_name, zone_conf in zone.items() if zone_conf.ipv6 %} +{% if zone_conf.local_zone is vyos_defined %} chain VZONE6_{{ zone_name }}_IN { iifname lo counter return -{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %} +{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %} iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }} iifname { {{ zone[from_zone].interface | join(",") }} } counter return -{% endfor %} +{% endfor %} counter {{ zone_conf.default_action }} } chain VZONE6_{{ zone_name }}_OUT { oifname lo counter return -{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.ipv6_name is vyos_defined %} +{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.ipv6_name is vyos_defined %} oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }} oifname { {{ zone[from_zone].interface | join(",") }} } counter return -{% endfor %} +{% endfor %} counter {{ zone_conf.default_action }} } -{% else %} +{% else %} chain VZONE6_{{ zone_name }} { iifname { {{ zone_conf.interface | join(",") }} } counter {{ zone_conf | nft_intra_zone_action(ipv6=True) }} -{% if zone_conf.intra_zone_filtering is vyos_defined %} +{% if zone_conf.intra_zone_filtering is vyos_defined %} iifname { {{ zone_conf.interface | join(",") }} } counter return -{% endif %} -{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %} -{% if zone[from_zone].local_zone is not defined %} +{% endif %} +{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %} +{% if zone[from_zone].local_zone is not defined %} iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }} iifname { {{ zone[from_zone].interface | join(",") }} } counter return -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} counter {{ zone_conf.default_action }} } -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} } -{% for zone_name, zone_conf in zone.items() %} -{% if zone_conf.ipv4 %} -{% if 'local_zone' in zone_conf %} +{% for zone_name, zone_conf in zone.items() %} +{% if zone_conf.ipv4 %} +{% if 'local_zone' in zone_conf %} insert rule ip filter VYOS_FW_LOCAL counter jump VZONE_{{ zone_name }}_IN insert rule ip filter VYOS_FW_OUTPUT counter jump VZONE_{{ zone_name }}_OUT -{% else %} +{% else %} insert rule ip filter VYOS_FW_FORWARD oifname { {{ zone_conf.interface | join(',') }} } counter jump VZONE_{{ zone_name }} -{% endif %} -{% endif %} -{% if zone_conf.ipv6 %} -{% if 'local_zone' in zone_conf %} +{% endif %} +{% endif %} +{% if zone_conf.ipv6 %} +{% if 'local_zone' in zone_conf %} insert rule ip6 filter VYOS_FW6_LOCAL counter jump VZONE6_{{ zone_name }}_IN insert rule ip6 filter VYOS_FW6_OUTPUT counter jump VZONE6_{{ zone_name }}_OUT -{% else %} +{% else %} insert rule ip6 filter VYOS_FW6_FORWARD oifname { {{ zone_conf.interface | join(',') }} } counter jump VZONE6_{{ zone_name }} -{% endif %} -{% endif %} -{% endfor %} +{% endif %} +{% endif %} +{% endfor %} {# Ensure that state-policy rule is first in the chain #} -{% if firewall.state_policy is vyos_defined %} -{% for chain in ['VYOS_FW_FORWARD', 'VYOS_FW_OUTPUT', 'VYOS_FW_LOCAL'] %} +{% if firewall.state_policy is vyos_defined %} +{% for chain in ['VYOS_FW_FORWARD', 'VYOS_FW_OUTPUT', 'VYOS_FW_LOCAL'] %} insert rule ip filter {{ chain }} jump VYOS_STATE_POLICY -{% endfor %} -{% for chain in ['VYOS_FW6_FORWARD', 'VYOS_FW6_OUTPUT', 'VYOS_FW6_LOCAL'] %} +{% endfor %} +{% for chain in ['VYOS_FW6_FORWARD', 'VYOS_FW6_OUTPUT', 'VYOS_FW6_LOCAL'] %} insert rule ip6 filter {{ chain }} jump VYOS_STATE_POLICY6 -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} {% endif %} diff --git a/debian/control b/debian/control index c53e4d3b8..bcd5acfdd 100644 --- a/debian/control +++ b/debian/control @@ -147,6 +147,7 @@ Depends: squid, squidclient, squidguard, + sshguard, ssl-cert, strongswan (>= 5.9), strongswan-swanctl (>= 5.9), diff --git a/interface-definitions/containers.xml.in b/interface-definitions/container.xml.in index 9cd2b0902..51171d881 100644 --- a/interface-definitions/containers.xml.in +++ b/interface-definitions/container.xml.in @@ -1,6 +1,6 @@ <?xml version="1.0"?> <interfaceDefinition> - <node name="container" owner="${vyos_conf_scripts_dir}/containers.py"> + <node name="container" owner="${vyos_conf_scripts_dir}/container.py"> <properties> <help>Container applications</help> <priority>1280</priority> @@ -10,7 +10,7 @@ <properties> <help>Container name</help> <constraint> - <regex>^[-a-zA-Z0-9]+$</regex> + <regex>[-a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Container name must be alphanumeric and can contain hyphens</constraintErrorMessage> </properties> @@ -52,7 +52,7 @@ <description>Permission to set system clock</description> </valueHelp> <constraint> - <regex>^(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-time)$</regex> + <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-time)</regex> </constraint> <multi/> </properties> @@ -88,7 +88,7 @@ <properties> <help>Add custom environment variables</help> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Environment variable name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> </properties> @@ -194,7 +194,7 @@ <list>tcp udp</list> </completionHelp> <constraint> - <regex>^(tcp|udp)$</regex> + <regex>(tcp|udp)</regex> </constraint> </properties> </leafNode> @@ -219,7 +219,7 @@ <description>Restart containers when they exit, regardless of status, retrying indefinitely</description> </valueHelp> <constraint> - <regex>^(no|on-failure|always)$</regex> + <regex>(no|on-failure|always)</regex> </constraint> </properties> <defaultValue>on-failure</defaultValue> @@ -283,10 +283,10 @@ </tagNode> <leafNode name="registry"> <properties> - <help>Add registry</help> + <help>Registry Name</help> <multi/> </properties> - <defaultValue>docker.io</defaultValue> + <defaultValue>docker.io quay.io</defaultValue> </leafNode> </children> </node> diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in index 339941e65..27d0a3e6c 100644 --- a/interface-definitions/dhcp-relay.xml.in +++ b/interface-definitions/dhcp-relay.xml.in @@ -66,7 +66,7 @@ <description>discard packet (default action if giaddr not set in packet)</description> </valueHelp> <constraint> - <regex>^(append|replace|forward|discard)$</regex> + <regex>(append|replace|forward|discard)</regex> </constraint> </properties> <defaultValue>forward</defaultValue> diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 4ea2d471d..60e738e01 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -58,7 +58,7 @@ <description>Configure this server to be the secondary node</description> </valueHelp> <constraint> - <regex>^(primary|secondary)$</regex> + <regex>(primary|secondary)</regex> </constraint> <constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage> </properties> @@ -259,7 +259,7 @@ <properties> <help>DHCP lease range</help> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage> </properties> @@ -294,7 +294,7 @@ <properties> <help>Name of static mapping</help> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Invalid static mapping name, may only be alphanumeric, dot and hyphen</constraintErrorMessage> </properties> @@ -374,6 +374,18 @@ <leafNode name="tftp-server-name"> <properties> <help>TFTP server name</help> + <valueHelp> + <format>ipv4</format> + <description>TFTP server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>TFTP server FQDN</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="fqdn"/> + </constraint> </properties> </leafNode> <leafNode name="time-offset"> @@ -402,6 +414,32 @@ <multi/> </properties> </leafNode> + <node name="vendor-option"> + <properties> + <help>Vendor Specific Options</help> + </properties> + <children> + <node name="ubiquiti"> + <properties> + <help>Ubiquiti specific parameters</help> + </properties> + <children> + <leafNode name="unifi-controller"> + <properties> + <help>Address of UniFi controller</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of UniFi controller</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> <leafNode name="wins-server"> <properties> <help>IP address for Windows Internet Name Service (WINS) server</help> diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in index fb96571f5..10335b07e 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/dhcpv6-server.xml.in @@ -338,6 +338,33 @@ </leafNode> </children> </tagNode> + <node name="vendor-option"> + <properties> + <help>Vendor Specific Options</help> + </properties> + <children> + <node name="cisco"> + <properties> + <help>Cisco specific parameters</help> + </properties> + <children> + <leafNode name="tftp-server"> + <properties> + <help>TFTP server name</help> + <valueHelp> + <format>ipv6</format> + <description>TFTP server IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> </children> </tagNode> </children> diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in index 7ae537d00..0d6418272 100644 --- a/interface-definitions/dns-domain-name.xml.in +++ b/interface-definitions/dns-domain-name.xml.in @@ -56,7 +56,7 @@ <properties> <help>DNS domain completion order</help> <constraint> - <regex>[-a-zA-Z0-9.]+$</regex> + <regex>[-a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Invalid domain name</constraintErrorMessage> <multi/> @@ -74,7 +74,7 @@ <properties> <help>Host name for static address mapping</help> <constraint> - <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]$</regex> + <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex> </constraint> <constraintErrorMessage>invalid hostname</constraintErrorMessage> </properties> @@ -83,7 +83,7 @@ <properties> <help>Alias for this address</help> <constraint> - <regex>.{1,63}$</regex> + <regex>.{1,63}</regex> </constraint> <constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage> <multi /> diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in index 64826516e..6bc467b76 100644 --- a/interface-definitions/dns-dynamic.xml.in +++ b/interface-definitions/dns-dynamic.xml.in @@ -120,7 +120,7 @@ <description>zoneedit.com Services</description> </valueHelp> <constraint> - <regex>^(custom|afraid|changeip|cloudflare|dnspark|dslreports|dyndns|easydns|namecheap|noip|sitelutions|zoneedit|\w+)$</regex> + <regex>(custom|afraid|changeip|cloudflare|dnspark|dslreports|dyndns|easydns|namecheap|noip|sitelutions|zoneedit|\w+)</regex> </constraint> <constraintErrorMessage>You can use only predefined list of services or word characters (_, a-z, A-Z, 0-9) as service name</constraintErrorMessage> </properties> @@ -232,7 +232,7 @@ <description>Zoneedit protocol</description> </valueHelp> <constraint> - <regex>^(changeip|cloudflare|dnsmadeeasy|dnspark|dondominio|dslreports1|dtdns|duckdns|dyndns2|easydns|freedns|freemyip|googledomains|hammernode1|namecheap|nfsn|noip|sitelutions|woima|yandex|zoneedit1)$</regex> + <regex>(changeip|cloudflare|dnsmadeeasy|dnspark|dondominio|dslreports1|dtdns|duckdns|dyndns2|easydns|freedns|freemyip|googledomains|hammernode1|namecheap|nfsn|noip|sitelutions|woima|yandex|zoneedit1)</regex> </constraint> <constraintErrorMessage>Please choose from the list of allowed protocols</constraintErrorMessage> </properties> diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index 08501a4b5..6ead3e199 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -63,7 +63,7 @@ <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description> </valueHelp> <constraint> - <regex>^(off|process-no-validate|process|log-fail|validate)$</regex> + <regex>(off|process-no-validate|process|log-fail|validate)</regex> </constraint> </properties> <defaultValue>process-no-validate</defaultValue> @@ -113,7 +113,7 @@ <description>An absolute DNS name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]{1,63}$</regex> + <regex>[-_a-zA-Z0-9.]{1,63}</regex> </constraint> </properties> <children> @@ -134,7 +134,7 @@ <description>Root record</description> </valueHelp> <constraint> - <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> @@ -167,7 +167,7 @@ <description>Root record</description> </valueHelp> <constraint> - <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> @@ -200,7 +200,7 @@ <description>Root record</description> </valueHelp> <constraint> - <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> @@ -212,7 +212,7 @@ <description>An absolute DNS name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> </leafNode> @@ -232,7 +232,7 @@ <description>Root record</description> </valueHelp> <constraint> - <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> @@ -244,7 +244,7 @@ <description>An absolute DNS name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> <children> @@ -279,7 +279,7 @@ <description>Root record</description> </valueHelp> <constraint> - <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> @@ -291,7 +291,7 @@ <description>An absolute DNS name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> </leafNode> @@ -311,7 +311,7 @@ <description>Root record</description> </valueHelp> <constraint> - <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> @@ -341,7 +341,7 @@ <description>Root record</description> </valueHelp> <constraint> - <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> @@ -370,7 +370,7 @@ <description>Root record</description> </valueHelp> <constraint> - <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> @@ -394,7 +394,7 @@ <description>An absolute DNS name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> </leafNode> @@ -454,7 +454,7 @@ <description>Root record</description> </valueHelp> <constraint> - <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> @@ -523,7 +523,7 @@ <properties> <help>Service type</help> <constraint> - <regex>^[a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})?$</regex> + <regex>[a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})?</regex> </constraint> </properties> </leafNode> @@ -540,7 +540,7 @@ <description>An absolute DNS name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index f2aca4b3a..ff8d92a24 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -21,7 +21,7 @@ <description>Disable processing of all IPv4 ICMP echo requests</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>enable</defaultValue> @@ -41,7 +41,7 @@ <description>Disable processing of broadcast IPv4 ICMP echo/timestamp requests</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>disable</defaultValue> @@ -61,7 +61,7 @@ <description>Disable sending SNMP trap on firewall configuration change</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>disable</defaultValue> @@ -75,7 +75,7 @@ <properties> <help>Firewall address-group</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> </properties> <children> @@ -104,7 +104,7 @@ <properties> <help>Firewall ipv6-address-group</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> </properties> <children> @@ -133,7 +133,7 @@ <properties> <help>Firewall ipv6-network-group</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> </properties> <children> @@ -157,7 +157,7 @@ <properties> <help>Firewall mac-group</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> </properties> <children> @@ -181,7 +181,7 @@ <properties> <help>Firewall network-group</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> </properties> <children> @@ -205,7 +205,7 @@ <properties> <help>Firewall port-group</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> </properties> <children> @@ -250,7 +250,7 @@ <description>Disable processing of IPv4 packets with source route option</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>disable</defaultValue> @@ -259,7 +259,7 @@ <properties> <help>IPv6 firewall rule-set name</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> </properties> <children> @@ -396,7 +396,7 @@ <description>Disable processing of received ICMPv6 redirect messages</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>disable</defaultValue> @@ -416,7 +416,7 @@ <description>Disable processing of IPv6 packets with routing header</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>disable</defaultValue> @@ -436,7 +436,7 @@ <description>Disable logging of Ipv4 packets with invalid addresses</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>enable</defaultValue> @@ -445,7 +445,7 @@ <properties> <help>IPv4 firewall rule-set name</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> </properties> <children> @@ -539,7 +539,7 @@ <description>Disable processing of received IPv4 ICMP redirect messages</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>disable</defaultValue> @@ -559,7 +559,7 @@ <description>Disable sending IPv4 ICMP redirect messages</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>enable</defaultValue> @@ -583,7 +583,7 @@ <description>No source validation</description> </valueHelp> <constraint> - <regex>^(strict|loose|disable)$</regex> + <regex>(strict|loose|disable)</regex> </constraint> </properties> <defaultValue>disable</defaultValue> @@ -637,7 +637,7 @@ <description>Disable use of TCP SYN cookies with IPv4</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>enable</defaultValue> @@ -657,7 +657,7 @@ <description>Disable RFC1337 TIME-WAIT hazards protection</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>disable</defaultValue> diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in index 133e45c72..fc59f8ab3 100644 --- a/interface-definitions/flow-accounting-conf.xml.in +++ b/interface-definitions/flow-accounting-conf.xml.in @@ -146,7 +146,7 @@ <description>Authentication and authorization</description> </valueHelp> <constraint> - <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> </constraint> </properties> </leafNode> @@ -168,7 +168,7 @@ <description>NetFlow engine-id for v9 / IPFIX</description> </valueHelp> <constraint> - <regex>(\d|[1-9]\d{1,8}|[1-3]\d{9}|4[01]\d{8}|42[0-8]\d{7}|429[0-3]\d{6}|4294[0-8]\d{5}|42949[0-5]\d{4}|429496[0-6]\d{3}|4294967[01]\d{2}|42949672[0-8]\d|429496729[0-5])$|^(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]):(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5])$</regex> + <regex>(\d|[1-9]\d{1,8}|[1-3]\d{9}|4[01]\d{8}|42[0-8]\d{7}|429[0-3]\d{6}|4294[0-8]\d{5}|42949[0-5]\d{4}|429496[0-6]\d{3}|4294967[01]\d{2}|42949672[0-8]\d|429496729[0-5])$|^(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]):(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5])</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in index 662052e12..0631acdda 100644 --- a/interface-definitions/high-availability.xml.in +++ b/interface-definitions/high-availability.xml.in @@ -63,7 +63,7 @@ <description>AH - IPSEC (not recommended)</description> </valueHelp> <constraint> - <regex>^(plaintext-password|ah)$</regex> + <regex>(plaintext-password|ah)</regex> </constraint> <constraintErrorMessage>Authentication type must be plaintext-password or ah</constraintErrorMessage> </properties> @@ -323,7 +323,7 @@ <description>Locality-Based least connection</description> </valueHelp> <constraint> - <regex>^(round-robin|weighted-round-robin|least-connection|weighted-least-connection|source-hashing|destination-hashing|locality-based-least-connection)$</regex> + <regex>(round-robin|weighted-round-robin|least-connection|weighted-least-connection|source-hashing|destination-hashing|locality-based-least-connection)</regex> </constraint> </properties> <defaultValue>least-connection</defaultValue> @@ -360,7 +360,7 @@ <description>Tunneling</description> </valueHelp> <constraint> - <regex>^(direct|nat|tunnel)$</regex> + <regex>(direct|nat|tunnel)</regex> </constraint> </properties> <defaultValue>nat</defaultValue> @@ -394,7 +394,7 @@ <description>UDP</description> </valueHelp> <constraint> - <regex>^(tcp|udp)$</regex> + <regex>(tcp|udp)</regex> </constraint> </properties> <defaultValue>tcp</defaultValue> diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index 6fea2f1f6..d2c393036 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -38,7 +38,7 @@ <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> - <regex>\*$</regex> + <regex>\*</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in index c7ab60929..8e738fa7f 100644 --- a/interface-definitions/igmp-proxy.xml.in +++ b/interface-definitions/igmp-proxy.xml.in @@ -56,7 +56,7 @@ <description>Disabled interface</description> </valueHelp> <constraint> - <regex>^(upstream|downstream|disabled)$</regex> + <regex>(upstream|downstream|disabled)</regex> </constraint> </properties> <defaultValue>downstream</defaultValue> diff --git a/interface-definitions/include/accel-ppp/auth-mode.xml.i b/interface-definitions/include/accel-ppp/auth-mode.xml.i index a7711b675..c1a87cfe3 100644 --- a/interface-definitions/include/accel-ppp/auth-mode.xml.i +++ b/interface-definitions/include/accel-ppp/auth-mode.xml.i @@ -11,7 +11,7 @@ <description>Use RADIUS server for user autentication</description> </valueHelp> <constraint> - <regex>^(local|radius)$</regex> + <regex>(local|radius)</regex> </constraint> <completionHelp> <list>local radius</list> diff --git a/interface-definitions/include/accel-ppp/auth-protocols.xml.i b/interface-definitions/include/accel-ppp/auth-protocols.xml.i index 480747f53..d43266152 100644 --- a/interface-definitions/include/accel-ppp/auth-protocols.xml.i +++ b/interface-definitions/include/accel-ppp/auth-protocols.xml.i @@ -22,7 +22,7 @@ <description>Authentication via MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2)</description> </valueHelp> <constraint> - <regex>^(pap|chap|mschap|mschap-v2)$</regex> + <regex>(pap|chap|mschap|mschap-v2)</regex> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/accel-ppp/ppp-mppe.xml.i b/interface-definitions/include/accel-ppp/ppp-mppe.xml.i index e8370180b..4c2e84c25 100644 --- a/interface-definitions/include/accel-ppp/ppp-mppe.xml.i +++ b/interface-definitions/include/accel-ppp/ppp-mppe.xml.i @@ -18,7 +18,7 @@ <description>drop all mppe</description> </valueHelp> <constraint> - <regex>^(require|prefer|deny)$</regex> + <regex>(require|prefer|deny)</regex> </constraint> </properties> <defaultValue>prefer</defaultValue> diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i index 3e065329d..a45390f43 100644 --- a/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i @@ -3,7 +3,7 @@ <properties> <help>IPv4 negotiation algorithm</help> <constraint> - <regex>^(deny|allow)$</regex> + <regex>(deny|allow)</regex> </constraint> <constraintErrorMessage>invalid value</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i index b9fbac5c6..98abc1111 100644 --- a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i @@ -3,7 +3,7 @@ <properties> <help>IPv6 (IPCP6) negotiation algorithm</help> <constraint> - <regex>^(deny|allow|prefer|require)$</regex> + <regex>(deny|allow|prefer|require)</regex> </constraint> <constraintErrorMessage>invalid value</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/include/auth-local-users.xml.i b/interface-definitions/include/auth-local-users.xml.i index cb456eecf..9fb507474 100644 --- a/interface-definitions/include/auth-local-users.xml.i +++ b/interface-definitions/include/auth-local-users.xml.i @@ -19,74 +19,6 @@ <help>Password used for authentication</help> </properties> </leafNode> - <node name="otp"> - <properties> - <help>2FA OTP authentication parameters</help> - </properties> - <children> - <leafNode name="key"> - <properties> - <help>Token Key Secret key for the token algorithm (see RFC 4226)</help> - <valueHelp> - <format>txt</format> - <description>OTP key in hex-encoded format</description> - </valueHelp> - <constraint> - <regex>[a-fA-F0-9]{20,10000}</regex> - </constraint> - <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="otp-length"> - <properties> - <help>Number of digits in OTP code</help> - <valueHelp> - <format>u32:6-8</format> - <description>Number of digits in OTP code</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 6-8"/> - </constraint> - <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage> - </properties> - <defaultValue>6</defaultValue> - </leafNode> - <leafNode name="interval"> - <properties> - <help>Time tokens interval in seconds</help> - <valueHelp> - <format>u32:5-86400</format> - <description>Time tokens interval in seconds.</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 5-86400"/> - </constraint> - <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage> - </properties> - <defaultValue>30</defaultValue> - </leafNode> - <leafNode name="token-type"> - <properties> - <help>Token type</help> - <valueHelp> - <format>hotp-time</format> - <description>Time-based OTP algorithm</description> - </valueHelp> - <valueHelp> - <format>hotp-event</format> - <description>Event-based OTP algorithm</description> - </valueHelp> - <constraint> - <regex>(hotp-time|hotp-event)</regex> - </constraint> - <completionHelp> - <list>hotp-time hotp-event</list> - </completionHelp> - </properties> - <defaultValue>hotp-time</defaultValue> - </leafNode> - </children> - </node> </children> </tagNode> </children> diff --git a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i index de42eeac9..34b5ec7d7 100644 --- a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i +++ b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i @@ -15,7 +15,7 @@ <description>Name of IPv4 prefix-list</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -31,7 +31,7 @@ <description>Name of IPv4 prefix-list</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i index 2bf4753be..06c661a90 100644 --- a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i +++ b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i @@ -15,7 +15,7 @@ <description>Name of IPv6 prefix-list</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -31,7 +31,7 @@ <description>Name of IPv6 prefix-list</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/afi-label.xml.i b/interface-definitions/include/bgp/afi-label.xml.i index f7a1f609f..9535d19e8 100644 --- a/interface-definitions/include/bgp/afi-label.xml.i +++ b/interface-definitions/include/bgp/afi-label.xml.i @@ -25,7 +25,7 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 0-1048575"/> - <regex>^(auto)$</regex> + <regex>(auto)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/bgp/afi-rd.xml.i b/interface-definitions/include/bgp/afi-rd.xml.i index c4d29268c..767502094 100644 --- a/interface-definitions/include/bgp/afi-rd.xml.i +++ b/interface-definitions/include/bgp/afi-rd.xml.i @@ -17,7 +17,7 @@ <description>Route Distinguisher, (x.x.x.x:yyy|xxxx:yyyy)</description> </valueHelp> <constraint> - <regex>^((25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)(\.(25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)){3}|[0-9]{1,10}):[0-9]{1,5}$</regex> + <regex>((25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)(\.(25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)){3}|[0-9]{1,10}):[0-9]{1,5}</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i index eae10d312..c218937c8 100644 --- a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i +++ b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i @@ -10,7 +10,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -26,7 +26,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i index a56745380..75221a348 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i @@ -27,7 +27,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -43,7 +43,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -59,7 +59,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -177,7 +177,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i b/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i index 25558cd5c..4399d7988 100644 --- a/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i +++ b/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i @@ -18,7 +18,7 @@ <description>Enable BGP graceful restart helper only functionality</description> </valueHelp> <constraint> - <regex>^(enable|disable|restart-helper)$</regex> + <regex>(enable|disable|restart-helper)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index b59ff0287..abaff5232 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -1106,7 +1106,7 @@ <description>Ignore paths without link bandwidth for ECMP (if other paths have it)</description> </valueHelp> <constraint> - <regex>^(default-weight-for-missing|ignore|skip-missing)$</regex> + <regex>(default-weight-for-missing|ignore|skip-missing)</regex> </constraint> </properties> </leafNode> @@ -1461,7 +1461,7 @@ <properties> <help>Name of peer-group</help> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> </properties> <children> diff --git a/interface-definitions/include/bgp/remote-as.xml.i b/interface-definitions/include/bgp/remote-as.xml.i index 11eb7c256..58595b3b9 100644 --- a/interface-definitions/include/bgp/remote-as.xml.i +++ b/interface-definitions/include/bgp/remote-as.xml.i @@ -19,7 +19,7 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-4294967294"/> - <regex>^(external|internal)$</regex> + <regex>(external|internal)</regex> </constraint> <constraintErrorMessage>Invalid AS number</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/firewall/action-accept-drop-reject.xml.i b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i index 9f8baa884..7fd52319a 100644 --- a/interface-definitions/include/firewall/action-accept-drop-reject.xml.i +++ b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i @@ -18,7 +18,7 @@ <description>Action to reject</description> </valueHelp> <constraint> - <regex>^(accept|drop|reject)$</regex> + <regex>(accept|drop|reject)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i index 4ba93e3aa..0f60e3c38 100644 --- a/interface-definitions/include/firewall/action.xml.i +++ b/interface-definitions/include/firewall/action.xml.i @@ -18,7 +18,7 @@ <description>Drop matching entries</description> </valueHelp> <constraint> - <regex>^(accept|reject|drop)$</regex> + <regex>(accept|reject|drop)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index cd80b7e28..2a5137dbf 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -70,7 +70,7 @@ <description>integer/unit (Example: 5/minute)</description> </valueHelp> <constraint> - <regex>^\d+/(second|minute|hour|day)$</regex> + <regex>\d+/(second|minute|hour|day)</regex> </constraint> </properties> </leafNode> @@ -91,10 +91,36 @@ <description>Disable log</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> +<node name="connection-status"> + <properties> + <help>Connection status</help> + </properties> + <children> + <leafNode name="nat"> + <properties> + <help>NAT connection status</help> + <completionHelp> + <list>destination source</list> + </completionHelp> + <valueHelp> + <format>destination</format> + <description>Match connections that are subject to destination NAT</description> + </valueHelp> + <valueHelp> + <format>source</format> + <description>Match connections that are subject to source NAT</description> + </valueHelp> + <constraint> + <regex>^(destination|source)$</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> <leafNode name="protocol"> <properties> <help>Protocol to match (protocol name, number, or "all")</help> @@ -163,7 +189,7 @@ <description>Source addresses seen COUNT times in the last hour</description> </valueHelp> <constraint> - <regex>^(second|minute|hour)$</regex> + <regex>(second|minute|hour)</regex> </constraint> </properties> </leafNode> @@ -215,7 +241,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -234,7 +260,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -253,7 +279,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -272,7 +298,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -292,7 +318,7 @@ <description>Enter date using following notation - YYYY-MM-DD</description> </valueHelp> <constraint> - <regex>^(\d{4}\-\d{2}\-\d{2})$</regex> + <regex>(\d{4}\-\d{2}\-\d{2})</regex> </constraint> </properties> </leafNode> @@ -304,7 +330,7 @@ <description>Enter time using using 24 hour notation - hh:mm:ss</description> </valueHelp> <constraint> - <regex>^([0-2][0-9](\:[0-5][0-9]){1,2})$</regex> + <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> </constraint> </properties> </leafNode> @@ -316,7 +342,7 @@ <description>Enter date using following notation - YYYY-MM-DD</description> </valueHelp> <constraint> - <regex>^(\d{4}\-\d{2}\-\d{2})$</regex> + <regex>(\d{4}\-\d{2}\-\d{2})</regex> </constraint> </properties> </leafNode> @@ -328,7 +354,7 @@ <description>Enter time using using 24 hour notation - hh:mm:ss</description> </valueHelp> <constraint> - <regex>^([0-2][0-9](\:[0-5][0-9]){1,2})$</regex> + <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/icmp-type-name.xml.i b/interface-definitions/include/firewall/icmp-type-name.xml.i index f57def3e1..d4197cf82 100644 --- a/interface-definitions/include/firewall/icmp-type-name.xml.i +++ b/interface-definitions/include/firewall/icmp-type-name.xml.i @@ -66,7 +66,7 @@ <description>ICMP type 18: address-mask-reply</description> </valueHelp> <constraint> - <regex>^(echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply)$</regex> + <regex>(echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/icmpv6-type-name.xml.i b/interface-definitions/include/firewall/icmpv6-type-name.xml.i index b13cf02c4..a2e68abfb 100644 --- a/interface-definitions/include/firewall/icmpv6-type-name.xml.i +++ b/interface-definitions/include/firewall/icmpv6-type-name.xml.i @@ -66,7 +66,7 @@ <description>ICMPv6 type 138: router-renumbering</description> </valueHelp> <constraint> - <regex>^(destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering)$</regex> + <regex>(destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/name-default-action.xml.i b/interface-definitions/include/firewall/name-default-action.xml.i index 8470a29a9..512b0296f 100644 --- a/interface-definitions/include/firewall/name-default-action.xml.i +++ b/interface-definitions/include/firewall/name-default-action.xml.i @@ -18,7 +18,7 @@ <description>Accept if no prior rules are hit</description> </valueHelp> <constraint> - <regex>^(drop|reject|accept)$</regex> + <regex>(drop|reject|accept)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i b/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i index 123590c08..b9dd59bea 100644 --- a/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i +++ b/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i @@ -23,7 +23,7 @@ </valueHelp> <constraint> <validator name="ip-host"/> - <regex>^(dhcp|dhcpv6)$</regex> + <regex>(dhcp|dhcpv6)</regex> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/interface/adjust-mss.xml.i b/interface-definitions/include/interface/adjust-mss.xml.i index 57019f02c..41140ffe1 100644 --- a/interface-definitions/include/interface/adjust-mss.xml.i +++ b/interface-definitions/include/interface/adjust-mss.xml.i @@ -16,7 +16,7 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 500-65535"/> - <regex>^(clamp-mss-to-pmtu)$</regex> + <regex>(clamp-mss-to-pmtu)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/interface/default-route-distance.xml.i b/interface-definitions/include/interface/default-route-distance.xml.i new file mode 100644 index 000000000..6eda52c91 --- /dev/null +++ b/interface-definitions/include/interface/default-route-distance.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/default-route-distance.xml.i --> +<leafNode name="default-route-distance"> + <properties> + <help>Distance for installed default route</help> + <valueHelp> + <format>u32:1-255</format> + <description>Distance for the default route from DHCP server</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>210</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/description.xml.i b/interface-definitions/include/interface/description.xml.i index 8579cf7d1..de01d22ca 100644 --- a/interface-definitions/include/interface/description.xml.i +++ b/interface-definitions/include/interface/description.xml.i @@ -3,7 +3,7 @@ <properties> <help>Interface specific description</help> <constraint> - <regex>.{1,256}$</regex> + <regex>.{1,256}</regex> </constraint> <constraintErrorMessage>Description too long (limit 256 characters)</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i index 098d02919..914b60503 100644 --- a/interface-definitions/include/interface/dhcp-options.xml.i +++ b/interface-definitions/include/interface/dhcp-options.xml.i @@ -19,25 +19,8 @@ <help>Identify the vendor client type to the DHCP server</help> </properties> </leafNode> - <leafNode name="no-default-route"> - <properties> - <help>Do not request routers from DHCP server</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="default-route-distance"> - <properties> - <help>Distance for the default route from DHCP server</help> - <valueHelp> - <format>u32:1-255</format> - <description>Distance for the default route from DHCP server</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> - <defaultValue>210</defaultValue> - </leafNode> + #include <include/interface/no-default-route.xml.i> + #include <include/interface/default-route-distance.xml.i> <leafNode name="reject"> <properties> <help>IP addresses or subnets from which to reject DHCP leases</help> diff --git a/interface-definitions/include/interface/no-default-route.xml.i b/interface-definitions/include/interface/no-default-route.xml.i new file mode 100644 index 000000000..307fcff1e --- /dev/null +++ b/interface-definitions/include/interface/no-default-route.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/dhcp-options.xml.i --> +<leafNode name="no-default-route"> + <properties> + <help>Do not install default route to system</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/parameters-flowlabel.xml.i b/interface-definitions/include/interface/parameters-flowlabel.xml.i index bd0d1e070..b2e88215b 100644 --- a/interface-definitions/include/interface/parameters-flowlabel.xml.i +++ b/interface-definitions/include/interface/parameters-flowlabel.xml.i @@ -14,7 +14,7 @@ <description>Tunnel key, or hex value</description> </valueHelp> <constraint> - <regex>^((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)$</regex> + <regex>((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)</regex> </constraint> <constraintErrorMessage>Must be 'inherit' or a number</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/interface/source-validation.xml.i b/interface-definitions/include/interface/source-validation.xml.i index f38065f4d..fc9a7d376 100644 --- a/interface-definitions/include/interface/source-validation.xml.i +++ b/interface-definitions/include/interface/source-validation.xml.i @@ -18,7 +18,7 @@ <description>No source validation</description> </valueHelp> <constraint> - <regex>^(strict|loose|disable)$</regex> + <regex>(strict|loose|disable)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i index 3b305618e..c1af9f9e3 100644 --- a/interface-definitions/include/interface/vif-s.xml.i +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -35,7 +35,7 @@ <description>VLAN-tagged frame (IEEE 802.1q), ethertype 0x8100</description> </valueHelp> <constraint> - <regex>^(802.1q|802.1ad)$</regex> + <regex>(802.1q|802.1ad)</regex> </constraint> <constraintErrorMessage>Ethertype must be 802.1ad or 802.1q</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i index 4e7f9b3c2..57ef8d64c 100644 --- a/interface-definitions/include/interface/vif.xml.i +++ b/interface-definitions/include/interface/vif.xml.i @@ -28,7 +28,7 @@ <description>Format for qos mapping, e.g.: '0:1 1:6 7:6'</description> </valueHelp> <constraint> - <regex>[:0-7 ]+$</regex> + <regex>[:0-7 ]+</regex> </constraint> <constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage> </properties> @@ -41,7 +41,7 @@ <description>Format for qos mapping, e.g.: '0:1 1:6 7:6'</description> </valueHelp> <constraint> - <regex>[:0-7 ]+$</regex> + <regex>[:0-7 ]+</regex> </constraint> <constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/ipsec/local-address.xml.i b/interface-definitions/include/ipsec/local-address.xml.i index 2de6ecb1f..dc5653ce7 100644 --- a/interface-definitions/include/ipsec/local-address.xml.i +++ b/interface-definitions/include/ipsec/local-address.xml.i @@ -20,7 +20,7 @@ <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> - <regex>^(any)$</regex> + <regex>(any)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i index 925f90106..6b95de045 100644 --- a/interface-definitions/include/nat-translation-options.xml.i +++ b/interface-definitions/include/nat-translation-options.xml.i @@ -19,7 +19,7 @@ <description>Random source or destination address allocation for each connection</description> </valueHelp> <constraint> - <regex>^(persistent|random)$</regex> + <regex>(persistent|random)</regex> </constraint> </properties> <defaultValue>random</defaultValue> @@ -43,7 +43,7 @@ <description>Do not apply port randomization</description> </valueHelp> <constraint> - <regex>^(random|fully-random|none)$</regex> + <regex>(random|fully-random|none)</regex> </constraint> </properties> <defaultValue>none</defaultValue> diff --git a/interface-definitions/include/ospf/authentication.xml.i b/interface-definitions/include/ospf/authentication.xml.i index 1e6050b97..8e8cad067 100644 --- a/interface-definitions/include/ospf/authentication.xml.i +++ b/interface-definitions/include/ospf/authentication.xml.i @@ -29,7 +29,7 @@ <description>MD5 Key (16 characters or less)</description> </valueHelp> <constraint> - <regex>^[^[:space:]]{1,16}$</regex> + <regex>[^[:space:]]{1,16}</regex> </constraint> <constraintErrorMessage>Password must be 16 characters or less</constraintErrorMessage> </properties> @@ -46,7 +46,7 @@ <description>Plain text password (8 characters or less)</description> </valueHelp> <constraint> - <regex>^[^[:space:]]{1,8}$</regex> + <regex>[^[:space:]]{1,8}</regex> </constraint> <constraintErrorMessage>Password must be 8 characters or less</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i index 3a3372e47..c156d5b1c 100644 --- a/interface-definitions/include/ospf/protocol-common-config.xml.i +++ b/interface-definitions/include/ospf/protocol-common-config.xml.i @@ -45,7 +45,7 @@ <description>Filter static routes</description> </valueHelp> <constraint> - <regex>^(bgp|connected|isis|kernel|rip|static)$</regex> + <regex>(bgp|connected|isis|kernel|rip|static)</regex> </constraint> <constraintErrorMessage>Must be bgp, connected, kernel, rip, or static</constraintErrorMessage> <multi/> @@ -123,7 +123,7 @@ <description>Never translate LSA types</description> </valueHelp> <constraint> - <regex>^(always|candidate|never)$</regex> + <regex>(always|candidate|never)</regex> </constraint> </properties> <defaultValue>candidate</defaultValue> @@ -172,7 +172,7 @@ <description>Use MD5 authentication</description> </valueHelp> <constraint> - <regex>^(plaintext-password|md5)$</regex> + <regex>(plaintext-password|md5)</regex> </constraint> </properties> </leafNode> @@ -252,7 +252,7 @@ <description>Enable shortcutting mode</description> </valueHelp> <constraint> - <regex>^(default|disable|enable)$</regex> + <regex>(default|disable|enable)</regex> </constraint> </properties> </leafNode> @@ -432,7 +432,7 @@ <description>Point-to-point network type</description> </valueHelp> <constraint> - <regex>^(broadcast|non-broadcast|point-to-multipoint|point-to-point)$</regex> + <regex>(broadcast|non-broadcast|point-to-multipoint|point-to-point)</regex> </constraint> <constraintErrorMessage>Must be broadcast, non-broadcast, point-to-multipoint or point-to-point</constraintErrorMessage> </properties> @@ -586,7 +586,7 @@ <description>Standard ABR type</description> </valueHelp> <constraint> - <regex>^(cisco|ibm|shortcut|standard)$</regex> + <regex>(cisco|ibm|shortcut|standard)</regex> </constraint> </properties> <defaultValue>cisco</defaultValue> @@ -617,7 +617,7 @@ <description>Default to suppress routing updates on all interfaces</description> </valueHelp> <constraint> - <regex>^(default)$</regex> + <regex>(default)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i index 792c873c8..630534eea 100644 --- a/interface-definitions/include/ospfv3/protocol-common-config.xml.i +++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i @@ -184,7 +184,7 @@ <description>Point-to-point network type</description> </valueHelp> <constraint> - <regex>^(broadcast|point-to-point)$</regex> + <regex>(broadcast|point-to-point)</regex> </constraint> <constraintErrorMessage>Must be broadcast or point-to-point</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/policy/action.xml.i b/interface-definitions/include/policy/action.xml.i index 3b9b458d4..0a3dc158a 100644 --- a/interface-definitions/include/policy/action.xml.i +++ b/interface-definitions/include/policy/action.xml.i @@ -14,7 +14,7 @@ <description>Deny matching entries</description> </valueHelp> <constraint> - <regex>^(permit|deny)$</regex> + <regex>(permit|deny)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i index 406125e55..cfeba1a6c 100644 --- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i +++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i @@ -91,7 +91,7 @@ <description>Disable log</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -196,7 +196,7 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-200"/> - <regex>^(main)$</regex> + <regex>(main)</regex> </constraint> </properties> </leafNode> @@ -260,7 +260,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -279,7 +279,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -298,7 +298,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -317,7 +317,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -543,7 +543,7 @@ <description>ICMP type/code name</description> </valueHelp> <constraint> - <regex>^(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)$</regex> + <regex>(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)</regex> <validator name="numeric" argument="--range 0-255"/> </constraint> </properties> diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i index 33c4ba77c..5a17dbc95 100644 --- a/interface-definitions/include/policy/route-common-rule.xml.i +++ b/interface-definitions/include/policy/route-common-rule.xml.i @@ -91,7 +91,7 @@ <description>Disable log</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -196,7 +196,7 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-200"/> - <regex>^(main)$</regex> + <regex>(main)</regex> </constraint> </properties> </leafNode> @@ -260,7 +260,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -279,7 +279,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -298,7 +298,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -317,7 +317,7 @@ <description>Disable</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/policy/route-rule-action.xml.i b/interface-definitions/include/policy/route-rule-action.xml.i index 9c880579d..1217055f2 100644 --- a/interface-definitions/include/policy/route-rule-action.xml.i +++ b/interface-definitions/include/policy/route-rule-action.xml.i @@ -10,7 +10,7 @@ <description>Drop matching entries</description> </valueHelp> <constraint> - <regex>^(drop)$</regex> + <regex>(drop)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/route-map.xml.i b/interface-definitions/include/route-map.xml.i index 88092b7d4..019868373 100644 --- a/interface-definitions/include/route-map.xml.i +++ b/interface-definitions/include/route-map.xml.i @@ -10,7 +10,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/routing-passive-interface.xml.i b/interface-definitions/include/routing-passive-interface.xml.i index 43dfb5e44..095b683de 100644 --- a/interface-definitions/include/routing-passive-interface.xml.i +++ b/interface-definitions/include/routing-passive-interface.xml.i @@ -15,7 +15,7 @@ <description>Default to suppress routing updates on all interfaces</description> </valueHelp> <constraint> - <regex>^(default)$</regex> + <regex>(default)</regex> <validator name="interface-name"/> </constraint> <multi/> diff --git a/interface-definitions/include/snmp/access-mode.xml.i b/interface-definitions/include/snmp/access-mode.xml.i index 71c766774..7469805ac 100644 --- a/interface-definitions/include/snmp/access-mode.xml.i +++ b/interface-definitions/include/snmp/access-mode.xml.i @@ -14,7 +14,7 @@ <description>read write</description> </valueHelp> <constraint> - <regex>^(ro|rw)$</regex> + <regex>(ro|rw)</regex> </constraint> <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/snmp/authentication-type.xml.i b/interface-definitions/include/snmp/authentication-type.xml.i index ca0bb10a6..047d8cff4 100644 --- a/interface-definitions/include/snmp/authentication-type.xml.i +++ b/interface-definitions/include/snmp/authentication-type.xml.i @@ -14,7 +14,7 @@ <description>Secure Hash Algorithm</description> </valueHelp> <constraint> - <regex>^(md5|sha)$</regex> + <regex>(md5|sha)</regex> </constraint> </properties> <defaultValue>md5</defaultValue> diff --git a/interface-definitions/include/snmp/privacy-type.xml.i b/interface-definitions/include/snmp/privacy-type.xml.i index 94029a6c6..d5fd1e811 100644 --- a/interface-definitions/include/snmp/privacy-type.xml.i +++ b/interface-definitions/include/snmp/privacy-type.xml.i @@ -14,7 +14,7 @@ <description>Advanced Encryption Standard</description> </valueHelp> <constraint> - <regex>^(des|aes)$</regex> + <regex>(des|aes)</regex> </constraint> </properties> <defaultValue>des</defaultValue> diff --git a/interface-definitions/include/snmp/protocol.xml.i b/interface-definitions/include/snmp/protocol.xml.i index ebdeef87e..d7e6752ad 100644 --- a/interface-definitions/include/snmp/protocol.xml.i +++ b/interface-definitions/include/snmp/protocol.xml.i @@ -14,7 +14,7 @@ <description>Listen protocol TCP</description>
</valueHelp>
<constraint>
- <regex>^(udp|tcp)$</regex>
+ <regex>(udp|tcp)</regex>
</constraint>
</properties>
<defaultValue>udp</defaultValue>
diff --git a/interface-definitions/include/ssh-user.xml.i b/interface-definitions/include/ssh-user.xml.i index 17ba05a90..6ac1f35bc 100644 --- a/interface-definitions/include/ssh-user.xml.i +++ b/interface-definitions/include/ssh-user.xml.i @@ -3,7 +3,7 @@ <properties> <help>Allow specific users to login</help> <constraint> - <regex>^[-_a-zA-Z0-9.]{1,100}</regex> + <regex>[-_a-zA-Z0-9.]{1,100}</regex> </constraint> <constraintErrorMessage>Illegal characters or more than 100 characters</constraintErrorMessage> <multi/> diff --git a/interface-definitions/include/static/static-route-vrf.xml.i b/interface-definitions/include/static/static-route-vrf.xml.i index 69aba253c..e1968f04a 100644 --- a/interface-definitions/include/static/static-route-vrf.xml.i +++ b/interface-definitions/include/static/static-route-vrf.xml.i @@ -11,7 +11,7 @@ <description>Name of VRF to leak to</description> </valueHelp> <constraint> - <regex>^(default)$</regex> + <regex>(default)</regex> <validator name="vrf-name"/> </constraint> </properties> diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i index b97971531..0a209bc3a 100644 --- a/interface-definitions/include/version/interfaces-version.xml.i +++ b/interface-definitions/include/version/interfaces-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/interfaces-version.xml.i --> -<syntaxVersion component='interfaces' version='25'></syntaxVersion> +<syntaxVersion component='interfaces' version='26'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/quagga-version.xml.i b/interface-definitions/include/version/quagga-version.xml.i index bb8ad7f82..f9944acce 100644 --- a/interface-definitions/include/version/quagga-version.xml.i +++ b/interface-definitions/include/version/quagga-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/quagga-version.xml.i --> -<syntaxVersion component='quagga' version='9'></syntaxVersion> +<syntaxVersion component='quagga' version='10'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i index 19591256d..3cf92001c 100644 --- a/interface-definitions/include/version/system-version.xml.i +++ b/interface-definitions/include/version/system-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/system-version.xml.i --> -<syntaxVersion component='system' version='23'></syntaxVersion> +<syntaxVersion component='system' version='24'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/vpn-ipsec-encryption.xml.i b/interface-definitions/include/vpn-ipsec-encryption.xml.i index eb0678aa9..629e6a0b9 100644 --- a/interface-definitions/include/vpn-ipsec-encryption.xml.i +++ b/interface-definitions/include/vpn-ipsec-encryption.xml.i @@ -226,7 +226,7 @@ <description>256 bit ChaCha20/Poly1305 with 128 bit ICV</description> </valueHelp> <constraint> - <regex>^(null|aes128|aes192|aes256|aes128ctr|aes192ctr|aes256ctr|aes128ccm64|aes192ccm64|aes256ccm64|aes128ccm96|aes192ccm96|aes256ccm96|aes128ccm128|aes192ccm128|aes256ccm128|aes128gcm64|aes192gcm64|aes256gcm64|aes128gcm96|aes192gcm96|aes256gcm96|aes128gcm128|aes192gcm128|aes256gcm128|aes128gmac|aes192gmac|aes256gmac|3des|blowfish128|blowfish192|blowfish256|camellia128|camellia192|camellia256|camellia128ctr|camellia192ctr|camellia256ctr|camellia128ccm64|camellia192ccm64|camellia256ccm64|camellia128ccm96|camellia192ccm96|camellia256ccm96|camellia128ccm128|camellia192ccm128|camellia256ccm128|serpent128|serpent192|serpent256|twofish128|twofish192|twofish256|cast128|chacha20poly1305)$</regex> + <regex>(null|aes128|aes192|aes256|aes128ctr|aes192ctr|aes256ctr|aes128ccm64|aes192ccm64|aes256ccm64|aes128ccm96|aes192ccm96|aes256ccm96|aes128ccm128|aes192ccm128|aes256ccm128|aes128gcm64|aes192gcm64|aes256gcm64|aes128gcm96|aes192gcm96|aes256gcm96|aes128gcm128|aes192gcm128|aes256gcm128|aes128gmac|aes192gmac|aes256gmac|3des|blowfish128|blowfish192|blowfish256|camellia128|camellia192|camellia256|camellia128ctr|camellia192ctr|camellia256ctr|camellia128ccm64|camellia192ccm64|camellia256ccm64|camellia128ccm96|camellia192ccm96|camellia256ccm96|camellia128ccm128|camellia192ccm128|camellia256ccm128|serpent128|serpent192|serpent256|twofish128|twofish192|twofish256|cast128|chacha20poly1305)</regex> </constraint> </properties> <defaultValue>aes128</defaultValue> diff --git a/interface-definitions/include/vpn-ipsec-hash.xml.i b/interface-definitions/include/vpn-ipsec-hash.xml.i index d6259574a..73d19c24b 100644 --- a/interface-definitions/include/vpn-ipsec-hash.xml.i +++ b/interface-definitions/include/vpn-ipsec-hash.xml.i @@ -58,7 +58,7 @@ <description>256-bit AES-GMAC</description> </valueHelp> <constraint> - <regex>^(md5|md5_128|sha1|sha1_160|sha256|sha256_96|sha384|sha512|aesxcbc|aescmac|aes128gmac|aes192gmac|aes256gmac)$</regex> + <regex>(md5|md5_128|sha1|sha1_160|sha256|sha256_96|sha384|sha512|aesxcbc|aescmac|aes128gmac|aes192gmac|aes256gmac)</regex> </constraint> </properties> <defaultValue>sha1</defaultValue> diff --git a/interface-definitions/include/webproxy-url-filtering.xml.i b/interface-definitions/include/webproxy-url-filtering.xml.i index 265bbff94..7763cb393 100644 --- a/interface-definitions/include/webproxy-url-filtering.xml.i +++ b/interface-definitions/include/webproxy-url-filtering.xml.i @@ -38,7 +38,7 @@ <description>Default filter action is block</description> </valueHelp> <constraint> - <regex>^(allow|block)$</regex> + <regex>(allow|block)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index 5ae67a672..96dede723 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -7,7 +7,7 @@ <help>Bonding Interface/Link Aggregation</help> <priority>320</priority> <constraint> - <regex>^bond[0-9]+$</regex> + <regex>bond[0-9]+</regex> </constraint> <constraintErrorMessage>Bonding interface must be named bondN</constraintErrorMessage> <valueHelp> @@ -85,7 +85,7 @@ <description>combine encapsulated IP address and port to make hash</description> </valueHelp> <constraint> - <regex>^(layer2\+3|layer3\+4|layer2|encap2\+3|encap3\+4)$</regex> + <regex>(layer2\+3|layer3\+4|layer2|encap2\+3|encap3\+4)</regex> </constraint> <constraintErrorMessage>hash-policy must be layer2 layer2+3 layer3+4 encap2+3 or encap3+4</constraintErrorMessage> </properties> @@ -122,7 +122,7 @@ <description>Request partner to transmit LACPDUs every 1 second</description> </valueHelp> <constraint> - <regex>^(slow|fast)$</regex> + <regex>(slow|fast)</regex> </constraint> </properties> <defaultValue>slow</defaultValue> @@ -162,7 +162,7 @@ <description>Distribute based on MAC address</description> </valueHelp> <constraint> - <regex>^(802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)$</regex> + <regex>(802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)</regex> </constraint> <constraintErrorMessage>mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor</constraintErrorMessage> </properties> diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in index be4c92583..60edf3ce2 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces-bridge.xml.in @@ -7,7 +7,7 @@ <help>Bridge Interface</help> <priority>310</priority> <constraint> - <regex>^br[0-9]+$</regex> + <regex>br[0-9]+</regex> </constraint> <constraintErrorMessage>Bridge interface must be named brN</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in index 7f9ae90e5..01438de31 100644 --- a/interface-definitions/interfaces-dummy.xml.in +++ b/interface-definitions/interfaces-dummy.xml.in @@ -7,7 +7,7 @@ <help>Dummy Interface</help> <priority>300</priority> <constraint> - <regex>^dum[0-9]+$</regex> + <regex>dum[0-9]+</regex> </constraint> <constraintErrorMessage>Dummy interface must be named dumN</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in index 7fa07e9ec..c821f04b2 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -14,7 +14,7 @@ <description>Ethernet interface name</description> </valueHelp> <constraint> - <regex>^((eth|lan)[0-9]+|(eno|ens|enp|enx).+)$</regex> + <regex>((eth|lan)[0-9]+|(eno|ens|enp|enx).+)</regex> </constraint> <constraintErrorMessage>Invalid Ethernet interface name</constraintErrorMessage> </properties> @@ -52,7 +52,7 @@ <description>Full duplex</description> </valueHelp> <constraint> - <regex>^(auto|half|full)$</regex> + <regex>(auto|half|full)</regex> </constraint> <constraintErrorMessage>duplex must be auto, half or full</constraintErrorMessage> </properties> @@ -159,7 +159,7 @@ <description>100 Gbit/sec</description> </valueHelp> <constraint> - <regex>^(auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000)$</regex> + <regex>(auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000)</regex> </constraint> <constraintErrorMessage>Speed must be auto, 10, 100, 1000, 2500, 5000, 10000, 25000, 40000, 50000 or 100000</constraintErrorMessage> </properties> diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in index 9143ba6be..6e8a8fee2 100644 --- a/interface-definitions/interfaces-geneve.xml.in +++ b/interface-definitions/interfaces-geneve.xml.in @@ -7,7 +7,7 @@ <help>Generic Network Virtualization Encapsulation (GENEVE) Interface</help> <priority>460</priority> <constraint> - <regex>^gnv[0-9]+$</regex> + <regex>gnv[0-9]+</regex> </constraint> <constraintErrorMessage>GENEVE interface must be named gnvN</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in index 1f23a89a5..6a85064cd 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces-l2tpv3.xml.in @@ -7,7 +7,7 @@ <help>Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface</help> <priority>485</priority> <constraint> - <regex>^l2tpeth[0-9]+$</regex> + <regex>l2tpeth[0-9]+</regex> </constraint> <constraintErrorMessage>L2TPv3 interface must be named l2tpethN</constraintErrorMessage> <valueHelp> @@ -49,7 +49,7 @@ <description>IP encapsulation</description> </valueHelp> <constraint> - <regex>^(udp|ip)$</regex> + <regex>(udp|ip)</regex> </constraint> <constraintErrorMessage>Encapsulation must be UDP or IP</constraintErrorMessage> </properties> diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in index 7ac0545c6..7f59db543 100644 --- a/interface-definitions/interfaces-loopback.xml.in +++ b/interface-definitions/interfaces-loopback.xml.in @@ -7,7 +7,7 @@ <help>Loopback Interface</help> <priority>300</priority> <constraint> - <regex>^lo$</regex> + <regex>lo</regex> </constraint> <constraintErrorMessage>Loopback interface must be named lo</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in index cb3c489aa..dbb989588 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces-macsec.xml.in @@ -7,7 +7,7 @@ <help>MACsec Interface (802.1ae)</help> <priority>461</priority> <constraint> - <regex>^macsec[0-9]+$</regex> + <regex>macsec[0-9]+</regex> </constraint> <constraintErrorMessage>MACsec interface must be named macsecN</constraintErrorMessage> <valueHelp> @@ -44,7 +44,7 @@ <description>Galois/Counter Mode of AES cipher with 256-bit key</description> </valueHelp> <constraint> - <regex>^(gcm-aes-128|gcm-aes-256)$</regex> + <regex>(gcm-aes-128|gcm-aes-256)</regex> </constraint> </properties> </leafNode> @@ -67,7 +67,7 @@ <description>16-byte (128-bit) hex-string (32 hex-digits)</description> </valueHelp> <constraint> - <regex>^[A-Fa-f0-9]{32}$</regex> + <regex>[A-Fa-f0-9]{32}</regex> </constraint> </properties> </leafNode> @@ -79,7 +79,7 @@ <description>32-byte (256-bit) hex-string (64 hex-digits)</description> </valueHelp> <constraint> - <regex>^[A-Fa-f0-9]{64}$</regex> + <regex>[A-Fa-f0-9]{64}</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index c917b9312..edcf7b37f 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -7,7 +7,7 @@ <help>OpenVPN Tunnel Interface</help> <priority>460</priority> <constraint> - <regex>^vtun[0-9]+$</regex> + <regex>vtun[0-9]+</regex> </constraint> <constraintErrorMessage>OpenVPN tunnel interface must be named vtunN</constraintErrorMessage> <valueHelp> @@ -51,7 +51,7 @@ <description>TAP device, required for OSI layer 2</description> </valueHelp> <constraint> - <regex>^(tun|tap)$</regex> + <regex>(tun|tap)</regex> </constraint> </properties> <defaultValue>tun</defaultValue> @@ -113,7 +113,7 @@ <description>AES algorithm with 256-bit key GCM</description> </valueHelp> <constraint> - <regex>^(none|des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)$</regex> + <regex>(none|des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> </constraint> </properties> </leafNode> @@ -160,7 +160,7 @@ <description>AES algorithm with 256-bit key GCM</description> </valueHelp> <constraint> - <regex>^(none|des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)$</regex> + <regex>(none|des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> </constraint> <multi/> </properties> @@ -196,7 +196,7 @@ <description>SHA-512 algorithm</description> </valueHelp> <constraint> - <regex>^(md5|sha1|sha256|sha384|sha512)$</regex> + <regex>(md5|sha1|sha256|sha384|sha512)</regex> </constraint> </properties> </leafNode> @@ -298,7 +298,7 @@ <description>Server in client-server mode</description> </valueHelp> <constraint> - <regex>^(site-to-site|client|server)$</regex> + <regex>(site-to-site|client|server)</regex> </constraint> </properties> </leafNode> @@ -336,7 +336,7 @@ <description>TCP and initiates connections actively</description> </valueHelp> <constraint> - <regex>^(udp|tcp-passive|tcp-active)$</regex> + <regex>(udp|tcp-passive|tcp-active)</regex> </constraint> </properties> <defaultValue>udp</defaultValue> @@ -631,7 +631,7 @@ <description>Subnet topology</description> </valueHelp> <constraint> - <regex>^(subnet|point-to-point|net30)$</regex> + <regex>(subnet|point-to-point|net30)</regex> </constraint> </properties> <defaultValue>net30</defaultValue> @@ -713,7 +713,7 @@ <description>Enable chalenge-response</description> </valueHelp> <constraint> - <regex>^(disable|enable)$</regex> + <regex>(disable|enable)</regex> </constraint> </properties> <defaultValue>enable</defaultValue> @@ -786,7 +786,7 @@ <description>TLS v1.3</description> </valueHelp> <constraint> - <regex>^(1.0|1.1|1.2|1.3)$</regex> + <regex>(1.0|1.1|1.2|1.3)</regex> </constraint> </properties> </leafNode> @@ -805,7 +805,7 @@ <description>Wait for incoming TLS connection</description> </valueHelp> <constraint> - <regex>^(active|passive)$</regex> + <regex>(active|passive)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in index 3a0b7a40c..664914baa 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces-pppoe.xml.in @@ -7,7 +7,7 @@ <help>Point-to-Point Protocol over Ethernet (PPPoE)</help> <priority>322</priority> <constraint> - <regex>^pppoe[0-9]+$</regex> + <regex>pppoe[0-9]+</regex> </constraint> <constraintErrorMessage>PPPoE interface must be named pppoeN</constraintErrorMessage> <valueHelp> @@ -21,31 +21,8 @@ #include <include/interface/dial-on-demand.xml.i> #include <include/interface/interface-firewall.xml.i> #include <include/interface/interface-policy.xml.i> - <leafNode name="default-route"> - <properties> - <help>Default route insertion behaviour</help> - <completionHelp> - <list>auto none force</list> - </completionHelp> - <constraint> - <regex>^(auto|none|force)$</regex> - </constraint> - <constraintErrorMessage>PPPoE default-route option must be 'auto', 'none', or 'force'</constraintErrorMessage> - <valueHelp> - <format>auto</format> - <description>Automatically install a default route</description> - </valueHelp> - <valueHelp> - <format>none</format> - <description>Do not install a default route</description> - </valueHelp> - <valueHelp> - <format>force</format> - <description>Replace existing default route</description> - </valueHelp> - </properties> - <defaultValue>auto</defaultValue> - </leafNode> + #include <include/interface/no-default-route.xml.i> + #include <include/interface/default-route-distance.xml.i> #include <include/interface/dhcpv6-options.xml.i> #include <include/interface/description.xml.i> #include <include/interface/disable.xml.i> @@ -129,7 +106,7 @@ <properties> <help>Service name, only connect to access concentrators advertising this</help> <constraint> - <regex>[a-zA-Z0-9]+$</regex> + <regex>[a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Service name must be alphanumeric only</constraintErrorMessage> </properties> diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in index 5f5e9fdef..6b62f4c61 100644 --- a/interface-definitions/interfaces-pseudo-ethernet.xml.in +++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in @@ -7,7 +7,7 @@ <help>Pseudo Ethernet</help> <priority>321</priority> <constraint> - <regex>^peth[0-9]+$</regex> + <regex>peth[0-9]+</regex> </constraint> <constraintErrorMessage>Pseudo Ethernet interface must be named pethN</constraintErrorMessage> <valueHelp> @@ -53,7 +53,7 @@ <description>Promicious mode passthrough of underlying device</description> </valueHelp> <constraint> - <regex>^(private|vepa|bridge|passthru)$</regex> + <regex>(private|vepa|bridge|passthru)</regex> </constraint> <constraintErrorMessage>mode must be private, vepa, bridge or passthru</constraintErrorMessage> </properties> diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in index 42ec62775..98ff878ba 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -7,7 +7,7 @@ <help>Tunnel interface</help> <priority>380</priority> <constraint> - <regex>^tun[0-9]+$</regex> + <regex>tun[0-9]+</regex> </constraint> <constraintErrorMessage>tunnel interface must be named tunN</constraintErrorMessage> <valueHelp> @@ -102,7 +102,7 @@ <description>Simple Internet Transition (IPv6 in IPv4)</description> </valueHelp> <constraint> - <regex>^(erspan|gre|gretap|ip6erspan|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit)$</regex> + <regex>(erspan|gre|gretap|ip6erspan|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit)</regex> </constraint> <constraintErrorMessage>Invalid encapsulation, must be one of: erspan, gre, gretap, ip6erspan, ip6gre, ip6gretap, ipip, sit, ipip6 or ip6ip6</constraintErrorMessage> </properties> @@ -123,7 +123,7 @@ <description>Disable multicast (default)</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> <constraintErrorMessage>Must be 'disable' or 'enable'</constraintErrorMessage> </properties> @@ -153,7 +153,7 @@ <description>Mirror egress traffic</description> </valueHelp> <constraint> - <regex>^(ingress|egress)$</regex> + <regex>(ingress|egress)</regex> </constraint> </properties> </leafNode> @@ -248,7 +248,7 @@ <description>Disable encapsulation limit</description> </valueHelp> <constraint> - <regex>^(none)$</regex> + <regex>(none)</regex> <validator name="numeric" argument="--range 0-255"/> </constraint> <constraintErrorMessage>Tunnel encaplimit must be 0-255 or none</constraintErrorMessage> diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces-vti.xml.in index 5893e4c4c..b471c3b92 100644 --- a/interface-definitions/interfaces-vti.xml.in +++ b/interface-definitions/interfaces-vti.xml.in @@ -7,7 +7,7 @@ <help>Virtual Tunnel interface</help> <priority>381</priority> <constraint> - <regex>^vti[0-9]+$</regex> + <regex>vti[0-9]+</regex> </constraint> <constraintErrorMessage>VTI interface must be named vtiN</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index 8b50fe1b7..faa3dd5e0 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -7,7 +7,7 @@ <help>Virtual Extensible LAN (VXLAN) Interface</help> <priority>460</priority> <constraint> - <regex>^vxlan[0-9]+$</regex> + <regex>vxlan[0-9]+</regex> </constraint> <constraintErrorMessage>VXLAN interface must be named vxlanN</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index eb0892f07..4a1b4ac68 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -7,7 +7,7 @@ <help>WireGuard Interface</help> <priority>459</priority> <constraint> - <regex>^wg[0-9]+$</regex> + <regex>wg[0-9]+</regex> </constraint> <constraintErrorMessage>WireGuard interface must be named wgN</constraintErrorMessage> <valueHelp> @@ -46,7 +46,7 @@ <properties> <help>Base64 encoded private key</help> <constraint> - <regex>[0-9a-zA-Z\+/]{43}=$</regex> + <regex>[0-9a-zA-Z\+/]{43}=</regex> </constraint> <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> </properties> @@ -55,7 +55,7 @@ <properties> <help>peer alias</help> <constraint> - <regex>[^ ]{1,100}$</regex> + <regex>[^ ]{1,100}</regex> </constraint> <constraintErrorMessage>peer alias too long (limit 100 characters)</constraintErrorMessage> </properties> @@ -65,7 +65,7 @@ <properties> <help>base64 encoded public key</help> <constraint> - <regex>[0-9a-zA-Z\+/]{43}=$</regex> + <regex>[0-9a-zA-Z\+/]{43}=</regex> </constraint> <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> </properties> @@ -74,7 +74,7 @@ <properties> <help>base64 encoded preshared key</help> <constraint> - <regex>[0-9a-zA-Z\+/]{43}=$</regex> + <regex>[0-9a-zA-Z\+/]{43}=</regex> </constraint> <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> </properties> diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index db01657eb..eb6107303 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -10,7 +10,7 @@ <script>cd /sys/class/net; if compgen -G "wlan*" > /dev/null; then ls -d wlan*; fi</script> </completionHelp> <constraint> - <regex>^wlan[0-9]+$</regex> + <regex>wlan[0-9]+</regex> </constraint> <constraintErrorMessage>Wireless interface must be named wlanN</constraintErrorMessage> <valueHelp> @@ -63,7 +63,7 @@ <description>Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel</description> </valueHelp> <constraint> - <regex>^(ht20|ht40\+|ht40-)$</regex> + <regex>(ht20|ht40\+|ht40-)</regex> </constraint> <multi/> </properties> @@ -113,7 +113,7 @@ <description>Set maximum A-MSDU length to 7935 octets</description> </valueHelp> <constraint> - <regex>^(3839|7935)$</regex> + <regex>(3839|7935)</regex> </constraint> </properties> </leafNode> @@ -132,7 +132,7 @@ <description>Short GI for 40 MHz</description> </valueHelp> <constraint> - <regex>^(20|40)$</regex> + <regex>(20|40)</regex> </constraint> <multi/> </properties> @@ -152,7 +152,7 @@ <description>DYNAMIC Spatial Multiplexing (SM) Power Save</description> </valueHelp> <constraint> - <regex>^(static|dynamic)$</regex> + <regex>(static|dynamic)</regex> </constraint> </properties> </leafNode> @@ -169,7 +169,7 @@ <description>Number of spacial streams that can use RX STBC</description> </valueHelp> <constraint> - <regex>^[1-3]+$</regex> + <regex>[1-3]+</regex> </constraint> <constraintErrorMessage>Invalid capability item</constraintErrorMessage> </properties> @@ -248,7 +248,7 @@ <description>Support for operation as multi user beamformee</description> </valueHelp> <constraint> - <regex>^(single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee)$</regex> + <regex>(single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee)</regex> </constraint> <multi/> </properties> @@ -334,7 +334,7 @@ <description>Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB</description> </valueHelp> <constraint> - <regex>^(unsolicited|both)$</regex> + <regex>(unsolicited|both)</regex> </constraint> <constraintErrorMessage>Invalid capability item</constraintErrorMessage> </properties> @@ -366,7 +366,7 @@ <description>ncrease Maximum MPDU length to 11454 octets</description> </valueHelp> <constraint> - <regex>^(7991|11454)$</regex> + <regex>(7991|11454)</regex> </constraint> </properties> </leafNode> @@ -385,7 +385,7 @@ <description>Short GI for 160 MHz</description> </valueHelp> <constraint> - <regex>^(80|160)$</regex> + <regex>(80|160)</regex> </constraint> <multi/> </properties> @@ -403,7 +403,7 @@ <description>Number of spacial streams that can use RX STBC</description> </valueHelp> <constraint> - <regex>^[1-4]+$</regex> + <regex>[1-4]+</regex> </constraint> <constraintErrorMessage>Invalid capability item</constraintErrorMessage> </properties> @@ -464,7 +464,7 @@ <description>ISO/IEC 3166-1 Country Code</description> </valueHelp> <constraint> - <regex>^[a-z][a-z]$</regex> + <regex>[a-z][a-z]</regex> </constraint> <constraintErrorMessage>Invalid ISO/IEC 3166-1 Country Code</constraintErrorMessage> </properties> @@ -529,7 +529,7 @@ <description>MFP enforced</description> </valueHelp> <constraint> - <regex>^(disabled|optional|required)$</regex> + <regex>(disabled|optional|required)</regex> </constraint> </properties> <defaultValue>disabled</defaultValue> @@ -561,7 +561,7 @@ <description>802.11ac - 1300 Mbits/sec</description> </valueHelp> <constraint> - <regex>^(a|b|g|n|ac)$</regex> + <regex>(a|b|g|n|ac)</regex> </constraint> </properties> <defaultValue>g</defaultValue> @@ -650,7 +650,7 @@ <description>Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]</description> </valueHelp> <constraint> - <regex>^(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)$</regex> + <regex>(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)</regex> </constraint> <constraintErrorMessage>Invalid cipher selection</constraintErrorMessage> <multi/> @@ -683,7 +683,7 @@ <description>Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]</description> </valueHelp> <constraint> - <regex>^(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)$</regex> + <regex>(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)</regex> </constraint> <constraintErrorMessage>Invalid group cipher selection</constraintErrorMessage> <multi/> @@ -708,7 +708,7 @@ <description>Allow both WPA and WPA2</description> </valueHelp> <constraint> - <regex>^(wpa|wpa2|wpa\+wpa2|wpa3)$</regex> + <regex>(wpa|wpa2|wpa\+wpa2|wpa3)</regex> </constraint> <constraintErrorMessage>Unknown WPA mode</constraintErrorMessage> </properties> @@ -724,7 +724,7 @@ <description>Passphrase of at least 8 but not more than 63 printable characters</description> </valueHelp> <constraint> - <regex>.{8,63}$</regex> + <regex>.{8,63}</regex> </constraint> <constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage> </properties> @@ -752,7 +752,7 @@ <properties> <help>Wireless access-point service set identifier (SSID)</help> <constraint> - <regex>.{1,32}$</regex> + <regex>.{1,32}</regex> </constraint> <constraintErrorMessage>Invalid SSID</constraintErrorMessage> </properties> @@ -776,7 +776,7 @@ <description>Passively monitor all packets on the frequency/channel</description> </valueHelp> <constraint> - <regex>^(access-point|station|monitor)$</regex> + <regex>(access-point|station|monitor)</regex> </constraint> <constraintErrorMessage>Type must be access-point, station or monitor</constraintErrorMessage> </properties> diff --git a/interface-definitions/interfaces-wwan.xml.in b/interface-definitions/interfaces-wwan.xml.in index 3cb1645c4..3071e6091 100644 --- a/interface-definitions/interfaces-wwan.xml.in +++ b/interface-definitions/interfaces-wwan.xml.in @@ -10,7 +10,7 @@ <script>cd /sys/class/net; if compgen -G "wwan*" > /dev/null; then ls -d wwan*; fi</script> </completionHelp> <constraint> - <regex>^wwan[0-9]+$</regex> + <regex>wwan[0-9]+</regex> </constraint> <constraintErrorMessage>Wireless Modem interface must be named wwanN</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in index f79680947..9295b631f 100644 --- a/interface-definitions/nat.xml.in +++ b/interface-definitions/nat.xml.in @@ -98,7 +98,7 @@ <validator name="ipv4-prefix"/> <validator name="ipv4-address"/> <validator name="ipv4-range"/> - <regex>^(masquerade)$</regex> + <regex>(masquerade)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index 11d986c96..b47f653c6 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -94,7 +94,7 @@ <constraint> <validator name="ipv6-address"/> <validator name="ipv6-prefix"/> - <regex>^(masquerade)$</regex> + <regex>(masquerade)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/netns.xml.in b/interface-definitions/netns.xml.in index 80de805fb..088985cb6 100644 --- a/interface-definitions/netns.xml.in +++ b/interface-definitions/netns.xml.in @@ -10,7 +10,7 @@ <properties> <help>Network namespace name</help> <constraint> - <regex>^[a-zA-Z0-9-_]{1,100}</regex> + <regex>[a-zA-Z0-9-_]{1,100}</regex> </constraint> <constraintErrorMessage>Netns name must be alphanumeric and can contain hyphens and underscores.</constraintErrorMessage> </properties> diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy-local-route.xml.in index 573a7963f..d969613b1 100644 --- a/interface-definitions/policy-local-route.xml.in +++ b/interface-definitions/policy-local-route.xml.in @@ -146,11 +146,11 @@ <properties> <help>Source address or prefix</help> <valueHelp> - <format>ipv4</format> + <format>ipv6</format> <description>Address to match against</description> </valueHelp> <valueHelp> - <format>ipv4net</format> + <format>ipv6net</format> <description>Prefix to match against</description> </valueHelp> <constraint> diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in index a1c3b50de..a10c9b08f 100644 --- a/interface-definitions/policy-route.xml.in +++ b/interface-definitions/policy-route.xml.in @@ -6,7 +6,7 @@ <properties> <help>Policy route rule set name for IPv6</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> <priority>201</priority> </properties> @@ -55,7 +55,7 @@ <properties> <help>Policy route rule set name for IPv4</help> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> <priority>201</priority> </properties> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index 1a4781397..50b7cbc84 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -242,7 +242,7 @@ <description>BGP extended community-list name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Should be an alphanumeric name</constraintErrorMessage> </properties> @@ -291,7 +291,7 @@ <description>BGP large-community-list name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Should be an alphanumeric name</constraintErrorMessage> </properties> @@ -340,7 +340,7 @@ <description>Name of IPv4 prefix-list</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -408,7 +408,7 @@ <description>Name of IPv6 prefix-list</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9]+$</regex> + <regex>[-_a-zA-Z0-9]+</regex> </constraint> <constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -476,7 +476,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9.]+$</regex> + <regex>[-_a-zA-Z0-9.]+</regex> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -582,7 +582,7 @@ <description>Prefix route</description> </valueHelp> <constraint> - <regex>^(macip|multicast|prefix)$</regex> + <regex>(macip|multicast|prefix)</regex> </constraint> </properties> </leafNode> @@ -834,7 +834,7 @@ <description>Incomplete origin</description> </valueHelp> <constraint> - <regex>^(egp|igp|incomplete)$</regex> + <regex>(egp|igp|incomplete)</regex> </constraint> </properties> </leafNode> @@ -869,7 +869,7 @@ <description>Match valid entries</description> </valueHelp> <constraint> - <regex>^(invalid|notfound|valid)$</regex> + <regex>(invalid|notfound|valid)</regex> </constraint> </properties> </leafNode> @@ -948,24 +948,49 @@ </leafNode> </children> </node> - <leafNode name="as-path-exclude"> + <node name="as-path"> <properties> - <help>Remove ASN(s) from a Border Gateway Protocol (BGP) AS-path attribute</help> - <valueHelp> - <format>txt</format> - <description>BGP AS path exclude string (ex: "456 64500 45001")</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="as-path-prepend"> - <properties> - <help>Prepend string for a Border Gateway Protocol (BGP) AS-path attribute</help> - <valueHelp> - <format>txt</format> - <description>BGP AS path prepend string (ex: "64501 64501")</description> - </valueHelp> + <help>Transform BGP AS_PATH attribute</help> </properties> - </leafNode> + <children> + <leafNode name="exclude"> + <properties> + <help>Remove/exclude from the as-path attribute</help> + <valueHelp> + <format>u32</format> + <description>AS number</description> + </valueHelp> + <constraint> + <validator name="as-number-list"/> + </constraint> + </properties> + </leafNode> + <leafNode name="prepend"> + <properties> + <help>Prepend to the as-path</help> + <valueHelp> + <format>u32</format> + <description>AS number</description> + </valueHelp> + <constraint> + <validator name="as-number-list"/> + </constraint> + </properties> + </leafNode> + <leafNode name="prepend-last-as"> + <properties> + <help>Use the last AS-number in the as-path</help> + <valueHelp> + <format>u32:1-10</format> + <description>Number of times to insert</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + </properties> + </leafNode> + </children> + </node> <leafNode name="atomic-aggregate"> <properties> <help>BGP atomic aggregate attribute</help> @@ -1045,6 +1070,44 @@ </constraint> </properties> </leafNode> + <node name="evpn"> + <properties> + <help>Ethernet Virtual Private Network</help> + </properties> + <children> + <node name="gateway"> + <properties> + <help>Set gateway IP for prefix advertisement route</help> + </properties> + <children> + <leafNode name="ipv4"> + <properties> + <help>Set gateway IPv4 address</help> + <valueHelp> + <format>ipv4</format> + <description>Gateway IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ipv6"> + <properties> + <help>Set gateway IPv6 address</help> + <valueHelp> + <format>ipv6</format> + <description>Gateway IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> <node name="extcommunity"> <properties> <help>BGP extended community attribute</help> @@ -1070,7 +1133,7 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-25600"/> - <regex>^(cumulative|num-multipaths)$</regex> + <regex>(cumulative|num-multipaths)</regex> </constraint> </properties> </leafNode> @@ -1086,7 +1149,7 @@ <description>Based on a router-id IP address</description> </valueHelp> <constraint> - <regex>^(((\b(?:(?:2(?:[0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9])\.){3}(?:(?:2([0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9]))\b)|(\d+)):(\d+) ?)+$</regex> + <regex>(((\b(?:(?:2(?:[0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9])\.){3}(?:(?:2([0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9]))\b)|(\d+)):(\d+) ?)+</regex> </constraint> <constraintErrorMessage>Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number</constraintErrorMessage> </properties> @@ -1103,7 +1166,7 @@ <description>Based on a router-id IP address</description> </valueHelp> <constraint> - <regex>^((?:[0-9]{1,3}\.){3}[0-9]{1,3}|\d+):\d+$</regex> + <regex>((?:[0-9]{1,3}\.){3}[0-9]{1,3}|\d+):\d+</regex> </constraint> <constraintErrorMessage>Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number</constraintErrorMessage> </properties> @@ -1131,7 +1194,7 @@ </valueHelp> <constraint> <validator name="ipv4-address"/> - <regex>^(unchanged|peer-address)$</regex> + <regex>(unchanged|peer-address)</regex> </constraint> </properties> </leafNode> @@ -1251,7 +1314,7 @@ <description>OSPF external type 2 metric</description> </valueHelp> <constraint> - <regex>^(type-1|type-2)$</regex> + <regex>(type-1|type-2)</regex> </constraint> </properties> </leafNode> @@ -1274,7 +1337,7 @@ <description>Incomplete origin</description> </valueHelp> <constraint> - <regex>^(igp|egp|incomplete)$</regex> + <regex>(igp|egp|incomplete)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/protocols-bfd.xml.in b/interface-definitions/protocols-bfd.xml.in index a9957d884..edbac8d0e 100644 --- a/interface-definitions/protocols-bfd.xml.in +++ b/interface-definitions/protocols-bfd.xml.in @@ -73,7 +73,7 @@ <description>Name of BFD profile</description> </valueHelp> <constraint> - <regex>^[-_a-zA-Z0-9]{1,32}$</regex> + <regex>[-_a-zA-Z0-9]{1,32}</regex> </constraint> </properties> <children> diff --git a/interface-definitions/protocols-nhrp.xml.in b/interface-definitions/protocols-nhrp.xml.in index 9dd9d3389..7de3704ce 100644 --- a/interface-definitions/protocols-nhrp.xml.in +++ b/interface-definitions/protocols-nhrp.xml.in @@ -12,7 +12,7 @@ <properties> <help>Tunnel for NHRP [REQUIRED]</help> <constraint> - <regex>^tun[0-9]+$</regex> + <regex>tun[0-9]+</regex> </constraint> <valueHelp> <format>tunN</format> @@ -85,7 +85,7 @@ <list>dynamic nhs</list> </completionHelp> <constraint> - <regex>^(dynamic|nhs)$</regex> + <regex>(dynamic|nhs)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols-rip.xml.in index d3be4e1af..bbb88aef1 100644 --- a/interface-definitions/protocols-rip.xml.in +++ b/interface-definitions/protocols-rip.xml.in @@ -78,7 +78,7 @@ <description>MD5 Key (16 characters or less)</description> </valueHelp> <constraint> - <regex>^[^[:space:]]{1,16}$</regex> + <regex>[^[:space:]]{1,16}</regex> </constraint> <constraintErrorMessage>Password must be 16 characters or less</constraintErrorMessage> </properties> @@ -93,7 +93,7 @@ <description>Plain text password (16 characters or less)</description> </valueHelp> <constraint> - <regex>^[^[:space:]]{1,16}$</regex> + <regex>[^[:space:]]{1,16}</regex> </constraint> <constraintErrorMessage>Password must be 16 characters or less</constraintErrorMessage> </properties> diff --git a/interface-definitions/protocols-static-arp.xml.in b/interface-definitions/protocols-static-arp.xml.in index e5e8a9ad9..8b1b3b5e1 100644 --- a/interface-definitions/protocols-static-arp.xml.in +++ b/interface-definitions/protocols-static-arp.xml.in @@ -4,32 +4,46 @@ <children> <node name="static"> <children> - <tagNode name="arp" owner="${vyos_conf_scripts_dir}/arp.py"> + <node name="arp" owner="${vyos_conf_scripts_dir}/arp.py"> <properties> <help>Static ARP translation</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 destination address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> </properties> <children> - <leafNode name="hwaddr"> + <tagNode name="interface"> <properties> - <help>Translation MAC address</help> + <help>Interface configuration</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> <valueHelp> - <format>macaddr</format> - <description>Hardware (MAC) address</description> + <format>txt</format> + <description>Interface name</description> </valueHelp> <constraint> - <validator name="mac-address"/> + <validator name="interface-name"/> </constraint> </properties> - </leafNode> + <children> + <tagNode name="address"> + <properties> + <help>IP address for static ARP entry</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 destination address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/interface/mac.xml.i> + </children> + </tagNode> + </children> + </tagNode> </children> - </tagNode> + </node> </children> </node> </children> diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in index ff4c1c24e..5e65d3106 100644 --- a/interface-definitions/service-ids-ddos-protection.xml.in +++ b/interface-definitions/service-ids-ddos-protection.xml.in @@ -25,7 +25,7 @@ <list>in out</list> </completionHelp> <constraint> - <regex>^(in|out)$</regex> + <regex>(in|out)</regex> </constraint> <multi/> </properties> diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in index 584f687c7..6fa6fc5f9 100644 --- a/interface-definitions/service_conntrack-sync.xml.in +++ b/interface-definitions/service_conntrack-sync.xml.in @@ -5,7 +5,8 @@ <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py"> <properties> <help>Connection tracking synchronization</help> - <priority>995</priority> + <!-- before VRRP / HA --> + <priority>799</priority> </properties> <children> <leafNode name="accept-protocol"> @@ -39,7 +40,7 @@ <description>Sync Datagram Congestion Control Protocol entries</description> </valueHelp> <constraint> - <regex>^(tcp|udp|icmp|icmp6|sctp|dccp)$</regex> + <regex>(tcp|udp|icmp|icmp6|sctp|dccp)</regex> </constraint> <constraintErrorMessage>Allowed protocols: tcp udp icmp or sctp</constraintErrorMessage> <multi/> @@ -68,7 +69,7 @@ <list>all ftp sip h323 nfs sqlnet</list> </completionHelp> <constraint> - <regex>^(all|ftp|sip|h323|nfs|sqlnet)$</regex> + <regex>(all|ftp|sip|h323|nfs|sqlnet)</regex> </constraint> <constraintErrorMessage>Invalid protocol</constraintErrorMessage> <multi/> diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in index 549edb813..e9591ad87 100644 --- a/interface-definitions/service_console-server.xml.in +++ b/interface-definitions/service_console-server.xml.in @@ -23,7 +23,7 @@ <description>USB based serial interface</description> </valueHelp> <constraint> - <regex>^(ttyS\d+|usb\d+b.*p.*)$</regex> + <regex>(ttyS\d+|usb\d+b.*p.*)</regex> </constraint> </properties> <children> @@ -35,7 +35,7 @@ <list>300 1200 2400 4800 9600 19200 38400 57600 115200</list> </completionHelp> <constraint> - <regex>^(300|1200|2400|4800|9600|19200|38400|57600|115200)$</regex> + <regex>(300|1200|2400|4800|9600|19200|38400|57600|115200)</regex> </constraint> </properties> </leafNode> @@ -70,7 +70,7 @@ <list>even odd none</list> </completionHelp> <constraint> - <regex>^(even|odd|none)$</regex> + <regex>(even|odd|none)</regex> </constraint> </properties> <defaultValue>none</defaultValue> diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index 1325ba10d..e222467b1 100644 --- a/interface-definitions/service_ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -23,7 +23,7 @@ <list>L2 L3</list> </completionHelp> <constraint> - <regex>^(L2|L3)$</regex> + <regex>(L2|L3)</regex> </constraint> <valueHelp> <format>L2</format> @@ -42,7 +42,7 @@ <list>shared vlan</list> </completionHelp> <constraint> - <regex>^(shared|vlan)$</regex> + <regex>(shared|vlan)</regex> </constraint> <valueHelp> <format>shared</format> @@ -141,7 +141,7 @@ <list>local radius noauth</list> </completionHelp> <constraint> - <regex>^(local|radius|noauth)$</regex> + <regex>(local|radius|noauth)</regex> </constraint> <valueHelp> <format>local</format> diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in index 7db9de9f8..ff4c8c55f 100644 --- a/interface-definitions/service_monitoring_telegraf.xml.in +++ b/interface-definitions/service_monitoring_telegraf.xml.in @@ -22,7 +22,7 @@ <properties> <help>Authentication organization for InfluxDB v2 [REQUIRED]</help> <constraint> - <regex>^[a-zA-Z][1-9a-zA-Z@_\-.]{2,50}$</regex> + <regex>[a-zA-Z][1-9a-zA-Z@_\-.]{2,50}</regex> </constraint> <constraintErrorMessage>Organization name must be alphanumeric and can contain hyphens, underscores and at symbol.</constraintErrorMessage> </properties> @@ -35,7 +35,7 @@ <description>Authentication token</description> </valueHelp> <constraint> - <regex>^[a-zA-Z0-9-_]{86}==$</regex> + <regex>[a-zA-Z0-9-_]{86}==</regex> </constraint> <constraintErrorMessage>Token must be 88 characters long and must contain only [a-zA-Z0-9-_] and '==' characters.</constraintErrorMessage> </properties> @@ -79,12 +79,133 @@ <description>Telegraf internal statistics</description> </valueHelp> <constraint> - <regex>^(all|hardware-utilization|logs|network|system|telegraf)$</regex> + <regex>(all|hardware-utilization|logs|network|system|telegraf)</regex> </constraint> <multi/> </properties> <defaultValue>all</defaultValue> </leafNode> + <node name="prometheus-client"> + <properties> + <help>Output plugin Prometheus client</help> + </properties> + <children> + <node name="authentication"> + <properties> + <help>HTTP basic authentication parameters</help> + </properties> + <children> + <leafNode name="username"> + <properties> + <help>Authentication username</help> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>Authentication password</help> + <valueHelp> + <format>txt</format> + <description>Authentication password</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="allow-from"> + <properties> + <help>Networks allowed to query this server</help> + <valueHelp> + <format>ipv4net</format> + <description>IP address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="listen-address"> + <properties> + <help>Local IP addresses to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming connections</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + <validator name="ipv6-link-local"/> + </constraint> + </properties> + </leafNode> + <leafNode name="metric-version"> + <properties> + <help>Metric version control mapping from Telegraf to Prometheus format</help> + <valueHelp> + <format>u32:1-2</format> + <description>Metric version (default: 2)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2"/> + </constraint> + </properties> + <defaultValue>2</defaultValue> + </leafNode> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>9273</defaultValue> + </leafNode> + </children> + </node> + <node name="splunk"> + <properties> + <help>Output plugin Splunk</help> + </properties> + <children> + <node name="authentication"> + <properties> + <help>HTTP basic authentication parameters</help> + </properties> + <children> + <leafNode name="token"> + <properties> + <help>Authorization token</help> + </properties> + </leafNode> + <leafNode name="insecure"> + <properties> + <help>Use TLS but skip host validation</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="url"> + <properties> + <help>Remote URL [REQUIRED]</help> + <valueHelp> + <format>url</format> + <description>Remote URL to Splunk collector</description> + </valueHelp> + <constraint> + <regex>^(http(s?):\/\/.*):(\d*)\/?(.*)</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> <leafNode name="url"> <properties> <help>Remote URL [REQUIRED]</help> @@ -93,7 +214,7 @@ <description>Remote URL to InfluxDB v2</description> </valueHelp> <constraint> - <regex>^(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}?(\/.*)?$</regex> + <regex>(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}?(\/.*)?</regex> </constraint> <constraintErrorMessage>Incorrect URL format.</constraintErrorMessage> </properties> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 97952d882..50f42849b 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -32,7 +32,7 @@ <list>ifname ifname:mac</list> </completionHelp> <constraint> - <regex>^(ifname|ifname:mac)$</regex> + <regex>(ifname|ifname:mac)</regex> </constraint> <constraintErrorMessage>Invalid Called-Station-Id format</constraintErrorMessage> <valueHelp> @@ -108,7 +108,7 @@ <properties> <help>Acceptable rate of connections (e.g. 1/min, 60/sec)</help> <constraint> - <regex>[0-9]+\/(min|sec)$</regex> + <regex>[0-9]+\/(min|sec)</regex> </constraint> <constraintErrorMessage>illegal value</constraintErrorMessage> </properties> @@ -171,7 +171,7 @@ <properties> <help>IPv4 (IPCP) negotiation algorithm</help> <constraint> - <regex>^(deny|allow|prefer|require)$</regex> + <regex>(deny|allow|prefer|require)</regex> </constraint> <constraintErrorMessage>invalid value</constraintErrorMessage> <valueHelp> @@ -276,7 +276,7 @@ <properties> <help>control sessions count</help> <constraint> - <regex>^(deny|disable|replace)$</regex> + <regex>(deny|disable|replace)</regex> </constraint> <constraintErrorMessage>Invalid value</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in index ce1da85aa..bb11e9cd0 100644 --- a/interface-definitions/service_router-advert.xml.in +++ b/interface-definitions/service_router-advert.xml.in @@ -70,7 +70,7 @@ <description>Default router has high preference</description> </valueHelp> <constraint> - <regex>^(low|medium|high)$</regex> + <regex>(low|medium|high)</regex> </constraint> <constraintErrorMessage>Default preference must be low, medium or high</constraintErrorMessage> </properties> @@ -170,7 +170,7 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 0-4294967295"/> - <regex>^(infinity)$</regex> + <regex>(infinity)</regex> </constraint> </properties> <defaultValue>1800</defaultValue> @@ -194,7 +194,7 @@ <description>Route has high preference</description> </valueHelp> <constraint> - <regex>^(low|medium|high)$</regex> + <regex>(low|medium|high)</regex> </constraint> <constraintErrorMessage>Route preference must be low, medium or high</constraintErrorMessage> </properties> @@ -248,7 +248,7 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 0-4294967295"/> - <regex>^(infinity)$</regex> + <regex>(infinity)</regex> </constraint> </properties> <defaultValue>14400</defaultValue> @@ -269,7 +269,7 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 0-4294967295"/> - <regex>^(infinity)$</regex> + <regex>(infinity)</regex> </constraint> </properties> <defaultValue>2592000</defaultValue> diff --git a/interface-definitions/service_upnp.xml.in b/interface-definitions/service_upnp.xml.in index 7cfe1f02e..a129b7260 100644 --- a/interface-definitions/service_upnp.xml.in +++ b/interface-definitions/service_upnp.xml.in @@ -211,7 +211,7 @@ <list>allow deny</list> </completionHelp> <constraint> - <regex>^(allow|deny)$</regex> + <regex>(allow|deny)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in index 89c4c3910..9a75bc27d 100644 --- a/interface-definitions/service_webproxy.xml.in +++ b/interface-definitions/service_webproxy.xml.in @@ -136,7 +136,7 @@ <description>Lightweight Directory Access Protocol</description> </valueHelp> <constraint> - <regex>^(ldap)$</regex> + <regex>(ldap)</regex> </constraint> <constraintErrorMessage>The only supported method currently is LDAP</constraintErrorMessage> </properties> @@ -234,7 +234,7 @@ <description>Peer is a member of a multicast group</description> </valueHelp> <constraint> - <regex>^(parent|sibling|multicast)$</regex> + <regex>(parent|sibling|multicast)</regex> </constraint> </properties> <defaultValue>parent</defaultValue> @@ -368,7 +368,7 @@ <list>image/gif www/mime application/macbinary application/oda application/octet-stream application/pdf application/postscript application/postscript application/postscript text/rtf application/octet-stream application/octet-stream application/x-tar application/x-csh application/x-dvi application/x-hdf application/x-latex text/plain application/x-netcdf application/x-netcdf application/x-sh application/x-tcl application/x-tex application/x-texinfo application/x-texinfo application/x-troff application/x-troff application/x-troff application/x-troff-man application/x-troff-me application/x-troff-ms application/x-wais-source application/zip application/x-bcpio application/x-cpio application/x-gtar application/x-rpm application/x-shar application/x-sv4cpio application/x-sv4crc application/x-tar application/x-ustar audio/basic audio/basic audio/mpeg audio/mpeg audio/mpeg audio/x-aiff audio/x-aiff audio/x-aiff audio/x-wav image/bmp image/ief image/jpeg image/jpeg image/jpeg image/tiff image/tiff image/x-cmu-raster image/x-portable-anymap image/x-portable-bitmap image/x-portable-graymap image/x-portable-pixmap image/x-rgb image/x-xbitmap image/x-xpixmap image/x-xwindowdump text/html text/html text/css application/x-javascript text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/richtext text/tab-separated-values text/x-setext video/mpeg video/mpeg video/mpeg video/quicktime video/quicktime video/x-msvideo video/x-sgi-movie application/mac-compactpro application/mac-binhex40 application/macwriteii application/msword application/msword application/vnd.ms-excel application/vnd.ms-powerpoint application/vnd.lotus-1-2-3 application/vnd.mif application/x-stuffit application/pict application/pict application/x-arj-compressed application/x-lha-compressed application/x-lha-compressed application/x-deflate text/plain application/octet-stream application/octet-stream image/png application/octet-stream application/x-xpinstall application/octet-stream text/plain application/x-director application/x-director application/x-director image/vnd.djvu image/vnd.djvu application/octet-stream application/octet-stream application/andrew-inset x-conference/x-cooltalk model/iges model/iges audio/midi audio/midi audio/midi model/mesh model/mesh video/vnd.mpegurl chemical/x-pdb application/x-chess-pgn audio/x-realaudio audio/x-pn-realaudio audio/x-pn-realaudio text/sgml text/sgml application/x-koan application/x-koan application/x-koan application/x-koan application/smil application/smil application/octet-stream application/x-futuresplash application/x-shockwave-flash application/x-cdlink model/vrml image/vnd.wap.wbmp application/vnd.wap.wbxml application/vnd.wap.wmlc application/vnd.wap.wmlscriptc application/vnd.wap.wmlscript application/xhtml application/xhtml text/xml text/xml chemical/x-xyz text/plain</list> </completionHelp> <constraint> - <regex>^(image/gif|www/mime|application/macbinary|application/oda|application/octet-stream|application/pdf|application/postscript|application/postscript|application/postscript|text/rtf|application/octet-stream|application/octet-stream|application/x-tar|application/x-csh|application/x-dvi|application/x-hdf|application/x-latex|text/plain|application/x-netcdf|application/x-netcdf|application/x-sh|application/x-tcl|application/x-tex|application/x-texinfo|application/x-texinfo|application/x-troff|application/x-troff|application/x-troff|application/x-troff-man|application/x-troff-me|application/x-troff-ms|application/x-wais-source|application/zip|application/x-bcpio|application/x-cpio|application/x-gtar|application/x-rpm|application/x-shar|application/x-sv4cpio|application/x-sv4crc|application/x-tar|application/x-ustar|audio/basic|audio/basic|audio/mpeg|audio/mpeg|audio/mpeg|audio/x-aiff|audio/x-aiff|audio/x-aiff|audio/x-wav|image/bmp|image/ief|image/jpeg|image/jpeg|image/jpeg|image/tiff|image/tiff|image/x-cmu-raster|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-xbitmap|image/x-xpixmap|image/x-xwindowdump|text/html|text/html|text/css|application/x-javascript|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/richtext|text/tab-separated-values|text/x-setext|video/mpeg|video/mpeg|video/mpeg|video/quicktime|video/quicktime|video/x-msvideo|video/x-sgi-movie|application/mac-compactpro|application/mac-binhex40|application/macwriteii|application/msword|application/msword|application/vnd.ms-excel|application/vnd.ms-powerpoint|application/vnd.lotus-1-2-3|application/vnd.mif|application/x-stuffit|application/pict|application/pict|application/x-arj-compressed|application/x-lha-compressed|application/x-lha-compressed|application/x-deflate|text/plain|application/octet-stream|application/octet-stream|image/png|application/octet-stream|application/x-xpinstall|application/octet-stream|text/plain|application/x-director|application/x-director|application/x-director|image/vnd.djvu|image/vnd.djvu|application/octet-stream|application/octet-stream|application/andrew-inset|x-conference/x-cooltalk|model/iges|model/iges|audio/midi|audio/midi|audio/midi|model/mesh|model/mesh|video/vnd.mpegurl|chemical/x-pdb|application/x-chess-pgn|audio/x-realaudio|audio/x-pn-realaudio|audio/x-pn-realaudio|text/sgml|text/sgml|application/x-koan|application/x-koan|application/x-koan|application/x-koan|application/smil|application/smil|application/octet-stream|application/x-futuresplash|application/x-shockwave-flash|application/x-cdlink|model/vrml|image/vnd.wap.wbmp|application/vnd.wap.wbxml|application/vnd.wap.wmlc|application/vnd.wap.wmlscriptc|application/vnd.wap.wmlscript|application/xhtml|application/xhtml|text/xml|text/xml|chemical/x-xyz|text/plain)$</regex> + <regex>(image/gif|www/mime|application/macbinary|application/oda|application/octet-stream|application/pdf|application/postscript|application/postscript|application/postscript|text/rtf|application/octet-stream|application/octet-stream|application/x-tar|application/x-csh|application/x-dvi|application/x-hdf|application/x-latex|text/plain|application/x-netcdf|application/x-netcdf|application/x-sh|application/x-tcl|application/x-tex|application/x-texinfo|application/x-texinfo|application/x-troff|application/x-troff|application/x-troff|application/x-troff-man|application/x-troff-me|application/x-troff-ms|application/x-wais-source|application/zip|application/x-bcpio|application/x-cpio|application/x-gtar|application/x-rpm|application/x-shar|application/x-sv4cpio|application/x-sv4crc|application/x-tar|application/x-ustar|audio/basic|audio/basic|audio/mpeg|audio/mpeg|audio/mpeg|audio/x-aiff|audio/x-aiff|audio/x-aiff|audio/x-wav|image/bmp|image/ief|image/jpeg|image/jpeg|image/jpeg|image/tiff|image/tiff|image/x-cmu-raster|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-xbitmap|image/x-xpixmap|image/x-xwindowdump|text/html|text/html|text/css|application/x-javascript|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/richtext|text/tab-separated-values|text/x-setext|video/mpeg|video/mpeg|video/mpeg|video/quicktime|video/quicktime|video/x-msvideo|video/x-sgi-movie|application/mac-compactpro|application/mac-binhex40|application/macwriteii|application/msword|application/msword|application/vnd.ms-excel|application/vnd.ms-powerpoint|application/vnd.lotus-1-2-3|application/vnd.mif|application/x-stuffit|application/pict|application/pict|application/x-arj-compressed|application/x-lha-compressed|application/x-lha-compressed|application/x-deflate|text/plain|application/octet-stream|application/octet-stream|image/png|application/octet-stream|application/x-xpinstall|application/octet-stream|text/plain|application/x-director|application/x-director|application/x-director|image/vnd.djvu|image/vnd.djvu|application/octet-stream|application/octet-stream|application/andrew-inset|x-conference/x-cooltalk|model/iges|model/iges|audio/midi|audio/midi|audio/midi|model/mesh|model/mesh|video/vnd.mpegurl|chemical/x-pdb|application/x-chess-pgn|audio/x-realaudio|audio/x-pn-realaudio|audio/x-pn-realaudio|text/sgml|text/sgml|application/x-koan|application/x-koan|application/x-koan|application/x-koan|application/smil|application/smil|application/octet-stream|application/x-futuresplash|application/x-shockwave-flash|application/x-cdlink|model/vrml|image/vnd.wap.wbmp|application/vnd.wap.wbxml|application/vnd.wap.wmlc|application/vnd.wap.wmlscriptc|application/vnd.wap.wmlscript|application/xhtml|application/xhtml|text/xml|text/xml|chemical/x-xyz|text/plain)</regex> </constraint> <multi/> </properties> @@ -484,7 +484,7 @@ <description>Name of source group</description> </valueHelp> <constraint> - <regex>^[^0-9]</regex> + <regex>[^0-9]</regex> </constraint> <constraintErrorMessage>URL-filter source-group cannot start with a number!</constraintErrorMessage> </properties> @@ -598,7 +598,7 @@ <description>All days of the week</description> </valueHelp> <constraint> - <regex>^(Sun|Mon|Tue|Wed|Thu|Fri|Sat|weekdays|weekend|all)$</regex> + <regex>(Sun|Mon|Tue|Wed|Thu|Fri|Sat|weekdays|weekend|all)</regex> </constraint> </properties> <children> @@ -611,7 +611,7 @@ </valueHelp> <constraint> <!-- time range example: 12:00-13:00 --> - <regex>^(\d\d:\d\d)-(\d\d:\d\d)$</regex> + <regex>(\d\d:\d\d)-(\d\d:\d\d)</regex> </constraint> <constraintErrorMessage>Expected time format hh:mm - hh:mm in 24hr time</constraintErrorMessage> </properties> diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in index b9e0f4cc5..b4f72589e 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/snmp.xml.in @@ -13,7 +13,7 @@ <properties> <help>Community name</help> <constraint> - <regex>^[a-zA-Z0-9\-_]{1,100}$</regex> + <regex>[a-zA-Z0-9\-_]{1,100}</regex> </constraint> <constraintErrorMessage>Community string is limited to alphanumerical characters only with a total lenght of 100</constraintErrorMessage> </properties> @@ -33,7 +33,7 @@ <description>Read-Write</description> </valueHelp> <constraint> - <regex>^(ro|rw)$</regex> + <regex>(ro|rw)</regex> </constraint> <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> </properties> @@ -72,7 +72,7 @@ <properties> <help>Contact information</help> <constraint> - <regex>^.{1,255}$</regex> + <regex>.{1,255}</regex> </constraint> <constraintErrorMessage>Contact information is limited to 255 characters or less</constraintErrorMessage> </properties> @@ -81,7 +81,7 @@ <properties> <help>Description information</help> <constraint> - <regex>^.{1,255}$</regex> + <regex>.{1,255}</regex> </constraint> <constraintErrorMessage>Description is limited to 255 characters or less</constraintErrorMessage> </properties> @@ -116,7 +116,7 @@ <properties> <help>Location information</help> <constraint> - <regex>^.{1,255}$</regex> + <regex>.{1,255}</regex> </constraint> <constraintErrorMessage>Location is limited to 255 characters or less</constraintErrorMessage> </properties> @@ -132,7 +132,7 @@ <description>Enable routing table OIDs (ipCidrRouteTable inetCidrRouteTable)</description> </valueHelp> <constraint> - <regex>^(route-table)$</regex> + <regex>(route-table)</regex> </constraint> <constraintErrorMessage>OID must be 'route-table'</constraintErrorMessage> </properties> @@ -202,7 +202,7 @@ <properties> <help>Specifies the EngineID that uniquely identify an agent (e.g. 000000000000000000000002)</help> <constraint> - <regex>^([0-9a-f][0-9a-f]){1,18}$</regex> + <regex>([0-9a-f][0-9a-f]){1,18}</regex> </constraint> <constraintErrorMessage>ID must contain an even number (from 2 to 36) of hex digits</constraintErrorMessage> </properties> @@ -233,7 +233,7 @@ <description>Messages are authenticated and encrypted (authPriv)</description> </valueHelp> <constraint> - <regex>^(noauth|auth|priv)$</regex> + <regex>(noauth|auth|priv)</regex> </constraint> </properties> <defaultValue>auth</defaultValue> @@ -274,7 +274,7 @@ <properties> <help>Defines the encrypted key for authentication</help> <constraint> - <regex>^[0-9a-f]*$</regex> + <regex>[0-9a-f]*</regex> </constraint> <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> </properties> @@ -283,7 +283,7 @@ <properties> <help>Defines the clear text key for authentication</help> <constraint> - <regex>^.{8,}$</regex> + <regex>.{8,}</regex> </constraint> <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> @@ -304,7 +304,7 @@ <properties> <help>Defines the encrypted key for privacy protocol</help> <constraint> - <regex>^[0-9a-f]*$</regex> + <regex>[0-9a-f]*</regex> </constraint> <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> </properties> @@ -313,7 +313,7 @@ <properties> <help>Defines the clear text key for privacy protocol</help> <constraint> - <regex>^.{8,}$</regex> + <regex>.{8,}</regex> </constraint> <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> @@ -337,7 +337,7 @@ <description>Use TRAP</description> </valueHelp> <constraint> - <regex>^(inform|trap)$</regex> + <regex>(inform|trap)</regex> </constraint> </properties> <defaultValue>inform</defaultValue> @@ -356,7 +356,7 @@ <properties> <help>Specifies the user with name username</help> <constraint> - <regex>[^\(\)\|\-]+$</regex> + <regex>[^\(\)\|\-]+</regex> </constraint> <constraintErrorMessage>Illegal characters in name</constraintErrorMessage> </properties> @@ -370,7 +370,7 @@ <properties> <help>Defines the encrypted key for authentication</help> <constraint> - <regex>^[0-9a-f]*$</regex> + <regex>[0-9a-f]*</regex> </constraint> <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> </properties> @@ -379,7 +379,7 @@ <properties> <help>Defines the clear text key for authentication</help> <constraint> - <regex>^.{8,}$</regex> + <regex>.{8,}</regex> </constraint> <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> @@ -405,7 +405,7 @@ <properties> <help>Defines the encrypted key for privacy protocol</help> <constraint> - <regex>^[0-9a-f]*$</regex> + <regex>[0-9a-f]*</regex> </constraint> <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> </properties> @@ -414,7 +414,7 @@ <properties> <help>Defines the clear text key for privacy protocol</help> <constraint> - <regex>^.{8,}$</regex> + <regex>.{8,}</regex> </constraint> <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> @@ -428,7 +428,7 @@ <properties> <help>Specifies the view with name viewname</help> <constraint> - <regex>[^\(\)\|\-]+$</regex> + <regex>[^\(\)\|\-]+</regex> </constraint> <constraintErrorMessage>Illegal characters in name</constraintErrorMessage> </properties> @@ -437,7 +437,7 @@ <properties> <help>Specifies the oid</help> <constraint> - <regex>^[0-9]+(\.[0-9]+)*$</regex> + <regex>[0-9]+(\.[0-9]+)*</regex> </constraint> <constraintErrorMessage>OID must start from a number</constraintErrorMessage> </properties> @@ -451,7 +451,7 @@ <properties> <help>Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant</help> <constraint> - <regex>^[0-9a-f]{2}([\.:][0-9a-f]{2})*$</regex> + <regex>[0-9a-f]{2}([\.:][0-9a-f]{2})*</regex> </constraint> <constraintErrorMessage>MASK is a list of hex octets, separated by '.' or ':'</constraintErrorMessage> </properties> @@ -471,7 +471,7 @@ <properties> <help>Extension name</help> <constraint> - <regex>^[a-z0-9\.\-\_]+</regex> + <regex>[a-z0-9\.\-\_]+</regex> </constraint> <constraintErrorMessage>Script extension contains invalid characters</constraintErrorMessage> </properties> @@ -483,7 +483,7 @@ <script>ls /config/user-data</script> </completionHelp> <constraint> - <regex>^[a-z0-9\.\-\_\/]+</regex> + <regex>[a-z0-9\.\-\_\/]+</regex> </constraint> <constraintErrorMessage>Script extension contains invalid characters</constraintErrorMessage> </properties> diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index 8edbad110..126183162 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -61,6 +61,78 @@ <valueless/> </properties> </leafNode> + <node name="dynamic-protection"> + <properties> + <help>Allow dynamic protection</help> + </properties> + <children> + <leafNode name="block-time"> + <properties> + <help>Block source IP in seconds. Subsequent blocks increase by a factor of 1.5</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Time interval in seconds for blocking</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="detect-time"> + <properties> + <help>Remember source IP in seconds before reset their score</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Time interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>1800</defaultValue> + </leafNode> + <leafNode name="threshold"> + <properties> + <help>Block source IP when their cumulative attack score exceeds threshold</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Threshold score</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="allow-from"> + <properties> + <help>Always allow inbound connections from these systems</help> + <valueHelp> + <format>ipv4</format> + <description>Address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <leafNode name="key-exchange"> <properties> <help>Allowed key exchange (KEX) algorithms</help> diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in index 65edab839..14f12b569 100644 --- a/interface-definitions/system-conntrack.xml.in +++ b/interface-definitions/system-conntrack.xml.in @@ -252,7 +252,7 @@ <description>Do not allow tracking of previously established connections</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>enable</defaultValue> diff --git a/interface-definitions/system-console.xml.in b/interface-definitions/system-console.xml.in index 2897e5e97..5acd3e90b 100644 --- a/interface-definitions/system-console.xml.in +++ b/interface-definitions/system-console.xml.in @@ -28,7 +28,7 @@ <description>Xen console</description> </valueHelp> <constraint> - <regex>^(ttyS[0-9]+|hvc[0-9]+|usb[0-9]+b.*)$</regex> + <regex>(ttyS[0-9]+|hvc[0-9]+|usb[0-9]+b.*)</regex> </constraint> </properties> <children> @@ -71,7 +71,7 @@ <description>115200 bps</description> </valueHelp> <constraint> - <regex>^(1200|2400|4800|9600|19200|38400|57600|115200)$</regex> + <regex>(1200|2400|4800|9600|19200|38400|57600|115200)</regex> </constraint> </properties> <defaultValue>115200</defaultValue> diff --git a/interface-definitions/system-lcd.xml.in b/interface-definitions/system-lcd.xml.in index 4c9d5c92e..9b1a15317 100644 --- a/interface-definitions/system-lcd.xml.in +++ b/interface-definitions/system-lcd.xml.in @@ -39,7 +39,7 @@ <description>Lanner, Watchguard, Nexcom NSA, Sophos UTM appliances</description> </valueHelp> <constraint> - <regex>^(cfa-533|cfa-631|cfa-633|cfa-635|hd44780|sdec)$</regex> + <regex>(cfa-533|cfa-631|cfa-633|cfa-635|hd44780|sdec)</regex> </constraint> </properties> </leafNode> @@ -59,7 +59,7 @@ <description>TTY device name, USB based</description> </valueHelp> <constraint> - <regex>^(ttyS[0-9]+|usb[0-9]+b.*)$</regex> + <regex>(ttyS[0-9]+|usb[0-9]+b.*)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in index a5519ee88..24eeee355 100644 --- a/interface-definitions/system-login.xml.in +++ b/interface-definitions/system-login.xml.in @@ -12,7 +12,7 @@ <properties> <help>Local user account information</help> <constraint> - <regex>^[-_a-zA-Z0-9.]{1,100}</regex> + <regex>[-_a-zA-Z0-9.]{1,100}</regex> </constraint> <constraintErrorMessage>Username contains illegal characters or\nexceeds 100 character limitation.</constraintErrorMessage> </properties> @@ -27,7 +27,7 @@ <help>Encrypted password</help> <constraint> <regex>(\*|\!)</regex> - <regex>[a-zA-Z0-9\.\/]{13}$</regex> + <regex>[a-zA-Z0-9\.\/]{13}</regex> <regex>\$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22}</regex> <regex>\$5\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex> <regex>\$6\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex> @@ -90,7 +90,7 @@ <description/> </valueHelp> <constraint> - <regex>^(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519)$</regex> + <regex>(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519)</regex> </constraint> </properties> </leafNode> @@ -102,7 +102,7 @@ <properties> <help>Full name of the user (use quotes for names with spaces)</help> <constraint> - <regex>[^:]*$</regex> + <regex>[^:]*</regex> </constraint> <constraintErrorMessage>Cannot use ':' in full name</constraintErrorMessage> </properties> diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in index 75fa67271..8cd25799b 100644 --- a/interface-definitions/system-option.xml.in +++ b/interface-definitions/system-option.xml.in @@ -27,7 +27,7 @@ <description>Poweroff system</description> </valueHelp> <constraint> - <regex>^(ignore|reboot|poweroff)$</regex> + <regex>(ignore|reboot|poweroff)</regex> </constraint> <constraintErrorMessage>Must be ignore, reboot, or poweroff</constraintErrorMessage> </properties> @@ -84,7 +84,7 @@ <description>Tune for low network latency</description> </valueHelp> <constraint> - <regex>^(throughput|latency)$</regex> + <regex>(throughput|latency)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system-proxy.xml.in index ade168522..1c06b347f 100644 --- a/interface-definitions/system-proxy.xml.in +++ b/interface-definitions/system-proxy.xml.in @@ -11,7 +11,7 @@ <properties> <help>Proxy URL</help> <constraint> - <regex>http:\/\/[a-z0-9\.]+$</regex> + <regex>http:\/\/[a-z0-9\.]+</regex> </constraint> </properties> </leafNode> @@ -20,7 +20,7 @@ <properties> <help>Proxy username</help> <constraint> - <regex>[a-z0-9-_\.]{1,100}$</regex> + <regex>[a-z0-9-_\.]{1,100}</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system-syslog.xml.in index 9280a43c8..480cb1ca6 100644 --- a/interface-definitions/system-syslog.xml.in +++ b/interface-definitions/system-syslog.xml.in @@ -28,7 +28,7 @@ <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> <constraint> - <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> </constraint> <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> @@ -132,7 +132,7 @@ <list>emerg alert crit err warning notice info debug all</list> </completionHelp> <constraint> - <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> </constraint> <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> @@ -203,7 +203,7 @@ <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> <constraint> - <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> </constraint> <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> @@ -315,7 +315,7 @@ <list>udp tcp</list> </completionHelp> <constraint> - <regex>^(udp|tcp)$</regex> + <regex>(udp|tcp)</regex> </constraint> <constraintErrorMessage>invalid protocol name</constraintErrorMessage> </properties> @@ -327,7 +327,7 @@ <list>emerg alert crit err warning notice info debug all</list> </completionHelp> <constraint> - <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> </constraint> <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> @@ -422,7 +422,7 @@ <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> <constraint> - <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> </constraint> <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> @@ -526,7 +526,7 @@ <list>emerg alert crit err warning notice info debug all</list> </completionHelp> <constraint> - <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> </constraint> <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> @@ -633,7 +633,7 @@ <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> <constraint> - <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> </constraint> <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> @@ -737,7 +737,7 @@ <list>emerg alert crit err warning notice info debug all</list> </completionHelp> <constraint> - <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> </constraint> <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> @@ -794,7 +794,7 @@ <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> <constraint> - <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> </constraint> <constraintErrorMessage>Invalid facility type</constraintErrorMessage> <valueHelp> @@ -898,7 +898,7 @@ <list>emerg alert crit err warning notice info debug all</list> </completionHelp> <constraint> - <regex>^(emerg|alert|crit|err|warning|notice|info|debug|all)$</regex> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> </constraint> <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index a86951ce8..555ba689f 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -37,7 +37,7 @@ <description>Enable ESP compression</description> </valueHelp> <constraint> - <regex>^(disable|enable)$</regex> + <regex>(disable|enable)</regex> </constraint> </properties> <defaultValue>disable</defaultValue> @@ -94,7 +94,7 @@ <description>Transport mode</description> </valueHelp> <constraint> - <regex>^(tunnel|transport)$</regex> + <regex>(tunnel|transport)</regex> </constraint> </properties> <defaultValue>tunnel</defaultValue> @@ -202,7 +202,7 @@ <description>Disable PFS</description> </valueHelp> <constraint> - <regex>^(enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable)$</regex> + <regex>(enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable)</regex> </constraint> </properties> <defaultValue>enable</defaultValue> @@ -246,7 +246,7 @@ <description>Attempt to re-negotiate the connection immediately</description> </valueHelp> <constraint> - <regex>^(none|hold|restart)$</regex> + <regex>(none|hold|restart)</regex> </constraint> </properties> </leafNode> @@ -274,7 +274,7 @@ <description>Attempt to re-negotiate the connection immediately</description> </valueHelp> <constraint> - <regex>^(hold|clear|restart)$</regex> + <regex>(hold|clear|restart)</regex> </constraint> </properties> </leafNode> @@ -321,7 +321,7 @@ <description>Disable remote host re-authenticaton during an IKE rekey</description> </valueHelp> <constraint> - <regex>^(yes|no)$</regex> + <regex>(yes|no)</regex> </constraint> </properties> </leafNode> @@ -340,7 +340,7 @@ <description>Use IKEv2 for key exchange</description> </valueHelp> <constraint> - <regex>^(ikev1|ikev2)$</regex> + <regex>(ikev1|ikev2)</regex> </constraint> </properties> </leafNode> @@ -372,7 +372,7 @@ <description>Disable MOBIKE</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> <defaultValue>enable</defaultValue> @@ -392,7 +392,7 @@ <description>Use the aggressive mode (insecure, not recommended)</description> </valueHelp> <constraint> - <regex>^(main|aggressive)$</regex> + <regex>(main|aggressive)</regex> </constraint> </properties> <defaultValue>main</defaultValue> @@ -501,7 +501,7 @@ <description>Diffie-Hellman group 32 (curve448)</description> </valueHelp> <constraint> - <regex>^(1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32)$</regex> + <regex>(1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32)</regex> </constraint> </properties> <defaultValue>2</defaultValue> @@ -628,7 +628,7 @@ <description>Any subsystem</description> </valueHelp> <constraint> - <regex>^(dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any)$</regex> + <regex>(dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any)</regex> </constraint> <multi/> </properties> @@ -747,7 +747,7 @@ <description>Use EAP-RADIUS authentication</description> </valueHelp> <constraint> - <regex>^(eap-tls|eap-mschapv2|eap-radius)$</regex> + <regex>(eap-tls|eap-mschapv2|eap-radius)</regex> </constraint> </properties> <defaultValue>eap-mschapv2</defaultValue> @@ -768,7 +768,7 @@ <description>Use x.509 certificate</description> </valueHelp> <constraint> - <regex>^(pre-shared-secret|x509)$</regex> + <regex>(pre-shared-secret|x509)</regex> </constraint> </properties> <defaultValue>x509</defaultValue> @@ -840,7 +840,7 @@ <description>Delete any existing connection if a new one for the same user gets established</description> </valueHelp> <constraint> - <regex>^(never|keep|replace)$</regex> + <regex>(never|keep|replace)</regex> </constraint> </properties> </leafNode> @@ -976,7 +976,7 @@ <description>Use x.509 certificate</description> </valueHelp> <constraint> - <regex>^(pre-shared-secret|rsa|x509)$</regex> + <regex>(pre-shared-secret|rsa|x509)</regex> </constraint> </properties> </leafNode> @@ -1017,7 +1017,7 @@ <description>Load the connection only</description> </valueHelp> <constraint> - <regex>^(initiate|respond|none)$</regex> + <regex>(initiate|respond|none)</regex> </constraint> </properties> </leafNode> @@ -1046,7 +1046,7 @@ <description>Do not force UDP encapsulation</description> </valueHelp> <constraint> - <regex>^(enable|disable)$</regex> + <regex>(enable|disable)</regex> </constraint> </properties> </leafNode> @@ -1070,7 +1070,7 @@ <description>Inherit the reauth configuration form your IKE-group</description> </valueHelp> <constraint> - <regex>^(yes|no|inherit)$</regex> + <regex>(yes|no|inherit)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index 9ca7b1fad..f734283e7 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -72,7 +72,7 @@ <description>Use X.509 certificate for IPsec authentication</description> </valueHelp> <constraint> - <regex>^(pre-shared-secret|x509)$</regex> + <regex>(pre-shared-secret|x509)</regex> </constraint> <completionHelp> <list>pre-shared-secret x509</list> @@ -167,7 +167,7 @@ <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> </valueHelp> <constraint> - <regex>^(pap|chap|mschap|mschap-v2)$</regex> + <regex>(pap|chap|mschap|mschap-v2)</regex> </constraint> <completionHelp> <list>pap chap mschap mschap-v2</list> diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index 05458ed34..21b47125d 100644 --- a/interface-definitions/vpn_openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -34,7 +34,7 @@ <description>Password (first) + OTP local authentication</description> </valueHelp> <constraint> - <regex>^(password|otp|password-otp)$</regex> + <regex>(password|otp|password-otp)</regex> </constraint> <constraintErrorMessage>Invalid authentication mode. Must be one of: password, otp or password-otp </constraintErrorMessage> <completionHelp> @@ -51,6 +51,82 @@ </children> </node> #include <include/auth-local-users.xml.i> + <node name="local-users"> + <children> + <tagNode name="username"> + <children> + <node name="otp"> + <properties> + <help>2FA OTP authentication parameters</help> + </properties> + <children> + <leafNode name="key"> + <properties> + <help>Token Key Secret key for the token algorithm (see RFC 4226)</help> + <valueHelp> + <format>txt</format> + <description>OTP key in hex-encoded format</description> + </valueHelp> + <constraint> + <regex>[a-fA-F0-9]{20,10000}</regex> + </constraint> + <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="otp-length"> + <properties> + <help>Number of digits in OTP code</help> + <valueHelp> + <format>u32:6-8</format> + <description>Number of digits in OTP code</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 6-8"/> + </constraint> + <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage> + </properties> + <defaultValue>6</defaultValue> + </leafNode> + <leafNode name="interval"> + <properties> + <help>Time tokens interval in seconds</help> + <valueHelp> + <format>u32:5-86400</format> + <description>Time tokens interval in seconds.</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-86400"/> + </constraint> + <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="token-type"> + <properties> + <help>Token type</help> + <valueHelp> + <format>hotp-time</format> + <description>Time-based OTP algorithm</description> + </valueHelp> + <valueHelp> + <format>hotp-event</format> + <description>Event-based OTP algorithm</description> + </valueHelp> + <constraint> + <regex>(hotp-time|hotp-event)</regex> + </constraint> + <completionHelp> + <list>hotp-time hotp-event</list> + </completionHelp> + </properties> + <defaultValue>hotp-time</defaultValue> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> #include <include/radius-server-ipv4.xml.i> <node name="radius"> <children> diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index 0d1690013..28a53acb9 100644 --- a/interface-definitions/vpn_pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -75,7 +75,7 @@ <description>ask client for mppe, if it rejects drop connection</description> </valueHelp> <constraint> - <regex>^(deny|prefer|require)$</regex> + <regex>(deny|prefer|require)</regex> </constraint> <completionHelp> <list>deny prefer require</list> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 14c31fa8a..25a573887 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -28,6 +28,22 @@ <children> #include <include/interface/description.xml.i> #include <include/interface/disable.xml.i> + <node name="ip"> + <properties> + <help>IPv4 routing parameters</help> + </properties> + <children> + #include <include/interface/disable-forwarding.xml.i> + </children> + </node> + <node name="ipv6"> + <properties> + <help>IPv6 routing parameters</help> + </properties> + <children> + #include <include/interface/disable-forwarding.xml.i> + </children> + </node> <node name="protocols"> <properties> <help>Routing protocol parameters</help> diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in index eac63fa6b..8af0dcfb6 100644 --- a/interface-definitions/zone-policy.xml.in +++ b/interface-definitions/zone-policy.xml.in @@ -14,7 +14,7 @@ <description>Zone name</description> </valueHelp> <constraint> - <regex>^[a-zA-Z0-9][\w\-\.]*$</regex> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> </constraint> </properties> <children> @@ -34,7 +34,7 @@ <description>Drop and notify source</description> </valueHelp> <constraint> - <regex>^(drop|reject)$</regex> + <regex>(drop|reject)</regex> </constraint> </properties> <defaultValue>drop</defaultValue> @@ -105,7 +105,7 @@ <description>Drop silently</description> </valueHelp> <constraint> - <regex>^(accept|drop)$</regex> + <regex>(accept|drop)</regex> </constraint> </properties> </leafNode> diff --git a/op-mode-definitions/containers.xml.in b/op-mode-definitions/container.xml.in index b2b318786..fa66402dc 100644 --- a/op-mode-definitions/containers.xml.in +++ b/op-mode-definitions/container.xml.in @@ -11,7 +11,7 @@ <properties> <help>Pull a new image for container</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/containers_op.py --pull "${4}"</command> + <command>sudo podman image pull "${4}"</command> </tagNode> </children> </node> @@ -44,7 +44,51 @@ <script>sudo podman image ls -q</script> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/containers_op.py --remove "${4}"</command> + <command>sudo podman image rm --force "${4}"</command> + </tagNode> + </children> + </node> + </children> + </node> + <node name="generate"> + <children> + <node name="container"> + <properties> + <help>Generate Container Image</help> + </properties> + <children> + <tagNode name="image"> + <properties> + <help>Name of container image (tag)</help> + </properties> + <children> + <tagNode name="path"> + <properties> + <help>Path to Dockerfile</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo podman build --layers --force-rm --tag "$4" $6</command> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + <node name="monitor"> + <children> + <node name="log"> + <children> + <tagNode name="container"> + <properties> + <help>Monitor last lines of container logs</help> + <completionHelp> + <path>container name</path> + </completionHelp> + </properties> + <command>sudo podman logs --follow --names "$4"</command> </tagNode> </children> </node> @@ -56,13 +100,13 @@ <properties> <help>Show containers</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/containers_op.py --all</command> + <command>sudo podman ps --all</command> <children> <leafNode name="image"> <properties> - <help>Delete container image</help> + <help>Show container image</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/containers_op.py --image</command> + <command>sudo podman image ls</command> </leafNode> <tagNode name="log"> <properties> @@ -77,7 +121,7 @@ <properties> <help>Show available container networks</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/containers_op.py --networks</command> + <command>sudo podman network ls</command> </leafNode> </children> </node> @@ -118,12 +162,12 @@ <children> <tagNode name="image"> <properties> - <help>Delete container image</help> + <help>Update container image</help> <completionHelp> <path>container name</path> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/containers_op.py --update "${4}"</command> + <command>if cli-shell-api existsActive container name "$4"; then sudo podman pull $(cli-shell-api returnActiveValue container name "$4" image); else echo "Container $4 does not exist"; fi</command> </tagNode> </children> </node> diff --git a/op-mode-definitions/generate-openconnect-user-key.xml.in b/op-mode-definitions/generate-openconnect-user-key.xml.in new file mode 100644 index 000000000..80cdfb3d7 --- /dev/null +++ b/op-mode-definitions/generate-openconnect-user-key.xml.in @@ -0,0 +1,67 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="generate"> + <children> + <node name="openconnect"> + <properties> + <help>Generate OpenConnect client parameters</help> + </properties> + <children> + <tagNode name="username"> + <properties> + <help>Username used for authentication</help> + <completionHelp> + <list><username></list> + </completionHelp> + </properties> + <children> + <node name="otp-key"> + <properties> + <help>Generate OpenConnect OTP token</help> + </properties> + <children> + <node name="hotp-time"> + <properties> + <help>HOTP time-based token</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval 30 --digits 6</command> + <children> + <tagNode name="interval"> + <properties> + <help>Duration of single time interval</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "$8" --digits 6</command> + <children> + <tagNode name="digits"> + <properties> + <help>The number of digits in the one-time password</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "$8" --digits "${10}"</command> + </tagNode> + </children> + </tagNode> + <tagNode name="digits"> + <properties> + <help>The number of digits in the one-time password</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval 30 --digits "$8"</command> + <children> + <tagNode name="interval"> + <properties> + <help>Duration of single time interval</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/generate_openconnect_otp_key.py --username "$4" --interval "${10}" --digits $8</command> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in index cbdf76fc3..6f82ce611 100644 --- a/op-mode-definitions/monitor-log.xml.in +++ b/op-mode-definitions/monitor-log.xml.in @@ -6,13 +6,96 @@ <properties> <help>Monitor last lines of messages file</help> </properties> - <command>tail --follow=name /var/log/messages</command> + <command>journalctl --no-hostname --follow --boot</command> <children> <node name="colored"> <properties> <help>Output log in a colored fashion</help> </properties> - <command>grc tail --follow=name /var/log/messages</command> + <command>grc journalctl --no-hostname --follow --boot</command> + </node> + <node name="dhcp"> + <properties> + <help>Show log for Dynamic Host Control Protocol (DHCP)</help> + </properties> + <children> + <node name="server"> + <properties> + <help>Show log for DHCP server</help> + </properties> + <command>journalctl --no-hostname --follow --boot --unit isc-dhcp-server.service</command> + </node> + <node name="client"> + <properties> + <help>Show DHCP client logs</help> + </properties> + <command>journalctl --no-hostname --follow --boot --unit "dhclient@*.service"</command> + <children> + <tagNode name="interface"> + <properties> + <help>Show DHCP client log on specific interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --broadcast</script> + </completionHelp> + </properties> + <command>journalctl --no-hostname --follow --boot --unit "dhclient@$6.service"</command> + </tagNode> + </children> + </node> + </children> + </node> + <node name="dhcpv6"> + <properties> + <help>Show log for Dynamic Host Control Protocol IPv6 (DHCPv6)</help> + </properties> + <children> + <node name="server"> + <properties> + <help>Show log for DHCPv6 server</help> + </properties> + <command>journalctl --no-hostname --follow --boot --unit isc-dhcp-server6.service</command> + </node> + <node name="client"> + <properties> + <help>Show DHCPv6 client logs</help> + </properties> + <command>journalctl --no-hostname --follow --boot --unit "dhcp6c@*.service"</command> + <children> + <tagNode name="interface"> + <properties> + <help>Show DHCPv6 client log on specific interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <command>journalctl --no-hostname --follow --boot --unit "dhcp6c@$6.service"</command> + </tagNode> + </children> + </node> + </children> + </node> + <leafNode name="kernel"> + <properties> + <help>Monitor last lines of Linux Kernel log</help> + </properties> + <command>journalctl --no-hostname --boot --follow --dmesg</command> + </leafNode> + <node name="pppoe"> + <properties> + <help>Monitor last lines of PPPoE log</help> + </properties> + <command>journalctl --no-hostname --boot --follow --unit "ppp@pppoe*.service"</command> + <children> + <tagNode name="interface"> + <properties> + <help>Monitor last lines of PPPoE log for specific interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -t pppoe</script> + </completionHelp> + </properties> + <command>journalctl --no-hostname --boot --follow --unit "ppp@$6.service"</command> + </tagNode> + </children> </node> <node name="protocol"> <properties> @@ -23,67 +106,67 @@ <properties> <help>Monitor log for OSPF</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/ospfd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ospfd</command> </leafNode> <leafNode name="ospfv3"> <properties> <help>Monitor log for OSPF for IPv6</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/ospf6d</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ospf6d</command> </leafNode> <leafNode name="bgp"> <properties> <help>Monitor log for BGP</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/bgpd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/bgpd</command> </leafNode> <leafNode name="rip"> <properties> <help>Monitor log for RIP</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/ripd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ripd</command> </leafNode> <leafNode name="ripng"> <properties> <help>Monitor log for RIPng</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/ripngd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ripngd</command> </leafNode> <leafNode name="static"> <properties> <help>Monitor log for static route</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/staticd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/staticd</command> </leafNode> <leafNode name="multicast"> <properties> <help>Monitor log for Multicast protocol</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/pimd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/pimd</command> </leafNode> <leafNode name="isis"> <properties> <help>Monitor log for ISIS</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/isisd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/isisd</command> </leafNode> <leafNode name="nhrp"> <properties> <help>Monitor log for NHRP</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/nhrpd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/nhrpd</command> </leafNode> <leafNode name="bfd"> <properties> <help>Monitor log for BFD</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/bfdd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/bfdd</command> </leafNode> <leafNode name="mpls"> <properties> <help>Monitor log for MPLS</help> </properties> - <command>journalctl --follow --boot /usr/lib/frr/ldpd</command> + <command>journalctl --follow --no-hostname --boot /usr/lib/frr/ldpd</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index 15bbc7f42..954369712 100644 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -179,9 +179,9 @@ </tagNode> <leafNode name="kernel"> <properties> - <help>Show messages in kernel ring buffer</help> + <help>Show log for Linux Kernel</help> </properties> - <command>sudo dmesg</command> + <command>journalctl --no-hostname --boot --dmesg</command> </leafNode> <leafNode name="lldp"> <properties> @@ -212,6 +212,23 @@ </tagNode> </children> </node> + <node name="pppoe"> + <properties> + <help>Show log for PPPoE</help> + </properties> + <command>journalctl --no-hostname --boot --unit "ppp@pppoe*.service"</command> + <children> + <tagNode name="interface"> + <properties> + <help>Show PPPoE log on specific interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -t pppoe</script> + </completionHelp> + </properties> + <command>journalctl --no-hostname --boot --unit "ppp@$6.service"</command> + </tagNode> + </children> + </node> <node name="protocol"> <properties> <help>Show log for Routing Protocols</help> diff --git a/op-mode-definitions/traceroute.xml.in b/op-mode-definitions/traceroute.xml.in index e3217235c..aba0f45e3 100644 --- a/op-mode-definitions/traceroute.xml.in +++ b/op-mode-definitions/traceroute.xml.in @@ -2,226 +2,22 @@ <interfaceDefinition> <tagNode name="traceroute"> <properties> - <help>Track network path to node</help> - <completionHelp> - <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> - </completionHelp> - </properties> - <command>/usr/bin/traceroute "$2"</command> - </tagNode> - <node name="traceroute"> - <properties> - <help>Track network path to node</help> + <help>Trace network path to node</help> <completionHelp> <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> + <command>${vyos_op_scripts_dir}/traceroute.py ${@:2}</command> <children> - <tagNode name="ipv4"> + <leafNode name="node.tag"> <properties> - <help>Explicitly use IPv4 when tracing the path</help> + <help>Traceroute options</help> <completionHelp> - <list><hostname> <x.x.x.x></list> + <script>${vyos_op_scripts_dir}/traceroute.py --get-options "${COMP_WORDS[@]}"</script> </completionHelp> </properties> - <command>/usr/bin/traceroute -4 "$3"</command> - <children> - <node name="tcp"> - <properties> - <help>Route tracing and port detection using TCP</help> - </properties> - <command>sudo /usr/bin/tcptraceroute "$3" </command> - <children> - <tagNode name="port"> - <properties> - <help>TCP port to connect to for path tracing</help> - <completionHelp> - <list>0-65535</list> - </completionHelp> - </properties> - <command>sudo /usr/bin/tcptraceroute "$3" $6</command> - </tagNode> - </children> - </node> - </children> - </tagNode> - <tagNode name="ipv6"> - <properties> - <help>Explicitly use IPv6 when tracing the path</help> - <completionHelp> - <list><hostname> <h:h:h:h:h:h:h:h></list> - </completionHelp> - </properties> - <command>/usr/bin/traceroute -6 "$3"</command> - <children> - <node name="tcp"> - <properties> - <help>Use TCP/IPv6 packets to perform a traceroute</help> - </properties> - <command>sudo /usr/bin/tcptraceroute6 "$3" </command> - <children> - <tagNode name="port"> - <properties> - <help>TCP port to connect to for path tracing</help> - <completionHelp> - <list>0-65535</list> - </completionHelp> - </properties> - <command>sudo /usr/bin/tcptraceroute6 "$3" $6</command> - </tagNode> - </children> - </node> - </children> - </tagNode> - <tagNode name="vrf"> - <properties> - <help>Track network path to specified node via given VRF</help> - <completionHelp> - <path>vrf name</path> - </completionHelp> - </properties> - <children> - <!-- we need an empty tagNode to pass in a plain fqdn/ip address and - let traceroute decide how to handle this parameter --> - <tagNode name=""> - <properties> - <help>Track network path to specified node via given VRF</help> - <completionHelp> - <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> - </completionHelp> - </properties> - <command>sudo ip vrf exec "$3" /usr/bin/traceroute "$4"</command> - </tagNode> - <tagNode name="ipv4"> - <properties> - <help>Explicitly use IPv4 when tracing the path via given VRF</help> - <completionHelp> - <list><hostname> <x.x.x.x></list> - </completionHelp> - </properties> - <command>sudo ip vrf exec "$3" /usr/bin/traceroute -4 "$5"</command> - <children> - <node name="tcp"> - <properties> - <help>Route tracing and port detection using TCP</help> - </properties> - <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" </command> - <children> - <tagNode name="port"> - <properties> - <help>TCP port to connect to for path tracing</help> - <completionHelp> - <list>0-65535</list> - </completionHelp> - </properties> - <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" $8</command> - </tagNode> - </children> - </node> - </children> - </tagNode> - <tagNode name="ipv6"> - <properties> - <help>Explicitly use IPv6 when tracing the path via given VRF</help> - <completionHelp> - <list><hostname> <h:h:h:h:h:h:h:h></list> - </completionHelp> - </properties> - <command>sudo ip vrf exec "$3" /usr/bin/traceroute -6 "$5"</command> - <children> - <node name="tcp"> - <properties> - <help>Use TCP/IPv6 packets to perform a traceroute</help> - </properties> - <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" </command> - <children> - <tagNode name="port"> - <properties> - <help>TCP port to connect to for path tracing</help> - <completionHelp> - <list>0-65535</list> - </completionHelp> - </properties> - <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" $8</command> - </tagNode> - </children> - </node> - </children> - </tagNode> - </children> - </tagNode> - </children> - </node> - <node name="monitor"> - <children> - <tagNode name="traceroute"> - <properties> - <help>Monitor path to destination in realtime</help> - <completionHelp> - <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> - </completionHelp> - </properties> - <command>/usr/bin/mtr "$3"</command> - </tagNode> - <node name="traceroute"> - <children> - <tagNode name="ipv4"> - <properties> - <help>IPv4 fully qualified domain name (FQDN)</help> - <completionHelp> - <list><fqdn></list> - </completionHelp> - </properties> - <command>/usr/bin/mtr -4 "$4"</command> - </tagNode> - <tagNode name="ipv6"> - <properties> - <help>IPv6 fully qualified domain name (FQDN)</help> - <completionHelp> - <list><fqdn></list> - </completionHelp> - </properties> - <command>/usr/bin/mtr -6 "$4"</command> - </tagNode> - <tagNode name="vrf"> - <properties> - <help>Monitor path to destination in realtime via given VRF</help> - <completionHelp> - <path>vrf name</path> - </completionHelp> - </properties> - <children> - <tagNode name="ipv4"> - <properties> - <help>IPv4 fully qualified domain name (FQDN)</help> - <completionHelp> - <list><fqdn></list> - </completionHelp> - </properties> - <command>sudo ip vrf exec "$4" /usr/bin/mtr -4 "$6"</command> - </tagNode> - <tagNode name="ipv6"> - <properties> - <help>IPv6 fully qualified domain name (FQDN)</help> - <completionHelp> - <list><fqdn></list> - </completionHelp> - </properties> - <command>sudo ip vrf exec "$4" /usr/bin/mtr -6 "$6"</command> - </tagNode> - <tagNode name=""> - <properties> - <help>Track network path to specified node via given VRF</help> - <completionHelp> - <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> - </completionHelp> - </properties> - <command>sudo ip vrf exec "$4" /usr/bin/mtr "$5"</command> - </tagNode> - </children> - </tagNode> - </children> - </node> + <command>${vyos_op_scripts_dir}/traceroute.py ${@:2}</command> + </leafNode> </children> - </node> + </tagNode> </interfaceDefinition> diff --git a/python/vyos/config.py b/python/vyos/config.py index 858c7bdd7..287fd2ed1 100644 --- a/python/vyos/config.py +++ b/python/vyos/config.py @@ -156,26 +156,28 @@ class Config(object): """ if self._session_config is None: return False + + # Assume the path is a node path first if self._session_config.exists(self._make_path(path)): return True - # libvyosconfig exists() works only for _nodes_, not _values_ - # libvyattacfg also worked for values, so we emulate that case here - if isinstance(path, str): - path = re.split(r'\s+', path) - path_without_value = path[:-1] - path_str = " ".join(path_without_value) - try: - value = self._session_config.return_value(self._make_path(path_str)) - values = self._session_config.return_values(self._make_path(path_str)) - except vyos.configtree.ConfigTreeError: - # node/value doesn't exist - return False - if value and path[-1] == value: - return True - if isinstance(values, list) and path[-1] in values: - return True + else: + # If that check fails, it may mean the path has a value at the end. + # libvyosconfig exists() works only for _nodes_, not _values_ + # libvyattacfg also worked for values, so we emulate that case here + if isinstance(path, str): + path = re.split(r'\s+', path) + path_without_value = path[:-1] + try: + # return_values() is safe to use with single-value nodes, + # it simply returns a single-item list in that case. + values = self._session_config.return_values(self._make_path(path_without_value)) - return False + # If we got this far, the node does exist and has values, + # so we need to check if it has the value in question among its values. + return (path[-1] in values) + except vyos.configtree.ConfigTreeError: + # Even the parent node doesn't exist at all + return False def session_changed(self): """ @@ -402,26 +404,29 @@ class Config(object): """ if self._running_config is None: return False + + # Assume the path is a node path first if self._running_config.exists(self._make_path(path)): return True - # libvyosconfig exists() works only for _nodes_, not _values_ - # libvyattacfg also worked for values, so we emulate that case here - if isinstance(path, str): - path = re.split(r'\s+', path) - path_without_value = path[:-1] - path_str = " ".join(path_without_value) - try: - value = self._running_config.return_value(self._make_path(path_str)) - values = self._running_config.return_values(self._make_path(path_str)) - except vyos.configtree.ConfigTreeError: - # node/value doesn't exist - return False - if value and path[-1] == value: - return True - if isinstance(values, list) and path[-1] in values: - return True + else: + # If that check fails, it may mean the path has a value at the end. + # libvyosconfig exists() works only for _nodes_, not _values_ + # libvyattacfg also worked for values, so we emulate that case here + if isinstance(path, str): + path = re.split(r'\s+', path) + path_without_value = path[:-1] + try: + # return_values() is safe to use with single-value nodes, + # it simply returns a single-item list in that case. + values = self._running_config.return_values(self._make_path(path_without_value)) + + # If we got this far, the node does exist and has values, + # so we need to check if it has the value in question among its values. + return (path[-1] in values) + except vyos.configtree.ConfigTreeError: + # Even the parent node doesn't exist at all + return False - return False def return_effective_value(self, path, default=None): """ diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index f50db0c99..04ddc10e9 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2022 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -104,6 +104,11 @@ def list_diff(first, second): second = set(second) return [item for item in first if item not in second] +def is_node_changed(conf, path): + from vyos.configdiff import get_config_diff + D = get_config_diff(conf, key_mangling=('-', '_')) + return D.is_node_changed(path) + def leaf_node_changed(conf, path): """ Check if a leaf node was altered. If it has been altered - values has been @@ -114,7 +119,6 @@ def leaf_node_changed(conf, path): """ from vyos.configdiff import get_config_diff D = get_config_diff(conf, key_mangling=('-', '_')) - D.set_level(conf.get_level()) (new, old) = D.get_value_diff(path) if new != old: if isinstance(old, dict): @@ -133,9 +137,6 @@ def leaf_node_changed(conf, path): elif isinstance(new, type(None)): new = [] return list_diff(old, new) - if old is None and new is not None: - # node was added to the CLI - return True return None @@ -147,12 +148,11 @@ def node_changed(conf, path, key_mangling=None, recursive=False): """ from vyos.configdiff import get_config_diff, Diff D = get_config_diff(conf, key_mangling) - D.set_level(conf.get_level()) # get_child_nodes() will return dict_keys(), mangle this into a list with PEP448 keys = D.get_child_nodes_diff(path, expand_nodes=Diff.DELETE, recursive=recursive)['delete'].keys() return list(keys) -def get_removed_vlans(conf, dict): +def get_removed_vlans(conf, path, dict): """ Common function to parse a dictionary retrieved via get_config_dict() and determine any added/removed VLAN interfaces - be it 802.1q or Q-in-Q. @@ -162,16 +162,17 @@ def get_removed_vlans(conf, dict): # Check vif, vif-s/vif-c VLAN interfaces for removal D = get_config_diff(conf, key_mangling=('-', '_')) D.set_level(conf.get_level()) + # get_child_nodes() will return dict_keys(), mangle this into a list with PEP448 - keys = D.get_child_nodes_diff(['vif'], expand_nodes=Diff.DELETE)['delete'].keys() + keys = D.get_child_nodes_diff(path + ['vif'], expand_nodes=Diff.DELETE)['delete'].keys() if keys: dict['vif_remove'] = [*keys] # get_child_nodes() will return dict_keys(), mangle this into a list with PEP448 - keys = D.get_child_nodes_diff(['vif-s'], expand_nodes=Diff.DELETE)['delete'].keys() + keys = D.get_child_nodes_diff(path + ['vif-s'], expand_nodes=Diff.DELETE)['delete'].keys() if keys: dict['vif_s_remove'] = [*keys] for vif in dict.get('vif_s', {}).keys(): - keys = D.get_child_nodes_diff(['vif-s', vif, 'vif-c'], expand_nodes=Diff.DELETE)['delete'].keys() + keys = D.get_child_nodes_diff(path + ['vif-s', vif, 'vif-c'], expand_nodes=Diff.DELETE)['delete'].keys() if keys: dict['vif_s'][vif]['vif_c_remove'] = [*keys] return dict @@ -215,10 +216,6 @@ def is_member(conf, interface, intftype=None): intftype = intftypes if intftype == None else [intftype] - # set config level to root - old_level = conf.get_level() - conf.set_level([]) - for iftype in intftype: base = ['interfaces', iftype] for intf in conf.list_nodes(base): @@ -228,7 +225,6 @@ def is_member(conf, interface, intftype=None): get_first_key=True, no_tag_node_value_mangle=True) ret_val.update({intf : tmp}) - old_level = conf.set_level(old_level) return ret_val def is_mirror_intf(conf, interface, direction=None): @@ -250,8 +246,6 @@ def is_mirror_intf(conf, interface, direction=None): direction = directions if direction == None else [direction] ret_val = None - old_level = conf.get_level() - conf.set_level([]) base = ['interfaces'] for dir in direction: @@ -265,7 +259,6 @@ def is_mirror_intf(conf, interface, direction=None): get_first_key=True) ret_val = {intf : tmp} - old_level = conf.set_level(old_level) return ret_val def has_vlan_subinterface_configured(conf, intf): @@ -279,15 +272,11 @@ def has_vlan_subinterface_configured(conf, intf): from vyos.ifconfig import Section ret = False - old_level = conf.get_level() - conf.set_level([]) - intfpath = ['interfaces', Section.section(intf), intf] if ( conf.exists(intfpath + ['vif']) or conf.exists(intfpath + ['vif-s'])): ret = True - conf.set_level(old_level) return ret def is_source_interface(conf, interface, intftype=None): @@ -309,11 +298,6 @@ def is_source_interface(conf, interface, intftype=None): 'have a source-interface') intftype = intftypes if intftype == None else [intftype] - - # set config level to root - old_level = conf.get_level() - conf.set_level([]) - for it in intftype: base = ['interfaces', it] for intf in conf.list_nodes(base): @@ -322,7 +306,6 @@ def is_source_interface(conf, interface, intftype=None): ret_val = intf break - old_level = conf.set_level(old_level) return ret_val def get_dhcp_interfaces(conf, vrf=None): @@ -333,40 +316,67 @@ def get_dhcp_interfaces(conf, vrf=None): if not dict: return dhcp_interfaces - def check_dhcp(config, ifname): + def check_dhcp(config): + ifname = config['ifname'] tmp = {} if 'address' in config and 'dhcp' in config['address']: options = {} - if 'dhcp_options' in config and 'default_route_distance' in config['dhcp_options']: - options.update({'distance' : config['dhcp_options']['default_route_distance']}) + if dict_search('dhcp_options.default_route_distance', config) != None: + options.update({'dhcp_options' : config['dhcp_options']}) if 'vrf' in config: if vrf is config['vrf']: tmp.update({ifname : options}) else: tmp.update({ifname : options}) + return tmp for section, interface in dict.items(): for ifname in interface: + # always reset config level, as get_interface_dict() will alter it + conf.set_level([]) # we already have a dict representation of the config from get_config_dict(), # but with the extended information from get_interface_dict() we also # get the DHCP client default-route-distance default option if not specified. - ifconfig = get_interface_dict(conf, ['interfaces', section], ifname) + _, ifconfig = get_interface_dict(conf, ['interfaces', section], ifname) - tmp = check_dhcp(ifconfig, ifname) + tmp = check_dhcp(ifconfig) dhcp_interfaces.update(tmp) # check per VLAN interfaces for vif, vif_config in ifconfig.get('vif', {}).items(): - tmp = check_dhcp(vif_config, f'{ifname}.{vif}') + tmp = check_dhcp(vif_config) dhcp_interfaces.update(tmp) # check QinQ VLAN interfaces - for vif_s, vif_s_config in ifconfig.get('vif-s', {}).items(): - tmp = check_dhcp(vif_s_config, f'{ifname}.{vif_s}') + for vif_s, vif_s_config in ifconfig.get('vif_s', {}).items(): + tmp = check_dhcp(vif_s_config) dhcp_interfaces.update(tmp) - for vif_c, vif_c_config in vif_s_config.get('vif-c', {}).items(): - tmp = check_dhcp(vif_c_config, f'{ifname}.{vif_s}.{vif_c}') + for vif_c, vif_c_config in vif_s_config.get('vif_c', {}).items(): + tmp = check_dhcp(vif_c_config) dhcp_interfaces.update(tmp) return dhcp_interfaces +def get_pppoe_interfaces(conf, vrf=None): + """ Common helper functions to retrieve all interfaces from current CLI + sessions that have DHCP configured. """ + pppoe_interfaces = {} + for ifname in conf.list_nodes(['interfaces', 'pppoe']): + # always reset config level, as get_interface_dict() will alter it + conf.set_level([]) + # we already have a dict representation of the config from get_config_dict(), + # but with the extended information from get_interface_dict() we also + # get the DHCP client default-route-distance default option if not specified. + ifconfig = get_interface_dict(conf, ['interfaces', 'pppoe'], ifname) + + options = {} + if 'default_route_distance' in ifconfig: + options.update({'default_route_distance' : ifconfig['default_route_distance']}) + if 'no_default_route' in ifconfig: + options.update({'no_default_route' : {}}) + if 'vrf' in ifconfig: + if vrf is ifconfig['vrf']: pppoe_interfaces.update({ifname : options}) + else: pppoe_interfaces.update({ifname : options}) + + return pppoe_interfaces + def get_interface_dict(config, base, ifname=''): """ Common utility function to retrieve and mangle the interfaces configuration @@ -376,7 +386,6 @@ def get_interface_dict(config, base, ifname=''): Return a dictionary with the necessary interface config keys. """ - if not ifname: from vyos import ConfigError # determine tagNode instance @@ -393,9 +402,8 @@ def get_interface_dict(config, base, ifname=''): for vif in ['vif', 'vif_s']: if vif in default_values: del default_values[vif] - # setup config level which is extracted in get_removed_vlans() - config.set_level(base + [ifname]) - dict = config.get_config_dict([], key_mangling=('-', '_'), get_first_key=True, + dict = config.get_config_dict(base + [ifname], key_mangling=('-', '_'), + get_first_key=True, no_tag_node_value_mangle=True) # Check if interface has been removed. We must use exists() as @@ -403,8 +411,8 @@ def get_interface_dict(config, base, ifname=''): # node like the following exists. # +macsec macsec1 { # +} - if not config.exists([]): - dict.update({'deleted' : ''}) + if not config.exists(base + [ifname]): + dict.update({'deleted' : {}}) # Add interface instance name into dictionary dict.update({'ifname': ifname}) @@ -431,7 +439,7 @@ def get_interface_dict(config, base, ifname=''): # XXX: T2665: blend in proper DHCPv6-PD default values dict = T2665_set_dhcpv6pd_defaults(dict) - address = leaf_node_changed(config, ['address']) + address = leaf_node_changed(config, base + [ifname, 'address']) if address: dict.update({'address_old' : address}) # Check if we are a member of a bridge device @@ -462,10 +470,10 @@ def get_interface_dict(config, base, ifname=''): tmp = is_member(config, dict['source_interface'], 'bonding') if tmp: dict.update({'source_interface_is_bond_member' : tmp}) - mac = leaf_node_changed(config, ['mac']) + mac = leaf_node_changed(config, base + [ifname, 'mac']) if mac: dict.update({'mac_old' : mac}) - eui64 = leaf_node_changed(config, ['ipv6', 'address', 'eui64']) + eui64 = leaf_node_changed(config, base + [ifname, 'ipv6', 'address', 'eui64']) if eui64: tmp = dict_search('ipv6.address', dict) if not tmp: @@ -477,6 +485,9 @@ def get_interface_dict(config, base, ifname=''): # identical for all types of VLAN interfaces as they all include the same # XML definitions which hold the defaults. for vif, vif_config in dict.get('vif', {}).items(): + # Add subinterface name to dictionary + dict['vif'][vif].update({'ifname' : f'{ifname}.{vif}'}) + default_vif_values = defaults(base + ['vif']) # XXX: T2665: When there is no DHCPv6-PD configuration given, we can safely # remove the default values from the dict. @@ -486,7 +497,7 @@ def get_interface_dict(config, base, ifname=''): # Only add defaults if interface is not about to be deleted - this is # to keep a cleaner config dict. if 'deleted' not in dict: - address = leaf_node_changed(config, ['vif', vif, 'address']) + address = leaf_node_changed(config, base + [ifname, 'vif', vif, 'address']) if address: dict['vif'][vif].update({'address_old' : address}) dict['vif'][vif] = dict_merge(default_vif_values, dict['vif'][vif]) @@ -508,6 +519,9 @@ def get_interface_dict(config, base, ifname=''): if dhcp: dict['vif'][vif].update({'dhcp_options_changed' : ''}) for vif_s, vif_s_config in dict.get('vif_s', {}).items(): + # Add subinterface name to dictionary + dict['vif_s'][vif_s].update({'ifname' : f'{ifname}.{vif_s}'}) + default_vif_s_values = defaults(base + ['vif-s']) # XXX: T2665: we only wan't the vif-s defaults - do not care about vif-c if 'vif_c' in default_vif_s_values: del default_vif_s_values['vif_c'] @@ -520,7 +534,7 @@ def get_interface_dict(config, base, ifname=''): # Only add defaults if interface is not about to be deleted - this is # to keep a cleaner config dict. if 'deleted' not in dict: - address = leaf_node_changed(config, ['vif-s', vif_s, 'address']) + address = leaf_node_changed(config, base + [ifname, 'vif-s', vif_s, 'address']) if address: dict['vif_s'][vif_s].update({'address_old' : address}) dict['vif_s'][vif_s] = dict_merge(default_vif_s_values, @@ -544,6 +558,9 @@ def get_interface_dict(config, base, ifname=''): if dhcp: dict['vif_s'][vif_s].update({'dhcp_options_changed' : ''}) for vif_c, vif_c_config in vif_s_config.get('vif_c', {}).items(): + # Add subinterface name to dictionary + dict['vif_s'][vif_s]['vif_c'][vif_c].update({'ifname' : f'{ifname}.{vif_s}.{vif_c}'}) + default_vif_c_values = defaults(base + ['vif-s', 'vif-c']) # XXX: T2665: When there is no DHCPv6-PD configuration given, we can safely @@ -554,7 +571,7 @@ def get_interface_dict(config, base, ifname=''): # Only add defaults if interface is not about to be deleted - this is # to keep a cleaner config dict. if 'deleted' not in dict: - address = leaf_node_changed(config, ['vif-s', vif_s, 'vif-c', vif_c, 'address']) + address = leaf_node_changed(config, base + [ifname, 'vif-s', vif_s, 'vif-c', vif_c, 'address']) if address: dict['vif_s'][vif_s]['vif_c'][vif_c].update( {'address_old' : address}) @@ -581,8 +598,8 @@ def get_interface_dict(config, base, ifname=''): if dhcp: dict['vif_s'][vif_s]['vif_c'][vif_c].update({'dhcp_options_changed' : ''}) # Check vif, vif-s/vif-c VLAN interfaces for removal - dict = get_removed_vlans(config, dict) - return dict + dict = get_removed_vlans(config, base + [ifname], dict) + return ifname, dict def get_vlan_ids(interface): """ diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 1062d51ee..438485d98 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -1,4 +1,4 @@ -# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2020-2022 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -205,10 +205,10 @@ def verify_mirror_redirect(config): raise ConfigError(f'Requested redirect interface "{redirect_ifname}" '\ 'does not exist!') - if dict_search('traffic_policy.in', config) != None: + if ('mirror' in config or 'redirect' in config) and dict_search('traffic_policy.in', config) is not None: # XXX: support combination of limiting and redirect/mirror - this is an # artificial limitation - raise ConfigError('Can not use ingress policy tigether with mirror or redirect!') + raise ConfigError('Can not use ingress policy together with mirror or redirect!') def verify_authentication(config): """ diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index ff8623592..04fd44173 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -49,6 +49,15 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): if states: output.append(f'ct state {{{states}}}') + if 'connection_status' in rule_conf and rule_conf['connection_status']: + status = rule_conf['connection_status'] + if status['nat'] == 'destination': + nat_status = '{dnat}' + output.append(f'ct status {nat_status}') + if status['nat'] == 'source': + nat_status = '{snat}' + output.append(f'ct status {nat_status}') + if 'protocol' in rule_conf and rule_conf['protocol'] != 'all': proto = rule_conf['protocol'] operator = '' diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index ea7497e92..22441d1d2 100755 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -1587,12 +1587,10 @@ class Interface(Control): tmp['source_interface'] = ifname tmp['vlan_id'] = vif_s_id - vif_s_ifname = f'{ifname}.{vif_s_id}' - vif_s_config['ifname'] = vif_s_ifname - # It is not possible to change the VLAN encapsulation protocol # "on-the-fly". For this "quirk" we need to actively delete and # re-create the VIF-S interface. + vif_s_ifname = f'{ifname}.{vif_s_id}' if self.exists(vif_s_ifname): cur_cfg = get_interface_config(vif_s_ifname) protocol = dict_search('linkinfo.info_data.protocol', cur_cfg).lower() @@ -1614,7 +1612,6 @@ class Interface(Control): tmp['vlan_id'] = vif_c_id vif_c_ifname = f'{vif_s_ifname}.{vif_c_id}' - vif_c_config['ifname'] = vif_c_ifname c_vlan = VLANIf(vif_c_ifname, **tmp) c_vlan.update(vif_c_config) @@ -1625,10 +1622,7 @@ class Interface(Control): # create/update 802.1q VLAN interfaces for vif_id, vif_config in config.get('vif', {}).items(): - vif_ifname = f'{ifname}.{vif_id}' - vif_config['ifname'] = vif_ifname - tmp = deepcopy(VLANIf.get_config()) tmp['source_interface'] = ifname tmp['vlan_id'] = vif_id diff --git a/python/vyos/ifconfig/pppoe.py b/python/vyos/ifconfig/pppoe.py index 1d13264bf..63ffc8069 100644 --- a/python/vyos/ifconfig/pppoe.py +++ b/python/vyos/ifconfig/pppoe.py @@ -27,12 +27,13 @@ class PPPoEIf(Interface): }, } - def _remove_routes(self, vrf=''): + def _remove_routes(self, vrf=None): # Always delete default routes when interface is removed + vrf_cmd = '' if vrf: - vrf = f'-c "vrf {vrf}"' - self._cmd(f'vtysh -c "conf t" {vrf} -c "no ip route 0.0.0.0/0 {self.ifname} tag 210"') - self._cmd(f'vtysh -c "conf t" {vrf} -c "no ipv6 route ::/0 {self.ifname} tag 210"') + vrf_cmd = f'-c "vrf {vrf}"' + self._cmd(f'vtysh -c "conf t" {vrf_cmd} -c "no ip route 0.0.0.0/0 {self.ifname} tag 210"') + self._cmd(f'vtysh -c "conf t" {vrf_cmd} -c "no ipv6 route ::/0 {self.ifname} tag 210"') def remove(self): """ @@ -44,11 +45,11 @@ class PPPoEIf(Interface): >>> i = Interface('pppoe0') >>> i.remove() """ - + vrf = None tmp = get_interface_config(self.ifname) - vrf = '' if 'master' in tmp: - self._remove_routes(tmp['master']) + vrf = tmp['master'] + self._remove_routes(vrf) # remove bond master which places members in disabled state super().remove() @@ -84,10 +85,12 @@ class PPPoEIf(Interface): self._config = config # remove old routes from an e.g. old VRF assignment - vrf = '' - if 'vrf_old' in config: - vrf = config['vrf_old'] - self._remove_routes(vrf) + if 'shutdown_required': + vrf = None + tmp = get_interface_config(self.ifname) + if 'master' in tmp: + vrf = tmp['master'] + self._remove_routes(vrf) # DHCPv6 PD handling is a bit different on PPPoE interfaces, as we do # not require an 'address dhcpv6' CLI option as with other interfaces @@ -98,54 +101,15 @@ class PPPoEIf(Interface): super().update(config) - if 'default_route' not in config or config['default_route'] == 'none': - return - - # - # Set default routes pointing to pppoe interface - # - vrf = '' - sed_opt = '^ip route' - - install_v4 = True - install_v6 = True - # generate proper configuration string when VRFs are in use + vrf = '' if 'vrf' in config: tmp = config['vrf'] vrf = f'-c "vrf {tmp}"' - sed_opt = f'vrf {tmp}' - - if config['default_route'] == 'auto': - # only add route if there is no default route present - tmp = self._cmd(f'vtysh -c "show running-config staticd no-header" | sed -n "/{sed_opt}/,/!/p"') - for line in tmp.splitlines(): - line = line.lstrip() - if line.startswith('ip route 0.0.0.0/0'): - install_v4 = False - continue - - if 'ipv6' in config and line.startswith('ipv6 route ::/0'): - install_v6 = False - continue - - elif config['default_route'] == 'force': - # Force means that all static routes are replaced with the ones from this interface - tmp = self._cmd(f'vtysh -c "show running-config staticd no-header" | sed -n "/{sed_opt}/,/!/p"') - for line in tmp.splitlines(): - if self.ifname in line: - # It makes no sense to remove a route with our interface and the later re-add it. - # This will only make traffic disappear - which is a no-no! - continue - - line = line.lstrip() - if line.startswith('ip route 0.0.0.0/0'): - self._cmd(f'vtysh -c "conf t" {vrf} -c "no {line}"') - - if 'ipv6' in config and line.startswith('ipv6 route ::/0'): - self._cmd(f'vtysh -c "conf t" {vrf} -c "no {line}"') - - if install_v4: - self._cmd(f'vtysh -c "conf t" {vrf} -c "ip route 0.0.0.0/0 {self.ifname} tag 210"') - if install_v6 and 'ipv6' in config: - self._cmd(f'vtysh -c "conf t" {vrf} -c "ipv6 route ::/0 {self.ifname} tag 210"') + + if 'no_default_route' not in config: + # Set default route(s) pointing to PPPoE interface + distance = config['default_route_distance'] + self._cmd(f'vtysh -c "conf t" {vrf} -c "ip route 0.0.0.0/0 {self.ifname} tag 210 {distance}"') + if 'ipv6' in config: + self._cmd(f'vtysh -c "conf t" {vrf} -c "ipv6 route ::/0 {self.ifname} tag 210 {distance}"') diff --git a/smoketest/configs.no-load/firewall-big b/smoketest/configs.no-load/firewall-big new file mode 100644 index 000000000..94b0c6dd5 --- /dev/null +++ b/smoketest/configs.no-load/firewall-big @@ -0,0 +1,43440 @@ +firewall { + all-ping enable + broadcast-ping disable + config-trap disable + group { + address-group CENTREON_SERVERS { + address 109.228.63.82 + } + address-group CLUSTER_ADDRESSES { + address 10.255.255.4 + address 10.255.255.5 + address 77.68.76.16 + address 77.68.77.16 + address 172.16.255.254 + address 77.68.76.14 + address 77.68.77.14 + address 77.68.76.13 + address 77.68.77.13 + address 77.68.76.12 + address 77.68.77.12 + address 77.68.77.67 + address 77.68.77.103 + address 77.68.77.130 + address 77.68.76.245 + address 77.68.77.85 + address 77.68.76.45 + address 77.68.77.144 + address 77.68.77.105 + address 77.68.76.122 + address 77.68.76.104 + address 77.68.77.115 + address 77.68.77.178 + address 77.68.76.239 + address 77.68.76.30 + address 77.68.77.249 + address 77.68.76.59 + address 77.68.77.44 + address 77.68.77.200 + address 77.68.77.228 + address 77.68.76.191 + address 77.68.76.102 + address 77.68.77.26 + address 77.68.76.152 + address 77.68.77.212 + address 77.68.76.142 + address 77.68.76.60 + address 77.68.77.253 + address 77.68.76.54 + address 77.68.76.33 + address 77.68.77.114 + address 77.68.77.176 + address 77.68.77.219 + address 77.68.77.19 + address 77.68.77.22 + address 77.68.77.248 + address 77.68.76.161 + address 77.68.77.56 + address 77.68.77.129 + address 77.68.77.140 + address 77.68.76.177 + address 77.68.77.117 + address 77.68.77.108 + address 77.68.76.50 + address 77.68.76.217 + address 77.68.77.160 + address 77.68.77.30 + address 77.68.77.21 + address 77.68.76.29 + address 77.68.76.158 + address 77.68.76.203 + address 77.68.77.243 + address 77.68.77.54 + address 77.68.76.22 + address 77.68.76.25 + address 77.68.76.21 + address 77.68.77.221 + address 77.68.77.76 + address 77.68.76.127 + address 77.68.77.139 + address 77.68.77.240 + address 77.68.76.39 + address 77.68.76.149 + address 77.68.77.57 + address 77.68.77.185 + address 77.68.76.116 + address 77.68.76.160 + address 77.68.77.70 + address 77.68.77.149 + address 77.68.76.57 + address 77.68.76.115 + address 77.68.76.200 + address 77.68.76.23 + address 77.68.77.46 + address 77.68.76.198 + address 77.68.77.141 + address 77.68.77.50 + address 77.68.77.128 + address 77.68.77.88 + address 77.68.76.80 + address 77.68.76.35 + address 77.68.77.204 + address 77.68.77.201 + address 77.68.77.97 + address 77.68.76.195 + address 77.68.76.202 + address 77.68.76.157 + address 77.68.77.159 + address 77.68.76.118 + address 77.68.76.38 + address 77.68.77.203 + address 77.68.77.233 + address 77.68.77.163 + address 77.68.77.49 + address 77.68.76.58 + address 77.68.77.171 + address 77.68.77.150 + address 77.68.77.199 + address 77.68.76.220 + address 77.68.77.156 + address 77.68.76.248 + address 77.68.76.171 + address 77.68.76.212 + address 77.68.77.132 + address 77.68.77.81 + address 77.68.76.37 + address 77.68.76.197 + address 77.68.76.20 + address 77.68.76.99 + address 77.68.77.211 + address 77.68.77.236 + address 77.68.76.252 + address 77.68.77.32 + address 77.68.77.247 + address 77.68.76.209 + address 77.68.77.202 + address 77.68.76.247 + address 77.68.77.99 + address 77.68.76.169 + address 77.68.76.95 + address 77.68.76.187 + address 77.68.77.222 + address 77.68.77.53 + address 77.68.77.124 + address 77.68.76.61 + address 77.68.77.43 + address 77.68.76.94 + address 77.68.77.165 + address 77.68.77.152 + address 77.68.76.44 + address 77.68.76.47 + address 77.68.76.74 + address 77.68.76.55 + address 77.68.77.75 + address 77.68.77.239 + address 77.68.76.75 + address 77.68.77.71 + address 77.68.76.145 + address 77.68.77.145 + address 77.68.77.68 + address 77.68.76.126 + address 77.68.76.88 + address 77.68.77.181 + address 77.68.76.112 + address 77.68.77.33 + address 77.68.77.137 + address 77.68.77.92 + address 77.68.76.111 + address 77.68.76.185 + address 77.68.76.208 + address 77.68.76.150 + address 77.68.77.208 + address 77.68.76.42 + address 77.68.76.164 + address 77.68.77.207 + address 77.68.76.49 + address 77.68.77.227 + address 77.68.76.136 + address 77.68.76.77 + address 77.68.76.123 + address 77.68.76.31 + address 77.68.76.148 + address 77.68.77.120 + address 77.68.76.183 + address 77.68.77.107 + address 77.68.76.141 + address 77.68.76.105 + address 77.68.76.251 + address 77.68.76.249 + address 77.68.77.59 + address 77.68.77.37 + address 77.68.77.65 + address 77.68.76.231 + address 77.68.77.24 + address 77.68.77.63 + address 77.68.76.234 + address 77.68.76.93 + address 77.68.77.77 + address 77.68.77.151 + address 77.68.76.235 + address 77.68.77.95 + address 77.68.77.190 + address 77.68.76.91 + address 77.68.77.79 + address 77.68.77.100 + address 77.68.76.241 + address 77.68.77.209 + address 77.68.76.110 + address 77.68.76.40 + address 77.68.76.76 + address 77.68.76.124 + address 77.68.77.234 + address 77.68.76.219 + address 77.68.77.90 + address 77.68.76.107 + address 77.68.76.26 + address 77.68.76.211 + address 77.68.76.19 + address 77.68.77.231 + address 77.68.76.254 + address 77.68.77.251 + address 77.68.77.74 + address 77.68.77.192 + address 77.68.76.253 + address 77.68.77.214 + address 77.68.76.92 + address 77.68.76.250 + address 77.68.77.215 + address 77.68.76.165 + address 77.68.77.254 + address 77.68.76.120 + address 77.68.76.228 + address 77.68.77.157 + address 77.68.77.205 + address 77.68.76.138 + address 77.68.77.102 + address 77.68.76.181 + address 77.68.76.139 + address 77.68.76.243 + address 77.68.76.244 + address 77.68.76.114 + address 77.68.77.72 + address 77.68.77.161 + address 77.68.77.38 + address 77.68.77.62 + address 77.68.92.186 + address 77.68.91.195 + address 77.68.23.35 + address 77.68.84.155 + address 77.68.17.26 + address 77.68.76.96 + address 77.68.28.145 + address 77.68.76.48 + address 109.228.56.185 + address 77.68.84.147 + address 77.68.23.64 + address 77.68.26.166 + address 77.68.29.178 + address 77.68.12.195 + address 77.68.21.78 + address 77.68.5.166 + address 77.68.5.187 + address 77.68.4.111 + address 77.68.4.22 + address 77.68.7.227 + address 77.68.4.24 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.5.241 + address 77.68.7.222 + address 77.68.4.39 + address 77.68.4.25 + address 77.68.7.160 + address 77.68.27.211 + address 77.68.89.183 + address 77.68.24.59 + address 77.68.7.114 + address 77.68.75.113 + address 77.68.81.44 + address 77.68.90.106 + address 77.68.94.181 + address 77.68.30.164 + address 77.68.30.133 + address 77.68.7.67 + address 77.68.77.174 + address 77.68.27.54 + address 77.68.4.136 + address 77.68.72.202 + address 77.68.112.83 + address 77.68.85.172 + address 77.68.23.158 + address 77.68.112.75 + address 77.68.24.112 + address 77.68.112.213 + address 77.68.72.254 + address 77.68.20.161 + address 77.68.26.216 + address 77.68.112.184 + address 77.68.79.82 + address 77.68.27.57 + address 77.68.20.231 + address 77.68.118.17 + address 77.68.118.120 + address 77.68.117.51 + address 77.68.118.102 + address 77.68.116.119 + address 77.68.117.45 + address 77.68.116.220 + address 77.68.116.232 + address 77.68.117.222 + address 77.68.118.15 + address 77.68.116.221 + address 77.68.116.183 + address 77.68.119.14 + address 77.68.112.91 + address 77.68.117.202 + address 77.68.118.104 + address 77.68.7.172 + address 77.68.83.41 + address 77.68.15.95 + address 77.68.4.57 + address 77.68.85.27 + address 77.68.86.40 + address 77.68.88.164 + address 109.228.56.26 + address 77.68.7.123 + address 77.68.112.248 + address 109.228.60.215 + address 109.228.55.82 + address 77.68.7.186 + address 77.68.6.210 + address 77.68.77.238 + address 77.68.10.142 + address 77.68.31.144 + address 77.68.93.246 + address 77.68.121.127 + address 77.68.121.94 + address 77.68.120.241 + address 77.68.121.106 + address 77.68.122.195 + address 77.68.122.89 + address 77.68.120.146 + address 77.68.120.249 + address 77.68.122.241 + address 77.68.119.92 + address 77.68.120.26 + address 77.68.81.141 + address 77.68.79.206 + address 77.68.116.52 + address 77.68.88.100 + address 77.68.6.105 + address 77.68.78.229 + address 77.68.6.32 + address 77.68.10.170 + address 77.68.76.229 + address 77.68.95.42 + address 77.68.28.207 + address 77.68.17.186 + address 77.68.4.252 + address 77.68.24.220 + address 77.68.2.215 + address 77.68.91.128 + address 77.68.22.146 + address 77.68.23.112 + address 77.68.75.245 + address 77.68.125.218 + address 77.68.125.32 + address 77.68.12.250 + address 109.228.37.174 + address 77.68.127.151 + address 109.228.37.114 + address 109.228.36.229 + address 109.228.37.240 + address 109.228.61.31 + address 109.228.35.110 + address 109.228.39.157 + address 109.228.39.249 + address 109.228.38.171 + address 109.228.40.226 + address 109.228.40.207 + address 109.228.40.247 + address 77.68.126.51 + address 77.68.117.214 + address 77.68.113.117 + address 77.68.117.142 + address 77.68.17.200 + address 77.68.4.242 + address 77.68.86.148 + address 109.228.39.151 + address 109.228.40.194 + address 77.68.114.183 + address 77.68.90.132 + address 77.68.16.247 + address 77.68.6.110 + address 109.228.36.37 + address 77.68.127.172 + address 77.68.14.88 + address 77.68.120.229 + address 213.171.212.203 + address 213.171.213.41 + address 213.171.213.175 + address 213.171.213.97 + address 213.171.212.171 + address 213.171.212.89 + address 213.171.214.96 + address 213.171.212.172 + address 213.171.215.252 + address 213.171.213.242 + address 213.171.213.31 + address 213.171.212.71 + address 213.171.208.58 + address 77.68.25.130 + address 213.171.215.184 + address 77.68.13.76 + address 109.228.56.242 + address 77.68.25.146 + address 109.228.46.81 + address 77.68.77.69 + address 213.171.210.19 + address 77.68.120.45 + address 77.68.116.36 + address 213.171.211.128 + address 77.68.25.124 + address 109.228.48.249 + address 213.171.210.59 + address 213.171.215.43 + address 109.228.40.195 + address 109.228.52.186 + address 77.68.113.164 + address 77.68.114.93 + address 77.68.75.253 + address 109.228.53.243 + address 109.228.36.194 + address 77.68.28.147 + address 77.68.123.250 + address 185.132.36.24 + address 185.132.39.129 + address 185.132.36.142 + address 185.132.39.68 + address 185.132.36.17 + address 185.132.36.148 + address 185.132.37.101 + address 185.132.39.44 + address 185.132.39.37 + address 185.132.37.102 + address 185.132.38.142 + address 185.132.38.114 + address 185.132.38.95 + address 185.132.37.83 + address 185.132.36.7 + address 109.228.40.222 + address 77.68.119.188 + address 77.68.74.85 + address 77.68.91.22 + address 213.171.212.136 + address 185.132.38.216 + address 77.68.120.31 + address 77.68.95.212 + address 109.228.42.232 + address 77.68.13.137 + address 77.68.85.73 + address 77.68.85.115 + address 109.228.36.174 + address 77.68.9.186 + address 77.68.27.18 + address 77.68.27.27 + address 77.68.27.28 + address 77.68.3.80 + address 77.68.3.121 + address 77.68.3.144 + address 77.68.3.161 + address 77.68.3.194 + address 77.68.3.247 + address 77.68.28.139 + address 77.68.81.218 + address 77.68.93.125 + address 77.68.74.39 + address 77.68.78.73 + address 77.68.5.95 + address 77.68.74.152 + address 77.68.87.212 + address 77.68.3.52 + address 77.68.114.136 + address 77.68.125.60 + address 213.171.214.167 + address 77.68.114.234 + address 213.171.213.42 + address 109.228.59.247 + address 185.132.39.99 + address 185.132.39.145 + address 109.228.35.84 + address 185.132.36.60 + address 185.132.40.11 + address 185.132.39.219 + address 77.68.26.221 + address 185.132.40.56 + address 77.68.117.29 + address 185.132.40.90 + address 109.228.38.201 + address 185.132.40.244 + address 77.68.11.140 + address 213.171.210.155 + address 185.132.37.23 + address 213.171.214.234 + address 77.68.77.29 + address 77.68.20.217 + address 185.132.40.152 + address 77.68.9.75 + address 213.171.210.177 + address 185.132.41.72 + address 185.132.41.73 + address 77.68.5.155 + address 185.132.43.6 + address 77.68.75.45 + address 109.228.46.196 + address 185.132.43.28 + address 77.68.89.72 + address 185.132.43.98 + address 77.68.76.176 + address 185.132.43.164 + address 185.132.43.157 + address 77.68.6.119 + address 77.68.92.92 + address 77.68.10.152 + address 77.68.73.73 + address 77.68.32.43 + address 185.132.38.248 + address 77.68.120.218 + address 77.68.32.31 + address 77.68.32.254 + address 77.68.32.118 + address 77.68.82.157 + address 77.68.121.119 + address 77.68.74.209 + address 77.68.33.68 + address 77.68.24.172 + address 77.68.33.197 + address 77.68.33.48 + address 77.68.34.26 + address 77.68.34.28 + address 77.68.79.89 + address 77.68.76.137 + address 77.68.33.216 + address 77.68.32.83 + address 77.68.32.86 + address 77.68.32.89 + address 77.68.34.138 + address 77.68.34.139 + address 77.68.123.177 + address 77.68.35.116 + address 77.68.33.171 + address 213.171.208.40 + address 77.68.118.86 + address 77.68.48.81 + address 77.68.48.89 + address 77.68.48.105 + address 77.68.85.18 + address 77.68.26.228 + address 77.68.49.4 + address 77.68.80.26 + address 77.68.80.97 + address 77.68.126.101 + address 77.68.126.14 + address 77.68.49.12 + address 77.68.117.173 + address 77.68.8.144 + address 77.68.82.147 + address 77.68.24.134 + address 77.68.112.167 + address 77.68.49.126 + address 77.68.49.178 + address 77.68.50.91 + address 77.68.50.90 + address 77.68.24.63 + address 109.228.37.187 + address 77.68.50.193 + address 77.68.50.198 + address 77.68.50.142 + address 77.68.114.237 + address 77.68.115.17 + address 77.68.49.159 + address 77.68.49.160 + address 213.171.208.176 + address 77.68.116.84 + address 77.68.126.160 + address 185.132.36.56 + address 77.68.49.161 + address 77.68.34.50 + address 185.132.41.240 + address 77.68.51.214 + address 77.68.51.202 + address 185.132.37.133 + address 77.68.77.42 + address 77.68.100.132 + address 77.68.100.134 + address 77.68.100.150 + address 185.132.41.148 + address 77.68.101.64 + address 213.171.210.25 + address 77.68.101.124 + address 77.68.101.125 + address 77.68.89.247 + address 185.132.39.109 + address 77.68.100.167 + address 77.68.5.125 + address 77.68.4.80 + address 77.68.49.152 + address 77.68.12.45 + address 77.68.4.180 + address 213.171.214.102 + address 77.68.126.22 + address 77.68.114.205 + address 109.228.36.119 + address 213.171.212.90 + address 77.68.33.37 + address 185.132.43.71 + address 185.132.43.113 + address 77.68.48.202 + address 185.132.40.166 + address 77.68.112.90 + address 77.68.112.175 + address 77.68.103.19 + address 77.68.103.120 + address 77.68.33.24 + address 77.68.103.147 + address 109.228.47.223 + address 109.228.58.134 + address 109.228.56.97 + address 77.68.31.96 + address 77.68.103.227 + address 88.208.196.91 + address 88.208.196.92 + address 88.208.196.154 + address 88.208.197.10 + address 77.68.87.164 + address 77.68.93.164 + address 185.132.37.47 + address 77.68.75.64 + address 88.208.197.118 + address 88.208.197.135 + address 88.208.197.150 + address 88.208.197.155 + address 88.208.197.160 + address 88.208.197.60 + address 109.228.37.10 + address 88.208.215.61 + address 77.68.102.129 + address 88.208.196.123 + address 109.228.36.79 + address 185.132.38.182 + address 88.208.215.62 + address 88.208.215.157 + address 88.208.198.251 + address 88.208.215.19 + address 88.208.198.39 + address 109.228.38.117 + address 77.68.29.65 + address 88.208.215.121 + address 77.68.115.142 + address 77.68.76.108 + address 88.208.198.64 + address 88.208.198.66 + address 77.68.3.61 + address 88.208.198.92 + address 77.68.74.232 + address 77.68.118.88 + address 77.68.100.77 + address 77.68.48.14 + address 88.208.198.69 + address 88.208.197.23 + address 88.208.199.249 + address 213.171.212.114 + address 109.228.39.41 + address 88.208.199.141 + address 77.68.21.171 + address 88.208.199.233 + address 88.208.212.31 + address 77.68.102.5 + address 88.208.212.94 + address 109.228.61.37 + address 88.208.199.46 + address 77.68.78.113 + address 88.208.212.182 + address 88.208.212.188 + address 185.132.40.124 + address 213.171.209.217 + address 77.68.103.56 + address 88.208.197.208 + address 88.208.197.129 + } + address-group CMK_SATELLITES { + address 82.223.144.252 + address 109.228.63.67 + address 109.228.63.66 + address 82.223.200.61 + address 195.20.253.14 + address 217.72.206.27 + } + address-group DHCP_SERVERS { + address 10.255.241.13 + address 10.255.241.14 + address 10.255.242.13 + address 10.255.242.14 + address 10.255.243.13 + address 10.255.243.14 + address 10.255.244.13 + address 10.255.244.14 + address 10.255.245.13 + address 10.255.245.14 + address 10.255.246.13 + address 10.255.246.14 + address 10.255.247.13 + address 10.255.247.14 + address 10.255.248.13 + address 10.255.248.14 + address 10.255.249.13 + address 10.255.249.14 + address 77.68.76.14 + address 77.68.77.14 + address 77.68.76.13 + address 77.68.77.13 + } + address-group DNSCACHE_SERVERS { + address 10.255.255.4 + address 10.255.255.5 + address 77.68.76.12 + address 77.68.77.12 + } + address-group DT_BLOCKED { + address 172.16.255.254 + } + address-group DT_FW0A5C4_1 { + address 185.132.40.56 + } + address-group DT_FW0B352_1 { + address 77.68.77.238 + } + address-group DT_FW0BB22_1 { + address 77.68.16.247 + } + address-group DT_FW0BD92_3 { + address 109.228.36.79 + } + address-group DT_FW0C2E6_4 { + address 77.68.76.110 + } + address-group DT_FW0C8E1_1 { + address 77.68.77.103 + } + address-group DT_FW0C25B_1 { + address 77.68.86.148 + } + address-group DT_FW00D98_1 { + address 77.68.76.88 + } + address-group DT_FW0E2EE_1 { + address 213.171.211.128 + } + address-group DT_FW0E383_9 { + address 77.68.77.114 + } + address-group DT_FW0EA3F_1 { + address 77.68.49.159 + } + address-group DT_FW1ACD9_2 { + address 77.68.76.108 + } + address-group DT_FW1C8F2_1 { + address 185.132.37.83 + } + address-group DT_FW1CB16_1 { + address 77.68.29.178 + } + address-group DT_FW1CC15_2 { + address 77.68.77.248 + } + address-group DT_FW1D511_2 { + address 213.171.213.175 + } + address-group DT_FW1F3D0_6 { + address 77.68.76.250 + } + address-group DT_FW1F126_1 { + address 77.68.76.137 + } + address-group DT_FW1FA8E_1 { + address 185.132.37.101 + } + address-group DT_FW1FA9E_1 { + address 77.68.118.104 + } + address-group DT_FW2ACFF_1 { + address 77.68.24.220 + } + address-group DT_FW2B4BA_1 { + address 77.68.33.68 + } + address-group DT_FW2B279_4 { + address 77.68.77.204 + } + address-group DT_FW2BB8D_1 { + address 77.68.77.181 + } + address-group DT_FW2BF20_3 { + address 77.68.76.187 + } + address-group DT_FW2C5AE_1 { + address 77.68.76.228 + } + address-group DT_FW2E8D4_1 { + address 77.68.77.249 + } + address-group DT_FW2E060_1 { + address 77.68.77.215 + } + address-group DT_FW2ED4D_2 { + address 109.228.39.151 + } + address-group DT_FW2EF2C_1 { + address 77.68.11.140 + } + address-group DT_FW2F868_6 { + address 77.68.76.254 + } + address-group DT_FW2FB61_1 { + address 109.228.38.117 + } + address-group DT_FW3A12F_1 { + address 77.68.5.95 + } + address-group DT_FW3AD6F_1 { + address 77.68.120.241 + } + address-group DT_FW03B35_1 { + address 77.68.125.60 + } + address-group DT_FW3B068_2 { + address 77.68.77.63 + } + address-group DT_FW3CAAB_1 { + address 77.68.76.234 + } + address-group DT_FW3DBF8_9 { + address 77.68.76.198 + } + address-group DT_FW3EBC8_1 { + address 77.68.13.76 + } + address-group DT_FW03F2E_1 { + address 77.68.102.5 + } + address-group DT_FW3F465_1 { + address 109.228.36.119 + } + address-group DT_FW4AE7D_1 { + address 77.68.76.60 + } + address-group DT_FW4C136_1 { + address 77.68.76.50 + } + address-group DT_FW4D3E6_1 { + address 77.68.100.77 + } + address-group DT_FW4DB0A_1 { + address 77.68.49.161 + } + address-group DT_FW4E314_1 { + address 109.228.40.222 + } + address-group DT_FW4E399_1 { + address 213.171.214.96 + } + address-group DT_FW4F5EE_10 { + address 77.68.116.220 + } + address-group DT_FW4F81F_4 { + address 77.68.77.43 + } + address-group DT_FW5A5D7_3 { + address 77.68.77.205 + } + address-group DT_FW5A77C_16 { + address 77.68.76.202 + } + address-group DT_FW5A521_3 { + address 77.68.79.89 + } + address-group DT_FW05AD0_2 { + address 77.68.77.72 + } + address-group DT_FW5AE10_1 { + address 109.228.37.114 + } + address-group DT_FW5CBB2_1 { + address 77.68.77.150 + } + address-group DT_FW5D0FA_1 { + address 185.132.43.157 + } + address-group DT_FW6A684_1 { + address 77.68.116.119 + } + address-group DT_FW6B9B9_1 { + address 185.132.41.72 + } + address-group DT_FW6B39D_1 { + address 77.68.4.111 + address 77.68.77.174 + } + address-group DT_FW6C992_1 { + address 77.68.85.27 + } + address-group DT_FW6CD7E_2 { + address 77.68.76.148 + } + address-group DT_FW6D0CD_1 { + address 77.68.76.241 + } + address-group DT_FW6ECA4_1 { + address 77.68.117.51 + } + address-group DT_FW6EFD7_1 { + address 77.68.84.147 + } + address-group DT_FW6F539_1 { + address 77.68.76.217 + } + address-group DT_FW7A9B0_9 { + address 77.68.76.47 + } + address-group DT_FW7C4D9_14 { + address 109.228.36.37 + } + address-group DT_FW7DAE2_3 { + address 185.132.38.216 + } + address-group DT_FW7F28A_1 { + address 77.68.76.31 + } + address-group DT_FW8A3FC_3 { + address 77.68.77.132 + address 77.68.76.185 + address 77.68.77.90 + } + address-group DT_FW8A49A_1 { + address 77.68.77.85 + } + address-group DT_FW8A57A_1 { + address 77.68.77.222 + address 77.68.112.83 + } + address-group DT_FW8AFF1_7 { + address 77.68.76.118 + } + address-group DT_FW8B21D_1 { + address 77.68.23.64 + } + address-group DT_FW8C72E_1 { + address 77.68.27.54 + } + address-group DT_FW8C927_1 { + address 77.68.7.160 + } + address-group DT_FW8EA04_1 { + address 77.68.20.161 + } + address-group DT_FW8ECF4_1 { + address 77.68.2.215 + } + address-group DT_FW9B6FB_1 { + address 77.68.4.242 + } + address-group DT_FW9C682_3 { + address 213.171.212.203 + } + address-group DT_FW9D5C7_1 { + address 77.68.115.17 + } + address-group DT_FW9E550_1 { + address 213.171.212.71 + } + address-group DT_FW9EEDD_1 { + address 77.68.4.80 + address 77.68.49.152 + } + address-group DT_FW10C3D_19 { + address 77.68.25.124 + } + address-group DT_FW10FEE_1 { + address 77.68.122.89 + } + address-group DT_FW12C32_1 { + address 77.68.4.25 + address 77.68.7.114 + } + address-group DT_FW013EF_2 { + address 77.68.77.26 + } + address-group DT_FW15C99_6 { + address 77.68.114.237 + } + address-group DT_FW18E6E_3 { + address 77.68.76.112 + } + address-group DT_FW21A75_2 { + address 88.208.198.66 + } + address-group DT_FW24AB7_1 { + address 213.171.213.242 + } + address-group DT_FW26F0A_1 { + address 77.68.78.73 + } + address-group DT_FW27A8F_1 { + address 77.68.76.219 + } + address-group DT_FW028C0_2 { + address 77.68.26.221 + } + address-group DT_FW28EC8_1 { + address 77.68.76.93 + } + address-group DT_FW30D21_1 { + address 77.68.95.42 + } + address-group DT_FW32EFF_16 { + address 77.68.118.120 + } + address-group DT_FW32EFF_25 { + address 77.68.27.211 + } + address-group DT_FW32EFF_49 { + address 109.228.37.187 + } + address-group DT_FW34C91_3 { + address 77.68.76.142 + } + address-group DT_FW35F7B_1 { + address 77.68.30.164 + } + address-group DT_FW37E59_5 { + address 77.68.76.37 + } + address-group DT_FW40AE4_1 { + address 77.68.79.206 + } + address-group DT_FW42BC7_1 { + address 77.68.76.95 + } + address-group DT_FW44BF9_1 { + address 77.68.77.200 + } + address-group DT_FW45BEB_1 { + address 77.68.75.245 + } + address-group DT_FW45F3D_1 { + address 109.228.40.247 + } + address-group DT_FW45F87_1 { + address 77.68.77.207 + } + address-group DT_FW46F4A_1 { + address 88.208.197.135 + } + address-group DT_FW48A55_2 { + address 109.228.39.157 + } + address-group DT_FW49C3D_4 { + address 77.68.76.149 + } + address-group DT_FW49C3D_6 { + address 77.68.76.160 + } + address-group DT_FW050AC_1 { + address 77.68.77.214 + } + address-group DT_FW52F6F_1 { + address 77.68.82.147 + } + address-group DT_FW53C72_1 { + address 88.208.197.118 + } + address-group DT_FW58C69_4 { + address 77.68.76.141 + } + address-group DT_FW59F39_1 { + address 77.68.87.212 + } + address-group DT_FW60FD6_5 { + address 77.68.92.92 + } + address-group DT_FW69D6D_2 { + address 77.68.77.221 + } + address-group DT_FW72F37_1 { + address 77.68.77.100 + } + address-group DT_FW73A64_1 { + address 77.68.118.15 + } + address-group DT_FW75CA4_6 { + address 77.68.4.22 + } + address-group DT_FW85A7C_1 { + address 77.68.6.210 + } + address-group DT_FW85E02_11 { + address 77.68.77.233 + } + address-group DT_FW90AE3_1 { + address 77.68.88.100 + } + address-group DT_FW91B7A_1 { + address 77.68.76.40 + } + address-group DT_FW138F8_1 { + address 77.68.50.193 + } + address-group DT_FW0192C_1 { + address 185.132.39.68 + } + address-group DT_FW197DB_1 { + address 77.68.77.240 + } + address-group DT_FW210E2_8 { + address 77.68.94.181 + } + address-group DT_FW274FD_1 { + address 185.132.36.24 + } + address-group DT_FW310C6_3 { + address 88.208.198.39 + } + address-group DT_FW364CF_1 { + address 77.68.76.203 + address 77.68.77.97 + } + address-group DT_FW406AB_1 { + address 109.228.47.223 + } + address-group DT_FW444AF_1 { + address 185.132.37.102 + } + address-group DT_FW481D7_1 { + address 77.68.76.243 + } + address-group DT_FW539FB_1 { + address 77.68.21.171 + } + address-group DT_FW578BE_1 { + address 109.228.56.185 + } + address-group DT_FW597A6_1 { + address 77.68.5.125 + address 88.208.196.123 + address 88.208.212.31 + } + address-group DT_FW608FA_1 { + address 77.68.74.232 + } + address-group DT_FW633DD_1 { + address 77.68.121.119 + } + address-group DT_FW672AB_1 { + address 213.171.213.41 + } + address-group DT_FW0745F_5 { + address 77.68.117.222 + } + address-group DT_FW748B7_1 { + address 77.68.120.249 + } + address-group DT_FW825C8_19 { + address 77.68.76.111 + address 77.68.76.42 + } + address-group DT_FW825C8_24 { + address 77.68.77.120 + address 77.68.76.183 + } + address-group DT_FW826BA_3 { + address 77.68.77.152 + } + address-group DT_FW856FA_1 { + address 77.68.77.151 + } + address-group DT_FW883EB_1 { + address 77.68.76.152 + } + address-group DT_FW930F3_1 { + address 77.68.85.73 + } + address-group DT_FW930F3_3 { + address 77.68.114.234 + } + address-group DT_FW934AE_1 { + address 77.68.5.166 + } + address-group DT_FW0937A_1 { + address 77.68.6.119 + } + address-group DT_FW0952B_1 { + address 77.68.93.125 + } + address-group DT_FW996B4_2 { + address 77.68.76.157 + } + address-group DT_FW1208C_1 { + address 77.68.77.33 + } + address-group DT_FW1226C_3 { + address 77.68.117.45 + } + address-group DT_FW1271A_2 { + address 77.68.76.102 + } + address-group DT_FW2379F_14 { + address 213.171.212.89 + address 77.68.76.44 + address 77.68.77.239 + address 213.171.212.114 + address 77.68.103.56 + } + address-group DT_FW4293B_1 { + address 77.68.76.57 + } + address-group DT_FW4513E_1 { + address 77.68.77.75 + } + address-group DT_FW4735F_1 { + address 77.68.77.74 + } + address-group DT_FW05064_1 { + address 213.171.210.19 + } + address-group DT_FW05339_1 { + address 185.132.40.152 + } + address-group DT_FW5658C_1 { + address 77.68.77.185 + } + address-group DT_FW5858F_1 { + address 77.68.121.127 + } + address-group DT_FW06176_1 { + address 77.68.77.38 + } + address-group DT_FW6187E_1 { + address 77.68.103.147 + } + address-group DT_FW6863A_4 { + address 77.68.7.222 + } + address-group DT_FW6906B_1 { + address 185.132.43.28 + } + address-group DT_FW06940_3 { + address 77.68.33.216 + address 77.68.33.37 + address 77.68.50.90 + } + address-group DT_FW7648D_1 { + address 77.68.76.77 + } + address-group DT_FW08061_1 { + address 77.68.76.45 + } + address-group DT_FW8428B_1 { + address 77.68.33.24 + } + address-group DT_FW8871B_1 { + address 77.68.78.113 + } + address-group DT_FW11082_1 { + address 77.68.113.117 + } + address-group DT_FW16375_5 { + address 77.68.77.171 + } + address-group DT_FW19987_4 { + address 77.68.77.54 + } + address-group DT_FW20449_2 { + address 77.68.126.101 + } + address-group DT_FW25843_1 { + address 77.68.24.59 + } + address-group DT_FW26846_1 { + address 88.208.197.10 + } + address-group DT_FW27947_1 { + address 77.68.77.102 + } + address-group DT_FW27949_2 { + address 77.68.117.214 + } + address-group DT_FW28892_1 { + address 77.68.77.144 + } + address-group DT_FW31525_6 { + address 77.68.77.46 + } + address-group DT_FW36425_1 { + address 77.68.119.14 + } + address-group DT_FW40416_1 { + address 77.68.121.94 + } + address-group DT_FW42661_3 { + address 77.68.77.202 + } + address-group DT_FW44217_2 { + address 77.68.89.247 + } + address-group DT_FW45000_1 { + address 77.68.24.172 + } + address-group DT_FW48814_3 { + address 77.68.77.219 + } + address-group DT_FW49897_1 { + address 185.132.36.7 + } + address-group DT_FW56335_2 { + address 88.208.198.92 + } + address-group DT_FW56496_1 { + address 77.68.51.202 + address 77.68.101.64 + } + address-group DT_FW62858_12 { + address 77.68.77.145 + } + address-group DT_FW63230_1 { + address 77.68.76.220 + } + address-group DT_FW66347_1 { + address 77.68.92.186 + } + address-group DT_FW73215_1 { + address 213.171.209.217 + } + address-group DT_FW73573_1 { + address 77.68.76.249 + } + address-group DT_FW73573_2 { + address 77.68.77.62 + } + address-group DT_FW78137_1 { + address 77.68.34.50 + } + address-group DT_FW81138_1 { + address 77.68.77.59 + } + address-group DT_FW81286_1 { + address 77.68.77.243 + } + address-group DT_FW85040_1 { + address 77.68.5.187 + } + address-group DT_FW85619_1 { + address 77.68.127.172 + } + address-group DT_FW89619_1 { + address 77.68.76.253 + } + address-group DT_FW98818_1 { + address 88.208.197.129 + } + address-group DT_FWA0AA0_1 { + address 77.68.113.164 + } + address-group DT_FWA0B7F_1 { + address 185.132.39.44 + } + address-group DT_FWA2FF8_4 { + address 77.68.76.231 + } + address-group DT_FWA3EA3_1 { + address 77.68.77.42 + } + address-group DT_FWA4BC8_1 { + address 77.68.112.75 + } + address-group DT_FWA5D67_1 { + address 185.132.37.133 + } + address-group DT_FWA7A50_1 { + address 77.68.27.57 + address 77.68.118.102 + } + address-group DT_FWA69A0_1 { + address 213.171.212.90 + } + address-group DT_FWA076E_1 { + address 77.68.76.19 + } + address-group DT_FWA83DF_1 { + address 77.68.7.123 + } + address-group DT_FWA86A4_1 { + address 109.228.56.97 + } + address-group DT_FWA86ED_101 { + address 77.68.85.172 + address 109.228.38.171 + address 88.208.199.233 + } + address-group DT_FWA373F_1 { + address 77.68.76.171 + } + address-group DT_FWA0531_1 { + address 213.171.215.252 + } + address-group DT_FWA884B_5 { + address 88.208.199.249 + } + address-group DT_FWA7625_1 { + address 213.171.215.43 + } + address-group DT_FWAA38E_1 { + address 77.68.93.164 + } + address-group DT_FWAB44B_1 { + address 185.132.37.47 + } + address-group DT_FWAE88B_1 { + address 77.68.125.218 + } + address-group DT_FWAF6E8_1 { + address 77.68.76.115 + } + address-group DT_FWAFF0A_1 { + address 77.68.91.195 + } + address-group DT_FWB2CD2_1 { + address 77.68.72.254 + } + address-group DT_FWB28B6_5 { + address 77.68.77.209 + } + address-group DT_FWB36A0_1 { + address 77.68.77.108 + } + address-group DT_FWB118A_1 { + address 77.68.48.14 + } + address-group DT_FWB4438_2 { + address 88.208.215.61 + } + address-group DT_FWB6101_1 { + address 88.208.215.62 + } + address-group DT_FWB9699_7 { + address 77.68.76.123 + } + address-group DT_FWB9699_11 { + address 77.68.77.165 + } + address-group DT_FWBB718_1 { + address 77.68.77.71 + } + address-group DT_FWBC8A6_1 { + address 77.68.112.175 + } + address-group DT_FWBC280_1 { + address 77.68.100.167 + } + address-group DT_FWBD9D0_1 { + address 77.68.120.31 + } + address-group DT_FWBE878_1 { + address 213.171.212.172 + } + address-group DT_FWBED52_1 { + address 77.68.112.213 + } + address-group DT_FWBF494_1 { + address 77.68.76.209 + } + address-group DT_FWBFC02_1 { + address 77.68.112.90 + } + address-group DT_FWBFDED_1 { + address 77.68.76.30 + } + address-group DT_FWC0CE0_1 { + address 77.68.112.184 + } + address-group DT_FWC1ACD_1 { + address 77.68.85.18 + } + address-group DT_FWC2D30_1 { + address 77.68.76.48 + } + address-group DT_FWC2EF2_1 { + address 77.68.17.200 + } + address-group DT_FWC2EF2_2 { + address 77.68.17.200 + } + address-group DT_FWC7D36_1 { + address 77.68.76.126 + } + address-group DT_FWC8E8E_1 { + address 77.68.28.207 + } + address-group DT_FWC32BE_1 { + address 77.68.117.173 + } + address-group DT_FWC37B9_1 { + address 77.68.28.139 + } + address-group DT_FWC055A_1 { + address 77.68.77.30 + } + address-group DT_FWC72E5_1 { + address 77.68.103.227 + } + address-group DT_FWC96A1_1 { + address 77.68.75.253 + } + address-group DT_FWC1315_1 { + address 77.68.4.57 + } + address-group DT_FWC3921_1 { + address 77.68.76.164 + } + address-group DT_FWC6301_1 { + address 77.68.34.26 + } + address-group DT_FWCA628_1 { + address 185.132.39.99 + } + address-group DT_FWCB0CF_7 { + address 77.68.77.163 + } + address-group DT_FWCB29D_1 { + address 88.208.197.23 + } + address-group DT_FWCC18F_2 { + address 77.68.76.59 + } + address-group DT_FWCD7CE_1 { + address 77.68.77.56 + } + address-group DT_FWCDBC7_1 { + address 77.68.77.141 + } + address-group DT_FWCDD8B_1 { + address 185.132.37.23 + } + address-group DT_FWCE020_1 { + address 77.68.48.202 + } + address-group DT_FWD0E22_4 { + address 77.68.77.99 + } + address-group DT_FWD4A27_1 { + address 77.68.76.244 + } + address-group DT_FWD7EAB_1 { + address 77.68.7.67 + } + address-group DT_FWD8DD1_2 { + address 213.171.210.155 + } + address-group DT_FWD42CF_1 { + address 185.132.38.114 + } + address-group DT_FWD56A2_1 { + address 213.171.213.31 + } + address-group DT_FWD61BF_1 { + address 88.208.199.46 + } + address-group DT_FWD338A_1 { + address 77.68.77.69 + } + address-group DT_FWD498E_1 { + address 109.228.39.41 + } + address-group DT_FWD2082_1 { + address 77.68.76.94 + } + address-group DT_FWD2440_1 { + address 77.68.114.136 + } + address-group DT_FWD3431_2 { + address 77.68.77.105 + } + address-group DT_FWD7382_1 { + address 185.132.40.11 + } + address-group DT_FWDA443_6 { + address 77.68.34.28 + } + address-group DT_FWDAA4F_1 { + address 77.68.76.124 + } + address-group DT_FWDAF47_1 { + address 77.68.23.35 + } + address-group DT_FWDCA36_3 { + address 77.68.77.81 + } + address-group DT_FWDD089_5 { + address 77.68.77.21 + } + address-group DT_FWDEDB9_1 { + address 77.68.22.146 + } + address-group DT_FWE2AB5_8 { + address 77.68.26.166 + } + address-group DT_FWE3E77_1 { + address 77.68.76.49 + } + address-group DT_FWE6AB2_1 { + address 185.132.40.166 + } + address-group DT_FWE9F7D_1 { + address 77.68.32.118 + } + address-group DT_FWE012D_1 { + address 77.68.77.190 + } + address-group DT_FWE30A1_4 { + address 77.68.33.48 + } + address-group DT_FWE32F2_8 { + address 77.68.82.157 + } + address-group DT_FWE47DA_1 { + address 77.68.91.128 + } + address-group DT_FWE57AD_1 { + address 109.228.56.26 + } + address-group DT_FWE928F_1 { + address 77.68.77.129 + } + address-group DT_FWE7180_1 { + address 77.68.123.177 + } + address-group DT_FWEAE53_1 { + address 77.68.26.216 + } + address-group DT_FWEB321_1 { + address 77.68.4.74 + } + address-group DT_FWECBFB_14 { + address 77.68.77.44 + } + address-group DT_FWEE03C_1 { + address 77.68.116.232 + } + address-group DT_FWEEC75_1 { + address 77.68.76.29 + } + address-group DT_FWEF92E_5 { + address 77.68.77.57 + } + address-group DT_FWEF92E_6 { + address 77.68.77.70 + } + address-group DT_FWEF92E_7 { + address 77.68.77.149 + } + address-group DT_FWF3A1B_1 { + address 109.228.52.186 + } + address-group DT_FWF7B68_1 { + address 77.68.77.231 + } + address-group DT_FWF7BFA_1 { + address 77.68.120.45 + } + address-group DT_FWF8E67_1 { + address 77.68.85.115 + } + address-group DT_FWF8F85_1 { + address 109.228.36.229 + } + address-group DT_FWF9C28_2 { + address 77.68.84.155 + } + address-group DT_FWF9C28_4 { + address 77.68.28.145 + } + address-group DT_FWF19FB_2 { + address 77.68.76.212 + } + address-group DT_FWF30BD_1 { + address 77.68.14.88 + } + address-group DT_FWF48EB_1 { + address 77.68.76.21 + } + address-group DT_FWF0221_1 { + address 185.132.36.60 + address 185.132.40.244 + } + address-group DT_FWF323F_1 { + address 185.132.39.109 + } + address-group DT_FWF699D_4 { + address 185.132.40.90 + } + address-group DT_FWF791C_1 { + address 77.68.90.132 + } + address-group DT_FWF879C_1 { + address 77.68.76.169 + } + address-group DT_FWF3574_1 { + address 77.68.76.191 + } + address-group DT_FWF4063_1 { + address 77.68.32.254 + } + address-group DT_FWFD9AF_9 { + address 77.68.77.24 + } + address-group DT_FWFDCC7_1 { + address 109.228.59.247 + } + address-group DT_FWFDD94_15 { + address 77.68.76.161 + } + address-group DT_FWFDE34_1 { + address 185.132.38.182 + } + address-group DT_FWFEF05_1 { + address 88.208.197.150 + } + address-group DT_H71F96 { + address 77.68.23.112 + } + address-group DT_SMTP_BLOCKED { + address 172.16.255.254 + address 77.68.77.209 + address 77.68.76.148 + address 77.68.77.211 + address 77.68.21.78 + address 77.68.77.247 + address 77.68.77.203 + address 77.68.77.68 + address 77.68.77.43 + address 77.68.77.165 + address 77.68.76.145 + address 77.68.76.239 + address 77.68.77.67 + address 77.68.76.177 + address 77.68.77.117 + address 77.68.76.50 + address 77.68.76.158 + address 77.68.76.22 + address 77.68.76.123 + address 77.68.76.251 + address 77.68.77.63 + address 77.68.7.186 + address 77.68.93.246 + address 77.68.4.252 + address 77.68.76.30 + address 77.68.76.77 + address 77.68.76.31 + address 77.68.77.248 + address 77.68.3.52 + address 77.68.76.88 + address 213.171.214.234 + address 185.132.39.219 + address 77.68.5.155 + address 77.68.80.97 + address 77.68.101.124 + address 77.68.76.111 + address 77.68.76.42 + address 77.68.77.120 + address 77.68.76.183 + address 88.208.197.160 + address 88.208.197.10 + address 77.68.76.250 + address 77.68.77.219 + address 77.68.77.152 + address 77.68.76.60 + } + address-group DT_VPN-2661 { + address 185.132.40.90 + } + address-group DT_VPN-3575 { + address 77.68.77.202 + } + address-group DT_VPN-6103 { + address 77.68.77.21 + } + address-group DT_VPN-7030 { + address 77.68.77.44 + } + address-group DT_VPN-7902 { + address 77.68.77.43 + } + address-group DT_VPN-8159 { + address 77.68.77.163 + } + address-group DT_VPN-8203 { + address 77.68.77.202 + } + address-group DT_VPN-8625 { + address 77.68.94.181 + } + address-group DT_VPN-9415 { + address 77.68.76.114 + } + address-group DT_VPN-9484 { + address 77.68.77.76 + address 77.68.76.120 + } + address-group DT_VPN-9727 { + address 185.132.40.90 + } + address-group DT_VPN-9749 { + address 213.171.212.89 + address 77.68.76.44 + address 77.68.77.239 + address 213.171.212.114 + address 77.68.103.56 + } + address-group DT_VPN-9765 { + address 77.68.76.50 + } + address-group DT_VPN-10131 { + address 77.68.76.110 + } + address-group DT_VPN-11083 { + address 213.171.212.89 + address 77.68.76.44 + address 77.68.77.239 + address 213.171.212.114 + address 77.68.103.56 + } + address-group DT_VPN-11913 { + address 77.68.76.60 + } + address-group DT_VPN-12870 { + address 77.68.77.163 + } + address-group DT_VPN-12899 { + address 77.68.77.95 + } + address-group DT_VPN-13261 { + address 77.68.77.76 + address 77.68.76.120 + } + address-group DT_VPN-13983 { + address 77.68.3.52 + } + address-group DT_VPN-14649 { + address 77.68.76.161 + } + address-group DT_VPN-14657 { + address 77.68.76.161 + } + address-group DT_VPN-14658 { + address 77.68.76.161 + } + address-group DT_VPN-14673 { + address 77.68.76.161 + } + address-group DT_VPN-15625 { + address 77.68.77.44 + } + address-group DT_VPN-15950 { + address 77.68.101.124 + } + address-group DT_VPN-15951 { + address 77.68.118.120 + address 77.68.27.211 + address 109.228.37.187 + } + address-group DT_VPN-15960 { + address 77.68.101.124 + } + address-group DT_VPN-16402 { + address 109.228.39.151 + } + address-group DT_VPN-16450 { + address 77.68.77.163 + } + address-group DT_VPN-17207 { + address 77.68.77.163 + } + address-group DT_VPN-17558 { + address 77.68.77.163 + } + address-group DT_VPN-18646 { + address 77.68.77.163 + } + address-group DT_VPN-18647 { + address 77.68.77.163 + } + address-group DT_VPN-18830 { + address 77.68.118.120 + address 77.68.27.211 + address 109.228.37.187 + } + address-group DT_VPN-19135 { + address 109.228.39.151 + } + address-group DT_VPN-19474 { + address 77.68.118.120 + address 77.68.27.211 + address 109.228.37.187 + } + address-group DT_VPN-19807 { + address 77.68.76.198 + } + address-group DT_VPN-19992 { + address 77.68.25.124 + } + address-group DT_VPN-20306 { + address 77.68.77.248 + } + address-group DT_VPN-21673 { + address 77.68.15.95 + address 77.68.75.64 + } + address-group DT_VPN-21821 { + address 77.68.15.95 + address 77.68.75.64 + } + address-group DT_VPN-21822 { + address 77.68.15.95 + address 77.68.75.64 + } + address-group DT_VPN-21876 { + address 77.68.77.163 + } + address-group DT_VPN-21982 { + address 77.68.15.95 + address 77.68.75.64 + } + address-group DT_VPN-23209 { + address 77.68.77.24 + } + address-group DT_VPN-23729 { + address 77.68.118.120 + address 77.68.27.211 + address 109.228.37.187 + } + address-group DT_VPN-23733 { + address 77.68.118.120 + address 77.68.27.211 + address 109.228.37.187 + } + address-group DT_VPN-23734 { + address 77.68.118.120 + address 77.68.27.211 + address 109.228.37.187 + } + address-group DT_VPN-23738 { + address 77.68.118.120 + address 77.68.27.211 + address 109.228.37.187 + } + address-group DT_VPN-23946 { + address 77.68.77.44 + } + address-group DT_VPN-24398 { + address 77.68.76.118 + } + address-group DT_VPN-24589 { + address 77.68.76.118 + } + address-group DT_VPN-24591 { + address 77.68.76.118 + } + address-group DT_VPN-24592 { + address 77.68.76.118 + } + address-group DT_VPN-24593 { + address 77.68.76.118 + } + address-group DT_VPN-24594 { + address 77.68.76.118 + } + address-group DT_VPN-24595 { + address 77.68.76.118 + } + address-group DT_VPN-25822 { + address 77.68.15.95 + address 77.68.75.64 + } + address-group DT_VPN-26124 { + address 77.68.77.163 + } + address-group DT_VPN-26157 { + address 77.68.77.205 + } + address-group DT_VPN-26772 { + address 185.132.40.90 + } + address-group DT_VPN-28031 { + address 77.68.77.44 + } + address-group DT_VPN-28484 { + address 77.68.118.120 + address 77.68.27.211 + address 109.228.37.187 + } + address-group DT_VPN-28515 { + address 77.68.82.157 + } + address-group DT_VPN-29631 { + address 77.68.77.44 + } + address-group DT_VPN-30261 { + address 77.68.77.163 + } + address-group DT_VPN-30262 { + address 77.68.77.163 + } + address-group DT_VPN-30679 { + address 77.68.77.163 + } + address-group DT_VPN-30791 { + address 77.68.118.120 + address 77.68.27.211 + address 109.228.37.187 + } + address-group DT_VPN-31002 { + address 109.228.36.119 + } + address-group DT_VPN-31301 { + address 88.208.197.10 + } + address-group DT_VPN-32528 { + address 77.68.76.118 + } + address-group DT_VPN-33204 { + address 77.68.77.163 + } + address-group DT_VPN-34006 { + address 77.68.33.216 + address 77.68.33.37 + address 77.68.50.90 + } + address-group DT_VPN-34122 { + address 77.68.114.237 + } + address-group DT_VPN-34309 { + address 77.68.77.44 + } + address-group DT_VPN-34501 { + address 77.68.50.142 + } + address-group DT_VPN-34583 { + address 77.68.77.145 + } + address-group G-ALL_OPEN { + address 172.16.255.254 + address 77.68.76.208 + address 77.68.77.251 + address 109.228.36.174 + address 77.68.89.72 + address 77.68.77.29 + address 185.132.43.6 + address 109.228.46.196 + address 185.132.43.98 + address 185.132.41.148 + address 77.68.49.126 + address 77.68.49.178 + address 77.68.116.84 + address 185.132.36.56 + address 77.68.126.160 + address 213.171.208.176 + address 88.208.197.155 + address 88.208.198.69 + address 77.68.29.65 + } + address-group G-ICMP { + address 172.16.255.254 + address 77.68.76.141 + address 77.68.76.16 + address 77.68.76.22 + address 77.68.76.241 + address 77.68.77.128 + address 77.68.77.130 + address 77.68.77.16 + address 77.68.77.201 + address 77.68.77.22 + address 77.68.77.71 + address 77.68.76.254 + address 77.68.5.187 + address 77.68.94.181 + address 77.68.76.243 + address 77.68.92.186 + address 77.68.76.23 + address 77.68.26.216 + address 77.68.76.157 + address 77.68.76.102 + address 77.68.76.169 + address 77.68.76.30 + address 109.228.39.157 + address 77.68.76.77 + address 77.68.7.67 + address 109.228.55.82 + address 77.68.95.212 + address 77.68.85.73 + address 77.68.117.222 + address 77.68.125.60 + address 185.132.43.157 + address 77.68.114.136 + address 77.68.77.105 + address 77.68.33.197 + address 77.68.23.64 + address 77.68.112.184 + address 77.68.49.161 + address 77.68.76.191 + address 109.228.56.97 + address 185.132.37.101 + address 77.68.76.112 + address 77.68.117.173 + address 77.68.33.216 + address 77.68.33.37 + address 77.68.50.90 + address 77.68.16.247 + address 77.68.76.212 + address 77.68.77.185 + address 77.68.77.238 + } + address-group G-20-TCP { + address 172.16.255.254 + address 77.68.76.80 + address 77.68.77.253 + address 77.68.86.148 + address 77.68.77.248 + address 77.68.79.206 + address 109.228.40.222 + address 77.68.24.172 + address 77.68.77.144 + address 77.68.76.112 + } + address-group G-21-TCP { + address 172.16.255.254 + address 77.68.76.104 + address 77.68.76.127 + address 77.68.76.136 + address 77.68.76.141 + address 77.68.76.187 + address 77.68.76.195 + address 77.68.76.203 + address 77.68.76.209 + address 77.68.76.217 + address 77.68.76.22 + address 77.68.76.220 + address 77.68.76.235 + address 77.68.76.245 + address 77.68.76.38 + address 77.68.76.54 + address 77.68.76.75 + address 77.68.76.80 + address 77.68.76.91 + address 77.68.76.94 + address 77.68.77.107 + address 77.68.77.128 + address 77.68.77.137 + address 77.68.77.150 + address 77.68.77.151 + address 77.68.77.171 + address 77.68.77.200 + address 77.68.77.201 + address 77.68.77.207 + address 77.68.77.22 + address 77.68.77.236 + address 77.68.77.240 + address 77.68.77.253 + address 77.68.77.32 + address 77.68.77.49 + address 77.68.77.50 + address 77.68.77.56 + address 77.68.77.63 + address 77.68.77.71 + address 77.68.77.81 + address 77.68.77.85 + address 77.68.77.92 + address 77.68.77.97 + address 77.68.77.99 + address 77.68.77.190 + address 77.68.77.103 + address 77.68.76.26 + address 77.68.76.107 + address 77.68.76.148 + address 77.68.76.19 + address 77.68.77.192 + address 77.68.77.157 + address 77.68.91.195 + address 77.68.77.211 + address 109.228.56.185 + address 77.68.84.147 + address 77.68.77.74 + address 77.68.4.74 + address 77.68.30.133 + address 77.68.28.145 + address 77.68.26.216 + address 77.68.77.130 + address 77.68.116.119 + address 77.68.116.220 + address 109.228.56.26 + address 77.68.7.123 + address 77.68.84.155 + address 77.68.86.40 + address 77.68.120.241 + address 77.68.122.89 + address 77.68.10.142 + address 77.68.122.241 + address 77.68.6.105 + address 77.68.17.186 + address 77.68.95.42 + address 77.68.22.146 + address 77.68.4.252 + address 109.228.36.229 + address 109.228.40.207 + address 77.68.31.144 + address 109.228.37.174 + address 109.228.37.114 + address 77.68.112.75 + address 77.68.77.160 + address 77.68.76.152 + address 77.68.7.67 + address 77.68.113.117 + address 77.68.86.148 + address 77.68.23.35 + address 109.228.40.194 + address 77.68.90.132 + address 77.68.77.26 + address 77.68.76.95 + address 77.68.120.26 + address 109.228.61.31 + address 77.68.120.249 + address 77.68.6.210 + address 213.171.213.41 + address 77.68.77.248 + address 213.171.215.184 + address 77.68.25.146 + address 213.171.210.19 + address 213.171.213.242 + address 109.228.48.249 + address 109.228.40.195 + address 77.68.127.172 + address 77.68.79.206 + address 77.68.28.147 + address 185.132.36.148 + address 185.132.37.83 + address 77.68.117.51 + address 77.68.25.124 + address 77.68.13.137 + address 109.228.52.186 + address 185.132.36.24 + address 77.68.77.69 + address 109.228.40.222 + address 77.68.87.212 + address 185.132.39.99 + address 109.228.38.201 + address 185.132.39.219 + address 77.68.28.139 + address 77.68.81.218 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 185.132.41.73 + address 77.68.76.45 + address 77.68.77.215 + address 77.68.77.214 + address 77.68.79.89 + address 77.68.76.21 + address 77.68.33.68 + address 77.68.80.97 + address 77.68.77.65 + address 185.132.41.148 + address 77.68.24.172 + address 77.68.5.95 + address 77.68.5.125 + address 213.171.208.40 + address 77.68.76.40 + address 77.68.113.164 + address 77.68.114.93 + address 185.132.36.60 + address 185.132.40.244 + address 213.171.214.102 + address 88.208.197.160 + address 88.208.196.123 + address 77.68.77.144 + address 77.68.126.14 + address 77.68.76.171 + address 88.208.198.69 + address 77.68.34.139 + address 88.208.212.31 + address 77.68.76.112 + address 77.68.76.228 + address 77.68.77.75 + address 88.208.198.66 + address 77.68.77.219 + address 77.68.77.204 + address 77.68.4.25 + address 77.68.7.114 + address 77.68.123.177 + address 77.68.114.237 + address 77.68.77.222 + address 77.68.112.83 + address 185.132.37.47 + address 77.68.77.238 + } + address-group G-22-TCP { + address 172.16.255.254 + address 77.68.76.104 + address 77.68.76.105 + address 77.68.76.115 + address 77.68.76.122 + address 77.68.76.126 + address 77.68.76.127 + address 77.68.76.136 + address 77.68.76.141 + address 77.68.76.145 + address 77.68.76.148 + address 77.68.76.158 + address 77.68.76.164 + address 77.68.76.177 + address 77.68.76.187 + address 77.68.76.195 + address 77.68.76.197 + address 77.68.76.20 + address 77.68.76.200 + address 77.68.76.209 + address 77.68.76.217 + address 77.68.76.22 + address 77.68.76.235 + address 77.68.76.239 + address 77.68.76.245 + address 77.68.76.247 + address 77.68.76.25 + address 77.68.76.251 + address 77.68.76.252 + address 77.68.76.33 + address 77.68.76.37 + address 77.68.76.38 + address 77.68.76.49 + address 77.68.76.54 + address 77.68.76.55 + address 77.68.76.57 + address 77.68.76.61 + address 77.68.76.74 + address 77.68.76.80 + address 77.68.76.99 + address 77.68.77.100 + address 77.68.77.103 + address 77.68.77.107 + address 77.68.77.108 + address 77.68.77.117 + address 77.68.77.124 + address 77.68.77.128 + address 77.68.77.129 + address 77.68.77.130 + address 77.68.77.137 + address 77.68.77.139 + address 77.68.77.140 + address 77.68.77.141 + address 77.68.77.150 + address 77.68.77.151 + address 77.68.77.159 + address 77.68.77.171 + address 77.68.77.176 + address 77.68.77.19 + address 77.68.77.190 + address 77.68.77.200 + address 77.68.77.201 + address 77.68.77.203 + address 77.68.77.207 + address 77.68.77.211 + address 77.68.77.212 + address 77.68.77.22 + address 77.68.77.221 + address 77.68.77.227 + address 77.68.77.240 + address 77.68.77.243 + address 77.68.77.247 + address 77.68.77.253 + address 77.68.77.32 + address 77.68.77.33 + address 77.68.77.37 + address 77.68.77.43 + address 77.68.77.49 + address 77.68.77.50 + address 77.68.77.53 + address 77.68.77.56 + address 77.68.77.67 + address 77.68.77.68 + address 77.68.77.77 + address 77.68.77.79 + address 77.68.77.81 + address 77.68.77.85 + address 77.68.77.88 + address 77.68.77.92 + address 77.68.77.99 + address 77.68.76.110 + address 77.68.76.76 + address 77.68.76.211 + address 77.68.76.19 + address 77.68.77.74 + address 77.68.76.165 + address 77.68.77.254 + address 77.68.77.157 + address 77.68.76.138 + address 77.68.76.139 + address 77.68.76.124 + address 77.68.76.243 + address 77.68.76.114 + address 77.68.76.244 + address 77.68.77.192 + address 77.68.77.161 + address 77.68.91.195 + address 77.68.17.26 + address 77.68.28.145 + address 77.68.84.147 + address 109.228.56.185 + address 77.68.26.166 + address 77.68.12.195 + address 77.68.29.178 + address 77.68.5.187 + address 77.68.7.227 + address 77.68.4.24 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.5.241 + address 77.68.4.39 + address 77.68.81.44 + address 77.68.90.106 + address 77.68.27.54 + address 77.68.30.133 + address 77.68.4.136 + address 77.68.24.112 + address 77.68.92.186 + address 77.68.20.161 + address 77.68.26.216 + address 77.68.20.231 + address 77.68.118.17 + address 77.68.116.119 + address 77.68.116.232 + address 77.68.7.172 + address 77.68.116.221 + address 77.68.89.183 + address 77.68.83.41 + address 77.68.86.40 + address 77.68.88.164 + address 109.228.56.26 + address 77.68.7.123 + address 77.68.112.248 + address 109.228.60.215 + address 77.68.7.186 + address 77.68.93.246 + address 77.68.120.241 + address 77.68.121.106 + address 77.68.122.195 + address 77.68.122.89 + address 77.68.122.241 + address 77.68.81.141 + address 77.68.116.52 + address 77.68.6.32 + address 77.68.76.229 + address 77.68.28.207 + address 77.68.4.252 + address 77.68.17.186 + address 77.68.24.220 + address 77.68.22.146 + address 77.68.23.112 + address 77.68.125.32 + address 77.68.72.202 + address 109.228.36.229 + address 77.68.31.144 + address 77.68.2.215 + address 77.68.117.142 + address 77.68.5.166 + address 77.68.76.102 + address 109.228.37.174 + address 109.228.37.114 + address 77.68.76.169 + address 109.228.37.240 + address 77.68.112.75 + address 77.68.77.160 + address 109.228.39.249 + address 77.68.76.77 + address 109.228.40.226 + address 77.68.7.67 + address 77.68.126.51 + address 77.68.75.113 + address 77.68.86.148 + address 77.68.23.35 + address 77.68.114.183 + address 109.228.40.194 + address 77.68.76.31 + address 77.68.90.132 + address 77.68.77.26 + address 77.68.76.96 + address 77.68.77.30 + address 77.68.76.95 + address 77.68.10.170 + address 77.68.120.26 + address 109.228.61.31 + address 77.68.76.59 + address 213.171.213.41 + address 77.68.77.248 + address 213.171.212.171 + address 77.68.4.22 + address 77.68.119.14 + address 213.171.215.184 + address 77.68.77.202 + address 77.68.25.146 + address 213.171.213.31 + address 77.68.78.229 + address 77.68.77.102 + address 213.171.210.19 + address 77.68.24.59 + address 213.171.213.97 + address 213.171.213.242 + address 109.228.48.249 + address 109.228.40.195 + address 77.68.120.229 + address 77.68.79.206 + address 77.68.123.250 + address 77.68.28.147 + address 185.132.36.142 + address 213.171.212.172 + address 185.132.36.148 + address 213.171.208.58 + address 77.68.25.130 + address 185.132.38.142 + address 109.228.56.242 + address 109.228.46.81 + address 185.132.38.95 + address 185.132.37.83 + address 77.68.117.51 + address 77.68.116.36 + address 77.68.120.45 + address 213.171.210.59 + address 213.171.215.43 + address 185.132.37.102 + address 109.228.42.232 + address 109.228.52.186 + address 77.68.9.186 + address 77.68.13.76 + address 109.228.36.194 + address 185.132.36.24 + address 77.68.77.69 + address 185.132.39.129 + address 185.132.36.17 + address 109.228.40.222 + address 77.68.74.39 + address 77.68.118.104 + address 213.171.212.136 + address 77.68.120.31 + address 77.68.74.152 + address 185.132.39.37 + address 77.68.87.212 + address 77.68.119.188 + address 77.68.74.85 + address 77.68.91.22 + address 77.68.76.88 + address 77.68.4.242 + address 77.68.76.181 + address 77.68.76.161 + address 109.228.35.84 + address 185.132.39.99 + address 77.68.95.212 + address 77.68.85.73 + address 77.68.76.219 + address 77.68.27.27 + address 77.68.3.194 + address 77.68.3.144 + address 77.68.3.80 + address 77.68.27.28 + address 77.68.3.247 + address 77.68.3.161 + address 77.68.27.18 + address 77.68.3.121 + address 213.171.214.234 + address 185.132.39.219 + address 77.68.28.139 + address 77.68.81.218 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 213.171.211.128 + address 77.68.5.155 + address 185.132.41.73 + address 213.171.214.167 + address 185.132.43.28 + address 213.171.213.42 + address 77.68.76.45 + address 185.132.41.72 + address 185.132.43.157 + address 185.132.40.56 + address 185.132.37.23 + address 77.68.117.29 + address 77.68.75.253 + address 77.68.11.140 + address 77.68.77.215 + address 77.68.20.217 + address 77.68.76.198 + address 77.68.77.214 + address 213.171.210.177 + address 185.132.38.114 + address 77.68.33.48 + address 77.68.32.89 + address 77.68.32.86 + address 77.68.34.138 + address 77.68.32.83 + address 77.68.75.45 + address 77.68.76.176 + address 185.132.43.164 + address 77.68.76.137 + address 185.132.40.152 + address 77.68.33.68 + address 77.68.93.125 + address 77.68.24.134 + address 185.132.38.248 + address 77.68.32.43 + address 77.68.120.218 + address 77.68.112.167 + address 77.68.32.31 + address 77.68.32.254 + address 77.68.80.26 + address 77.68.80.97 + address 77.68.121.119 + address 77.68.74.209 + address 77.68.77.65 + address 185.132.43.6 + address 109.228.46.196 + address 185.132.43.98 + address 185.132.41.148 + address 77.68.24.172 + address 77.68.33.197 + address 213.171.210.25 + address 77.68.5.95 + address 77.68.23.64 + address 77.68.101.125 + address 77.68.5.125 + address 77.68.100.167 + address 109.228.59.247 + address 77.68.35.116 + address 77.68.33.171 + address 77.68.48.105 + address 77.68.48.81 + address 77.68.49.4 + address 109.228.36.119 + address 77.68.121.127 + address 77.68.82.147 + address 77.68.49.12 + address 77.68.8.144 + address 77.68.116.183 + address 77.68.103.19 + address 77.68.50.91 + address 77.68.24.63 + address 77.68.118.15 + address 77.68.50.198 + address 77.68.49.160 + address 77.68.49.161 + address 77.68.76.191 + address 77.68.76.40 + address 77.68.113.164 + address 77.68.77.42 + address 77.68.100.134 + address 77.68.100.132 + address 77.68.114.93 + address 185.132.36.60 + address 185.132.40.244 + address 77.68.85.18 + address 77.68.50.193 + address 77.68.89.247 + address 88.208.197.10 + address 77.68.102.129 + address 109.228.36.79 + address 185.132.38.182 + address 185.132.41.240 + address 77.68.51.214 + address 88.208.196.123 + address 77.68.126.22 + address 213.171.212.90 + address 77.68.114.205 + address 77.68.48.202 + address 77.68.112.175 + address 77.68.112.90 + address 185.132.40.166 + address 77.68.103.120 + address 77.68.103.147 + address 77.68.33.24 + address 109.228.58.134 + address 109.228.47.223 + address 109.228.56.97 + address 77.68.103.227 + address 88.208.196.92 + address 88.208.196.154 + address 185.132.39.44 + address 77.68.76.248 + address 88.208.198.92 + address 77.68.77.144 + address 77.68.126.14 + address 88.208.196.91 + address 77.68.100.77 + address 185.132.37.101 + address 77.68.87.164 + address 77.68.76.120 + address 77.68.93.164 + address 77.68.76.171 + address 88.208.197.135 + address 88.208.197.118 + address 88.208.197.150 + address 77.68.34.139 + address 213.171.213.175 + address 77.68.21.171 + address 88.208.197.60 + address 109.228.37.10 + address 88.208.215.61 + address 88.208.212.31 + address 109.228.53.243 + address 77.68.48.89 + address 88.208.212.188 + address 88.208.198.251 + address 88.208.215.19 + address 77.68.76.228 + address 109.228.39.41 + address 77.68.115.142 + address 77.68.78.73 + address 213.171.214.96 + address 88.208.198.66 + address 77.68.3.61 + address 77.68.77.219 + address 77.68.26.228 + address 77.68.4.25 + address 77.68.7.114 + address 77.68.123.177 + address 77.68.77.222 + address 77.68.112.83 + address 77.68.117.214 + address 88.208.199.141 + address 185.132.39.109 + address 185.132.37.47 + address 77.68.102.5 + address 77.68.16.247 + address 88.208.212.94 + address 77.68.72.254 + address 109.228.61.37 + address 77.68.50.142 + address 77.68.78.113 + address 88.208.212.182 + address 185.132.40.124 + address 88.208.197.208 + address 88.208.197.129 + address 77.68.77.238 + address 77.68.79.82 + address 185.132.38.216 + } + address-group G-25-TCP { + address 172.16.255.254 + address 77.68.76.115 + address 77.68.76.141 + address 77.68.76.187 + address 77.68.76.195 + address 77.68.76.197 + address 77.68.76.203 + address 77.68.76.209 + address 77.68.76.55 + address 77.68.76.57 + address 77.68.76.75 + address 77.68.76.91 + address 77.68.76.99 + address 77.68.77.107 + address 77.68.77.129 + address 77.68.77.130 + address 77.68.77.141 + address 77.68.77.150 + address 77.68.77.159 + address 77.68.77.171 + address 77.68.77.176 + address 77.68.77.207 + address 77.68.77.22 + address 77.68.77.236 + address 77.68.77.240 + address 77.68.77.243 + address 77.68.77.32 + address 77.68.77.33 + address 77.68.77.49 + address 77.68.77.50 + address 77.68.77.56 + address 77.68.77.63 + address 77.68.77.81 + address 77.68.77.85 + address 77.68.77.92 + address 77.68.77.97 + address 77.68.77.99 + address 77.68.77.77 + address 77.68.76.19 + address 77.68.77.192 + address 77.68.77.254 + address 77.68.76.139 + address 77.68.84.147 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.81.44 + address 77.68.30.133 + address 77.68.77.74 + address 77.68.77.100 + address 77.68.92.186 + address 77.68.76.114 + address 77.68.116.119 + address 77.68.116.221 + address 77.68.116.220 + address 109.228.56.26 + address 77.68.7.123 + address 77.68.120.241 + address 109.228.60.215 + address 77.68.7.172 + address 77.68.116.52 + address 77.68.91.128 + address 77.68.24.112 + address 77.68.76.94 + address 109.228.37.114 + address 77.68.112.75 + address 77.68.77.160 + address 77.68.7.67 + address 77.68.113.117 + address 77.68.126.51 + address 77.68.86.148 + address 77.68.23.35 + address 77.68.77.30 + address 77.68.76.95 + address 77.68.10.170 + address 213.171.213.41 + address 213.171.215.184 + address 77.68.25.146 + address 213.171.213.31 + address 77.68.78.229 + address 213.171.210.19 + address 77.68.79.206 + address 213.171.215.252 + address 109.228.52.186 + address 77.68.77.69 + address 109.228.40.222 + address 77.68.87.212 + address 185.132.39.99 + address 77.68.85.73 + address 77.68.28.139 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 185.132.43.28 + address 185.132.37.23 + address 77.68.77.215 + address 77.68.77.214 + address 185.132.38.114 + address 77.68.33.48 + address 77.68.79.89 + address 77.68.76.21 + address 77.68.76.137 + address 77.68.80.26 + address 77.68.5.95 + address 77.68.100.167 + address 77.68.4.80 + address 77.68.49.152 + address 213.171.208.40 + address 77.68.112.184 + address 77.68.115.17 + address 77.68.82.147 + address 77.68.118.15 + address 77.68.76.191 + address 77.68.50.193 + address 77.68.102.129 + address 77.68.76.118 + address 88.208.198.69 + address 77.68.34.139 + address 88.208.197.60 + address 88.208.212.188 + address 77.68.76.112 + address 77.68.77.75 + address 213.171.214.96 + address 88.208.198.66 + address 77.68.77.219 + address 77.68.77.204 + address 77.68.76.202 + address 77.68.123.177 + address 77.68.77.222 + address 77.68.112.83 + address 185.132.37.47 + address 77.68.77.152 + address 77.68.77.181 + address 77.68.77.185 + address 77.68.77.238 + address 77.68.79.82 + } + address-group G-53-TCP { + address 172.16.255.254 + address 77.68.94.181 + address 77.68.28.145 + address 77.68.84.155 + address 77.68.78.229 + address 185.132.39.99 + address 185.132.43.28 + address 77.68.77.215 + address 185.132.40.152 + address 77.68.49.161 + address 77.68.76.118 + } + address-group G-53-UDP { + address 172.16.255.254 + address 77.68.76.235 + address 77.68.76.93 + address 77.68.77.107 + address 77.68.77.151 + address 77.68.77.37 + address 77.68.76.139 + address 77.68.81.44 + address 77.68.94.181 + address 77.68.28.145 + address 77.68.81.141 + address 77.68.4.252 + address 77.68.125.32 + address 77.68.86.148 + address 77.68.78.229 + address 185.132.43.28 + address 77.68.75.45 + address 185.132.40.152 + address 77.68.4.80 + address 77.68.49.152 + address 77.68.49.161 + address 77.68.34.50 + } + address-group G-80-TCP { + address 172.16.255.254 + address 77.68.76.104 + address 77.68.76.105 + address 77.68.76.115 + address 77.68.76.116 + address 77.68.76.122 + address 77.68.76.126 + address 77.68.76.127 + address 77.68.76.136 + address 77.68.76.141 + address 77.68.76.145 + address 77.68.76.148 + address 77.68.76.150 + address 77.68.76.158 + address 77.68.76.164 + address 77.68.76.177 + address 77.68.76.187 + address 77.68.76.195 + address 77.68.76.197 + address 77.68.76.20 + address 77.68.76.200 + address 77.68.76.203 + address 77.68.76.209 + address 77.68.76.217 + address 77.68.76.22 + address 77.68.76.220 + address 77.68.76.23 + address 77.68.76.231 + address 77.68.76.235 + address 77.68.76.239 + address 77.68.76.241 + address 77.68.76.245 + address 77.68.76.247 + address 77.68.76.25 + address 77.68.76.251 + address 77.68.76.252 + address 77.68.76.33 + address 77.68.76.35 + address 77.68.76.37 + address 77.68.76.38 + address 77.68.76.39 + address 77.68.76.49 + address 77.68.76.50 + address 77.68.76.54 + address 77.68.76.55 + address 77.68.76.57 + address 77.68.76.58 + address 77.68.76.61 + address 77.68.76.74 + address 77.68.76.75 + address 77.68.76.80 + address 77.68.76.91 + address 77.68.76.93 + address 77.68.76.94 + address 77.68.76.99 + address 77.68.77.100 + address 77.68.77.103 + address 77.68.77.107 + address 77.68.77.108 + address 77.68.77.115 + address 77.68.77.117 + address 77.68.77.124 + address 77.68.77.128 + address 77.68.77.129 + address 77.68.77.130 + address 77.68.77.137 + address 77.68.77.139 + address 77.68.77.140 + address 77.68.77.141 + address 77.68.77.150 + address 77.68.77.151 + address 77.68.77.156 + address 77.68.77.159 + address 77.68.77.171 + address 77.68.77.176 + address 77.68.77.178 + address 77.68.77.19 + address 77.68.77.190 + address 77.68.77.199 + address 77.68.77.200 + address 77.68.77.201 + address 77.68.77.203 + address 77.68.77.207 + address 77.68.77.211 + address 77.68.77.212 + address 77.68.77.22 + address 77.68.77.227 + address 77.68.77.228 + address 77.68.77.236 + address 77.68.77.240 + address 77.68.77.243 + address 77.68.77.247 + address 77.68.77.253 + address 77.68.77.32 + address 77.68.77.33 + address 77.68.77.37 + address 77.68.77.49 + address 77.68.77.50 + address 77.68.77.53 + address 77.68.77.56 + address 77.68.77.63 + address 77.68.77.67 + address 77.68.77.68 + address 77.68.77.71 + address 77.68.77.77 + address 77.68.77.79 + address 77.68.77.81 + address 77.68.77.85 + address 77.68.77.88 + address 77.68.77.92 + address 77.68.77.97 + address 77.68.77.99 + address 77.68.76.76 + address 77.68.76.124 + address 77.68.76.211 + address 77.68.76.19 + address 77.68.77.74 + address 77.68.77.192 + address 77.68.76.92 + address 77.68.76.165 + address 77.68.77.254 + address 77.68.77.157 + address 77.68.76.138 + address 77.68.76.139 + address 77.68.76.114 + address 77.68.76.244 + address 77.68.77.161 + address 77.68.77.62 + address 77.68.77.38 + address 77.68.91.195 + address 77.68.17.26 + address 77.68.28.145 + address 109.228.56.185 + address 77.68.84.147 + address 77.68.12.195 + address 77.68.21.78 + address 77.68.5.187 + address 77.68.7.227 + address 77.68.4.24 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.5.241 + address 77.68.4.39 + address 77.68.81.44 + address 77.68.90.106 + address 77.68.94.181 + address 77.68.30.164 + address 77.68.30.133 + address 77.68.4.136 + address 77.68.23.158 + address 77.68.92.186 + address 77.68.24.112 + address 77.68.112.213 + address 77.68.20.161 + address 77.68.26.216 + address 77.68.20.231 + address 77.68.118.17 + address 77.68.116.119 + address 77.68.116.220 + address 77.68.116.232 + address 77.68.76.142 + address 77.68.117.202 + address 77.68.7.172 + address 77.68.116.221 + address 77.68.89.183 + address 77.68.83.41 + address 77.68.86.40 + address 77.68.88.164 + address 109.228.56.26 + address 77.68.7.123 + address 77.68.112.248 + address 109.228.60.215 + address 77.68.7.186 + address 77.68.93.246 + address 77.68.84.155 + address 77.68.120.241 + address 77.68.121.106 + address 77.68.122.195 + address 77.68.122.89 + address 77.68.120.146 + address 77.68.122.241 + address 77.68.119.92 + address 77.68.81.141 + address 77.68.10.142 + address 77.68.116.52 + address 77.68.6.105 + address 77.68.76.229 + address 77.68.95.42 + address 77.68.28.207 + address 77.68.4.252 + address 77.68.17.186 + address 77.68.91.128 + address 77.68.22.146 + address 77.68.23.112 + address 77.68.24.220 + address 77.68.125.32 + address 77.68.76.243 + address 77.68.12.250 + address 77.68.72.202 + address 109.228.36.229 + address 109.228.40.207 + address 77.68.31.144 + address 77.68.2.215 + address 77.68.117.142 + address 77.68.5.166 + address 109.228.37.174 + address 109.228.37.114 + address 77.68.76.169 + address 109.228.37.240 + address 77.68.112.75 + address 77.68.76.30 + address 109.228.35.110 + address 77.68.77.160 + address 77.68.77.208 + address 77.68.76.152 + address 109.228.39.249 + address 77.68.76.77 + address 109.228.40.226 + address 77.68.7.67 + address 77.68.113.117 + address 77.68.126.51 + address 77.68.75.113 + address 77.68.86.148 + address 77.68.23.35 + address 77.68.114.183 + address 109.228.40.194 + address 77.68.76.31 + address 77.68.77.72 + address 77.68.90.132 + address 77.68.6.110 + address 77.68.76.96 + address 77.68.77.30 + address 77.68.76.95 + address 77.68.10.170 + address 77.68.120.26 + address 109.228.61.31 + address 77.68.76.59 + address 77.68.120.249 + address 77.68.6.210 + address 213.171.213.41 + address 77.68.77.248 + address 213.171.212.171 + address 77.68.4.22 + address 77.68.119.14 + address 213.171.215.184 + address 77.68.77.202 + address 77.68.25.146 + address 213.171.213.31 + address 77.68.78.229 + address 77.68.77.102 + address 213.171.210.19 + address 77.68.24.59 + address 213.171.213.97 + address 213.171.213.242 + address 77.68.77.205 + address 109.228.48.249 + address 109.228.40.195 + address 77.68.120.229 + address 77.68.127.172 + address 77.68.79.206 + address 77.68.123.250 + address 77.68.28.147 + address 213.171.212.172 + address 185.132.36.148 + address 213.171.208.58 + address 77.68.25.130 + address 109.228.56.242 + address 109.228.46.81 + address 185.132.38.95 + address 185.132.37.83 + address 77.68.117.51 + address 77.68.116.36 + address 77.68.120.45 + address 77.68.25.124 + address 213.171.210.59 + address 213.171.215.43 + address 213.171.215.252 + address 185.132.37.102 + address 109.228.42.232 + address 109.228.52.186 + address 77.68.9.186 + address 77.68.13.76 + address 109.228.36.194 + address 185.132.36.7 + address 185.132.36.24 + address 77.68.77.69 + address 185.132.39.129 + address 185.132.36.17 + address 109.228.40.222 + address 77.68.118.104 + address 77.68.120.31 + address 77.68.74.152 + address 185.132.39.37 + address 77.68.3.52 + address 77.68.87.212 + address 77.68.76.29 + address 77.68.119.188 + address 77.68.74.85 + address 77.68.91.22 + address 77.68.76.88 + address 77.68.4.242 + address 77.68.76.181 + address 77.68.76.161 + address 185.132.39.99 + address 77.68.95.212 + address 77.68.85.73 + address 77.68.76.219 + address 77.68.27.27 + address 77.68.3.194 + address 77.68.3.144 + address 77.68.3.80 + address 77.68.27.28 + address 77.68.3.247 + address 77.68.3.161 + address 77.68.27.18 + address 77.68.3.121 + address 213.171.214.234 + address 109.228.38.201 + address 185.132.39.219 + address 77.68.28.139 + address 77.68.81.218 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 213.171.211.128 + address 77.68.5.155 + address 185.132.41.73 + address 77.68.77.231 + address 213.171.214.167 + address 185.132.43.28 + address 213.171.213.42 + address 77.68.76.45 + address 185.132.41.72 + address 77.68.92.92 + address 185.132.40.56 + address 185.132.37.23 + address 77.68.117.29 + address 77.68.75.253 + address 77.68.11.140 + address 77.68.77.215 + address 77.68.20.217 + address 77.68.10.152 + address 77.68.73.73 + address 77.68.76.198 + address 77.68.77.214 + address 77.68.9.75 + address 213.171.210.177 + address 77.68.76.160 + address 185.132.38.114 + address 77.68.33.48 + address 185.132.40.90 + address 77.68.79.89 + address 77.68.34.28 + address 77.68.76.21 + address 77.68.75.45 + address 77.68.76.176 + address 77.68.77.95 + address 185.132.39.68 + address 185.132.43.164 + address 77.68.76.137 + address 185.132.40.152 + address 77.68.77.249 + address 77.68.33.68 + address 77.68.24.134 + address 185.132.38.248 + address 77.68.32.43 + address 77.68.120.218 + address 77.68.112.167 + address 77.68.32.31 + address 77.68.32.118 + address 77.68.32.254 + address 77.68.80.26 + address 77.68.17.200 + address 77.68.80.97 + address 77.68.121.119 + address 77.68.74.209 + address 77.68.77.65 + address 185.132.43.6 + address 109.228.46.196 + address 185.132.43.98 + address 77.68.100.150 + address 185.132.41.148 + address 77.68.24.172 + address 77.68.33.197 + address 77.68.5.95 + address 77.68.23.64 + address 77.68.101.124 + address 77.68.5.125 + address 77.68.100.167 + address 77.68.4.80 + address 77.68.49.152 + address 109.228.59.247 + address 213.171.208.40 + address 77.68.112.184 + address 77.68.35.116 + address 77.68.33.171 + address 77.68.76.111 + address 77.68.76.42 + address 77.68.77.120 + address 77.68.76.183 + address 77.68.118.86 + address 77.68.48.105 + address 77.68.48.81 + address 77.68.49.4 + address 109.228.36.119 + address 77.68.34.26 + address 77.68.115.17 + address 77.68.121.127 + address 77.68.82.147 + address 77.68.49.12 + address 77.68.8.144 + address 77.68.116.183 + address 213.171.212.89 + address 77.68.76.44 + address 77.68.77.239 + address 77.68.51.202 + address 77.68.101.64 + address 77.68.103.19 + address 77.68.50.91 + address 77.68.24.63 + address 77.68.118.15 + address 77.68.50.198 + address 77.68.77.59 + address 77.68.49.160 + address 77.68.76.191 + address 77.68.126.101 + address 77.68.113.164 + address 77.68.77.42 + address 77.68.100.134 + address 77.68.100.132 + address 77.68.114.93 + address 185.132.36.60 + address 185.132.40.244 + address 77.68.85.18 + address 213.171.214.102 + address 77.68.50.193 + address 88.208.197.160 + address 88.208.197.10 + address 77.68.102.129 + address 109.228.36.79 + address 185.132.38.182 + address 185.132.41.240 + address 77.68.51.214 + address 88.208.196.123 + address 88.208.215.157 + address 77.68.126.22 + address 77.68.4.180 + address 213.171.212.90 + address 77.68.114.205 + address 185.132.43.71 + address 77.68.77.114 + address 77.68.48.202 + address 77.68.112.175 + address 77.68.112.90 + address 185.132.40.166 + address 77.68.76.118 + address 77.68.103.120 + address 77.68.33.24 + address 109.228.58.134 + address 109.228.47.223 + address 77.68.31.96 + address 77.68.103.227 + address 77.68.76.250 + address 213.171.212.203 + address 88.208.196.92 + address 88.208.196.154 + address 185.132.39.44 + address 77.68.76.248 + address 88.208.198.92 + address 109.228.36.37 + address 77.68.77.144 + address 77.68.126.14 + address 88.208.196.91 + address 77.68.100.77 + address 185.132.37.101 + address 77.68.87.164 + address 77.68.77.76 + address 77.68.76.120 + address 77.68.82.157 + address 77.68.93.164 + address 77.68.76.171 + address 88.208.197.135 + address 88.208.197.118 + address 88.208.197.150 + address 213.171.212.114 + address 88.208.198.69 + address 77.68.34.139 + address 77.68.21.171 + address 88.208.197.60 + address 77.68.85.27 + address 109.228.37.10 + address 88.208.215.61 + address 88.208.199.249 + address 88.208.212.31 + address 109.228.53.243 + address 77.68.48.89 + address 88.208.212.188 + address 88.208.198.251 + address 77.68.76.112 + address 77.68.48.14 + address 88.208.215.19 + address 77.68.103.56 + address 77.68.76.228 + address 77.68.77.75 + address 77.68.117.173 + address 88.208.215.121 + address 109.228.39.41 + address 77.68.88.100 + address 77.68.76.108 + address 77.68.115.142 + address 213.171.214.96 + address 88.208.198.66 + address 88.208.198.64 + address 77.68.3.61 + address 77.68.77.219 + address 77.68.77.204 + address 77.68.26.228 + address 77.68.74.232 + address 77.68.118.88 + address 77.68.76.48 + address 77.68.76.202 + address 77.68.4.25 + address 77.68.7.114 + address 77.68.123.177 + address 88.208.197.23 + address 77.68.114.237 + address 77.68.77.222 + address 77.68.112.83 + address 88.208.199.141 + address 77.68.77.163 + address 185.132.39.109 + address 77.68.77.44 + address 185.132.37.47 + address 77.68.102.5 + address 77.68.16.247 + address 88.208.212.94 + address 77.68.72.254 + address 77.68.77.152 + address 77.68.50.142 + address 88.208.199.46 + address 77.68.78.113 + address 88.208.212.182 + address 77.68.77.181 + address 77.68.15.95 + address 77.68.75.64 + address 213.171.212.71 + address 185.132.40.124 + address 88.208.197.208 + address 88.208.197.129 + address 77.68.76.60 + address 77.68.6.119 + address 77.68.77.185 + address 77.68.77.238 + address 77.68.79.82 + address 109.228.39.151 + } + address-group G-110-TCP { + address 172.16.255.254 + address 77.68.76.187 + address 77.68.77.107 + address 77.68.77.128 + address 77.68.77.129 + address 77.68.77.171 + address 77.68.77.176 + address 77.68.77.190 + address 77.68.77.207 + address 77.68.77.22 + address 77.68.77.33 + address 77.68.77.49 + address 77.68.77.92 + address 77.68.77.77 + address 77.68.76.19 + address 77.68.77.192 + address 77.68.84.147 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.116.119 + address 77.68.116.221 + address 77.68.120.241 + address 109.228.60.215 + address 77.68.116.52 + address 77.68.126.51 + address 77.68.23.35 + address 77.68.76.95 + address 213.171.215.184 + address 77.68.25.146 + address 77.68.79.206 + address 213.171.215.252 + address 109.228.52.186 + address 109.228.40.222 + address 185.132.39.99 + address 77.68.77.214 + address 185.132.38.114 + address 77.68.79.89 + address 77.68.5.95 + address 77.68.100.167 + address 77.68.4.80 + address 77.68.49.152 + address 213.171.208.40 + address 77.68.50.193 + address 77.68.102.129 + address 88.208.198.69 + address 88.208.212.188 + address 88.208.198.66 + address 77.68.4.25 + address 77.68.7.114 + address 77.68.123.177 + address 77.68.77.185 + address 77.68.77.238 + } + address-group G-143-TCP { + address 172.16.255.254 + address 77.68.76.115 + address 77.68.76.123 + address 77.68.76.187 + address 77.68.77.129 + address 77.68.77.130 + address 77.68.77.141 + address 77.68.77.171 + address 77.68.77.176 + address 77.68.77.207 + address 77.68.77.22 + address 77.68.77.33 + address 77.68.77.49 + address 77.68.77.50 + address 77.68.77.92 + address 77.68.77.77 + address 77.68.77.192 + address 77.68.84.147 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.81.44 + address 77.68.92.186 + address 77.68.116.119 + address 77.68.116.221 + address 109.228.60.215 + address 77.68.7.172 + address 77.68.116.52 + address 77.68.24.112 + address 77.68.77.107 + address 77.68.112.75 + address 77.68.7.67 + address 77.68.126.51 + address 77.68.23.35 + address 77.68.76.95 + address 213.171.215.184 + address 77.68.25.146 + address 213.171.213.31 + address 213.171.210.19 + address 77.68.79.206 + address 77.68.77.69 + address 109.228.40.222 + address 185.132.39.99 + address 77.68.117.222 + address 77.68.33.48 + address 77.68.79.89 + address 77.68.5.95 + address 77.68.100.167 + address 77.68.4.80 + address 77.68.49.152 + address 213.171.208.40 + address 77.68.115.17 + address 77.68.102.129 + address 88.208.198.69 + address 77.68.34.139 + address 88.208.212.188 + address 88.208.198.66 + address 77.68.77.204 + address 77.68.4.25 + address 77.68.7.114 + address 77.68.123.177 + address 77.68.77.222 + address 77.68.112.83 + } + address-group G-443-TCP { + address 172.16.255.254 + address 77.68.76.104 + address 77.68.76.105 + address 77.68.76.115 + address 77.68.76.116 + address 77.68.76.122 + address 77.68.76.126 + address 77.68.76.127 + address 77.68.76.136 + address 77.68.76.141 + address 77.68.76.145 + address 77.68.76.148 + address 77.68.76.150 + address 77.68.76.158 + address 77.68.76.164 + address 77.68.76.177 + address 77.68.76.187 + address 77.68.76.195 + address 77.68.76.197 + address 77.68.76.20 + address 77.68.76.200 + address 77.68.76.203 + address 77.68.76.209 + address 77.68.76.217 + address 77.68.76.22 + address 77.68.76.220 + address 77.68.76.23 + address 77.68.76.231 + address 77.68.76.235 + address 77.68.76.239 + address 77.68.76.241 + address 77.68.76.245 + address 77.68.76.25 + address 77.68.76.252 + address 77.68.76.33 + address 77.68.76.35 + address 77.68.76.37 + address 77.68.76.38 + address 77.68.76.39 + address 77.68.76.49 + address 77.68.76.50 + address 77.68.76.54 + address 77.68.76.55 + address 77.68.76.57 + address 77.68.76.58 + address 77.68.76.61 + address 77.68.76.74 + address 77.68.76.75 + address 77.68.76.80 + address 77.68.76.91 + address 77.68.76.93 + address 77.68.76.94 + address 77.68.76.99 + address 77.68.77.100 + address 77.68.77.103 + address 77.68.77.107 + address 77.68.77.108 + address 77.68.77.117 + address 77.68.77.124 + address 77.68.77.128 + address 77.68.77.129 + address 77.68.77.130 + address 77.68.77.137 + address 77.68.77.139 + address 77.68.77.140 + address 77.68.77.141 + address 77.68.77.150 + address 77.68.77.151 + address 77.68.77.156 + address 77.68.77.159 + address 77.68.77.171 + address 77.68.77.176 + address 77.68.77.178 + address 77.68.77.19 + address 77.68.77.190 + address 77.68.77.199 + address 77.68.77.200 + address 77.68.77.201 + address 77.68.77.203 + address 77.68.77.207 + address 77.68.77.211 + address 77.68.77.212 + address 77.68.77.22 + address 77.68.77.221 + address 77.68.77.227 + address 77.68.77.228 + address 77.68.77.236 + address 77.68.77.240 + address 77.68.77.243 + address 77.68.77.247 + address 77.68.77.253 + address 77.68.77.32 + address 77.68.77.33 + address 77.68.77.37 + address 77.68.77.49 + address 77.68.77.50 + address 77.68.77.53 + address 77.68.77.56 + address 77.68.77.63 + address 77.68.77.67 + address 77.68.77.68 + address 77.68.77.71 + address 77.68.77.77 + address 77.68.77.79 + address 77.68.77.81 + address 77.68.77.85 + address 77.68.77.88 + address 77.68.77.92 + address 77.68.77.97 + address 77.68.77.99 + address 77.68.76.76 + address 77.68.76.124 + address 77.68.76.211 + address 77.68.76.19 + address 77.68.76.110 + address 77.68.77.74 + address 77.68.77.192 + address 77.68.76.92 + address 77.68.76.165 + address 77.68.77.254 + address 77.68.77.157 + address 77.68.76.138 + address 77.68.76.139 + address 77.68.76.114 + address 77.68.76.244 + address 77.68.77.161 + address 77.68.77.38 + address 77.68.91.195 + address 77.68.17.26 + address 77.68.28.145 + address 109.228.56.185 + address 77.68.84.147 + address 77.68.12.195 + address 77.68.21.78 + address 77.68.5.187 + address 77.68.7.227 + address 77.68.4.24 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.5.241 + address 77.68.4.39 + address 77.68.81.44 + address 77.68.90.106 + address 77.68.94.181 + address 77.68.30.164 + address 77.68.30.133 + address 77.68.4.136 + address 77.68.23.158 + address 77.68.24.112 + address 77.68.92.186 + address 77.68.20.161 + address 77.68.112.213 + address 77.68.26.216 + address 77.68.20.231 + address 77.68.118.17 + address 77.68.116.119 + address 77.68.116.220 + address 77.68.116.232 + address 77.68.76.142 + address 77.68.117.202 + address 77.68.7.172 + address 77.68.116.221 + address 77.68.89.183 + address 77.68.83.41 + address 77.68.86.40 + address 77.68.88.164 + address 109.228.56.26 + address 77.68.7.123 + address 77.68.112.248 + address 109.228.60.215 + address 77.68.7.186 + address 77.68.93.246 + address 77.68.84.155 + address 77.68.120.241 + address 77.68.121.106 + address 77.68.122.195 + address 77.68.122.89 + address 77.68.120.146 + address 77.68.122.241 + address 77.68.81.141 + address 77.68.116.52 + address 77.68.6.105 + address 77.68.76.229 + address 77.68.95.42 + address 77.68.28.207 + address 77.68.4.252 + address 77.68.17.186 + address 77.68.91.128 + address 77.68.22.146 + address 77.68.23.112 + address 77.68.24.220 + address 77.68.125.32 + address 77.68.12.250 + address 77.68.76.243 + address 77.68.72.202 + address 109.228.36.229 + address 109.228.40.207 + address 77.68.31.144 + address 77.68.2.215 + address 77.68.117.142 + address 77.68.5.166 + address 77.68.76.102 + address 109.228.37.174 + address 109.228.37.114 + address 109.228.37.240 + address 77.68.112.75 + address 77.68.76.30 + address 109.228.35.110 + address 77.68.77.160 + address 77.68.77.208 + address 77.68.76.152 + address 109.228.39.249 + address 77.68.76.77 + address 77.68.7.160 + address 109.228.40.226 + address 77.68.7.67 + address 77.68.113.117 + address 77.68.126.51 + address 77.68.75.113 + address 77.68.86.148 + address 77.68.114.183 + address 109.228.40.194 + address 77.68.76.31 + address 77.68.77.72 + address 77.68.90.132 + address 77.68.6.110 + address 77.68.77.26 + address 77.68.76.96 + address 77.68.77.30 + address 77.68.76.95 + address 77.68.10.170 + address 77.68.76.234 + address 77.68.120.26 + address 109.228.61.31 + address 77.68.76.59 + address 77.68.120.249 + address 77.68.6.210 + address 213.171.213.41 + address 77.68.77.248 + address 213.171.212.171 + address 77.68.4.22 + address 77.68.119.14 + address 213.171.215.184 + address 77.68.77.202 + address 77.68.25.146 + address 213.171.213.31 + address 77.68.78.229 + address 77.68.77.102 + address 213.171.210.19 + address 77.68.24.59 + address 213.171.213.97 + address 213.171.213.242 + address 77.68.77.205 + address 109.228.48.249 + address 109.228.40.195 + address 77.68.120.229 + address 77.68.127.172 + address 77.68.79.206 + address 77.68.123.250 + address 77.68.28.147 + address 213.171.212.172 + address 185.132.36.148 + address 213.171.208.58 + address 77.68.25.130 + address 109.228.56.242 + address 109.228.46.81 + address 185.132.38.95 + address 185.132.37.83 + address 77.68.117.51 + address 77.68.116.36 + address 77.68.120.45 + address 77.68.25.124 + address 213.171.210.59 + address 213.171.215.43 + address 213.171.215.252 + address 185.132.37.102 + address 109.228.42.232 + address 109.228.52.186 + address 77.68.9.186 + address 77.68.13.76 + address 109.228.36.194 + address 185.132.36.7 + address 185.132.36.24 + address 77.68.77.69 + address 185.132.39.129 + address 185.132.36.17 + address 109.228.40.222 + address 77.68.118.104 + address 77.68.120.31 + address 77.68.74.152 + address 185.132.39.37 + address 77.68.3.52 + address 77.68.87.212 + address 77.68.76.29 + address 77.68.119.188 + address 77.68.74.85 + address 77.68.91.22 + address 77.68.76.88 + address 77.68.4.242 + address 77.68.76.181 + address 77.68.76.161 + address 185.132.39.99 + address 77.68.95.212 + address 77.68.76.219 + address 77.68.27.27 + address 77.68.3.194 + address 77.68.3.144 + address 77.68.3.80 + address 77.68.27.28 + address 77.68.3.247 + address 77.68.3.161 + address 77.68.27.18 + address 77.68.3.121 + address 213.171.214.234 + address 109.228.38.201 + address 185.132.39.219 + address 77.68.28.139 + address 77.68.81.218 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 213.171.211.128 + address 77.68.5.155 + address 77.68.77.231 + address 213.171.214.167 + address 185.132.43.28 + address 213.171.213.42 + address 77.68.76.45 + address 77.68.92.92 + address 77.68.77.233 + address 185.132.40.56 + address 185.132.37.23 + address 77.68.117.29 + address 77.68.75.253 + address 77.68.11.140 + address 77.68.77.215 + address 77.68.20.217 + address 77.68.10.152 + address 77.68.73.73 + address 77.68.76.198 + address 77.68.77.214 + address 77.68.9.75 + address 213.171.210.177 + address 77.68.77.70 + address 77.68.77.149 + address 77.68.76.160 + address 185.132.38.114 + address 77.68.33.48 + address 185.132.40.90 + address 77.68.79.89 + address 77.68.34.28 + address 77.68.76.21 + address 77.68.75.45 + address 77.68.76.176 + address 77.68.77.95 + address 185.132.39.68 + address 185.132.43.164 + address 77.68.76.137 + address 185.132.40.152 + address 77.68.77.249 + address 77.68.24.134 + address 185.132.38.248 + address 77.68.32.43 + address 77.68.120.218 + address 77.68.112.167 + address 77.68.32.31 + address 77.68.32.118 + address 77.68.32.254 + address 77.68.80.26 + address 77.68.17.200 + address 77.68.80.97 + address 77.68.121.119 + address 77.68.74.209 + address 77.68.77.65 + address 185.132.43.6 + address 109.228.46.196 + address 185.132.43.98 + address 77.68.100.150 + address 185.132.41.148 + address 77.68.24.172 + address 77.68.33.197 + address 77.68.5.95 + address 77.68.23.64 + address 77.68.101.124 + address 77.68.5.125 + address 77.68.100.167 + address 77.68.4.80 + address 77.68.49.152 + address 109.228.59.247 + address 213.171.208.40 + address 77.68.112.184 + address 77.68.35.116 + address 185.132.40.11 + address 77.68.33.171 + address 77.68.76.111 + address 77.68.76.42 + address 77.68.77.120 + address 77.68.76.183 + address 77.68.118.86 + address 77.68.48.105 + address 77.68.48.81 + address 77.68.49.4 + address 109.228.36.119 + address 77.68.34.26 + address 77.68.115.17 + address 77.68.82.147 + address 77.68.49.12 + address 77.68.8.144 + address 77.68.51.202 + address 77.68.101.64 + address 77.68.103.19 + address 77.68.50.91 + address 77.68.24.63 + address 77.68.118.15 + address 77.68.50.198 + address 77.68.77.59 + address 77.68.49.160 + address 77.68.76.191 + address 77.68.126.101 + address 77.68.76.40 + address 77.68.77.42 + address 77.68.100.134 + address 77.68.100.132 + address 77.68.114.93 + address 185.132.36.60 + address 185.132.40.244 + address 77.68.85.18 + address 213.171.214.102 + address 77.68.50.193 + address 88.208.197.160 + address 88.208.197.10 + address 77.68.102.129 + address 109.228.36.79 + address 185.132.38.182 + address 185.132.41.240 + address 77.68.51.214 + address 88.208.196.123 + address 88.208.215.157 + address 77.68.126.22 + address 77.68.4.180 + address 213.171.212.90 + address 77.68.114.205 + address 185.132.43.71 + address 88.208.215.62 + address 77.68.77.114 + address 77.68.48.202 + address 77.68.112.175 + address 77.68.112.90 + address 185.132.40.166 + address 77.68.76.118 + address 77.68.103.120 + address 77.68.33.24 + address 109.228.58.134 + address 109.228.47.223 + address 77.68.31.96 + address 77.68.103.227 + address 213.171.212.203 + address 88.208.196.92 + address 88.208.196.154 + address 185.132.39.44 + address 77.68.76.248 + address 88.208.198.92 + address 109.228.36.37 + address 77.68.77.144 + address 77.68.126.14 + address 88.208.196.91 + address 77.68.100.77 + address 185.132.37.101 + address 77.68.87.164 + address 77.68.77.76 + address 77.68.76.120 + address 77.68.82.157 + address 77.68.93.164 + address 77.68.76.171 + address 88.208.197.135 + address 88.208.197.118 + address 88.208.197.150 + address 88.208.198.69 + address 77.68.34.139 + address 77.68.21.171 + address 88.208.197.60 + address 77.68.85.27 + address 109.228.37.10 + address 88.208.215.61 + address 88.208.199.249 + address 88.208.212.31 + address 109.228.53.243 + address 77.68.48.89 + address 88.208.212.188 + address 88.208.198.251 + address 77.68.76.112 + address 77.68.48.14 + address 88.208.215.19 + address 77.68.77.75 + address 77.68.117.173 + address 88.208.215.121 + address 109.228.39.41 + address 77.68.88.100 + address 77.68.76.108 + address 77.68.115.142 + address 77.68.33.216 + address 77.68.33.37 + address 77.68.50.90 + address 213.171.214.96 + address 88.208.198.66 + address 88.208.198.64 + address 77.68.3.61 + address 77.68.77.219 + address 77.68.77.204 + address 77.68.26.228 + address 77.68.74.232 + address 77.68.118.88 + address 77.68.77.46 + address 77.68.76.48 + address 77.68.76.202 + address 77.68.4.25 + address 77.68.7.114 + address 88.208.197.23 + address 77.68.114.237 + address 77.68.77.222 + address 77.68.112.83 + address 77.68.117.214 + address 88.208.199.141 + address 77.68.77.163 + address 185.132.39.109 + address 77.68.77.44 + address 185.132.37.47 + address 77.68.102.5 + address 77.68.16.247 + address 88.208.212.94 + address 77.68.72.254 + address 77.68.76.212 + address 77.68.77.152 + address 77.68.50.142 + address 88.208.199.46 + address 77.68.78.113 + address 88.208.212.182 + address 77.68.77.181 + address 77.68.15.95 + address 77.68.75.64 + address 213.171.212.71 + address 185.132.40.124 + address 88.208.197.208 + address 88.208.197.129 + address 77.68.76.60 + address 77.68.6.119 + address 77.68.77.185 + address 77.68.77.238 + address 77.68.27.57 + address 77.68.118.102 + address 77.68.79.82 + address 109.228.39.151 + } + address-group G-465-TCP { + address 172.16.255.254 + address 77.68.76.115 + address 77.68.76.141 + address 77.68.76.187 + address 77.68.76.197 + address 77.68.76.209 + address 77.68.76.99 + address 77.68.77.107 + address 77.68.77.129 + address 77.68.77.130 + address 77.68.77.141 + address 77.68.77.150 + address 77.68.77.171 + address 77.68.77.176 + address 77.68.77.190 + address 77.68.77.207 + address 77.68.77.22 + address 77.68.77.32 + address 77.68.77.33 + address 77.68.77.63 + address 77.68.77.92 + address 77.68.77.99 + address 77.68.77.77 + address 77.68.77.192 + address 77.68.84.147 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.77.74 + address 77.68.77.100 + address 77.68.116.221 + address 109.228.60.215 + address 77.68.116.52 + address 77.68.7.172 + address 77.68.95.42 + address 77.68.91.128 + address 77.68.24.112 + address 109.228.37.114 + address 77.68.112.75 + address 77.68.7.67 + address 77.68.113.117 + address 77.68.126.51 + address 77.68.23.35 + address 77.68.10.170 + address 77.68.76.234 + address 213.171.213.31 + address 77.68.78.229 + address 213.171.210.19 + address 109.228.52.186 + address 77.68.77.69 + address 109.228.40.222 + address 77.68.87.212 + address 77.68.28.139 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 185.132.43.28 + address 77.68.77.214 + address 185.132.38.114 + address 77.68.33.48 + address 77.68.79.89 + address 77.68.76.21 + address 77.68.80.26 + address 77.68.5.95 + address 77.68.100.167 + address 77.68.4.80 + address 77.68.49.152 + address 77.68.112.184 + address 77.68.115.17 + address 77.68.82.147 + address 77.68.50.193 + address 88.208.215.61 + address 213.171.214.96 + address 88.208.198.66 + address 77.68.77.204 + address 77.68.123.177 + address 77.68.77.222 + address 77.68.112.83 + address 77.68.77.185 + address 77.68.79.82 + } + address-group G-587-TCP { + address 172.16.255.254 + address 77.68.76.141 + address 77.68.76.187 + address 77.68.76.197 + address 77.68.76.209 + address 77.68.77.128 + address 77.68.77.129 + address 77.68.77.141 + address 77.68.77.171 + address 77.68.77.190 + address 77.68.77.207 + address 77.68.77.32 + address 77.68.77.33 + address 77.68.77.63 + address 77.68.77.85 + address 77.68.77.92 + address 77.68.77.99 + address 77.68.77.77 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.81.44 + address 77.68.77.100 + address 77.68.92.186 + address 77.68.116.119 + address 77.68.116.221 + address 77.68.120.241 + address 109.228.60.215 + address 77.68.122.241 + address 77.68.116.52 + address 77.68.91.128 + address 77.68.24.112 + address 77.68.77.107 + address 109.228.37.114 + address 77.68.112.75 + address 77.68.77.160 + address 77.68.113.117 + address 77.68.126.51 + address 77.68.23.35 + address 77.68.76.95 + address 77.68.10.170 + address 77.68.76.234 + address 213.171.213.41 + address 213.171.213.31 + address 77.68.78.229 + address 213.171.210.19 + address 109.228.52.186 + address 109.228.40.222 + address 77.68.87.212 + address 185.132.39.219 + address 77.68.28.139 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 185.132.43.28 + address 77.68.77.215 + address 77.68.77.214 + address 185.132.38.114 + address 77.68.33.48 + address 77.68.76.21 + address 77.68.100.167 + address 77.68.4.80 + address 77.68.49.152 + address 77.68.112.184 + address 77.68.115.17 + address 77.68.82.147 + address 77.68.76.191 + address 77.68.50.193 + address 77.68.77.114 + address 88.208.215.61 + address 77.68.76.112 + address 77.68.33.216 + address 77.68.33.37 + address 77.68.50.90 + address 88.208.198.66 + address 77.68.77.219 + address 77.68.123.177 + address 77.68.77.222 + address 77.68.112.83 + address 77.68.77.152 + address 77.68.79.82 + } + address-group G-993-TCP { + address 172.16.255.254 + address 77.68.76.115 + address 77.68.77.129 + address 77.68.77.130 + address 77.68.77.141 + address 77.68.77.150 + address 77.68.77.171 + address 77.68.77.176 + address 77.68.77.190 + address 77.68.77.207 + address 77.68.77.22 + address 77.68.77.33 + address 77.68.77.49 + address 77.68.77.56 + address 77.68.77.77 + address 77.68.77.192 + address 77.68.84.147 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.81.44 + address 77.68.77.74 + address 77.68.77.100 + address 77.68.92.186 + address 77.68.116.119 + address 77.68.116.221 + address 77.68.120.241 + address 77.68.7.172 + address 77.68.91.128 + address 77.68.23.112 + address 77.68.24.112 + address 77.68.77.107 + address 109.228.37.114 + address 77.68.112.75 + address 77.68.7.67 + address 77.68.113.117 + address 77.68.126.51 + address 77.68.86.148 + address 77.68.23.35 + address 77.68.76.95 + address 213.171.215.184 + address 77.68.25.146 + address 213.171.213.31 + address 213.171.210.19 + address 77.68.79.206 + address 77.68.123.250 + address 77.68.77.69 + address 109.228.40.222 + address 77.68.87.212 + address 77.68.91.22 + address 185.132.39.99 + address 77.68.28.139 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 77.68.5.155 + address 185.132.43.28 + address 77.68.77.215 + address 77.68.10.152 + address 77.68.73.73 + address 77.68.77.214 + address 185.132.38.114 + address 77.68.33.48 + address 77.68.79.89 + address 77.68.5.95 + address 77.68.4.80 + address 77.68.49.152 + address 213.171.208.40 + address 77.68.115.17 + address 77.68.103.19 + address 185.132.36.60 + address 185.132.40.244 + address 88.208.197.10 + address 77.68.102.129 + address 88.208.215.157 + address 88.208.198.69 + address 88.208.212.188 + address 213.171.214.96 + address 88.208.198.66 + address 77.68.77.204 + address 77.68.74.232 + address 77.68.4.25 + address 77.68.7.114 + address 77.68.123.177 + address 77.68.77.222 + address 77.68.112.83 + address 77.68.79.82 + } + address-group G-995-TCP { + address 172.16.255.254 + address 77.68.76.115 + address 77.68.77.129 + address 77.68.77.171 + address 77.68.77.176 + address 77.68.77.190 + address 77.68.77.22 + address 77.68.77.33 + address 77.68.77.92 + address 77.68.77.77 + address 77.68.84.147 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.77.74 + address 77.68.77.100 + address 77.68.116.221 + address 77.68.120.241 + address 77.68.7.172 + address 77.68.95.42 + address 77.68.91.128 + address 77.68.23.112 + address 77.68.24.112 + address 77.68.77.107 + address 109.228.37.114 + address 77.68.7.67 + address 77.68.126.51 + address 77.68.79.206 + address 77.68.123.250 + address 109.228.52.186 + address 109.228.40.222 + address 77.68.91.22 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.5.155 + address 185.132.43.28 + address 77.68.77.214 + address 185.132.38.114 + address 77.68.79.89 + address 77.68.80.26 + address 77.68.4.80 + address 77.68.49.152 + address 77.68.103.19 + address 77.68.50.193 + address 88.208.197.10 + address 213.171.214.96 + address 88.208.198.66 + address 77.68.74.232 + address 77.68.4.25 + address 77.68.7.114 + address 77.68.77.185 + } + address-group G-1433-TCP { + address 172.16.255.254 + address 77.68.76.94 + address 77.68.30.164 + address 77.68.10.142 + address 77.68.77.95 + address 77.68.126.101 + address 77.68.76.118 + address 77.68.77.75 + } + address-group G-3306-TCP { + address 172.16.255.254 + address 77.68.76.127 + address 77.68.76.187 + address 77.68.76.252 + address 77.68.76.55 + address 77.68.76.80 + address 77.68.77.21 + address 77.68.77.63 + address 77.68.77.81 + address 77.68.77.85 + address 77.68.77.92 + address 77.68.76.241 + address 109.228.56.185 + address 77.68.28.145 + address 77.68.76.114 + address 77.68.17.26 + address 77.68.120.241 + address 77.68.6.32 + address 77.68.91.128 + address 109.228.37.114 + address 77.68.76.169 + address 77.68.76.77 + address 77.68.113.117 + address 77.68.86.148 + address 77.68.76.234 + address 77.68.76.59 + address 77.68.77.202 + address 77.68.28.147 + address 109.228.52.186 + address 77.68.117.222 + address 213.171.213.42 + address 77.68.75.253 + address 77.68.77.215 + address 77.68.79.89 + address 77.68.118.15 + address 109.228.36.79 + address 77.68.33.216 + address 77.68.33.37 + address 77.68.50.90 + address 77.68.76.48 + address 77.68.77.222 + address 77.68.112.83 + address 77.68.77.44 + address 88.208.212.94 + } + address-group G-3389-TCP { + address 172.16.255.254 + address 77.68.76.116 + address 77.68.76.150 + address 77.68.76.203 + address 77.68.76.220 + address 77.68.76.23 + address 77.68.76.241 + address 77.68.76.35 + address 77.68.76.39 + address 77.68.76.47 + address 77.68.76.49 + address 77.68.76.50 + address 77.68.76.58 + address 77.68.76.75 + address 77.68.76.91 + address 77.68.76.93 + address 77.68.76.94 + address 77.68.76.99 + address 77.68.77.115 + address 77.68.77.156 + address 77.68.77.178 + address 77.68.77.199 + address 77.68.77.236 + address 77.68.77.63 + address 77.68.77.71 + address 77.68.77.97 + address 77.68.77.99 + address 77.68.76.107 + address 77.68.76.26 + address 77.68.76.92 + address 77.68.77.38 + address 77.68.21.78 + address 77.68.94.181 + address 77.68.30.164 + address 77.68.23.158 + address 77.68.27.54 + address 77.68.76.142 + address 77.68.117.202 + address 77.68.116.220 + address 77.68.84.155 + address 77.68.120.146 + address 77.68.119.92 + address 77.68.10.142 + address 77.68.6.105 + address 77.68.4.252 + address 77.68.127.151 + address 77.68.77.228 + address 109.228.40.207 + address 77.68.77.24 + address 109.228.35.110 + address 77.68.76.152 + address 77.68.76.77 + address 77.68.113.117 + address 77.68.6.110 + address 77.68.76.96 + address 77.68.127.172 + address 185.132.37.83 + address 77.68.25.124 + address 77.68.3.52 + address 77.68.114.234 + address 77.68.85.73 + address 109.228.38.201 + address 77.68.26.221 + address 77.68.10.152 + address 77.68.73.73 + address 77.68.76.198 + address 77.68.9.75 + address 77.68.79.89 + address 77.68.77.95 + address 77.68.77.65 + address 77.68.100.150 + address 77.68.101.125 + address 77.68.101.124 + address 213.171.208.40 + address 77.68.12.45 + address 77.68.118.86 + address 77.68.77.59 + address 77.68.126.101 + address 213.171.214.102 + address 88.208.197.160 + address 88.208.215.157 + address 77.68.4.180 + address 185.132.43.71 + address 77.68.31.96 + address 109.228.36.37 + address 77.68.77.76 + address 77.68.82.157 + address 109.228.37.10 + address 77.68.77.75 + address 77.68.117.173 + address 88.208.215.121 + address 77.68.115.142 + address 77.68.33.216 + address 77.68.33.37 + address 77.68.50.90 + address 88.208.198.64 + address 77.68.118.88 + address 77.68.114.237 + address 77.68.50.142 + address 77.68.15.95 + address 77.68.75.64 + address 77.68.77.238 + } + address-group G-8080-TCP { + address 172.16.255.254 + address 77.68.76.57 + address 77.68.76.243 + address 77.68.28.145 + address 77.68.76.114 + address 77.68.76.157 + address 77.68.77.248 + address 77.68.77.202 + address 77.68.24.59 + address 77.68.81.218 + address 77.68.77.105 + address 185.132.40.152 + address 109.228.36.119 + address 77.68.121.127 + address 77.68.116.183 + address 77.68.34.139 + address 77.68.88.100 + address 77.68.77.222 + address 77.68.112.83 + address 77.68.77.163 + address 88.208.212.94 + address 77.68.78.113 + address 77.68.15.95 + address 213.171.212.71 + } + address-group G-8443-TCP { + address 172.16.255.254 + address 77.68.76.104 + address 77.68.76.105 + address 77.68.76.127 + address 77.68.76.136 + address 77.68.76.141 + address 77.68.76.148 + address 77.68.76.150 + address 77.68.76.158 + address 77.68.76.187 + address 77.68.76.195 + address 77.68.76.197 + address 77.68.76.20 + address 77.68.76.200 + address 77.68.76.209 + address 77.68.76.217 + address 77.68.76.22 + address 77.68.76.231 + address 77.68.76.235 + address 77.68.76.239 + address 77.68.76.245 + address 77.68.76.247 + address 77.68.76.249 + address 77.68.76.25 + address 77.68.76.251 + address 77.68.76.252 + address 77.68.76.33 + address 77.68.76.37 + address 77.68.76.57 + address 77.68.76.61 + address 77.68.76.74 + address 77.68.76.80 + address 77.68.76.93 + address 77.68.77.100 + address 77.68.77.103 + address 77.68.77.107 + address 77.68.77.108 + address 77.68.77.115 + address 77.68.77.117 + address 77.68.77.128 + address 77.68.77.130 + address 77.68.77.137 + address 77.68.77.139 + address 77.68.77.140 + address 77.68.77.141 + address 77.68.77.151 + address 77.68.77.159 + address 77.68.77.176 + address 77.68.77.190 + address 77.68.77.200 + address 77.68.77.201 + address 77.68.77.207 + address 77.68.77.211 + address 77.68.77.22 + address 77.68.77.227 + address 77.68.77.240 + address 77.68.77.247 + address 77.68.77.253 + address 77.68.77.32 + address 77.68.77.37 + address 77.68.77.49 + address 77.68.77.50 + address 77.68.77.56 + address 77.68.77.68 + address 77.68.77.81 + address 77.68.77.85 + address 77.68.77.88 + address 77.68.77.92 + address 77.68.77.99 + address 77.68.76.211 + address 77.68.76.19 + address 77.68.77.192 + address 77.68.77.254 + address 77.68.77.157 + address 77.68.76.138 + address 77.68.76.139 + address 77.68.76.243 + address 77.68.77.38 + address 77.68.77.62 + address 77.68.91.195 + address 77.68.17.26 + address 77.68.84.147 + address 109.228.56.185 + address 77.68.5.187 + address 77.68.4.24 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.5.241 + address 77.68.77.74 + address 77.68.76.115 + address 77.68.81.44 + address 77.68.90.106 + address 77.68.94.181 + address 77.68.30.133 + address 77.68.4.136 + address 77.68.28.145 + address 77.68.24.112 + address 77.68.92.186 + address 77.68.26.216 + address 77.68.20.231 + address 77.68.118.17 + address 77.68.116.119 + address 77.68.76.142 + address 77.68.7.172 + address 77.68.116.221 + address 77.68.89.183 + address 77.68.83.41 + address 77.68.86.40 + address 77.68.88.164 + address 109.228.56.26 + address 77.68.7.123 + address 77.68.116.220 + address 109.228.60.215 + address 77.68.7.186 + address 77.68.93.246 + address 77.68.120.241 + address 77.68.122.195 + address 77.68.122.89 + address 77.68.81.141 + address 77.68.116.52 + address 77.68.6.105 + address 77.68.76.229 + address 77.68.4.252 + address 77.68.17.186 + address 77.68.91.128 + address 77.68.22.146 + address 77.68.125.32 + address 109.228.36.229 + address 77.68.31.144 + address 77.68.117.142 + address 109.228.37.174 + address 109.228.37.114 + address 77.68.76.169 + address 77.68.112.75 + address 77.68.77.160 + address 109.228.39.249 + address 77.68.7.67 + address 77.68.113.117 + address 77.68.126.51 + address 77.68.86.148 + address 77.68.114.183 + address 109.228.40.194 + address 77.68.90.132 + address 77.68.77.26 + address 77.68.76.96 + address 77.68.77.30 + address 77.68.76.95 + address 77.68.10.170 + address 77.68.120.26 + address 109.228.61.31 + address 77.68.76.59 + address 77.68.120.249 + address 213.171.213.41 + address 77.68.119.14 + address 213.171.215.184 + address 77.68.77.202 + address 77.68.25.146 + address 213.171.213.31 + address 77.68.77.102 + address 213.171.210.19 + address 213.171.213.97 + address 109.228.48.249 + address 109.228.40.195 + address 77.68.127.172 + address 77.68.79.206 + address 109.228.56.242 + address 109.228.46.81 + address 185.132.38.95 + address 77.68.116.36 + address 77.68.120.45 + address 185.132.37.102 + address 77.68.13.137 + address 109.228.36.194 + address 185.132.36.7 + address 185.132.36.24 + address 77.68.77.69 + address 185.132.39.129 + address 77.68.87.212 + address 77.68.76.29 + address 77.68.76.88 + address 77.68.76.181 + address 77.68.76.161 + address 77.68.85.73 + address 77.68.76.219 + address 109.228.38.201 + address 185.132.39.219 + address 77.68.28.139 + address 77.68.81.218 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 77.68.76.45 + address 185.132.40.56 + address 77.68.75.253 + address 77.68.10.152 + address 77.68.73.73 + address 77.68.77.214 + address 185.132.38.114 + address 185.132.40.90 + address 77.68.79.89 + address 77.68.76.21 + address 77.68.75.45 + address 77.68.24.134 + address 77.68.32.43 + address 77.68.80.26 + address 77.68.17.200 + address 77.68.80.97 + address 77.68.74.209 + address 77.68.77.65 + address 77.68.33.197 + address 77.68.5.95 + address 77.68.23.64 + address 77.68.5.125 + address 77.68.100.167 + address 77.68.4.80 + address 77.68.49.152 + address 77.68.48.105 + address 77.68.48.81 + address 77.68.49.12 + address 213.171.212.89 + address 77.68.76.44 + address 77.68.77.239 + address 77.68.77.59 + address 77.68.126.101 + address 77.68.76.40 + address 77.68.114.93 + address 77.68.50.193 + address 88.208.197.160 + address 109.228.36.79 + address 185.132.38.182 + address 88.208.196.123 + address 88.208.215.157 + address 77.68.76.118 + address 77.68.103.227 + address 88.208.196.92 + address 185.132.39.44 + address 88.208.198.92 + address 77.68.126.14 + address 88.208.196.91 + address 77.68.100.77 + address 185.132.37.101 + address 77.68.76.120 + address 213.171.212.114 + address 77.68.34.139 + address 88.208.215.61 + address 88.208.212.31 + address 109.228.53.243 + address 77.68.103.56 + address 213.171.214.96 + address 88.208.198.66 + address 77.68.77.219 + address 77.68.4.25 + address 77.68.7.114 + address 77.68.77.222 + address 77.68.112.83 + address 77.68.77.44 + address 77.68.72.254 + address 77.68.78.113 + address 213.171.212.71 + address 185.132.40.124 + address 88.208.197.208 + address 77.68.77.238 + address 77.68.79.82 + } + address-group G-8447-TCP { + address 172.16.255.254 + address 77.68.76.104 + address 77.68.76.105 + address 77.68.76.127 + address 77.68.76.136 + address 77.68.76.141 + address 77.68.76.148 + address 77.68.76.150 + address 77.68.76.158 + address 77.68.76.187 + address 77.68.76.195 + address 77.68.76.197 + address 77.68.76.20 + address 77.68.76.209 + address 77.68.76.22 + address 77.68.76.231 + address 77.68.76.235 + address 77.68.76.239 + address 77.68.76.245 + address 77.68.76.25 + address 77.68.76.252 + address 77.68.76.33 + address 77.68.76.37 + address 77.68.76.57 + address 77.68.76.61 + address 77.68.76.74 + address 77.68.76.93 + address 77.68.77.100 + address 77.68.77.103 + address 77.68.77.107 + address 77.68.77.108 + address 77.68.77.117 + address 77.68.77.128 + address 77.68.77.130 + address 77.68.77.137 + address 77.68.77.139 + address 77.68.77.141 + address 77.68.77.151 + address 77.68.77.159 + address 77.68.77.176 + address 77.68.77.190 + address 77.68.77.200 + address 77.68.77.201 + address 77.68.77.207 + address 77.68.77.211 + address 77.68.77.22 + address 77.68.77.227 + address 77.68.77.240 + address 77.68.77.247 + address 77.68.77.253 + address 77.68.77.32 + address 77.68.77.37 + address 77.68.77.49 + address 77.68.77.50 + address 77.68.77.56 + address 77.68.77.68 + address 77.68.77.81 + address 77.68.77.85 + address 77.68.77.88 + address 77.68.77.92 + address 77.68.77.99 + address 77.68.76.211 + address 77.68.76.19 + address 77.68.77.192 + address 77.68.77.254 + address 77.68.77.157 + address 77.68.76.138 + address 77.68.76.139 + address 77.68.91.195 + address 77.68.17.26 + address 109.228.56.185 + address 77.68.84.147 + address 77.68.5.187 + address 77.68.4.24 + address 77.68.4.74 + address 77.68.6.202 + address 77.68.5.241 + address 77.68.77.74 + address 77.68.81.44 + address 77.68.90.106 + address 77.68.94.181 + address 77.68.4.136 + address 77.68.28.145 + address 77.68.24.112 + address 77.68.92.186 + address 77.68.26.216 + address 77.68.20.231 + address 77.68.118.17 + address 77.68.116.119 + address 77.68.76.142 + address 77.68.7.172 + address 77.68.83.41 + address 77.68.116.221 + address 77.68.86.40 + address 77.68.88.164 + address 109.228.56.26 + address 77.68.7.123 + address 77.68.116.220 + address 109.228.60.215 + address 77.68.7.186 + address 77.68.93.246 + address 77.68.120.241 + address 77.68.122.195 + address 77.68.122.89 + address 77.68.81.141 + address 77.68.116.52 + address 77.68.6.105 + address 77.68.76.229 + address 77.68.4.252 + address 77.68.17.186 + address 77.68.91.128 + address 77.68.22.146 + address 77.68.125.32 + address 109.228.36.229 + address 77.68.31.144 + address 77.68.117.142 + address 109.228.37.174 + address 109.228.37.114 + address 77.68.112.75 + address 77.68.77.160 + address 109.228.39.249 + address 77.68.7.67 + address 77.68.113.117 + address 77.68.126.51 + address 77.68.86.148 + address 77.68.114.183 + address 109.228.40.194 + address 77.68.90.132 + address 77.68.76.96 + address 77.68.77.30 + address 77.68.76.95 + address 77.68.10.170 + address 109.228.61.31 + address 77.68.76.59 + address 77.68.120.249 + address 213.171.213.41 + address 213.171.215.184 + address 77.68.25.146 + address 213.171.213.31 + address 77.68.77.102 + address 213.171.210.19 + address 213.171.213.97 + address 109.228.48.249 + address 77.68.127.172 + address 77.68.79.206 + address 109.228.56.242 + address 109.228.46.81 + address 185.132.38.95 + address 77.68.116.36 + address 109.228.36.194 + address 185.132.36.7 + address 185.132.36.24 + address 77.68.77.69 + address 185.132.39.129 + address 77.68.87.212 + address 77.68.76.88 + address 77.68.76.181 + address 77.68.76.219 + address 185.132.39.219 + address 77.68.28.139 + address 77.68.4.111 + address 77.68.77.174 + address 77.68.117.222 + address 77.68.77.231 + address 77.68.76.45 + address 185.132.40.56 + address 77.68.10.152 + address 77.68.73.73 + address 77.68.77.214 + address 185.132.38.114 + address 185.132.40.90 + address 77.68.79.89 + address 77.68.76.21 + address 77.68.75.45 + address 77.68.24.134 + address 77.68.32.43 + address 77.68.80.26 + address 77.68.17.200 + address 77.68.80.97 + address 77.68.74.209 + address 77.68.33.197 + address 77.68.5.95 + address 77.68.5.125 + address 77.68.100.167 + address 77.68.4.80 + address 77.68.49.152 + address 77.68.48.105 + address 77.68.48.81 + address 77.68.49.12 + address 213.171.212.89 + address 77.68.76.44 + address 77.68.77.239 + address 77.68.77.59 + address 77.68.126.101 + address 77.68.114.93 + address 77.68.50.193 + address 88.208.197.160 + address 109.228.36.79 + address 185.132.38.182 + address 88.208.196.123 + address 88.208.215.157 + address 77.68.76.118 + address 77.68.103.227 + address 88.208.196.92 + address 185.132.39.44 + address 88.208.198.92 + address 77.68.126.14 + address 88.208.196.91 + address 77.68.100.77 + address 185.132.37.101 + address 77.68.76.120 + address 213.171.212.114 + address 77.68.34.139 + address 88.208.215.61 + address 88.208.212.31 + address 109.228.53.243 + address 77.68.103.56 + address 213.171.214.96 + address 88.208.198.66 + address 77.68.77.219 + address 77.68.77.204 + address 77.68.76.48 + address 77.68.4.25 + address 77.68.7.114 + address 77.68.77.222 + address 77.68.112.83 + address 77.68.72.254 + address 77.68.78.113 + address 213.171.212.71 + address 185.132.40.124 + address 88.208.197.208 + address 77.68.79.82 + } + address-group G-10000-TCP { + address 172.16.255.254 + address 77.68.76.177 + address 77.68.76.54 + address 77.68.30.133 + address 77.68.76.114 + address 77.68.11.140 + address 77.68.76.112 + address 77.68.78.113 + } + address-group LAN_ADDRESSES { + address 10.255.255.2 + address 10.255.255.3 + } + address-group MANAGEMENT_ADDRESSES { + address 82.223.200.175 + address 82.223.200.177 + } + address-group NAGIOS_PROBES { + address 77.68.76.16 + address 77.68.77.16 + } + address-group NAS_ARRAYS { + address 10.7.197.251 + address 10.7.197.252 + address 10.7.197.253 + address 10.7.197.254 + } + address-group NAS_DOMAIN_CONTROLLERS { + address 10.7.197.16 + address 10.7.197.17 + } + address-group NLB_ADDRESSES { + address 109.228.63.15 + address 109.228.63.16 + address 109.228.63.132 + address 109.228.63.133 + } + network-group NAS_NETWORKS { + network 10.7.197.0/24 + } + network-group RFC1918 { + network 10.0.0.0/8 + network 172.16.0.0/12 + network 192.168.0.0/16 + } + network-group TRANSFER_NETS { + network 109.228.63.128/25 + } + } + ipv6-receive-redirects disable + ipv6-src-route disable + ip-src-route disable + log-martians enable + name LAN-INBOUND { + default-action drop + rule 10 { + action drop + description "Anti-spoofing non-cluster addresses" + source { + group { + address-group !CLUSTER_ADDRESSES + } + } + } + rule 20 { + action drop + description "Drop traffic to datacenter transfer net" + destination { + group { + network-group TRANSFER_NETS + } + } + source { + group { + address-group CLUSTER_ADDRESSES + } + } + } + rule 400 { + action drop + description Anti-spoofing_10.255.255.2 + source { + address 10.255.255.2 + mac-address !00:50:56:af:61:20 + } + } + rule 401 { + action drop + description Anti-spoofing_77.68.126.51 + source { + address 77.68.126.51 + mac-address !00:50:56:03:df:06 + } + } + rule 402 { + action drop + description Anti-spoofing_109.228.36.37 + source { + address 109.228.36.37 + mac-address !00:50:56:38:c4:2c + } + } + rule 403 { + action drop + description Anti-spoofing_77.68.117.214 + source { + address 77.68.117.214 + mac-address !00:50:56:00:28:c3 + } + } + rule 404 { + action drop + description Anti-spoofing_77.68.127.172 + source { + address 77.68.127.172 + mac-address !00:50:56:08:ce:ec + } + } + rule 405 { + action drop + description Anti-spoofing_77.68.117.142 + source { + address 77.68.117.142 + mac-address !00:50:56:1a:02:40 + } + } + rule 406 { + action drop + description Anti-spoofing_77.68.14.88 + source { + address 77.68.14.88 + mac-address !00:50:56:3c:79:85 + } + } + rule 407 { + action drop + description Anti-spoofing_77.68.17.200 + source { + address 77.68.17.200 + mac-address !00:50:56:0c:1b:57 + } + } + rule 408 { + action drop + description Anti-spoofing_77.68.120.229 + source { + address 77.68.120.229 + mac-address !00:50:56:18:af:65 + } + } + rule 410 { + action drop + description Anti-spoofing_10.255.255.3 + source { + address 10.255.255.3 + mac-address !00:50:56:af:cd:42 + } + } + rule 411 { + action drop + description Anti-spoofing_77.68.4.242 + source { + address 77.68.4.242 + mac-address !00:50:56:25:d9:34 + } + } + rule 412 { + action drop + description Anti-spoofing_77.68.113.117 + source { + address 77.68.113.117 + mac-address !00:50:56:36:ea:1d + } + } + rule 413 { + action drop + description Anti-spoofing_213.171.213.242 + source { + address 213.171.213.242 + mac-address !00:50:56:29:dd:5c + } + } + rule 414 { + action drop + description Anti-spoofing_77.68.86.148 + source { + address 77.68.86.148 + mac-address !00:50:56:01:91:19 + } + } + rule 418 { + action drop + description Anti-spoofing_213.171.212.203 + source { + address 213.171.212.203 + mac-address !00:50:56:01:c3:39 + } + } + rule 419 { + action drop + description Anti-spoofing_77.68.114.234 + source { + address 77.68.114.234 + mac-address !00:50:56:1b:72:cd + } + } + rule 420 { + action drop + description Anti-spoofing_10.255.255.4 + source { + address 10.255.255.4 + mac-address !00:50:56:af:09:7d + } + } + rule 421 { + action drop + description Anti-spoofing_213.171.212.171 + source { + address 213.171.212.171 + mac-address !00:50:56:12:54:58 + } + } + rule 422 { + action drop + description Anti-spoofing_77.68.114.183 + source { + address 77.68.114.183 + mac-address !00:50:56:3d:9b:eb + } + } + rule 423 { + action drop + description Anti-spoofing_213.171.213.41 + source { + address 213.171.213.41 + mac-address !00:50:56:2a:ef:a2 + } + } + rule 424 { + action drop + description Anti-spoofing_77.68.90.132 + source { + address 77.68.90.132 + mac-address !00:50:56:28:04:1e + } + } + rule 425 { + action drop + description Anti-spoofing_10.255.255.5 + source { + address 10.255.255.5 + mac-address !00:50:56:af:3b:bb + } + } + rule 426 { + action drop + description Anti-spoofing_213.171.213.175 + source { + address 213.171.213.175 + mac-address !00:50:56:0d:d4:b1 + } + } + rule 427 { + action drop + description Anti-spoofing_109.228.39.151 + source { + address 109.228.39.151 + mac-address !00:50:56:39:67:8d + } + } + rule 428 { + action drop + description Anti-spoofing_77.68.112.167 + source { + address 77.68.112.167 + mac-address !00:50:56:32:24:c9 + } + } + rule 429 { + action drop + description Anti-spoofing_109.228.40.194 + source { + address 109.228.40.194 + mac-address !00:50:56:19:49:71 + } + } + rule 430 { + action drop + description Anti-spoofing_77.68.76.12 + source { + address 77.68.76.12 + mac-address !00:50:56:af:09:7d + } + } + rule 431 { + action drop + description Anti-spoofing_213.171.213.97 + source { + address 213.171.213.97 + mac-address !00:50:56:15:d9:89 + } + } + rule 432 { + action drop + description Anti-spoofing_77.68.16.247 + source { + address 77.68.16.247 + mac-address !00:50:56:01:49:07 + } + } + rule 433 { + action drop + description Anti-spoofing_77.68.33.48 + source { + address 77.68.33.48 + mac-address !00:50:56:11:0e:07 + } + } + rule 434 { + action drop + description Anti-spoofing_77.68.6.110 + source { + address 77.68.6.110 + mac-address !00:50:56:31:76:8a + } + } + rule 435 { + action drop + description Anti-spoofing_77.68.77.12 + source { + address 77.68.77.12 + mac-address !00:50:56:af:3b:bb + } + } + rule 436 { + action drop + description Anti-spoofing_213.171.215.252 + source { + address 213.171.215.252 + mac-address !00:50:56:11:88:0a + } + } + rule 437 { + action drop + description Anti-spoofing_88.208.197.208 + source { + address 88.208.197.208 + mac-address !00:50:56:1d:97:93 + } + } + rule 438 { + action drop + description Anti-spoofing_213.171.212.89 + source { + address 213.171.212.89 + mac-address !00:50:56:36:8d:bf + } + } + rule 439 { + action drop + description Anti-spoofing_77.68.93.125 + source { + address 77.68.93.125 + mac-address !00:50:56:19:f1:6f + } + } + rule 440 { + action drop + description Anti-spoofing_probe_77.68.76.16 + source { + address 77.68.76.16 + mac-address !00:50:56:aa:48:d4 + } + } + rule 441 { + action drop + description Anti-spoofing_213.171.214.96 + source { + address 213.171.214.96 + mac-address !00:50:56:0c:45:b5 + } + } + rule 442 { + action drop + description Anti-spoofing_77.68.76.176 + source { + address 77.68.76.176 + mac-address !00:50:56:2b:e6:f7 + } + } + rule 444 { + action drop + description Anti-spoofing_213.171.212.172 + source { + address 213.171.212.172 + mac-address !00:50:56:35:ab:43 + } + } + rule 446 { + action drop + description Anti-spoofing_185.132.38.95 + source { + address 185.132.38.95 + mac-address !00:50:56:07:a6:f7 + } + } + rule 447 { + action drop + description Anti-spoofing_185.132.38.248 + source { + address 185.132.38.248 + mac-address !00:50:56:19:e5:16 + } + } + rule 448 { + action drop + description Anti-spoofing_109.228.52.186 + source { + address 109.228.52.186 + mac-address !00:50:56:20:80:4f + } + } + rule 449 { + action drop + description Anti-spoofing_213.171.213.31 + source { + address 213.171.213.31 + mac-address !00:50:56:34:e3:61 + } + } + rule 450 { + action drop + description Anti-spoofing_probe_77.68.77.16 + source { + address 77.68.77.16 + mac-address !00:50:56:aa:4a:32 + } + } + rule 451 { + action drop + description Anti-spoofing_213.171.210.59 + source { + address 213.171.210.59 + mac-address !00:50:56:10:74:b6 + } + } + rule 452 { + action drop + description Anti-spoofing_185.132.36.7 + source { + address 185.132.36.7 + mac-address !00:50:56:17:24:16 + } + } + rule 453 { + action drop + description Anti-spoofing_213.171.212.71 + source { + address 213.171.212.71 + mac-address !00:50:56:1d:50:e0 + } + } + rule 454 { + action drop + description Anti-spoofing_213.171.208.58 + source { + address 213.171.208.58 + mac-address !00:50:56:05:1c:70 + } + } + rule 455 { + action drop + description Anti-spoofing_77.68.77.69 + source { + address 77.68.77.69 + mac-address !00:50:56:17:f9:d1 + } + } + rule 456 { + action drop + description Anti-spoofing_77.68.25.130 + source { + address 77.68.25.130 + mac-address !00:50:56:3c:92:ff + } + } + rule 457 { + action drop + description Anti-spoofing_213.171.215.184 + source { + address 213.171.215.184 + mac-address !00:50:56:18:84:ff + } + } + rule 458 { + action drop + description Anti-spoofing_77.68.74.39 + source { + address 77.68.74.39 + mac-address !00:50:56:0a:41:ee + } + } + rule 459 { + action drop + description Anti-spoofing_109.228.56.242 + source { + address 109.228.56.242 + mac-address !00:50:56:28:8c:ff + } + } + rule 460 { + action drop + description Anti-spoofing_77.68.76.13 + source { + address 77.68.76.13 + mac-address !00:50:56:8f:62:1e + } + } + rule 461 { + action drop + description Anti-spoofing_77.68.13.76 + source { + address 77.68.13.76 + mac-address !00:50:56:2c:c7:38 + } + } + rule 462 { + action drop + description Anti-spoofing_77.68.119.188 + source { + address 77.68.119.188 + mac-address !00:50:56:02:1c:16 + } + } + rule 463 { + action drop + description Anti-spoofing_109.228.46.81 + source { + address 109.228.46.81 + mac-address !00:50:56:31:1f:8a + } + } + rule 464 { + action drop + description Anti-spoofing_77.68.25.146 + source { + address 77.68.25.146 + mac-address !00:50:56:07:cc:76 + } + } + rule 465 { + action drop + description Anti-spoofing_77.68.76.14 + source { + address 77.68.76.14 + mac-address !00:50:56:8f:6a:24 + } + } + rule 466 { + action drop + description Anti-spoofing_77.68.116.36 + source { + address 77.68.116.36 + mac-address !00:50:56:1c:c9:83 + } + } + rule 467 { + action drop + description Anti-spoofing_185.132.43.113 + source { + address 185.132.43.113 + mac-address !00:50:56:22:79:ac + } + } + rule 468 { + action drop + description Anti-spoofing_213.171.210.19 + source { + address 213.171.210.19 + mac-address !00:50:56:32:6c:19 + } + } + rule 469 { + action drop + description Anti-spoofing_77.68.113.164 + source { + address 77.68.113.164 + mac-address !00:50:56:07:28:41 + } + } + rule 470 { + action drop + description Anti-spoofing_77.68.77.13 + source { + address 77.68.77.13 + mac-address !00:50:56:8f:62:1e + } + } + rule 471 { + action drop + description Anti-spoofing_213.171.211.128 + source { + address 213.171.211.128 + mac-address !00:50:56:37:b2:85 + } + } + rule 472 { + action drop + description Anti-spoofing_77.68.120.45 + source { + address 77.68.120.45 + mac-address !00:50:56:13:5e:ca + } + } + rule 473 { + action drop + description Anti-spoofing_77.68.25.124 + source { + address 77.68.25.124 + mac-address !00:50:56:2f:27:08 + } + } + rule 474 { + action drop + description Anti-spoofing_77.68.33.68 + source { + address 77.68.33.68 + mac-address !00:50:56:1c:96:48 + } + } + rule 475 { + action drop + description Anti-spoofing_77.68.77.14 + source { + address 77.68.77.14 + mac-address !00:50:56:8f:6a:24 + } + } + rule 476 { + action drop + description Anti-spoofing_109.228.48.249 + source { + address 109.228.48.249 + mac-address !00:50:56:06:32:ac + } + } + rule 477 { + action drop + description Anti-spoofing_109.228.40.195 + source { + address 109.228.40.195 + mac-address !00:50:56:21:46:3e + } + } + rule 478 { + action drop + description Anti-spoofing_213.171.215.43 + source { + address 213.171.215.43 + mac-address !00:50:56:24:c0:53 + } + } + rule 479 { + action drop + description Anti-spoofing_185.132.37.101 + source { + address 185.132.37.101 + mac-address !00:50:56:2c:08:73 + } + } + rule 480 { + action drop + description Anti-spoofing_109.228.53.243 + source { + address 109.228.53.243 + mac-address !00:50:56:31:d1:1a + } + } + rule 481 { + action drop + description Anti-spoofing_77.68.81.218 + source { + address 77.68.81.218 + mac-address !00:50:56:03:e1:62 + } + } + rule 482 { + action drop + description Anti-spoofing_77.68.102.5 + source { + address 77.68.102.5 + mac-address !00:50:56:12:a3:05 + } + } + rule 483 { + action drop + description Anti-spoofing_77.68.114.93 + source { + address 77.68.114.93 + mac-address !00:50:56:3c:d8:18 + } + } + rule 485 { + action drop + description Anti-spoofing_77.68.76.137 + source { + address 77.68.76.137 + mac-address !00:50:56:25:38:78 + } + } + rule 486 { + action drop + description Anti-spoofing_77.68.75.253 + source { + address 77.68.75.253 + mac-address !00:50:56:32:f9:d7 + } + } + rule 487 { + action drop + description Anti-spoofing_77.68.6.119 + source { + address 77.68.6.119 + mac-address !00:50:56:2a:06:e0 + } + } + rule 488 { + action drop + description Anti-spoofing_185.132.39.68 + source { + address 185.132.39.68 + mac-address !00:50:56:22:2e:b5 + } + } + rule 489 { + action drop + description Anti-spoofing_77.68.5.95 + source { + address 77.68.5.95 + mac-address !00:50:56:34:d6:94 + } + } + rule 490 { + action drop + description Anti-spoofing_109.228.36.194 + source { + address 109.228.36.194 + mac-address !00:50:56:02:d4:bb + } + } + rule 491 { + action drop + description Anti-spoofing_77.68.34.50 + source { + address 77.68.34.50 + mac-address !00:50:56:07:df:24 + } + } + rule 492 { + action drop + description Anti-spoofing_77.68.27.18 + source { + address 77.68.27.18 + mac-address !00:50:56:1c:9d:9e + } + } + rule 493 { + action drop + description Anti-spoofing_77.68.28.147 + source { + address 77.68.28.147 + mac-address !00:50:56:29:e0:70 + } + } + rule 494 { + action drop + description Anti-spoofing_77.68.123.250 + source { + address 77.68.123.250 + mac-address !00:50:56:0d:49:c0 + } + } + rule 495 { + action drop + description Anti-spoofing_185.132.39.129 + source { + address 185.132.39.129 + mac-address !00:50:56:29:5a:4c + } + } + rule 496 { + action drop + description Anti-spoofing_185.132.36.24 + source { + address 185.132.36.24 + mac-address !00:50:56:12:df:2d + } + } + rule 497 { + action drop + description Anti-spoofing_185.132.38.114 + source { + address 185.132.38.114 + mac-address !00:50:56:1d:ce:df + } + } + rule 498 { + action drop + description Anti-spoofing_185.132.36.148 + source { + address 185.132.36.148 + mac-address !00:50:56:04:d1:7e + } + } + rule 499 { + action drop + description Anti-spoofing_185.132.36.142 + source { + address 185.132.36.142 + mac-address !00:50:56:13:22:d1 + } + } + rule 500 { + action drop + description Anti-spoofing_77.68.77.67 + source { + address 77.68.77.67 + mac-address !00:50:56:26:3e:0a + } + } + rule 501 { + action drop + description Anti-spoofing_185.132.39.44 + source { + address 185.132.39.44 + mac-address !00:50:56:32:a0:22 + } + } + rule 502 { + action drop + description Anti-spoofing_77.68.76.114 + source { + address 77.68.76.114 + mac-address !00:50:56:32:42:42 + } + } + rule 503 { + action drop + description Anti-spoofing_77.68.77.103 + source { + address 77.68.77.103 + mac-address !00:50:56:1e:6d:9b + } + } + rule 504 { + action drop + description Anti-spoofing_77.68.77.130 + source { + address 77.68.77.130 + mac-address !00:50:56:24:79:76 + } + } + rule 505 { + action drop + description Anti-spoofing_77.68.76.245 + source { + address 77.68.76.245 + mac-address !00:50:56:1d:0f:83 + } + } + rule 506 { + action drop + description Anti-spoofing_77.68.118.17 + source { + address 77.68.118.17 + mac-address !00:50:56:18:d3:d1 + } + } + rule 507 { + action drop + description Anti-spoofing_77.68.79.82 + source { + address 77.68.79.82 + mac-address !00:50:56:22:e9:9e + } + } + rule 509 { + action drop + description Anti-spoofing_77.68.77.85 + source { + address 77.68.77.85 + mac-address !00:50:56:1d:40:33 + } + } + rule 510 { + action drop + description Anti-spoofing_77.68.76.45 + source { + address 77.68.76.45 + mac-address !00:50:56:18:dc:fe + } + } + rule 511 { + action drop + description Anti-spoofing_77.68.77.144 + source { + address 77.68.77.144 + mac-address !00:50:56:3c:9a:1a + } + } + rule 512 { + action drop + description Anti-spoofing_77.68.77.105 + source { + address 77.68.77.105 + mac-address !00:50:56:1f:f9:c9 + } + } + rule 513 { + action drop + description Anti-spoofing_77.68.12.250 + source { + address 77.68.12.250 + mac-address !00:50:56:3e:06:ca + } + } + rule 514 { + action drop + description Anti-spoofing_77.68.76.76 + source { + address 77.68.76.76 + mac-address !00:50:56:03:1f:db + } + } + rule 515 { + action drop + description Anti-spoofing_185.132.36.17 + source { + address 185.132.36.17 + mac-address !00:50:56:36:7a:94 + } + } + rule 516 { + action drop + description Anti-spoofing_77.68.76.122 + source { + address 77.68.76.122 + mac-address !00:50:56:20:3d:43 + } + } + rule 517 { + action drop + description Anti-spoofing_77.68.76.104 + source { + address 77.68.76.104 + mac-address !00:50:56:3c:80:ff + } + } + rule 518 { + action drop + description Anti-spoofing_77.68.114.136 + source { + address 77.68.114.136 + mac-address !00:50:56:38:34:6e + } + } + rule 519 { + action drop + description Anti-spoofing_77.68.77.115 + source { + address 77.68.77.115 + mac-address !00:50:56:2c:ad:ee + } + } + rule 520 { + action drop + description Anti-spoofing_77.68.77.178 + source { + address 77.68.77.178 + mac-address !00:50:56:14:c1:42 + } + } + rule 521 { + action drop + description Anti-spoofing_77.68.76.239 + source { + address 77.68.76.239 + mac-address !00:50:56:0d:5a:47 + } + } + rule 522 { + action drop + description Anti-spoofing_77.68.87.164 + source { + address 77.68.87.164 + mac-address !00:50:56:11:19:46 + } + } + rule 523 { + action drop + description Anti-spoofing_77.68.15.95 + source { + address 77.68.15.95 + mac-address !00:50:56:16:04:4e + } + } + rule 524 { + action drop + description Anti-spoofing_77.68.4.39 + source { + address 77.68.4.39 + mac-address !00:50:56:06:57:b6 + } + } + rule 525 { + action drop + description Anti-spoofing_77.68.76.30 + source { + address 77.68.76.30 + mac-address !00:50:56:25:b8:e3 + } + } + rule 526 { + action drop + description Anti-spoofing_77.68.77.249 + source { + address 77.68.77.249 + mac-address !00:50:56:36:5f:b3 + } + } + rule 527 { + action drop + description Anti-spoofing_77.68.76.59 + source { + address 77.68.76.59 + mac-address !00:50:56:06:e8:bb + } + } + rule 528 { + action drop + description Anti-spoofing_77.68.8.144 + source { + address 77.68.8.144 + mac-address !00:50:56:28:58:e5 + } + } + rule 529 { + action drop + description Anti-spoofing_77.68.77.44 + source { + address 77.68.77.44 + mac-address !00:50:56:31:c0:9d + } + } + rule 530 { + action drop + description Anti-spoofing_77.68.77.200 + source { + address 77.68.77.200 + mac-address !00:50:56:15:2e:a4 + } + } + rule 531 { + action drop + description Anti-spoofing_77.68.77.228 + source { + address 77.68.77.228 + mac-address !00:50:56:23:e4:44 + } + } + rule 532 { + action drop + description Anti-spoofing_77.68.4.25 + source { + address 77.68.4.25 + mac-address !00:50:56:33:0d:5e + } + } + rule 534 { + action drop + description Anti-spoofing_77.68.76.191 + source { + address 77.68.76.191 + mac-address !00:50:56:10:72:7c + } + } + rule 535 { + action drop + description Anti-spoofing_77.68.117.29 + source { + address 77.68.117.29 + mac-address !00:50:56:0c:e4:e3 + } + } + rule 536 { + action drop + description Anti-spoofing_213.171.212.90 + source { + address 213.171.212.90 + mac-address !00:50:56:35:fc:da + } + } + rule 537 { + action drop + description Anti-spoofing_77.68.76.102 + source { + address 77.68.76.102 + mac-address !00:50:56:35:87:43 + } + } + rule 538 { + action drop + description Anti-spoofing_185.132.39.37 + source { + address 185.132.39.37 + mac-address !00:50:56:21:72:64 + } + } + rule 539 { + action drop + description Anti-spoofing_185.132.38.142 + source { + address 185.132.38.142 + mac-address !00:50:56:09:e8:30 + } + } + rule 540 { + action drop + description Anti-spoofing_77.68.77.26 + source { + address 77.68.77.26 + mac-address !00:50:56:10:ec:c2 + } + } + rule 541 { + action drop + description Anti-spoofing_77.68.76.152 + source { + address 77.68.76.152 + mac-address !00:50:56:2b:79:48 + } + } + rule 542 { + action drop + description Anti-spoofing_185.132.37.83 + source { + address 185.132.37.83 + mac-address !00:50:56:09:b3:41 + } + } + rule 543 { + action drop + description Anti-spoofing_77.68.77.212 + source { + address 77.68.77.212 + mac-address !00:50:56:07:ab:f2 + } + } + rule 544 { + action drop + description Anti-spoofing_77.68.75.64 + source { + address 77.68.75.64 + mac-address !00:50:56:07:e2:85 + } + } + rule 546 { + action drop + description Anti-spoofing_77.68.85.73 + source { + address 77.68.85.73 + mac-address !00:50:56:14:68:9c + } + } + rule 547 { + action drop + description Anti-spoofing_77.68.116.119 + source { + address 77.68.116.119 + mac-address !00:50:56:0f:68:91 + } + } + rule 548 { + action drop + description Anti-spoofing_77.68.76.142 + source { + address 77.68.76.142 + mac-address !50:9a:4c:74:07:ea + } + } + rule 549 { + action drop + description Anti-spoofing_77.68.76.211 + source { + address 77.68.76.211 + mac-address !00:50:56:18:9d:15 + } + } + rule 550 { + action drop + description Anti-spoofing_77.68.76.60 + source { + address 77.68.76.60 + mac-address !00:50:56:2b:07:02 + } + } + rule 551 { + action drop + description Anti-spoofing_77.68.77.253 + source { + address 77.68.77.253 + mac-address !00:50:56:30:a5:77 + } + } + rule 552 { + action drop + description Anti-spoofing_77.68.75.245 + source { + address 77.68.75.245 + mac-address !00:50:56:12:00:e9 + } + } + rule 553 { + action drop + description Anti-spoofing_185.132.37.102 + source { + address 185.132.37.102 + mac-address !00:50:56:3d:ae:26 + } + } + rule 554 { + action drop + description Anti-spoofing_77.68.120.31 + source { + address 77.68.120.31 + mac-address !00:50:56:1f:29:84 + } + } + rule 555 { + action drop + description Anti-spoofing_77.68.76.54 + source { + address 77.68.76.54 + mac-address !00:50:56:30:b4:74 + } + } + rule 556 { + action drop + description Anti-spoofing_88.208.196.154 + source { + address 88.208.196.154 + mac-address !00:50:56:14:6f:a8 + } + } + rule 557 { + action drop + description Anti-spoofing_185.132.40.152 + source { + address 185.132.40.152 + mac-address !00:50:56:24:25:3c + } + } + rule 558 { + action drop + description Anti-spoofing_77.68.76.33 + source { + address 77.68.76.33 + mac-address !00:50:56:3c:9b:bc + } + } + rule 559 { + action drop + description Anti-spoofing_77.68.12.195 + source { + address 77.68.12.195 + mac-address !00:50:56:3d:52:1a + } + } + rule 560 { + action drop + description Anti-spoofing_77.68.77.114 + source { + address 77.68.77.114 + mac-address !00:50:56:06:80:89 + } + } + rule 561 { + action drop + description Anti-spoofing_77.68.77.176 + source { + address 77.68.77.176 + mac-address !00:50:56:3e:2b:da + } + } + rule 562 { + action drop + description Anti-spoofing_109.228.40.222 + source { + address 109.228.40.222 + mac-address !00:50:56:0a:dc:63 + } + } + rule 563 { + action drop + description Anti-spoofing_77.68.77.219 + source { + address 77.68.77.219 + mac-address !00:50:56:13:82:67 + } + } + rule 564 { + action drop + description Anti-spoofing_77.68.77.19 + source { + address 77.68.77.19 + mac-address !00:50:56:36:e3:b1 + } + } + rule 565 { + action drop + description Anti-spoofing_77.68.74.85 + source { + address 77.68.74.85 + mac-address !00:50:56:13:b7:2d + } + } + rule 566 { + action drop + description Anti-spoofing_77.68.116.221 + source { + address 77.68.116.221 + mac-address !00:50:56:24:67:bd + } + } + rule 567 { + action drop + description Anti-spoofing_77.68.77.22 + source { + address 77.68.77.22 + mac-address !00:50:56:07:09:ae + } + } + rule 568 { + action drop + description Anti-spoofing_77.68.112.184 + source { + address 77.68.112.184 + mac-address !00:50:56:2a:db:d3 + } + } + rule 569 { + action drop + description Anti-spoofing_77.68.77.248 + source { + address 77.68.77.248 + mac-address !00:50:56:18:03:92 + } + } + rule 570 { + action drop + description Anti-spoofing_77.68.76.161 + source { + address 77.68.76.161 + mac-address !00:50:56:34:57:75 + } + } + rule 571 { + action drop + description Anti-spoofing_77.68.77.56 + source { + address 77.68.77.56 + mac-address !00:50:56:38:22:ae + } + } + rule 572 { + action drop + description Anti-spoofing_77.68.77.129 + source { + address 77.68.77.129 + mac-address !00:50:56:08:d9:20 + } + } + rule 573 { + action drop + description Anti-spoofing_77.68.77.205 + source { + address 77.68.77.205 + mac-address !00:50:56:35:f1:c3 + } + } + rule 574 { + action drop + description Anti-spoofing_77.68.77.140 + source { + address 77.68.77.140 + mac-address !00:50:56:1b:2d:c7 + } + } + rule 575 { + action drop + description Anti-spoofing_77.68.120.146 + source { + address 77.68.120.146 + mac-address !00:50:56:0d:fb:7b + } + } + rule 576 { + action drop + description Anti-spoofing_77.68.78.73 + source { + address 77.68.78.73 + mac-address !00:50:56:14:4b:f4 + } + } + rule 577 { + action drop + description Anti-spoofing_77.68.76.177 + source { + address 77.68.76.177 + mac-address !00:50:56:26:ac:11 + } + } + rule 578 { + action drop + description Anti-spoofing_77.68.77.117 + source { + address 77.68.77.117 + mac-address !00:50:56:09:4d:ce + } + } + rule 579 { + action drop + description Anti-spoofing_77.68.77.108 + source { + address 77.68.77.108 + mac-address !00:50:56:3a:b7:59 + } + } + rule 580 { + action drop + description Anti-spoofing_77.68.7.222 + source { + address 77.68.7.222 + mac-address !00:50:56:36:cc:37 + } + } + rule 581 { + action drop + description Anti-spoofing_77.68.76.50 + source { + address 77.68.76.50 + mac-address !00:50:56:34:78:88 + } + } + rule 582 { + action drop + description Anti-spoofing_77.68.77.192 + source { + address 77.68.77.192 + mac-address !00:50:56:0f:eb:a4 + } + } + rule 583 { + action drop + description Anti-spoofing_77.68.76.217 + source { + address 77.68.76.217 + mac-address !00:50:56:29:6d:a9 + } + } + rule 584 { + action drop + description Anti-spoofing_77.68.92.186 + source { + address 77.68.92.186 + mac-address !00:50:56:08:8b:d0 + } + } + rule 585 { + action drop + description Anti-spoofing_77.68.76.165 + source { + address 77.68.76.165 + mac-address !00:50:56:19:74:17 + } + } + rule 586 { + action drop + description Anti-spoofing_77.68.91.22 + source { + address 77.68.91.22 + mac-address !00:50:56:2e:2c:cb + } + } + rule 587 { + action drop + description Anti-spoofing_77.68.77.160 + source { + address 77.68.77.160 + mac-address !00:50:56:27:75:65 + } + } + rule 588 { + action drop + description Anti-spoofing_77.68.77.30 + source { + address 77.68.77.30 + mac-address !00:50:56:3b:95:8f + } + } + rule 589 { + action drop + description Anti-spoofing_77.68.77.21 + source { + address 77.68.77.21 + mac-address !00:50:56:34:cd:82 + } + } + rule 590 { + action drop + description Anti-spoofing_77.68.76.29 + source { + address 77.68.76.29 + mac-address !00:50:56:2f:a3:ef + } + } + rule 591 { + action drop + description Anti-spoofing_213.171.212.136 + source { + address 213.171.212.136 + mac-address !00:50:56:19:fb:be + } + } + rule 592 { + action drop + description Anti-spoofing_77.68.76.158 + source { + address 77.68.76.158 + mac-address !00:50:56:36:97:69 + } + } + rule 593 { + action drop + description Anti-spoofing_77.68.76.203 + source { + address 77.68.76.203 + mac-address !00:50:56:2f:48:47 + } + } + rule 594 { + action drop + description Anti-spoofing_77.68.77.243 + source { + address 77.68.77.243 + mac-address !00:50:56:20:1f:c4 + } + } + rule 595 { + action drop + description Anti-spoofing_77.68.77.54 + source { + address 77.68.77.54 + mac-address !00:50:56:0e:da:e1 + } + } + rule 596 { + action drop + description Anti-spoofing_77.68.76.22 + source { + address 77.68.76.22 + mac-address !00:50:56:1b:a3:e6 + } + } + rule 597 { + action drop + description Anti-spoofing_77.68.103.120 + source { + address 77.68.103.120 + mac-address !00:50:56:1f:cb:8e + } + } + rule 598 { + action drop + description Anti-spoofing_109.228.37.174 + source { + address 109.228.37.174 + mac-address !00:50:56:1d:0f:a0 + } + } + rule 599 { + action drop + description Anti-spoofing_77.68.17.26 + source { + address 77.68.17.26 + mac-address !00:50:56:13:4a:e1 + } + } + rule 600 { + action drop + description Anti-spoofing_77.68.76.25 + source { + address 77.68.76.25 + mac-address !00:50:56:1f:54:d9 + } + } + rule 601 { + action drop + description Anti-spoofing_77.68.76.21 + source { + address 77.68.76.21 + mac-address !00:50:56:15:a8:33 + } + } + rule 602 { + action drop + description Anti-spoofing_77.68.77.221 + source { + address 77.68.77.221 + mac-address !00:50:56:06:2a:ae + } + } + rule 603 { + action drop + description Anti-spoofing_77.68.77.76 + source { + address 77.68.77.76 + mac-address !00:50:56:18:01:78 + } + } + rule 604 { + action drop + description Anti-spoofing_77.68.76.127 + source { + address 77.68.76.127 + mac-address !00:50:56:24:a4:85 + } + } + rule 605 { + action drop + description Anti-spoofing_77.68.77.139 + source { + address 77.68.77.139 + mac-address !00:50:56:3b:1e:be + } + } + rule 606 { + action drop + description Anti-spoofing_77.68.77.240 + source { + address 77.68.77.240 + mac-address !00:50:56:2b:d5:dd + } + } + rule 607 { + action drop + description Anti-spoofing_185.132.38.216 + source { + address 185.132.38.216 + mac-address !00:50:56:26:a7:47 + } + } + rule 608 { + action drop + description Anti-spoofing_77.68.76.39 + source { + address 77.68.76.39 + mac-address !00:50:56:1e:0d:c1 + } + } + rule 609 { + action drop + description Anti-spoofing_77.68.76.149 + source { + address 77.68.76.149 + mac-address !00:50:56:32:30:e7 + } + } + rule 610 { + action drop + description Anti-spoofing_77.68.77.57 + source { + address 77.68.77.57 + mac-address !00:50:56:26:33:75 + } + } + rule 611 { + action drop + description Anti-spoofing_77.68.77.185 + source { + address 77.68.77.185 + mac-address !00:50:56:22:72:c9 + } + } + rule 612 { + action drop + description Anti-spoofing_77.68.76.116 + source { + address 77.68.76.116 + mac-address !00:50:56:09:f2:df + } + } + rule 613 { + action drop + description Anti-spoofing_77.68.95.212 + source { + address 77.68.95.212 + mac-address !00:50:56:21:4b:e6 + } + } + rule 614 { + action drop + description Anti-spoofing_77.68.76.160 + source { + address 77.68.76.160 + mac-address !00:50:56:3a:fa:b3 + } + } + rule 615 { + action drop + description Anti-spoofing_77.68.77.70 + source { + address 77.68.77.70 + mac-address !00:50:56:37:9d:47 + } + } + rule 616 { + action drop + description Anti-spoofing_77.68.77.149 + source { + address 77.68.77.149 + mac-address !00:50:56:2c:f8:51 + } + } + rule 617 { + action drop + description Anti-spoofing_77.68.76.57 + source { + address 77.68.76.57 + mac-address !00:50:56:32:d9:0f + } + } + rule 618 { + action drop + description Anti-spoofing_77.68.76.115 + source { + address 77.68.76.115 + mac-address !00:50:56:09:67:90 + } + } + rule 619 { + action drop + description Anti-spoofing_185.132.41.72 + source { + address 185.132.41.72 + mac-address !00:50:56:2b:aa:79 + } + } + rule 620 { + action drop + description Anti-spoofing_77.68.84.155 + source { + address 77.68.84.155 + mac-address !00:50:56:05:52:76 + } + } + rule 621 { + action drop + description Anti-spoofing_77.68.76.200 + source { + address 77.68.76.200 + mac-address !00:50:56:00:5f:48 + } + } + rule 622 { + action drop + description Anti-spoofing_77.68.76.23 + source { + address 77.68.76.23 + mac-address !00:50:56:27:eb:9b + } + } + rule 623 { + action drop + description Anti-spoofing_77.68.77.46 + source { + address 77.68.77.46 + mac-address !00:50:56:22:73:37 + } + } + rule 624 { + action drop + description Anti-spoofing_77.68.91.195 + source { + address 77.68.91.195 + mac-address !00:50:56:09:f1:74 + } + } + rule 625 { + action drop + description Anti-spoofing_77.68.76.198 + source { + address 77.68.76.198 + mac-address !00:50:56:05:4b:16 + } + } + rule 626 { + action drop + description Anti-spoofing_77.68.77.141 + source { + address 77.68.77.141 + mac-address !00:50:56:0c:04:05 + } + } + rule 627 { + action drop + description Anti-spoofing_77.68.77.50 + source { + address 77.68.77.50 + mac-address !00:50:56:2d:5b:c6 + } + } + rule 628 { + action drop + description Anti-spoofing_77.68.77.128 + source { + address 77.68.77.128 + mac-address !00:50:56:27:0f:74 + } + } + rule 629 { + action drop + description Anti-spoofing_77.68.115.142 + source { + address 77.68.115.142 + mac-address !00:50:56:1b:e1:25 + } + } + rule 630 { + action drop + description Anti-spoofing_77.68.77.88 + source { + address 77.68.77.88 + mac-address !00:50:56:2b:db:7e + } + } + rule 631 { + action drop + description Anti-spoofing_77.68.4.74 + source { + address 77.68.4.74 + mac-address !00:50:56:0f:22:a5 + } + } + rule 632 { + action drop + description Anti-spoofing_77.68.76.80 + source { + address 77.68.76.80 + mac-address !00:50:56:1f:17:01 + } + } + rule 633 { + action drop + description Anti-spoofing_77.68.76.35 + source { + address 77.68.76.35 + mac-address !00:50:56:30:e3:a1 + } + } + rule 634 { + action drop + description Anti-spoofing_77.68.77.204 + source { + address 77.68.77.204 + mac-address !00:50:56:23:70:3a + } + } + rule 635 { + action drop + description Anti-spoofing_77.68.77.201 + source { + address 77.68.77.201 + mac-address !50:9a:4c:74:06:06 + } + } + rule 636 { + action drop + description Anti-spoofing_77.68.77.97 + source { + address 77.68.77.97 + mac-address !00:50:56:2f:48:47 + } + } + rule 637 { + action drop + description Anti-spoofing_77.68.76.195 + source { + address 77.68.76.195 + mac-address !00:50:56:14:c5:49 + } + } + rule 638 { + action drop + description Anti-spoofing_77.68.76.202 + source { + address 77.68.76.202 + mac-address !00:50:56:07:3c:3c + } + } + rule 640 { + action drop + description Anti-spoofing_77.68.76.157 + source { + address 77.68.76.157 + mac-address !00:50:56:35:c8:20 + } + } + rule 641 { + action drop + description Anti-spoofing_213.171.212.114 + source { + address 213.171.212.114 + mac-address !00:50:56:11:7f:32 + } + } + rule 642 { + action drop + description Anti-spoofing_77.68.77.159 + source { + address 77.68.77.159 + mac-address !00:50:56:14:d8:f0 + } + } + rule 643 { + action drop + description Anti-spoofing_213.171.214.234 + source { + address 213.171.214.234 + mac-address !00:50:56:29:94:38 + } + } + rule 644 { + action drop + description Anti-spoofing_77.68.76.48 + source { + address 77.68.76.48 + mac-address !00:50:56:33:38:d6 + } + } + rule 645 { + action drop + description Anti-spoofing_77.68.76.118 + source { + address 77.68.76.118 + mac-address !00:50:56:1c:cd:d3 + } + } + rule 646 { + action drop + description Anti-spoofing_77.68.76.38 + source { + address 77.68.76.38 + mac-address !00:50:56:01:59:2a + } + } + rule 647 { + action drop + description Anti-spoofing_77.68.31.144 + source { + address 77.68.31.144 + mac-address !00:50:56:01:89:fb + } + } + rule 648 { + action drop + description Anti-spoofing_77.68.23.35 + source { + address 77.68.23.35 + mac-address !00:50:56:3b:1f:ee + } + } + rule 649 { + action drop + description Anti-spoofing_77.68.4.80 + source { + address 77.68.4.80 + mac-address !00:50:56:1a:06:95 + } + } + rule 650 { + action drop + description Anti-spoofing_77.68.127.151 + source { + address 77.68.127.151 + mac-address !00:50:56:32:48:a6 + } + } + rule 651 { + action drop + description Anti-spoofing_77.68.77.203 + source { + address 77.68.77.203 + mac-address !00:50:56:11:05:40 + } + } + rule 652 { + action drop + description Anti-spoofing_77.68.77.233 + source { + address 77.68.77.233 + mac-address !00:50:56:37:0e:b3 + } + } + rule 653 { + action drop + description Anti-spoofing_77.68.77.163 + source { + address 77.68.77.163 + mac-address !00:50:56:08:a3:b4 + } + } + rule 654 { + action drop + description Anti-spoofing_77.68.77.49 + source { + address 77.68.77.49 + mac-address !00:50:56:03:ba:26 + } + } + rule 655 { + action drop + description Anti-spoofing_77.68.76.58 + source { + address 77.68.76.58 + mac-address !00:50:56:03:bd:d2 + } + } + rule 656 { + action drop + description Anti-spoofing_77.68.77.171 + source { + address 77.68.77.171 + mac-address !00:50:56:22:3d:21 + } + } + rule 657 { + action drop + description Anti-spoofing_77.68.116.220 + source { + address 77.68.116.220 + mac-address !00:50:56:2e:06:02 + } + } + rule 658 { + action drop + description Anti-spoofing_77.68.77.150 + source { + address 77.68.77.150 + mac-address !00:50:56:23:ac:01 + } + } + rule 659 { + action drop + description Anti-spoofing_77.68.121.106 + source { + address 77.68.121.106 + mac-address !00:50:56:38:2f:3f + } + } + rule 660 { + action drop + description Anti-spoofing_77.68.77.199 + source { + address 77.68.77.199 + mac-address !00:50:56:37:e8:23 + } + } + rule 661 { + action drop + description Anti-spoofing_77.68.76.220 + source { + address 77.68.76.220 + mac-address !00:50:56:26:27:93 + } + } + rule 662 { + action drop + description Anti-spoofing_77.68.85.172 + source { + address 77.68.85.172 + mac-address !00:50:56:24:a5:72 + } + } + rule 663 { + action drop + description Anti-spoofing_109.228.42.232 + source { + address 109.228.42.232 + mac-address !00:50:56:2c:34:e5 + } + } + rule 664 { + action drop + description Anti-spoofing_77.68.33.216 + source { + address 77.68.33.216 + mac-address !00:50:56:08:a3:d8 + } + } + rule 665 { + action drop + description Anti-spoofing_109.228.35.110 + source { + address 109.228.35.110 + mac-address !00:50:56:20:bc:f6 + } + } + rule 666 { + action drop + description Anti-spoofing_77.68.87.212 + source { + address 77.68.87.212 + mac-address !00:50:56:20:7a:5b + } + } + rule 667 { + action drop + description Anti-spoofing_109.228.36.174 + source { + address 109.228.36.174 + mac-address !00:50:56:05:73:0a + } + } + rule 668 { + action drop + description Anti-spoofing_77.68.122.241 + source { + address 77.68.122.241 + mac-address !00:50:56:3d:34:86 + } + } + rule 669 { + action drop + description Anti-spoofing_77.68.10.170 + source { + address 77.68.10.170 + mac-address !00:50:56:2e:a7:d6 + } + } + rule 670 { + action drop + description Anti-spoofing_109.228.59.247 + source { + address 109.228.59.247 + mac-address !00:50:56:11:77:61 + } + } + rule 671 { + action drop + description Anti-spoofing_77.68.77.156 + source { + address 77.68.77.156 + mac-address !00:50:56:37:e8:23 + } + } + rule 672 { + action drop + description Anti-spoofing_77.68.76.248 + source { + address 77.68.76.248 + mac-address !00:50:56:22:40:ae + } + } + rule 673 { + action drop + description Anti-spoofing_77.68.76.19 + source { + address 77.68.76.19 + mac-address !00:50:56:26:ce:06 + } + } + rule 674 { + action drop + description Anti-spoofing_77.68.77.29 + source { + address 77.68.77.29 + mac-address !00:50:56:11:83:b8 + } + } + rule 675 { + action drop + description Anti-spoofing_77.68.76.250 + source { + address 77.68.76.250 + mac-address !00:50:56:2d:ca:5b + } + } + rule 676 { + action drop + description Anti-spoofing_77.68.76.110 + source { + address 77.68.76.110 + mac-address !00:50:56:1e:db:08 + } + } + rule 677 { + action drop + description Anti-spoofing_77.68.76.171 + source { + address 77.68.76.171 + mac-address !00:50:56:01:8b:92 + } + } + rule 678 { + action drop + description Anti-spoofing_77.68.76.212 + source { + address 77.68.76.212 + mac-address !00:50:56:2b:28:99 + } + } + rule 679 { + action drop + description Anti-spoofing_77.68.112.248 + source { + address 77.68.112.248 + mac-address !00:50:56:35:e3:48 + } + } + rule 680 { + action drop + description Anti-spoofing_77.68.77.132 + source { + address 77.68.77.132 + mac-address !00:50:56:21:ab:ff + } + } + rule 681 { + action drop + description Anti-spoofing_77.68.120.218 + source { + address 77.68.120.218 + mac-address !00:50:56:10:a8:be + } + } + rule 682 { + action drop + description Anti-spoofing_77.68.120.249 + source { + address 77.68.120.249 + mac-address !00:50:56:2f:70:ed + } + } + rule 683 { + action drop + description Anti-spoofing_77.68.77.81 + source { + address 77.68.77.81 + mac-address !00:50:56:1e:9f:f8 + } + } + rule 684 { + action drop + description Anti-spoofing_77.68.76.37 + source { + address 77.68.76.37 + mac-address !00:50:56:07:f8:48 + } + } + rule 685 { + action drop + description Anti-spoofing_77.68.76.197 + source { + address 77.68.76.197 + mac-address !00:50:56:31:a0:ee + } + } + rule 686 { + action drop + description Anti-spoofing_77.68.76.20 + source { + address 77.68.76.20 + mac-address !00:50:56:18:a2:03 + } + } + rule 687 { + action drop + description Anti-spoofing_77.68.76.108 + source { + address 77.68.76.108 + mac-address !00:50:56:0d:4d:25 + } + } + rule 688 { + action drop + description Anti-spoofing_77.68.76.139 + source { + address 77.68.76.139 + mac-address !00:50:56:1c:52:a8 + } + } + rule 689 { + action drop + description Anti-spoofing_77.68.76.99 + source { + address 77.68.76.99 + mac-address !00:50:56:2e:8d:48 + } + } + rule 690 { + action drop + description Anti-spoofing_77.68.77.211 + source { + address 77.68.77.211 + mac-address !00:50:56:30:37:77 + } + } + rule 691 { + action drop + description Anti-spoofing_77.68.77.236 + source { + address 77.68.77.236 + mac-address !00:50:56:18:13:8b + } + } + rule 692 { + action drop + description Anti-spoofing_77.68.76.252 + source { + address 77.68.76.252 + mac-address !00:50:56:16:03:6e + } + } + rule 693 { + action drop + description Anti-spoofing_77.68.122.89 + source { + address 77.68.122.89 + mac-address !00:50:56:25:66:5d + } + } + rule 694 { + action drop + description Anti-spoofing_77.68.76.120 + source { + address 77.68.76.120 + mac-address !00:50:56:39:de:31 + } + } + rule 695 { + action drop + description Anti-spoofing_77.68.77.234 + source { + address 77.68.77.234 + mac-address !00:50:56:26:a1:9a + } + } + rule 696 { + action drop + description Anti-spoofing_77.68.77.32 + source { + address 77.68.77.32 + mac-address !00:50:56:38:e8:59 + } + } + rule 697 { + action drop + description Anti-spoofing_77.68.77.247 + source { + address 77.68.77.247 + mac-address !00:50:56:27:8a:8b + } + } + rule 698 { + action drop + description Anti-spoofing_77.68.76.229 + source { + address 77.68.76.229 + mac-address !00:50:56:16:56:30 + } + } + rule 699 { + action drop + description Anti-spoofing_77.68.76.209 + source { + address 77.68.76.209 + mac-address !00:50:56:19:24:73 + } + } + rule 700 { + action drop + description Anti-spoofing_77.68.125.32 + source { + address 77.68.125.32 + mac-address !00:50:56:00:07:47 + } + } + rule 701 { + action drop + description Anti-spoofing_77.68.76.219 + source { + address 77.68.76.219 + mac-address !00:50:56:2d:04:90 + } + } + rule 702 { + action drop + description Anti-spoofing_77.68.76.253 + source { + address 77.68.76.253 + mac-address !00:50:56:12:7b:d8 + } + } + rule 703 { + action drop + description Anti-spoofing_77.68.13.137 + source { + address 77.68.13.137 + mac-address !00:50:56:16:c6:86 + } + } + rule 704 { + action drop + description Anti-spoofing_77.68.85.115 + source { + address 77.68.85.115 + mac-address !00:50:56:3c:51:df + } + } + rule 705 { + action drop + description Anti-spoofing_77.68.77.202 + source { + address 77.68.77.202 + mac-address !00:50:56:0c:94:82 + } + } + rule 706 { + action drop + description Anti-spoofing_77.68.76.247 + source { + address 77.68.76.247 + mac-address !00:50:56:1b:f1:83 + } + } + rule 707 { + action drop + description Anti-spoofing_77.68.9.75 + source { + address 77.68.9.75 + mac-address !00:50:56:21:9b:fe + } + } + rule 708 { + action drop + description Anti-spoofing_109.228.39.157 + source { + address 109.228.39.157 + mac-address !00:50:56:2b:55:32 + } + } + rule 709 { + action drop + description Anti-spoofing_77.68.77.99 + source { + address 77.68.77.99 + mac-address !00:50:56:09:d5:e8 + } + } + rule 710 { + action drop + description Anti-spoofing_77.68.23.158 + source { + address 77.68.23.158 + mac-address !00:50:56:15:8f:75 + } + } + rule 711 { + action drop + description Anti-spoofing_77.68.76.169 + source { + address 77.68.76.169 + mac-address !00:50:56:0b:6d:e4 + } + } + rule 712 { + action drop + description Anti-spoofing_77.68.76.95 + source { + address 77.68.76.95 + mac-address !00:50:56:17:08:c9 + } + } + rule 713 { + action drop + description Anti-spoofing_77.68.76.187 + source { + address 77.68.76.187 + mac-address !00:50:56:14:79:08 + } + } + rule 714 { + action drop + description Anti-spoofing_109.228.37.114 + source { + address 109.228.37.114 + mac-address !00:50:56:15:3d:4b + } + } + rule 715 { + action drop + description Anti-spoofing_77.68.5.187 + source { + address 77.68.5.187 + mac-address !00:50:56:07:60:de + } + } + rule 716 { + action drop + description Anti-spoofing_77.68.77.222 + source { + address 77.68.77.222 + mac-address !00:50:56:38:03:ce + } + } + rule 717 { + action drop + description Anti-spoofing_77.68.77.53 + source { + address 77.68.77.53 + mac-address !00:50:56:18:cc:5a + } + } + rule 718 { + action drop + description Anti-spoofing_77.68.77.124 + source { + address 77.68.77.124 + mac-address !00:50:56:21:67:74 + } + } + rule 719 { + action drop + description Anti-spoofing_77.68.76.61 + source { + address 77.68.76.61 + mac-address !00:50:56:10:fa:46 + } + } + rule 720 { + action drop + description Anti-spoofing_109.228.37.240 + source { + address 109.228.37.240 + mac-address !00:50:56:0a:d3:2d + } + } + rule 721 { + action drop + description Anti-spoofing_77.68.27.27 + source { + address 77.68.27.27 + mac-address !00:50:56:14:b0:2a + } + } + rule 722 { + action drop + description Anti-spoofing_77.68.77.43 + source { + address 77.68.77.43 + mac-address !00:50:56:30:92:94 + } + } + rule 723 { + action drop + description Anti-spoofing_77.68.76.94 + source { + address 77.68.76.94 + mac-address !00:50:56:00:10:ce + } + } + rule 724 { + action drop + description Anti-spoofing_77.68.77.165 + source { + address 77.68.77.165 + mac-address !00:50:56:26:5f:42 + } + } + rule 725 { + action drop + description Anti-spoofing_77.68.77.251 + source { + address 77.68.77.251 + mac-address !00:50:56:39:db:9e + } + } + rule 726 { + action drop + description Anti-spoofing_77.68.77.152 + source { + address 77.68.77.152 + mac-address !00:50:56:12:68:ca + } + } + rule 727 { + action drop + description Anti-spoofing_185.132.43.164 + source { + address 185.132.43.164 + mac-address !00:50:56:2f:98:9b + } + } + rule 728 { + action drop + description Anti-spoofing_77.68.9.186 + source { + address 77.68.9.186 + mac-address !00:50:56:06:07:22 + } + } + rule 729 { + action drop + description Anti-spoofing_77.68.27.28 + source { + address 77.68.27.28 + mac-address !00:50:56:27:c6:2d + } + } + rule 730 { + action drop + description Anti-spoofing_77.68.84.147 + source { + address 77.68.84.147 + mac-address !00:50:56:28:d5:4d + } + } + rule 731 { + action drop + description Anti-spoofing_77.68.3.80 + source { + address 77.68.3.80 + mac-address !00:50:56:35:66:85 + } + } + rule 732 { + action drop + description Anti-spoofing_77.68.76.44 + source { + address 77.68.76.44 + mac-address !00:50:56:2b:8f:62 + } + } + rule 733 { + action drop + description Anti-spoofing_77.68.76.47 + source { + address 77.68.76.47 + mac-address !50:9a:4c:74:52:56 + } + } + rule 734 { + action drop + description Anti-spoofing_77.68.76.74 + source { + address 77.68.76.74 + mac-address !00:50:56:30:a0:57 + } + } + rule 735 { + action drop + description Anti-spoofing_77.68.5.166 + source { + address 77.68.5.166 + mac-address !00:50:56:17:e2:18 + } + } + rule 736 { + action drop + description Anti-spoofing_77.68.76.55 + source { + address 77.68.76.55 + mac-address !00:50:56:0f:46:86 + } + } + rule 737 { + action drop + description Anti-spoofing_77.68.10.142 + source { + address 77.68.10.142 + mac-address !00:50:56:19:04:d3 + } + } + rule 738 { + action drop + description Anti-spoofing_77.68.77.75 + source { + address 77.68.77.75 + mac-address !00:50:56:0e:a6:a8 + } + } + rule 739 { + action drop + description Anti-spoofing_77.68.77.239 + source { + address 77.68.77.239 + mac-address !00:50:56:26:f4:c8 + } + } + rule 740 { + action drop + description Anti-spoofing_213.171.208.176 + source { + address 213.171.208.176 + mac-address !00:50:56:34:50:f7 + } + } + rule 741 { + action drop + description Anti-spoofing_77.68.4.111 + source { + address 77.68.4.111 + mac-address !00:50:56:2a:61:0b + } + } + rule 742 { + action drop + description Anti-spoofing_77.68.118.120 + source { + address 77.68.118.120 + mac-address !00:50:56:3c:35:39 + } + } + rule 743 { + action drop + description Anti-spoofing_77.68.76.75 + source { + address 77.68.76.75 + mac-address !00:50:56:2a:42:ca + } + } + rule 744 { + action drop + description Anti-spoofing_77.68.77.71 + source { + address 77.68.77.71 + mac-address !00:50:56:38:ae:bf + } + } + rule 745 { + action drop + description Anti-spoofing_77.68.76.138 + source { + address 77.68.76.138 + mac-address !00:50:56:14:c0:d8 + } + } + rule 746 { + action drop + description Anti-spoofing_77.68.76.145 + source { + address 77.68.76.145 + mac-address !00:50:56:3b:e8:48 + } + } + rule 747 { + action drop + description Anti-spoofing_77.68.77.145 + source { + address 77.68.77.145 + mac-address !00:50:56:12:b0:43 + } + } + rule 748 { + action drop + description Anti-spoofing_77.68.3.121 + source { + address 77.68.3.121 + mac-address !00:50:56:03:7b:9d + } + } + rule 749 { + action drop + description Anti-spoofing_77.68.3.144 + source { + address 77.68.3.144 + mac-address !00:50:56:18:a0:ed + } + } + rule 750 { + action drop + description Anti-spoofing_77.68.77.68 + source { + address 77.68.77.68 + mac-address !00:50:56:3c:dc:4f + } + } + rule 751 { + action drop + description Anti-spoofing_77.68.76.126 + source { + address 77.68.76.126 + mac-address !00:50:56:0f:d0:ae + } + } + rule 752 { + action drop + description Anti-spoofing_77.68.76.88 + source { + address 77.68.76.88 + mac-address !00:50:56:15:d6:12 + } + } + rule 753 { + action drop + description Anti-spoofing_77.68.77.254 + source { + address 77.68.77.254 + mac-address !00:50:56:0e:5e:74 + } + } + rule 754 { + action drop + description Anti-spoofing_185.132.40.124 + source { + address 185.132.40.124 + mac-address !00:50:56:08:f8:6a + } + } + rule 755 { + action drop + description Anti-spoofing_77.68.20.231 + source { + address 77.68.20.231 + mac-address !00:50:56:05:35:ce + } + } + rule 756 { + action drop + description Anti-spoofing_77.68.77.181 + source { + address 77.68.77.181 + mac-address !00:50:56:20:03:6f + } + } + rule 757 { + action drop + description Anti-spoofing_77.68.22.146 + source { + address 77.68.22.146 + mac-address !00:50:56:0e:85:95 + } + } + rule 758 { + action drop + description Anti-spoofing_77.68.112.75 + source { + address 77.68.112.75 + mac-address !00:50:56:09:33:e6 + } + } + rule 759 { + action drop + description Anti-spoofing_77.68.4.22 + source { + address 77.68.4.22 + mac-address !00:50:56:14:be:3f + } + } + rule 760 { + action drop + description Anti-spoofing_77.68.76.96 + source { + address 77.68.76.96 + mac-address !00:50:56:32:91:fb + } + } + rule 761 { + action drop + description Anti-spoofing_77.68.3.161 + source { + address 77.68.3.161 + mac-address !00:50:56:12:82:40 + } + } + rule 762 { + action drop + description Anti-spoofing_109.228.37.10 + source { + address 109.228.37.10 + mac-address !00:50:56:0a:ef:ab + } + } + rule 763 { + action drop + description Anti-spoofing_77.68.76.228 + source { + address 77.68.76.228 + mac-address !00:50:56:2b:39:b1 + } + } + rule 764 { + action drop + description Anti-spoofing_77.68.121.94 + source { + address 77.68.121.94 + mac-address !00:50:56:0a:d7:68 + } + } + rule 765 { + action drop + description Anti-spoofing_77.68.3.194 + source { + address 77.68.3.194 + mac-address !00:50:56:10:90:6a + } + } + rule 766 { + action drop + description Anti-spoofing_77.68.76.112 + source { + address 77.68.76.112 + mac-address !00:50:56:24:e2:52 + } + } + rule 767 { + action drop + description Anti-spoofing_77.68.100.77 + source { + address 77.68.100.77 + mac-address !00:50:56:0e:f3:7a + } + } + rule 768 { + action drop + description Anti-spoofing_77.68.3.247 + source { + address 77.68.3.247 + mac-address !00:50:56:29:30:8a + } + } + rule 769 { + action drop + description Anti-spoofing_77.68.77.157 + source { + address 77.68.77.157 + mac-address !00:50:56:36:39:a5 + } + } + rule 770 { + action drop + description Anti-spoofing_77.68.29.65 + source { + address 77.68.29.65 + mac-address !00:50:56:2e:1b:f9 + } + } + rule 771 { + action drop + description Anti-spoofing_77.68.74.152 + source { + address 77.68.74.152 + mac-address !00:50:56:16:1d:31 + } + } + rule 772 { + action drop + description Anti-spoofing_185.132.39.145 + source { + address 185.132.39.145 + mac-address !00:50:56:03:77:75 + } + } + rule 773 { + action drop + description Anti-spoofing_77.68.28.139 + source { + address 77.68.28.139 + mac-address !00:50:56:25:a9:de + } + } + rule 774 { + action drop + description Anti-spoofing_77.68.77.33 + source { + address 77.68.77.33 + mac-address !00:50:56:09:16:76 + } + } + rule 775 { + action drop + description Anti-spoofing_77.68.77.137 + source { + address 77.68.77.137 + mac-address !00:50:56:15:b6:84 + } + } + rule 776 { + action drop + description Anti-spoofing_77.68.76.244 + source { + address 77.68.76.244 + mac-address !00:50:56:21:11:27 + } + } + rule 777 { + action drop + description Anti-spoofing_77.68.77.92 + source { + address 77.68.77.92 + mac-address !00:50:56:11:58:f5 + } + } + rule 778 { + action drop + description Anti-spoofing_77.68.7.227 + source { + address 77.68.7.227 + mac-address !00:50:56:34:a8:22 + } + } + rule 779 { + action drop + description Anti-spoofing_77.68.76.111 + source { + address 77.68.76.111 + mac-address !00:50:56:3e:44:ea + } + } + rule 780 { + action drop + description Anti-spoofing_77.68.76.185 + source { + address 77.68.76.185 + mac-address !00:50:56:1b:75:e8 + } + } + rule 781 { + action drop + description Anti-spoofing_77.68.76.208 + source { + address 77.68.76.208 + mac-address !50:9a:4c:98:c2:68 + } + } + rule 782 { + action drop + description Anti-spoofing_77.68.76.150 + source { + address 77.68.76.150 + mac-address !50:9a:4c:98:5c:c0 + } + } + rule 783 { + action drop + description Anti-spoofing_77.68.77.208 + source { + address 77.68.77.208 + mac-address !50:9a:4c:98:5c:c0 + } + } + rule 784 { + action drop + description Anti-spoofing_77.68.103.56 + source { + address 77.68.103.56 + mac-address !00:50:56:05:2f:9e + } + } + rule 785 { + action drop + description Anti-spoofing_77.68.125.60 + source { + address 77.68.125.60 + mac-address !00:50:56:2a:4a:20 + } + } + rule 786 { + action drop + description Anti-spoofing_77.68.76.42 + source { + address 77.68.76.42 + mac-address !00:50:56:3e:44:ea + } + } + rule 787 { + action drop + description Anti-spoofing_77.68.26.216 + source { + address 77.68.26.216 + mac-address !00:50:56:07:56:c4 + } + } + rule 788 { + action drop + description Anti-spoofing_77.68.76.164 + source { + address 77.68.76.164 + mac-address !00:50:56:1c:df:57 + } + } + rule 789 { + action drop + description Anti-spoofing_77.68.89.72 + source { + address 77.68.89.72 + mac-address !00:50:56:1b:84:5c + } + } + rule 790 { + action drop + description Anti-spoofing_77.68.76.181 + source { + address 77.68.76.181 + mac-address !00:50:56:36:5d:1e + } + } + rule 791 { + action drop + description Anti-spoofing_77.68.3.52 + source { + address 77.68.3.52 + mac-address !00:50:56:12:e2:00 + } + } + rule 792 { + action drop + description Anti-spoofing_77.68.77.207 + source { + address 77.68.77.207 + mac-address !00:50:56:16:24:34 + } + } + rule 793 { + action drop + description Anti-spoofing_77.68.81.44 + source { + address 77.68.81.44 + mac-address !00:50:56:1a:2f:81 + } + } + rule 794 { + action drop + description Anti-spoofing_77.68.28.145 + source { + address 77.68.28.145 + mac-address !00:50:56:39:78:a6 + } + } + rule 795 { + action drop + description Anti-spoofing_77.68.76.49 + source { + address 77.68.76.49 + mac-address !00:50:56:08:ae:5e + } + } + rule 796 { + action drop + description Anti-spoofing_77.68.77.227 + source { + address 77.68.77.227 + mac-address !ac:1f:6b:93:59:d4 + } + } + rule 797 { + action drop + description Anti-spoofing_77.68.76.136 + source { + address 77.68.76.136 + mac-address !00:50:56:0b:b2:b0 + } + } + rule 798 { + action drop + description Anti-spoofing_77.68.77.102 + source { + address 77.68.77.102 + mac-address !00:50:56:3d:91:75 + } + } + rule 799 { + action drop + description Anti-spoofing_77.68.5.155 + source { + address 77.68.5.155 + mac-address !00:50:56:13:33:02 + } + } + rule 801 { + action drop + description Anti-spoofing_77.68.88.100 + source { + address 77.68.88.100 + mac-address !00:50:56:08:dc:d0 + } + } + rule 802 { + action drop + description Anti-spoofing_77.68.72.254 + source { + address 77.68.72.254 + mac-address !00:50:56:0c:c2:8d + } + } + rule 803 { + action drop + description Anti-spoofing_77.68.77.74 + source { + address 77.68.77.74 + mac-address !00:50:56:18:d8:12 + } + } + rule 804 { + action drop + description Anti-spoofing_77.68.76.77 + source { + address 77.68.76.77 + mac-address !ac:1f:6b:4d:bd:60 + } + } + rule 805 { + action drop + description Anti-spoofing_77.68.76.123 + source { + address 77.68.76.123 + mac-address !00:50:56:38:5b:9d + } + } + rule 806 { + action drop + description Anti-spoofing_77.68.4.24 + source { + address 77.68.4.24 + mac-address !00:50:56:16:54:a8 + } + } + rule 807 { + action drop + description Anti-spoofing_213.171.214.167 + source { + address 213.171.214.167 + mac-address !00:50:56:13:7d:80 + } + } + rule 808 { + action drop + description Anti-spoofing_77.68.112.213 + source { + address 77.68.112.213 + mac-address !00:50:56:0b:ec:f2 + } + } + rule 809 { + action drop + description Anti-spoofing_185.132.40.166 + source { + address 185.132.40.166 + mac-address !00:50:56:22:c7:e0 + } + } + rule 810 { + action drop + description Anti-spoofing_77.68.76.31 + source { + address 77.68.76.31 + mac-address !00:50:56:38:22:33 + } + } + rule 811 { + action drop + description Anti-spoofing_77.68.76.148 + source { + address 77.68.76.148 + mac-address !00:50:56:16:6c:9c + } + } + rule 812 { + action drop + description Anti-spoofing_77.68.93.246 + source { + address 77.68.93.246 + mac-address !00:50:56:29:2c:65 + } + } + rule 813 { + action drop + description Anti-spoofing_77.68.77.120 + source { + address 77.68.77.120 + mac-address !00:50:56:39:92:1c + } + } + rule 814 { + action drop + description Anti-spoofing_77.68.7.123 + source { + address 77.68.7.123 + mac-address !00:50:56:33:46:a6 + } + } + rule 815 { + action drop + description Anti-spoofing_77.68.76.183 + source { + address 77.68.76.183 + mac-address !00:50:56:39:92:1c + } + } + rule 816 { + action drop + description Anti-spoofing_77.68.112.90 + source { + address 77.68.112.90 + mac-address !00:50:56:29:f8:91 + } + } + rule 817 { + action drop + description Anti-spoofing_77.68.50.90 + source { + address 77.68.50.90 + mac-address !00:50:56:11:d5:cb + } + } + rule 818 { + action drop + description Anti-spoofing_77.68.3.61 + source { + address 77.68.3.61 + mac-address !00:50:56:03:0b:87 + } + } + rule 819 { + action drop + description Anti-spoofing_213.171.213.42 + source { + address 213.171.213.42 + mac-address !00:50:56:37:90:bd + } + } + rule 820 { + action drop + description Anti-spoofing_77.68.77.107 + source { + address 77.68.77.107 + mac-address !00:50:56:1e:74:40 + } + } + rule 821 { + action drop + description Anti-spoofing_77.68.89.183 + source { + address 77.68.89.183 + mac-address !00:50:56:04:b9:ce + } + } + rule 822 { + action drop + description Anti-spoofing_77.68.112.83 + source { + address 77.68.112.83 + mac-address !00:50:56:38:03:ce + } + } + rule 823 { + action drop + description Anti-spoofing_77.68.76.141 + source { + address 77.68.76.141 + mac-address !00:50:56:12:2e:7c + } + } + rule 825 { + action drop + description Anti-spoofing_77.68.76.105 + source { + address 77.68.76.105 + mac-address !00:50:56:00:0b:f6 + } + } + rule 826 { + action drop + description Anti-spoofing_77.68.76.251 + source { + address 77.68.76.251 + mac-address !00:50:56:34:1e:f4 + } + } + rule 827 { + action drop + description Anti-spoofing_77.68.6.202 + source { + address 77.68.6.202 + mac-address !00:50:56:17:65:5f + } + } + rule 828 { + action drop + description Anti-spoofing_88.208.198.92 + source { + address 88.208.198.92 + mac-address !00:50:56:0c:5d:98 + } + } + rule 829 { + action drop + description Anti-spoofing_77.68.76.249 + source { + address 77.68.76.249 + mac-address !00:50:56:01:18:09 + } + } + rule 830 { + action drop + description Anti-spoofing_77.68.30.164 + source { + address 77.68.30.164 + mac-address !00:50:56:3c:2a:3a + } + } + rule 831 { + action drop + description Anti-spoofing_77.68.77.59 + source { + address 77.68.77.59 + mac-address !00:50:56:18:09:81 + } + } + rule 832 { + action drop + description Anti-spoofing_77.68.76.40 + source { + address 77.68.76.40 + mac-address !00:50:56:13:e6:96 + } + } + rule 833 { + action drop + description Anti-spoofing_77.68.88.164 + source { + address 77.68.88.164 + mac-address !00:50:56:07:f9:c8 + } + } + rule 834 { + action drop + description Anti-spoofing_77.68.77.37 + source { + address 77.68.77.37 + mac-address !00:50:56:2f:1e:7b + } + } + rule 835 { + action drop + description Anti-spoofing_185.132.39.99 + source { + address 185.132.39.99 + mac-address !00:50:56:1d:4e:dd + } + } + rule 836 { + action drop + description Anti-spoofing_77.68.121.127 + source { + address 77.68.121.127 + mac-address !00:50:56:29:fd:29 + } + } + rule 837 { + action drop + description Anti-spoofing_77.68.77.65 + source { + address 77.68.77.65 + mac-address !00:50:56:30:1f:8b + } + } + rule 838 { + action drop + description Anti-spoofing_77.68.27.211 + source { + address 77.68.27.211 + mac-address !00:50:56:25:b4:d1 + } + } + rule 839 { + action drop + description Anti-spoofing_77.68.24.112 + source { + address 77.68.24.112 + mac-address !00:50:56:06:50:e8 + } + } + rule 840 { + action drop + description Anti-spoofing_109.228.38.201 + source { + address 109.228.38.201 + mac-address !00:50:56:36:33:0c + } + } + rule 841 { + action drop + description Anti-spoofing_77.68.115.17 + source { + address 77.68.115.17 + mac-address !00:50:56:16:da:60 + } + } + rule 842 { + action drop + description Anti-spoofing_185.132.36.60 + source { + address 185.132.36.60 + mac-address !00:50:56:14:a7:b2 + } + } + rule 843 { + action drop + description Anti-spoofing_77.68.76.231 + source { + address 77.68.76.231 + mac-address !00:50:56:03:c5:bc + } + } + rule 844 { + action drop + description Anti-spoofing_185.132.37.23 + source { + address 185.132.37.23 + mac-address !00:50:56:27:46:b8 + } + } + rule 845 { + action drop + description Anti-spoofing_109.228.35.84 + source { + address 109.228.35.84 + mac-address !00:50:56:17:74:b7 + } + } + rule 846 { + action drop + description Anti-spoofing_77.68.11.140 + source { + address 77.68.11.140 + mac-address !00:50:56:08:ce:61 + } + } + rule 848 { + action drop + description Anti-spoofing_77.68.77.24 + source { + address 77.68.77.24 + mac-address !00:50:56:28:65:cb + } + } + rule 849 { + action drop + description Anti-spoofing_77.68.78.113 + source { + address 77.68.78.113 + mac-address !00:50:56:2c:5a:e3 + } + } + rule 850 { + action drop + description Anti-spoofing_185.132.39.219 + source { + address 185.132.39.219 + mac-address !00:50:56:11:0d:fd + } + } + rule 851 { + action drop + description Anti-spoofing_185.132.40.11 + source { + address 185.132.40.11 + mac-address !00:50:56:27:50:a3 + } + } + rule 852 { + action drop + description Anti-spoofing_77.68.23.64 + source { + address 77.68.23.64 + mac-address !00:50:56:0a:b2:3c + } + } + rule 853 { + action drop + description Anti-spoofing_185.132.37.133 + source { + address 185.132.37.133 + mac-address !00:50:56:0b:0a:21 + } + } + rule 854 { + action drop + description Anti-spoofing_77.68.85.27 + source { + address 77.68.85.27 + mac-address !00:50:56:34:82:24 + } + } + rule 855 { + action drop + description Anti-spoofing_77.68.26.221 + source { + address 77.68.26.221 + mac-address !00:50:56:30:56:a2 + } + } + rule 856 { + action drop + description Anti-spoofing_77.68.76.243 + source { + address 77.68.76.243 + mac-address !00:50:56:1c:a0:2d + } + } + rule 857 { + action drop + description Anti-spoofing_77.68.116.52 + source { + address 77.68.116.52 + mac-address !00:50:56:2b:59:35 + } + } + rule 858 { + action drop + description Anti-spoofing_77.68.120.26 + source { + address 77.68.120.26 + mac-address !00:50:56:07:3b:2b + } + } + rule 859 { + action drop + description Anti-spoofing_185.132.40.56 + source { + address 185.132.40.56 + mac-address !00:50:56:21:cb:e3 + } + } + rule 860 { + action drop + description Anti-spoofing_213.171.210.155 + source { + address 213.171.210.155 + mac-address !00:50:56:2a:53:9f + } + } + rule 861 { + action drop + description Anti-spoofing_185.132.43.157 + source { + address 185.132.43.157 + mac-address !00:50:56:27:e6:d5 + } + } + rule 862 { + action drop + description Anti-spoofing_77.68.4.252 + source { + address 77.68.4.252 + mac-address !00:50:56:08:ff:66 + } + } + rule 863 { + action drop + description Anti-spoofing_77.68.77.63 + source { + address 77.68.77.63 + mac-address !00:50:56:10:9c:ca + } + } + rule 864 { + action drop + description Anti-spoofing_77.68.20.161 + source { + address 77.68.20.161 + mac-address !00:50:56:0d:06:6f + } + } + rule 865 { + action drop + description Anti-spoofing_77.68.117.45 + source { + address 77.68.117.45 + mac-address !00:50:56:05:e0:11 + } + } + rule 866 { + action drop + description Anti-spoofing_77.68.76.234 + source { + address 77.68.76.234 + mac-address !00:50:56:3a:d3:9e + } + } + rule 867 { + action drop + description Anti-spoofing_185.132.40.90 + source { + address 185.132.40.90 + mac-address !00:50:56:2c:90:4f + } + } + rule 868 { + action drop + description Anti-spoofing_77.68.77.90 + source { + address 77.68.77.90 + mac-address !00:50:56:1d:ec:a2 + } + } + rule 869 { + action drop + description Anti-spoofing_77.68.76.93 + source { + address 77.68.76.93 + mac-address !00:50:56:19:cb:e8 + } + } + rule 870 { + action drop + description Anti-spoofing_77.68.26.166 + source { + address 77.68.26.166 + mac-address !00:50:56:1e:34:14 + } + } + rule 871 { + action drop + description Anti-spoofing_185.132.40.244 + source { + address 185.132.40.244 + mac-address !00:50:56:14:a7:b2 + } + } + rule 872 { + action drop + description Anti-spoofing_77.68.77.77 + source { + address 77.68.77.77 + mac-address !00:50:56:0c:9b:e1 + } + } + rule 873 { + action drop + description Anti-spoofing_77.68.27.57 + source { + address 77.68.27.57 + mac-address !00:50:56:3e:06:ca + } + } + rule 874 { + action drop + description Anti-spoofing_77.68.7.114 + source { + address 77.68.7.114 + mac-address !00:50:56:33:0d:5e + } + } + rule 875 { + action drop + description Anti-spoofing_109.228.36.229 + source { + address 109.228.36.229 + mac-address !00:50:56:32:a6:83 + } + } + rule 876 { + action drop + description Anti-spoofing_77.68.77.151 + source { + address 77.68.77.151 + mac-address !00:50:56:0a:e4:20 + } + } + rule 877 { + action drop + description Anti-spoofing_77.68.76.92 + source { + address 77.68.76.92 + mac-address !00:50:56:2b:a5:38 + } + } + rule 878 { + action drop + description Anti-spoofing_77.68.49.159 + source { + address 77.68.49.159 + mac-address !00:50:56:16:4f:24 + } + } + rule 879 { + action drop + description Anti-spoofing_77.68.77.38 + source { + address 77.68.77.38 + mac-address !00:50:56:2c:fe:a1 + } + } + rule 880 { + action drop + description Anti-spoofing_77.68.20.217 + source { + address 77.68.20.217 + mac-address !00:50:56:3a:61:47 + } + } + rule 881 { + action drop + description Anti-spoofing_77.68.92.92 + source { + address 77.68.92.92 + mac-address !00:50:56:1b:64:85 + } + } + rule 882 { + action drop + description Anti-spoofing_77.68.76.124 + source { + address 77.68.76.124 + mac-address !00:50:56:0e:c1:e4 + } + } + rule 884 { + action drop + description Anti-spoofing_77.68.126.101 + source { + address 77.68.126.101 + mac-address !00:50:56:31:d1:a3 + } + } + rule 885 { + action drop + description Anti-spoofing_77.68.76.235 + source { + address 77.68.76.235 + mac-address !00:50:56:15:d1:66 + } + } + rule 886 { + action drop + description Anti-spoofing_77.68.77.95 + source { + address 77.68.77.95 + mac-address !00:50:56:39:c6:52 + } + } + rule 887 { + action drop + description Anti-spoofing_77.68.26.228 + source { + address 77.68.26.228 + mac-address !00:50:56:03:ab:9e + } + } + rule 888 { + action drop + description Anti-spoofing_77.68.32.118 + source { + address 77.68.32.118 + mac-address !00:50:56:0e:db:9d + } + } + rule 889 { + action drop + description Anti-spoofing_77.68.24.172 + source { + address 77.68.24.172 + mac-address !00:50:56:0e:2a:9c + } + } + rule 891 { + action drop + description Anti-spoofing_77.68.77.190 + source { + address 77.68.77.190 + mac-address !00:50:56:31:e8:fb + } + } + rule 892 { + action drop + description Anti-spoofing_77.68.33.197 + source { + address 77.68.33.197 + mac-address !00:50:56:2b:27:c4 + } + } + rule 893 { + action drop + description Anti-spoofing_213.171.210.177 + source { + address 213.171.210.177 + mac-address !00:50:56:04:96:31 + } + } + rule 894 { + action drop + description Anti-spoofing_185.132.41.73 + source { + address 185.132.41.73 + mac-address !00:50:56:35:b4:a5 + } + } + rule 895 { + action drop + description Anti-spoofing_77.68.21.78 + source { + address 77.68.21.78 + mac-address !00:50:56:23:87:f2 + } + } + rule 896 { + action drop + description Anti-spoofing_77.68.77.209 + source { + address 77.68.77.209 + mac-address !00:50:56:3b:95:06 + } + } + rule 897 { + action drop + description Anti-spoofing_88.208.215.19 + source { + address 88.208.215.19 + mac-address !00:50:56:1f:e1:4b + } + } + rule 898 { + action drop + description Anti-spoofing_77.68.77.214 + source { + address 77.68.77.214 + mac-address !00:50:56:2b:03:2b + } + } + rule 899 { + action drop + description Anti-spoofing_77.68.76.91 + source { + address 77.68.76.91 + mac-address !00:50:56:3b:3c:fb + } + } + rule 900 { + action drop + description Anti-spoofing_77.68.119.92 + source { + address 77.68.119.92 + mac-address !00:50:56:25:ba:8c + } + } + rule 901 { + action drop + description Anti-spoofing_77.68.77.79 + source { + address 77.68.77.79 + mac-address !00:50:56:28:f5:72 + } + } + rule 902 { + action drop + description Anti-spoofing_77.68.75.45 + source { + address 77.68.75.45 + mac-address !00:50:56:04:51:74 + } + } + rule 903 { + action drop + description Anti-spoofing_109.228.56.185 + source { + address 109.228.56.185 + mac-address !00:50:56:13:e5:07 + } + } + rule 904 { + action drop + description Anti-spoofing_185.132.43.6 + source { + address 185.132.43.6 + mac-address !00:50:56:38:d1:d5 + } + } + rule 905 { + action drop + description Anti-spoofing_77.68.117.202 + source { + address 77.68.117.202 + mac-address !00:50:56:01:b2:9f + } + } + rule 906 { + action drop + description Anti-spoofing_77.68.86.40 + source { + address 77.68.86.40 + mac-address !00:50:56:03:e2:49 + } + } + rule 907 { + action drop + description Anti-spoofing_77.68.49.126 + source { + address 77.68.49.126 + mac-address !00:50:56:3b:47:f3 + } + } + rule 909 { + action drop + description Anti-spoofing_77.68.77.100 + source { + address 77.68.77.100 + mac-address !00:50:56:34:d7:5b + } + } + rule 910 { + action drop + description Anti-spoofing_109.228.46.196 + source { + address 109.228.46.196 + mac-address !00:50:56:1a:a0:0e + } + } + rule 911 { + action drop + description Anti-spoofing_77.68.77.72 + source { + address 77.68.77.72 + mac-address !00:50:56:1e:67:f7 + } + } + rule 912 { + action drop + description Anti-spoofing_185.132.43.28 + source { + address 185.132.43.28 + mac-address !00:50:56:35:a5:36 + } + } + rule 913 { + action drop + description Anti-spoofing_77.68.103.19 + source { + address 77.68.103.19 + mac-address !00:50:56:27:34:a3 + } + } + rule 914 { + action drop + description Anti-spoofing_77.68.118.104 + source { + address 77.68.118.104 + mac-address !00:50:56:2d:f8:d7 + } + } + rule 915 { + action drop + description Anti-spoofing_77.68.116.183 + source { + address 77.68.116.183 + mac-address !00:50:56:17:23:d4 + } + } + rule 916 { + action drop + description Anti-spoofing_77.68.76.107 + source { + address 77.68.76.107 + mac-address !00:50:56:36:c0:da + } + } + rule 917 { + action drop + description Anti-spoofing_77.68.93.164 + source { + address 77.68.93.164 + mac-address !00:50:56:36:cd:1a + } + } + rule 918 { + action drop + description Anti-spoofing_77.68.5.241 + source { + address 77.68.5.241 + mac-address !00:50:56:11:2d:22 + } + } + rule 919 { + action drop + description Anti-spoofing_185.132.43.98 + source { + address 185.132.43.98 + mac-address !00:50:56:20:7b:87 + } + } + rule 920 { + action drop + description Anti-spoofing_77.68.76.241 + source { + address 77.68.76.241 + mac-address !00:50:56:00:50:f6 + } + } + rule 921 { + action drop + description Anti-spoofing_77.68.74.232 + source { + address 77.68.74.232 + mac-address !00:50:56:19:df:41 + } + } + rule 922 { + action drop + description Anti-spoofing_77.68.76.26 + source { + address 77.68.76.26 + mac-address !00:50:56:36:c0:da + } + } + rule 923 { + action drop + description Anti-spoofing_77.68.28.207 + source { + address 77.68.28.207 + mac-address !00:50:56:36:41:da + } + } + rule 924 { + action drop + description Anti-spoofing_77.68.29.178 + source { + address 77.68.29.178 + mac-address !00:50:56:21:81:be + } + } + rule 925 { + action drop + description Anti-spoofing_77.68.121.119 + source { + address 77.68.121.119 + mac-address !00:50:56:0b:d8:e1 + } + } + rule 926 { + action drop + description Anti-spoofing_77.68.126.22 + source { + address 77.68.126.22 + mac-address !00:50:56:32:62:56 + } + } + rule 927 { + action drop + description Anti-spoofing_109.228.61.31 + source { + address 109.228.61.31 + mac-address !00:50:56:21:a0:04 + } + } + rule 928 { + action drop + description Anti-spoofing_77.68.114.205 + source { + address 77.68.114.205 + mac-address !00:50:56:2a:f1:3f + } + } + rule 929 { + action drop + description Anti-spoofing_77.68.75.113 + source { + address 77.68.75.113 + mac-address !00:50:56:33:6c:b9 + } + } + rule 930 { + action drop + description Anti-spoofing_77.68.79.206 + source { + address 77.68.79.206 + mac-address !00:50:56:36:86:66 + } + } + rule 931 { + action drop + description Anti-spoofing_88.208.198.64 + source { + address 88.208.198.64 + mac-address !00:50:56:39:2c:fe + } + } + rule 932 { + action drop + description Anti-spoofing_77.68.77.161 + source { + address 77.68.77.161 + mac-address !00:50:56:0a:7e:6c + } + } + rule 933 { + action drop + description Anti-spoofing_77.68.114.237 + source { + address 77.68.114.237 + mac-address !00:50:56:16:f4:39 + } + } + rule 934 { + action drop + description Anti-spoofing_109.228.36.119 + source { + address 109.228.36.119 + mac-address !00:50:56:28:63:37 + } + } + rule 935 { + action drop + description Anti-spoofing_77.68.76.254 + source { + address 77.68.76.254 + mac-address !00:50:56:3b:49:08 + } + } + rule 936 { + action drop + description Anti-spoofing_77.68.77.231 + source { + address 77.68.77.231 + mac-address !00:50:56:36:78:72 + } + } + rule 937 { + action drop + description Anti-spoofing_77.68.7.172 + source { + address 77.68.7.172 + mac-address !00:50:56:19:39:45 + } + } + rule 938 { + action drop + description Anti-spoofing_77.68.77.62 + source { + address 77.68.77.62 + mac-address !00:50:56:04:8c:b4 + } + } + rule 939 { + action drop + description Anti-spoofing_77.68.77.215 + source { + address 77.68.77.215 + mac-address !00:50:56:35:f3:5a + } + } + rule 940 { + action drop + description Anti-spoofing_77.68.6.105 + source { + address 77.68.6.105 + mac-address !00:50:56:03:0e:07 + } + } + rule 941 { + action drop + description Anti-spoofing_77.68.33.37 + source { + address 77.68.33.37 + mac-address !00:50:56:00:6b:a3 + } + } + rule 942 { + action drop + description Anti-spoofing_77.68.4.180 + source { + address 77.68.4.180 + mac-address !00:50:56:11:6c:dc + } + } + rule 943 { + action drop + description Anti-spoofing_77.68.78.229 + source { + address 77.68.78.229 + mac-address !00:50:56:1e:58:2f + } + } + rule 944 { + action drop + description Anti-spoofing_77.68.73.73 + source { + address 77.68.73.73 + mac-address !00:50:56:38:d7:1a + } + } + rule 945 { + action drop + description Anti-spoofing_77.68.2.215 + source { + address 77.68.2.215 + mac-address !00:50:56:31:3c:87 + } + } + rule 946 { + action drop + description Anti-spoofing_77.68.48.81 + source { + address 77.68.48.81 + mac-address !00:50:56:3a:13:df + } + } + rule 947 { + action drop + description Anti-spoofing_213.171.214.102 + source { + address 213.171.214.102 + mac-address !00:50:56:00:60:5a + } + } + rule 948 { + action drop + description Anti-spoofing_77.68.123.177 + source { + address 77.68.123.177 + mac-address !00:50:56:3c:07:ef + } + } + rule 949 { + action drop + description Anti-spoofing_77.68.7.160 + source { + address 77.68.7.160 + mac-address !00:50:56:09:6e:79 + } + } + rule 950 { + action drop + description Anti-spoofing_77.68.24.59 + source { + address 77.68.24.59 + mac-address !00:50:56:3c:b7:c1 + } + } + rule 951 { + action drop + description Anti-spoofing_77.68.80.97 + source { + address 77.68.80.97 + mac-address !00:50:56:15:cc:c6 + } + } + rule 952 { + action drop + description Anti-spoofing_77.68.7.67 + source { + address 77.68.7.67 + mac-address !00:50:56:13:92:b7 + } + } + rule 953 { + action drop + description Anti-spoofing_109.228.36.79 + source { + address 109.228.36.79 + mac-address !00:50:56:17:c9:65 + } + } + rule 954 { + action drop + description Anti-spoofing_77.68.32.43 + source { + address 77.68.32.43 + mac-address !00:50:56:13:6d:02 + } + } + rule 955 { + action drop + description Anti-spoofing_77.68.90.106 + source { + address 77.68.90.106 + mac-address !00:50:56:1b:6d:fb + } + } + rule 956 { + action drop + description Anti-spoofing_77.68.77.174 + source { + address 77.68.77.174 + mac-address !00:50:56:2a:61:0b + } + } + rule 957 { + action drop + description Anti-spoofing_77.68.94.181 + source { + address 77.68.94.181 + mac-address !00:50:56:0b:7c:cc + } + } + rule 958 { + action drop + description Anti-spoofing_77.68.4.136 + source { + address 77.68.4.136 + mac-address !00:50:56:10:4d:5c + } + } + rule 959 { + action drop + description Anti-spoofing_77.68.32.31 + source { + address 77.68.32.31 + mac-address !00:50:56:0a:f5:03 + } + } + rule 960 { + action drop + description Anti-spoofing_77.68.30.133 + source { + address 77.68.30.133 + mac-address !00:50:56:3a:96:4e + } + } + rule 961 { + action drop + description Anti-spoofing_77.68.72.202 + source { + address 77.68.72.202 + mac-address !00:50:56:2e:ca:a2 + } + } + rule 962 { + action drop + description Anti-spoofing_77.68.81.141 + source { + address 77.68.81.141 + mac-address !00:50:56:00:07:47 + } + } + rule 963 { + action drop + description Anti-spoofing_77.68.27.54 + source { + address 77.68.27.54 + mac-address !00:50:56:37:ad:51 + } + } + rule 964 { + action drop + description Anti-spoofing_77.68.32.254 + source { + address 77.68.32.254 + mac-address !00:50:56:2d:d0:36 + } + } + rule 965 { + action drop + description Anti-spoofing_77.68.10.152 + source { + address 77.68.10.152 + mac-address !00:50:56:38:d7:1a + } + } + rule 967 { + action drop + description Anti-spoofing_109.228.47.223 + source { + address 109.228.47.223 + mac-address !00:50:56:02:f7:24 + } + } + rule 968 { + action drop + description Anti-spoofing_77.68.5.125 + source { + address 77.68.5.125 + mac-address !00:50:56:16:21:98 + } + } + rule 969 { + action drop + description Anti-spoofing_77.68.119.14 + source { + address 77.68.119.14 + mac-address !00:50:56:2e:87:33 + } + } + rule 970 { + action drop + description Anti-spoofing_77.68.117.51 + source { + address 77.68.117.51 + mac-address !00:50:56:17:c0:6c + } + } + rule 971 { + action drop + description Anti-spoofing_77.68.118.102 + source { + address 77.68.118.102 + mac-address !00:50:56:3e:06:ca + } + } + rule 972 { + action drop + description Anti-spoofing_185.132.43.71 + source { + address 185.132.43.71 + mac-address !00:50:56:2d:6a:8d + } + } + rule 973 { + action drop + description Anti-spoofing_77.68.112.91 + source { + address 77.68.112.91 + mac-address !00:50:56:2b:c3:9f + } + } + rule 974 { + action drop + description Anti-spoofing_77.68.116.232 + source { + address 77.68.116.232 + mac-address !00:50:56:2a:f9:fd + } + } + rule 976 { + action drop + description Anti-spoofing_77.68.82.157 + source { + address 77.68.82.157 + mac-address !00:50:56:3d:81:41 + } + } + rule 977 { + action drop + description Anti-spoofing_77.68.117.222 + source { + address 77.68.117.222 + mac-address !00:50:56:16:92:58 + } + } + rule 978 { + action drop + description Anti-spoofing_77.68.118.15 + source { + address 77.68.118.15 + mac-address !00:50:56:28:28:de + } + } + rule 979 { + action drop + description Anti-spoofing_77.68.117.173 + source { + address 77.68.117.173 + mac-address !00:50:56:12:7a:57 + } + } + rule 980 { + action drop + description Anti-spoofing_77.68.83.41 + source { + address 77.68.83.41 + mac-address !00:50:56:13:ef:0e + } + } + rule 981 { + action drop + description Anti-spoofing_77.68.4.57 + source { + address 77.68.4.57 + mac-address !00:50:56:23:f0:c3 + } + } + rule 983 { + action drop + description Anti-spoofing_77.68.118.86 + source { + address 77.68.118.86 + mac-address !00:50:56:03:73:3d + } + } + rule 984 { + action drop + description Anti-spoofing_109.228.56.26 + source { + address 109.228.56.26 + mac-address !00:50:56:36:47:8c + } + } + rule 985 { + action drop + description Anti-spoofing_109.228.38.171 + source { + address 109.228.38.171 + mac-address !00:50:56:18:da:1c + } + } + rule 986 { + action drop + description Anti-spoofing_77.68.91.128 + source { + address 77.68.91.128 + mac-address !00:50:56:34:d0:41 + } + } + rule 987 { + action drop + description Anti-spoofing_77.68.79.89 + source { + address 77.68.79.89 + mac-address !00:50:56:14:67:52 + } + } + rule 988 { + action drop + description Anti-spoofing_88.208.198.66 + source { + address 88.208.198.66 + mac-address !00:50:56:3c:e0:8d + } + } + rule 989 { + action drop + description Anti-spoofing_77.68.118.88 + source { + address 77.68.118.88 + mac-address !00:50:56:2f:ac:5f + } + } + rule 990 { + action drop + description Anti-spoofing_109.228.60.215 + source { + address 109.228.60.215 + mac-address !00:50:56:2b:59:35 + } + } + rule 991 { + action drop + description Anti-spoofing_109.228.55.82 + source { + address 109.228.55.82 + mac-address !00:50:56:32:15:bc + } + } + rule 992 { + action drop + description Anti-spoofing_77.68.48.14 + source { + address 77.68.48.14 + mac-address !00:50:56:2e:2e:5a + } + } + rule 993 { + action drop + description Anti-spoofing_77.68.7.186 + source { + address 77.68.7.186 + mac-address !00:50:56:06:63:ae + } + } + rule 994 { + action drop + description Anti-spoofing_77.68.74.209 + source { + address 77.68.74.209 + mac-address !00:50:56:01:c5:88 + } + } + rule 995 { + action drop + description Anti-spoofing_77.68.6.32 + source { + address 77.68.6.32 + mac-address !00:50:56:19:b2:9e + } + } + rule 996 { + action drop + description Anti-spoofing_77.68.6.210 + source { + address 77.68.6.210 + mac-address !00:50:56:03:16:58 + } + } + rule 997 { + action drop + description Anti-spoofing_77.68.34.26 + source { + address 77.68.34.26 + mac-address !00:50:56:16:f0:f3 + } + } + rule 998 { + action drop + description Anti-spoofing_77.68.77.238 + source { + address 77.68.77.238 + mac-address !00:50:56:25:b8:e7 + } + } + rule 999 { + action drop + description Anti-spoofing_77.68.35.116 + source { + address 77.68.35.116 + mac-address !00:50:56:22:c6:b9 + } + } + rule 1000 { + action drop + description Anti-spoofing_77.68.23.112 + source { + address 77.68.23.112 + mac-address !00:50:56:1f:06:9f + } + } + rule 1001 { + action drop + description Anti-spoofing_77.68.120.241 + source { + address 77.68.120.241 + mac-address !00:50:56:18:1e:aa + } + } + rule 1002 { + action drop + description Anti-spoofing_77.68.34.28 + source { + address 77.68.34.28 + mac-address !00:50:56:24:5e:9a + } + } + rule 1003 { + action drop + description Anti-spoofing_77.68.122.195 + source { + address 77.68.122.195 + mac-address !00:50:56:0d:fd:66 + } + } + rule 1004 { + action drop + description Anti-spoofing_77.68.126.14 + source { + address 77.68.126.14 + mac-address !00:50:56:02:46:82 + } + } + rule 1005 { + action drop + description Anti-spoofing_109.228.38.117 + source { + address 109.228.38.117 + mac-address !00:50:56:05:55:f0 + } + } + rule 1006 { + action drop + description Anti-spoofing_77.68.33.171 + source { + address 77.68.33.171 + mac-address !00:50:56:07:69:46 + } + } + rule 1007 { + action drop + description Anti-spoofing_77.68.24.220 + source { + address 77.68.24.220 + mac-address !00:50:56:1f:53:df + } + } + rule 1008 { + action drop + description Anti-spoofing_88.208.197.23 + source { + address 88.208.197.23 + mac-address !00:50:56:23:fa:2f + } + } + rule 1009 { + action drop + description Anti-spoofing_77.68.80.26 + source { + address 77.68.80.26 + mac-address !00:50:56:21:23:8e + } + } + rule 1010 { + action drop + description Anti-spoofing_77.68.32.83 + source { + address 77.68.32.83 + mac-address !00:50:56:26:5d:1a + } + } + rule 1011 { + action drop + description Anti-spoofing_77.68.95.42 + source { + address 77.68.95.42 + mac-address !00:50:56:00:77:9a + } + } + rule 1012 { + action drop + description Anti-spoofing_213.171.209.217 + source { + address 213.171.209.217 + mac-address !00:50:56:18:7b:c2 + } + } + rule 1014 { + action drop + description Anti-spoofing_109.228.39.249 + source { + address 109.228.39.249 + mac-address !00:50:56:0e:4b:f9 + } + } + rule 1015 { + action drop + description Anti-spoofing_77.68.32.86 + source { + address 77.68.32.86 + mac-address !00:50:56:29:ff:6f + } + } + rule 1016 { + action drop + description Anti-spoofing_77.68.125.218 + source { + address 77.68.125.218 + mac-address !00:50:56:2f:4d:38 + } + } + rule 1017 { + action drop + description Anti-spoofing_77.68.17.186 + source { + address 77.68.17.186 + mac-address !00:50:56:2e:6b:f3 + } + } + rule 1018 { + action drop + description Anti-spoofing_77.68.12.45 + source { + address 77.68.12.45 + mac-address !00:50:56:15:e4:38 + } + } + rule 1019 { + action drop + description Anti-spoofing_109.228.40.247 + source { + address 109.228.40.247 + mac-address !00:50:56:20:62:b7 + } + } + rule 1020 { + action drop + description Anti-spoofing_77.68.32.89 + source { + address 77.68.32.89 + mac-address !00:50:56:2e:21:46 + } + } + rule 1022 { + action drop + description Anti-spoofing_77.68.34.138 + source { + address 77.68.34.138 + mac-address !00:50:56:10:0a:08 + } + } + rule 1023 { + action drop + description Anti-spoofing_77.68.34.139 + source { + address 77.68.34.139 + mac-address !00:50:56:0d:24:2f + } + } + rule 1024 { + action drop + description Anti-spoofing_213.171.208.40 + source { + address 213.171.208.40 + mac-address !00:50:56:07:df:6e + } + } + rule 1026 { + action drop + description Anti-spoofing_109.228.40.226 + source { + address 109.228.40.226 + mac-address !00:50:56:2d:c8:2a + } + } + rule 1028 { + action drop + description Anti-spoofing_185.132.39.109 + source { + address 185.132.39.109 + mac-address !00:50:56:2c:3e:98 + } + } + rule 1029 { + action drop + description Anti-spoofing_109.228.40.207 + source { + address 109.228.40.207 + mac-address !00:50:56:04:ba:9c + } + } + rule 1030 { + action drop + description Anti-spoofing_77.68.48.89 + source { + address 77.68.48.89 + mac-address !00:50:56:33:b3:05 + } + } + rule 1031 { + action drop + description Anti-spoofing_77.68.48.105 + source { + address 77.68.48.105 + mac-address !00:50:56:13:8d:55 + } + } + rule 1032 { + action drop + description Anti-spoofing_77.68.50.142 + source { + address 77.68.50.142 + mac-address !00:50:56:2e:58:85 + } + } + rule 1033 { + action drop + description Anti-spoofing_77.68.49.12 + source { + address 77.68.49.12 + mac-address !00:50:56:0f:ed:da + } + } + rule 1034 { + action drop + description Anti-spoofing_77.68.85.18 + source { + address 77.68.85.18 + mac-address !00:50:56:3b:0a:8b + } + } + rule 1035 { + action drop + description Anti-spoofing_77.68.49.4 + source { + address 77.68.49.4 + mac-address !00:50:56:05:e5:05 + } + } + rule 1036 { + action drop + description Anti-spoofing_109.228.37.187 + source { + address 109.228.37.187 + mac-address !00:50:56:37:21:f0 + } + } + rule 1037 { + action drop + description Anti-spoofing_77.68.49.178 + source { + address 77.68.49.178 + mac-address !00:50:56:26:00:f7 + } + } + rule 1038 { + action drop + description Anti-spoofing_77.68.82.147 + source { + address 77.68.82.147 + mac-address !00:50:56:13:75:25 + } + } + rule 1040 { + action drop + description Anti-spoofing_77.68.24.134 + source { + address 77.68.24.134 + mac-address !00:50:56:29:0b:02 + } + } + rule 1041 { + action drop + description Anti-spoofing_77.68.24.63 + source { + address 77.68.24.63 + mac-address !00:50:56:08:7e:4a + } + } + rule 1042 { + action drop + description Anti-spoofing_77.68.50.91 + source { + address 77.68.50.91 + mac-address !00:50:56:35:b6:4f + } + } + rule 1043 { + action drop + description Anti-spoofing_77.68.49.160 + source { + address 77.68.49.160 + mac-address !00:50:56:0e:29:ce + } + } + rule 1044 { + action drop + description Anti-spoofing_77.68.116.84 + source { + address 77.68.116.84 + mac-address !00:50:56:2d:e7:75 + } + } + rule 1045 { + action drop + description Anti-spoofing_77.68.126.160 + source { + address 77.68.126.160 + mac-address !00:50:56:19:a1:cf + } + } + rule 1046 { + action drop + description Anti-spoofing_185.132.41.240 + source { + address 185.132.41.240 + mac-address !00:50:56:08:f6:7c + } + } + rule 1047 { + action drop + description Anti-spoofing_77.68.50.193 + source { + address 77.68.50.193 + mac-address !00:50:56:0f:44:05 + } + } + rule 1048 { + action drop + description Anti-spoofing_77.68.49.161 + source { + address 77.68.49.161 + mac-address !00:50:56:09:4a:87 + } + } + rule 1049 { + action drop + description Anti-spoofing_109.228.58.134 + source { + address 109.228.58.134 + mac-address !00:50:56:06:82:eb + } + } + rule 1050 { + action drop + description Anti-spoofing_185.132.36.56 + source { + address 185.132.36.56 + mac-address !00:50:56:11:89:a1 + } + } + rule 1051 { + action drop + description Anti-spoofing_77.68.50.198 + source { + address 77.68.50.198 + mac-address !00:50:56:21:8f:66 + } + } + rule 1052 { + action drop + description Anti-spoofing_77.68.100.150 + source { + address 77.68.100.150 + mac-address !00:50:56:3a:15:0a + } + } + rule 1053 { + action drop + description Anti-spoofing_88.208.196.91 + source { + address 88.208.196.91 + mac-address !00:50:56:0a:06:31 + } + } + rule 1054 { + action drop + description Anti-spoofing_185.132.41.148 + source { + address 185.132.41.148 + mac-address !00:50:56:3b:d9:ec + } + } + rule 1055 { + action drop + description Anti-spoofing_213.171.210.25 + source { + address 213.171.210.25 + mac-address !00:50:56:0a:b8:6c + } + } + rule 1056 { + action drop + description Anti-spoofing_77.68.51.214 + source { + address 77.68.51.214 + mac-address !00:50:56:16:29:41 + } + } + rule 1057 { + action drop + description Anti-spoofing_77.68.51.202 + source { + address 77.68.51.202 + mac-address !00:50:56:24:5a:0f + } + } + rule 1058 { + action drop + description Anti-spoofing_77.68.100.132 + source { + address 77.68.100.132 + mac-address !00:50:56:27:18:b7 + } + } + rule 1059 { + action drop + description Anti-spoofing_77.68.77.42 + source { + address 77.68.77.42 + mac-address !00:50:56:34:d1:d5 + } + } + rule 1060 { + action drop + description Anti-spoofing_109.228.39.41 + source { + address 109.228.39.41 + mac-address !00:50:56:2e:6a:41 + } + } + rule 1061 { + action drop + description Anti-spoofing_77.68.100.134 + source { + address 77.68.100.134 + mac-address !00:50:56:19:a0:13 + } + } + rule 1062 { + action drop + description Anti-spoofing_77.68.89.247 + source { + address 77.68.89.247 + mac-address !00:50:56:2b:ed:68 + } + } + rule 1063 { + action drop + description Anti-spoofing_77.68.101.64 + source { + address 77.68.101.64 + mac-address !00:50:56:24:5a:0f + } + } + rule 1064 { + action drop + description Anti-spoofing_88.208.199.249 + source { + address 88.208.199.249 + mac-address !00:50:56:16:3e:ed + } + } + rule 1065 { + action drop + description Anti-spoofing_77.68.101.124 + source { + address 77.68.101.124 + mac-address !00:50:56:15:0e:e0 + } + } + rule 1066 { + action drop + description Anti-spoofing_77.68.101.125 + source { + address 77.68.101.125 + mac-address !00:50:56:33:ce:ff + } + } + rule 1068 { + action drop + description Anti-spoofing_77.68.100.167 + source { + address 77.68.100.167 + mac-address !00:50:56:34:b3:5d + } + } + rule 1069 { + action drop + description Anti-spoofing_77.68.49.152 + source { + address 77.68.49.152 + mac-address !00:50:56:1a:06:95 + } + } + rule 1070 { + action drop + description Anti-spoofing_77.68.103.147 + source { + address 77.68.103.147 + mac-address !00:50:56:2e:52:7f + } + } + rule 1071 { + action drop + description Anti-spoofing_77.68.48.202 + source { + address 77.68.48.202 + mac-address !00:50:56:0b:da:01 + } + } + rule 1072 { + action drop + description Anti-spoofing_77.68.112.175 + source { + address 77.68.112.175 + mac-address !00:50:56:05:9e:e5 + } + } + rule 1073 { + action drop + description Anti-spoofing_109.228.56.97 + source { + address 109.228.56.97 + mac-address !00:50:56:36:cd:04 + } + } + rule 1074 { + action drop + description Anti-spoofing_185.132.37.47 + source { + address 185.132.37.47 + mac-address !00:50:56:3a:de:38 + } + } + rule 1075 { + action drop + description Anti-spoofing_77.68.31.96 + source { + address 77.68.31.96 + mac-address !00:50:56:07:d0:cf + } + } + rule 1076 { + action drop + description Anti-spoofing_109.228.61.37 + source { + address 109.228.61.37 + mac-address !00:50:56:1a:93:80 + } + } + rule 1077 { + action drop + description Anti-spoofing_77.68.33.24 + source { + address 77.68.33.24 + mac-address !00:50:56:0d:ae:e8 + } + } + rule 1078 { + action drop + description Anti-spoofing_88.208.197.135 + source { + address 88.208.197.135 + mac-address !00:50:56:3b:39:6b + } + } + rule 1079 { + action drop + description Anti-spoofing_77.68.103.227 + source { + address 77.68.103.227 + mac-address !00:50:56:28:cd:95 + } + } + rule 1080 { + action drop + description Anti-spoofing_185.132.38.182 + source { + address 185.132.38.182 + mac-address !00:50:56:39:4b:e3 + } + } + rule 1081 { + action drop + description Anti-spoofing_88.208.197.118 + source { + address 88.208.197.118 + mac-address !00:50:56:2c:cd:e3 + } + } + rule 1082 { + action drop + description Anti-spoofing_88.208.196.92 + source { + address 88.208.196.92 + mac-address !00:50:56:05:77:19 + } + } + rule 1083 { + action drop + description Anti-spoofing_88.208.197.150 + source { + address 88.208.197.150 + mac-address !00:50:56:0c:ae:6c + } + } + rule 1084 { + action drop + description Anti-spoofing_88.208.215.121 + source { + address 88.208.215.121 + mac-address !00:50:56:16:0b:60 + } + } + rule 1085 { + action drop + description Anti-spoofing_88.208.197.10 + source { + address 88.208.197.10 + mac-address !00:50:56:1c:8b:fb + } + } + rule 1086 { + action drop + description Anti-spoofing_88.208.198.69 + source { + address 88.208.198.69 + mac-address !00:50:56:06:e7:eb + } + } + rule 1087 { + action drop + description Anti-spoofing_88.208.197.155 + source { + address 88.208.197.155 + mac-address !00:50:56:39:39:8e + } + } + rule 1088 { + action drop + description Anti-spoofing_88.208.198.39 + source { + address 88.208.198.39 + mac-address !00:50:56:22:2d:07 + } + } + rule 1089 { + action drop + description Anti-spoofing_88.208.197.160 + source { + address 88.208.197.160 + mac-address !00:50:56:2e:03:9a + } + } + rule 1090 { + action drop + description Anti-spoofing_88.208.197.60 + source { + address 88.208.197.60 + mac-address !00:50:56:3e:59:7c + } + } + rule 1091 { + action drop + description Anti-spoofing_77.68.102.129 + source { + address 77.68.102.129 + mac-address !00:50:56:2c:9d:a5 + } + } + rule 1092 { + action drop + description Anti-spoofing_88.208.196.123 + source { + address 88.208.196.123 + mac-address !00:50:56:21:ac:31 + } + } + rule 1093 { + action drop + description Anti-spoofing_88.208.215.61 + source { + address 88.208.215.61 + mac-address !00:50:56:05:91:dd + } + } + rule 1094 { + action drop + description Anti-spoofing_88.208.215.62 + source { + address 88.208.215.62 + mac-address !00:50:56:2d:ff:f4 + } + } + rule 1095 { + action drop + description Anti-spoofing_88.208.199.141 + source { + address 88.208.199.141 + mac-address !00:50:56:10:8f:10 + } + } + rule 1096 { + action drop + description Anti-spoofing_88.208.215.157 + source { + address 88.208.215.157 + mac-address !00:50:56:38:d7:1a + } + } + rule 1097 { + action drop + description Anti-spoofing_77.68.21.171 + source { + address 77.68.21.171 + mac-address !00:50:56:29:e0:5f + } + } + rule 1098 { + action drop + description Anti-spoofing_88.208.198.251 + source { + address 88.208.198.251 + mac-address !00:50:56:2b:2a:6a + } + } + rule 1099 { + action drop + description Anti-spoofing_88.208.199.233 + source { + address 88.208.199.233 + mac-address !00:50:56:1e:bf:95 + } + } + rule 1100 { + action drop + description Anti-spoofing_88.208.212.31 + source { + address 88.208.212.31 + mac-address !00:50:56:28:f4:aa + } + } + rule 1101 { + action drop + description Anti-spoofing_88.208.197.129 + source { + address 88.208.197.129 + mac-address !00:50:56:1f:71:bf + } + } + rule 1102 { + action drop + description Anti-spoofing_88.208.199.46 + source { + address 88.208.199.46 + mac-address !00:50:56:34:dc:e5 + } + } + rule 1103 { + action drop + description Anti-spoofing_88.208.212.94 + source { + address 88.208.212.94 + mac-address !00:50:56:3d:f5:16 + } + } + rule 1105 { + action drop + description Anti-spoofing_88.208.212.182 + source { + address 88.208.212.182 + mac-address !00:50:56:12:e4:1b + } + } + rule 1108 { + action drop + description Anti-spoofing_88.208.212.188 + source { + address 88.208.212.188 + mac-address !00:50:56:36:a8:9e + } + } + rule 1500 { + action drop + description "Block port 11211-udp" + protocol udp + source { + group { + address-group CLUSTER_ADDRESSES + } + port 11211 + } + } + rule 1510 { + action drop + description "Test Drive - Outgoing traffic blocked" + destination { + group { + network-group !NAS_NETWORKS + } + } + source { + group { + address-group DT_BLOCKED + } + } + } + rule 1520 { + action drop + description "Deny outgoing SMTP to new contracts" + destination { + port smtp + } + protocol tcp + source { + group { + address-group DT_SMTP_BLOCKED + } + } + } + rule 1600 { + action accept + description "Allow unicast requests to DHCP servers" + destination { + group { + address-group DHCP_SERVERS + } + port bootps + } + protocol tcp_udp + source { + group { + address-group CLUSTER_ADDRESSES + } + } + } + rule 1610 { + action accept + description "Allow DNS queries to dnscache servers" + destination { + group { + address-group DNSCACHE_SERVERS + } + port 53 + } + protocol tcp_udp + source { + group { + address-group CLUSTER_ADDRESSES + } + } + } + rule 1620 { + action accept + destination { + group { + address-group NAS_ARRAYS + } + } + source { + group { + address-group CLUSTER_ADDRESSES + } + } + } + rule 1630 { + action accept + description "Kerberos authentication to Domain Controllers" + destination { + group { + address-group NAS_DOMAIN_CONTROLLERS + } + port 88 + } + protocol tcp_udp + source { + group { + address-group CLUSTER_ADDRESSES + } + } + } + rule 1640 { + action drop + description "Deny rest of the traffic to NAS" + destination { + group { + network-group NAS_NETWORKS + } + } + } + rule 2000 { + action accept + description "TOP port - SSH" + destination { + group { + address-group G-22-TCP + } + port ssh + } + protocol tcp + } + rule 2001 { + action accept + description "TOP port - RDESKTOP" + destination { + group { + address-group G-3389-TCP + } + port 3389 + } + protocol tcp + } + rule 2002 { + action accept + description "TOP port - HTTP" + destination { + group { + address-group G-80-TCP + } + port http + } + protocol tcp + } + rule 2003 { + action accept + description "TOP port - HTTPS" + destination { + group { + address-group G-443-TCP + } + port https + } + protocol tcp + } + rule 2004 { + action accept + description "TOP port - DOMAIN TCP" + destination { + group { + address-group G-53-TCP + } + port domain + } + protocol tcp + } + rule 2005 { + action accept + description "TOP port - DOMAIN UDP" + destination { + group { + address-group G-53-UDP + } + port domain + } + protocol udp + } + rule 2006 { + action accept + description "TOP port - SMTP" + destination { + group { + address-group G-25-TCP + } + port smtp + } + protocol tcp + } + rule 2007 { + action accept + description "TOP port - IMAP" + destination { + group { + address-group G-143-TCP + } + port imap2 + } + protocol tcp + } + rule 2008 { + action accept + description "TOP port - POP3" + destination { + group { + address-group G-110-TCP + } + port pop3 + } + protocol tcp + } + rule 2009 { + action accept + description "TOP port - MSSQL TCP" + destination { + group { + address-group G-1433-TCP + } + port ms-sql-s + } + protocol tcp + } + rule 2010 { + action accept + description "TOP port - MYSQL TCP" + destination { + group { + address-group G-3306-TCP + } + port mysql + } + protocol tcp + } + rule 2011 { + action accept + description "TOP port - FTPDATA" + destination { + group { + address-group G-20-TCP + } + port ftp-data + } + protocol tcp + } + rule 2012 { + action accept + description "TOP port - FTP" + destination { + group { + address-group G-21-TCP + } + port ftp + } + protocol tcp + } + rule 2013 { + action accept + description "TOP port - SSMTP" + destination { + group { + address-group G-465-TCP + } + port ssmtp + } + protocol tcp + } + rule 2014 { + action accept + description "TOP port - SMTPS" + destination { + group { + address-group G-587-TCP + } + port 587 + } + protocol tcp + } + rule 2015 { + action accept + description "TOP port - IMAPS" + destination { + group { + address-group G-993-TCP + } + port imaps + } + protocol tcp + } + rule 2016 { + action accept + description "TOP port - POP3S" + destination { + group { + address-group G-995-TCP + } + port pop3s + } + protocol tcp + } + rule 2017 { + action accept + description "TOP port - TOMCAT" + destination { + group { + address-group G-8080-TCP + } + port 8080 + } + protocol tcp + } + rule 2018 { + action accept + description "TOP port - Alternative HTTPS" + destination { + group { + address-group G-8443-TCP + } + port 8443 + } + protocol tcp + } + rule 2019 { + action accept + description "TOP port - 10000/TCP" + destination { + group { + address-group G-10000-TCP + } + port 10000 + } + protocol tcp + } + rule 2020 { + action accept + description "TOP port - 8447/TCP" + destination { + group { + address-group G-8447-TCP + } + port 8447 + } + protocol tcp + } + rule 2040 { + action accept + description "TOP port - All ports open" + destination { + group { + address-group G-ALL_OPEN + } + } + } + rule 2050 { + action accept + description "ICMP group" + destination { + group { + address-group G-ICMP + } + } + protocol icmp + } + rule 2100 { + action accept + description FW2BB8D_1-TCP-ALLOW-104.192.143.2 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 7999,22 + } + protocol tcp + source { + address 104.192.143.2 + } + } + rule 2101 { + action accept + description FW19987_4-TCP-ALLOW-77.68.74.54 + destination { + group { + address-group DT_FW19987_4 + } + port 443 + } + protocol tcp + source { + address 77.68.74.54 + } + } + rule 2102 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-109.72.210.46 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 109.72.210.46 + } + } + rule 2103 { + action accept + description FW5A77C_16-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FW5A77C_16 + } + port 22 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 2104 { + action accept + description FW826BA_3-TCP-ALLOW-164.177.156.192 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,1433,21 + } + protocol tcp + source { + address 164.177.156.192 + } + } + rule 2105 { + action accept + description FWDAA4F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDAA4F_1 + } + port 22335 + } + protocol tcp + } + rule 2106 { + action accept + description FW6D0CD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6D0CD_1 + } + port 6900,7000 + } + protocol tcp + } + rule 2107 { + action accept + description FW6D0CD_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6D0CD_1 + } + port 9001 + } + protocol tcp_udp + } + rule 2108 { + action accept + description FW06176_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW06176_1 + } + port 5900 + } + protocol tcp + } + rule 2109 { + action accept + description FW19987_4-TCP-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FW19987_4 + } + port 443 + } + protocol tcp + source { + address 77.68.77.70 + } + } + rule 2110 { + action accept + description FWF7B68_1-TCP-ALLOW-54.221.251.224 + destination { + group { + address-group DT_FWF7B68_1 + } + port 8443,3306,22,21,20 + } + protocol tcp + source { + address 54.221.251.224 + } + } + rule 2111 { + action accept + description FW05AD0_2-TCP-ALLOW-178.251.181.41 + destination { + group { + address-group DT_FW05AD0_2 + } + port 3389,1433,21 + } + protocol tcp + source { + address 178.251.181.41 + } + } + rule 2112 { + action accept + description FW05AD0_2-TCP-ALLOW-178.251.181.6 + destination { + group { + address-group DT_FW05AD0_2 + } + port 3389,1433,21 + } + protocol tcp + source { + address 178.251.181.6 + } + } + rule 2113 { + action accept + description VPN-7030-ANY-ALLOW-10.4.58.119 + destination { + group { + address-group DT_VPN-7030 + } + } + source { + address 10.4.58.119 + } + } + rule 2114 { + action accept + description FW58C69_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW58C69_4 + } + port 5666 + } + protocol tcp + } + rule 2115 { + action accept + description FW2BB8D_1-TCP-ALLOW-185.201.180.35 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000,22 + } + protocol tcp + source { + address 185.201.180.35 + } + } + rule 2116 { + action accept + description FW19987_4-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FW19987_4 + } + port 3389,445,443 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2117 { + action accept + description FW19987_4-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FW19987_4 + } + port 3389,445,443 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2118 { + action accept + description FW5658C_1-TCP-ALLOW-212.159.160.65 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443,3389,3306,22,21 + } + protocol tcp + source { + address 212.159.160.65 + } + } + rule 2119 { + action accept + description FW5658C_1-TCP-ALLOW-79.78.20.149 + destination { + group { + address-group DT_FW5658C_1 + } + port 8447,8443,3389,3306,993,143,22,21 + } + protocol tcp + source { + address 79.78.20.149 + } + } + rule 2120 { + action accept + description FW5658C_1-TCP-ALLOW-77.68.77.185 + destination { + group { + address-group DT_FW5658C_1 + } + port 3306 + } + protocol tcp + source { + address 77.68.77.185 + } + } + rule 2121 { + action accept + description FW5658C_1-TCP-ALLOW-82.165.232.19 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443,3389 + } + protocol tcp + source { + address 82.165.232.19 + } + } + rule 2122 { + action accept + description FW2C5AE_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2C5AE_1 + } + port 30303,5717 + } + protocol tcp_udp + } + rule 2123 { + action accept + description VPN-12899-ANY-ALLOW-10.4.58.207 + destination { + group { + address-group DT_VPN-12899 + } + } + source { + address 10.4.58.207 + } + } + rule 2124 { + action accept + description FW7648D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW7648D_1 + } + port 8501,8050,7801,4444,1443 + } + protocol tcp + } + rule 2125 { + action accept + description FW0C2E6_4-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0C2E6_4 + } + port 1194 + } + protocol udp + } + rule 2126 { + action accept + description FW5658C_1-TCP-ALLOW-39.37.175.132 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.37.175.132 + } + } + rule 2127 { + action accept + description FW826BA_3-TCP-ALLOW-165.255.242.223 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,1433,21 + } + protocol tcp + source { + address 165.255.242.223 + } + } + rule 2128 { + action accept + description VPN-10131-ANY-ALLOW-10.4.56.51 + destination { + group { + address-group DT_VPN-10131 + } + } + source { + address 10.4.56.51 + } + } + rule 2129 { + action accept + description FW2BB8D_1-TCP-ALLOW-212.227.84.142 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 22 + } + protocol tcp + source { + address 212.227.84.142 + } + } + rule 2130 { + action accept + description FW2BB8D_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2BB8D_1 + } + port 53 + } + protocol tcp_udp + } + rule 2131 { + action accept + description FWFDD94_15-TCP-ALLOW-90.29.180.234 + destination { + group { + address-group DT_FWFDD94_15 + } + port 5683,1883 + } + protocol tcp + source { + address 90.29.180.234 + } + } + rule 2132 { + action accept + description VPN-10131-ANY-ALLOW-10.4.57.51 + destination { + group { + address-group DT_VPN-10131 + } + } + source { + address 10.4.57.51 + } + } + rule 2133 { + action accept + description FW2BB8D_1-TCP-ALLOW-109.228.49.193 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 5000 + } + protocol tcp + source { + address 109.228.49.193 + } + } + rule 2134 { + action accept + description FW81138_1-ICMP-ALLOW-3.10.221.168 + destination { + group { + address-group DT_FW81138_1 + } + } + protocol icmp + source { + address 3.10.221.168 + } + } + rule 2135 { + action accept + description FWB28B6_5-AH-ALLOW-77.68.36.46 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol ah + source { + address 77.68.36.46 + } + } + rule 2136 { + action accept + description FWB28B6_5-ESP-ALLOW-77.68.36.46 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol esp + source { + address 77.68.36.46 + } + } + rule 2137 { + action accept + description FW825C8_24-TCP-ALLOW-77.68.87.201 + destination { + group { + address-group DT_FW825C8_24 + } + port 1433 + } + protocol tcp + source { + address 77.68.87.201 + } + } + rule 2138 { + action accept + description FWB28B6_5-AH-ALLOW-213.171.196.146 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol ah + source { + address 213.171.196.146 + } + } + rule 2139 { + action accept + description FWB28B6_5-ESP-ALLOW-213.171.196.146 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol esp + source { + address 213.171.196.146 + } + } + rule 2140 { + action accept + description FWB28B6_5-UDP-ALLOW-213.171.196.146 + destination { + group { + address-group DT_FWB28B6_5 + } + port 500,4500 + } + protocol udp + source { + address 213.171.196.146 + } + } + rule 2141 { + action accept + description FWB28B6_5-TCP_UDP-ALLOW-213.171.196.146 + destination { + group { + address-group DT_FWB28B6_5 + } + port 1701 + } + protocol tcp_udp + source { + address 213.171.196.146 + } + } + rule 2142 { + action accept + description FWB28B6_5-TCP_UDP-ALLOW-77.68.36.46 + destination { + group { + address-group DT_FWB28B6_5 + } + port 1701 + } + protocol tcp_udp + source { + address 77.68.36.46 + } + } + rule 2143 { + action accept + description FWB28B6_5-UDP-ALLOW-77.68.36.46 + destination { + group { + address-group DT_FWB28B6_5 + } + port 500,4500 + } + protocol udp + source { + address 77.68.36.46 + } + } + rule 2144 { + action accept + description VPN-12899-ANY-ALLOW-10.4.59.207 + destination { + group { + address-group DT_VPN-12899 + } + } + source { + address 10.4.59.207 + } + } + rule 2145 { + action accept + description FWB28B6_5-TCP-ALLOW-81.130.141.175 + destination { + group { + address-group DT_FWB28B6_5 + } + port 3389 + } + protocol tcp + source { + address 81.130.141.175 + } + } + rule 2146 { + action accept + description FWB28B6_5-UDP-ALLOW-77.68.38.195 + destination { + group { + address-group DT_FWB28B6_5 + } + port 4500,500 + } + protocol udp + source { + address 77.68.38.195 + } + } + rule 2147 { + action accept + description FWB28B6_5-AH-ALLOW-77.68.38.195 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol ah + source { + address 77.68.38.195 + } + } + rule 2148 { + action accept + description FWB28B6_5-ESP-ALLOW-77.68.38.195 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol esp + source { + address 77.68.38.195 + } + } + rule 2149 { + action accept + description FWB28B6_5-TCP_UDP-ALLOW-77.68.38.195 + destination { + group { + address-group DT_FWB28B6_5 + } + port 1701 + } + protocol tcp_udp + source { + address 77.68.38.195 + } + } + rule 2150 { + action accept + description FW5658C_1-TCP-ALLOW-39.37.178.77 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.37.178.77 + } + } + rule 2151 { + action accept + description FW5A77C_16-TCP-ALLOW-51.241.139.56 + destination { + group { + address-group DT_FW5A77C_16 + } + port 22 + } + protocol tcp + source { + address 51.241.139.56 + } + } + rule 2152 { + action accept + description FWA86ED_101-TCP-ALLOW-150.143.57.138 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389 + } + protocol tcp + source { + address 150.143.57.138 + } + } + rule 2153 { + action accept + description FW6ECA4_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6ECA4_1 + } + port 3939,3335,3334,3333,3000,999,444 + } + protocol tcp_udp + } + rule 2154 { + action accept + description FW5658C_1-TCP-ALLOW-39.45.13.20 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.45.13.20 + } + } + rule 2155 { + action accept + description FW481D7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW481D7_1 + } + port 3478 + } + protocol tcp_udp + } + rule 2156 { + action accept + description FW5A5D7_3-GRE-ALLOW-51.219.222.28 + destination { + group { + address-group DT_FW5A5D7_3 + } + } + protocol gre + source { + address 51.219.222.28 + } + } + rule 2157 { + action accept + description FWA86ED_101-TCP-ALLOW-94.195.127.217 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 94.195.127.217 + } + } + rule 2158 { + action accept + description FW2E060_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2E060_1 + } + port 49152-65535,8443-8447 + } + protocol tcp + } + rule 2159 { + action accept + description FWFDD94_15-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWFDD94_15 + } + port 9090,5080,1935 + } + protocol tcp + } + rule 2160 { + action accept + description FW5658C_1-TCP-ALLOW-39.45.190.224 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.45.190.224 + } + } + rule 2161 { + action accept + description FW9E550_1-TCP-ALLOW-109.249.187.56 + destination { + group { + address-group DT_FW9E550_1 + } + port 3389 + } + protocol tcp + source { + address 109.249.187.56 + } + } + rule 2162 { + action accept + description FW89619_1-TCP-ALLOW-81.133.80.114 + destination { + group { + address-group DT_FW89619_1 + } + port 22 + } + protocol tcp + source { + address 81.133.80.114 + } + } + rule 2163 { + action accept + description FW8A3FC_3-TCP-ALLOW-212.227.72.218 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 212.227.72.218 + } + } + rule 2164 { + action accept + description FW0E383_9-TCP-ALLOW-151.229.59.51 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 151.229.59.51 + } + } + rule 2165 { + action accept + description FW8AFF1_7-TCP-ALLOW-178.251.181.41 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433,21 + } + protocol tcp + source { + address 178.251.181.41 + } + } + rule 2166 { + action accept + description FW3CAAB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW3CAAB_1 + } + port 49152-65535,30000-30400,8443-8447,5432,80-110,21-25 + } + protocol tcp + } + rule 2167 { + action accept + description FW91B7A_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW91B7A_1 + } + port 3389,80 + } + protocol tcp_udp + } + rule 2168 { + action accept + description FW40416_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW40416_1 + } + port 1-65535 + } + protocol tcp + } + rule 2169 { + action accept + description FW5A77C_16-TCP-ALLOW-81.151.24.216 + destination { + group { + address-group DT_FW5A77C_16 + } + port 10000,22 + } + protocol tcp + source { + address 81.151.24.216 + } + } + rule 2170 { + action accept + description VPN-7030-ANY-ALLOW-10.4.59.119 + destination { + group { + address-group DT_VPN-7030 + } + } + source { + address 10.4.59.119 + } + } + rule 2171 { + action accept + description FW0E383_9-TCP-ALLOW-62.252.94.138 + destination { + group { + address-group DT_FW0E383_9 + } + port 3389,1433 + } + protocol tcp + source { + address 62.252.94.138 + } + } + rule 2172 { + action accept + description FW89619_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW89619_1 + } + port 5015,5001,5000 + } + protocol tcp + } + rule 2173 { + action accept + description FW89619_1-TCP_UDP-ALLOW-167.98.162.142 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 167.98.162.142 + } + } + rule 2174 { + action accept + description FW013EF_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW013EF_2 + } + port 44445,7770-7800,5090,5060-5070,5015,5001,2000-2500 + } + protocol tcp + } + rule 2175 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.12 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.12 + } + } + rule 2176 { + action accept + description VPN-15625-ANY-ALLOW-10.4.88.79 + destination { + group { + address-group DT_VPN-15625 + } + } + source { + address 10.4.88.79 + } + } + rule 2177 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.228.53.128 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 109.228.53.128 + } + } + rule 2178 { + action accept + description FW8AFF1_7-TCP-ALLOW-178.251.181.6 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 3389,1433,21 + } + protocol tcp + source { + address 178.251.181.6 + } + } + rule 2179 { + action accept + description FW578BE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW578BE_1 + } + port 23,1521,1522 + } + protocol tcp + } + rule 2180 { + action accept + description FWE012D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE012D_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2181 { + action accept + description FW8AFF1_7-TCP-ALLOW-213.171.209.161 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 3389,1433,21 + } + protocol tcp + source { + address 213.171.209.161 + } + } + rule 2182 { + action accept + description VPN-8203-ANY-ALLOW-10.4.58.109 + destination { + group { + address-group DT_VPN-8203 + } + } + source { + address 10.4.58.109 + } + } + rule 2183 { + action accept + description VPN-9415-ANY-ALLOW-10.4.58.168 + destination { + group { + address-group DT_VPN-9415 + } + } + source { + address 10.4.58.168 + } + } + rule 2184 { + action accept + description VPN-9415-ANY-ALLOW-10.4.59.168 + destination { + group { + address-group DT_VPN-9415 + } + } + source { + address 10.4.59.168 + } + } + rule 2185 { + action accept + description FW27A8F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW27A8F_1 + } + port 9990,8458,8090,6543,5432 + } + protocol tcp + } + rule 2186 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.11.224 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 5000 + } + protocol tcp + source { + address 77.68.11.224 + } + } + rule 2187 { + action accept + description VPN-15625-ANY-ALLOW-10.4.89.79 + destination { + group { + address-group DT_VPN-15625 + } + } + source { + address 10.4.89.79 + } + } + rule 2188 { + action accept + description VPN-14649-ANY-ALLOW-10.4.86.35 + destination { + group { + address-group DT_VPN-14649 + } + } + source { + address 10.4.86.35 + } + } + rule 2189 { + action accept + description VPN-14649-ANY-ALLOW-10.4.87.35 + destination { + group { + address-group DT_VPN-14649 + } + } + source { + address 10.4.87.35 + } + } + rule 2190 { + action accept + description VPN-14657-ANY-ALLOW-10.4.86.38 + destination { + group { + address-group DT_VPN-14657 + } + } + source { + address 10.4.86.38 + } + } + rule 2191 { + action accept + description VPN-14657-ANY-ALLOW-10.4.87.38 + destination { + group { + address-group DT_VPN-14657 + } + } + source { + address 10.4.87.38 + } + } + rule 2192 { + action accept + description VPN-14658-ANY-ALLOW-10.4.88.38 + destination { + group { + address-group DT_VPN-14658 + } + } + source { + address 10.4.88.38 + } + } + rule 2193 { + action accept + description VPN-14658-ANY-ALLOW-10.4.89.38 + destination { + group { + address-group DT_VPN-14658 + } + } + source { + address 10.4.89.38 + } + } + rule 2194 { + action accept + description FW0BB22_1-GRE-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + } + protocol gre + } + rule 2195 { + action accept + description FW0BB22_1-ESP-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + } + protocol esp + } + rule 2196 { + action accept + description FW1CC15_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1CC15_2 + } + port 8089,8085,990,81 + } + protocol tcp + } + rule 2197 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.0.124 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.0.124 + } + } + rule 2198 { + action accept + description FW5A5D7_3-TCP-ALLOW-51.219.222.28 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 8172,3389,1723,1701,47 + } + protocol tcp + source { + address 51.219.222.28 + } + } + rule 2199 { + action accept + description FW1CB16_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1CB16_1 + } + port 3306,27017,53 + } + protocol tcp_udp + } + rule 2200 { + action accept + description FWE47DA_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE47DA_1 + } + port 7770-7800,44445 + } + protocol tcp + } + rule 2201 { + action accept + description FW37E59_5-TCP-ALLOW-77.68.20.244 + destination { + group { + address-group DT_FW37E59_5 + } + port 30303 + } + protocol tcp + source { + address 77.68.20.244 + } + } + rule 2202 { + action accept + description FW274FD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW274FD_1 + } + port 49152-65534 + } + protocol tcp + } + rule 2203 { + action accept + description FW6CD7E_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6CD7E_2 + } + port 49152-65535 + } + protocol tcp + } + rule 2204 { + action accept + description FW826BA_3-TCP-ALLOW-178.17.252.59 + destination { + group { + address-group DT_FW826BA_3 + } + port 21 + } + protocol tcp + source { + address 178.17.252.59 + } + } + rule 2205 { + action accept + description FW89619_1-TCP_UDP-ALLOW-185.83.64.108 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 185.83.64.108 + } + } + rule 2206 { + action accept + description FW0937A_1-TCP-ALLOW-83.135.134.13 + destination { + group { + address-group DT_FW0937A_1 + } + port 22 + } + protocol tcp + source { + address 83.135.134.13 + } + } + rule 2207 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.112.64 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 77.68.112.64 + } + } + rule 2208 { + action accept + description FW6CD7E_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6CD7E_2 + } + port 53 + } + protocol tcp_udp + } + rule 2209 { + action accept + description FW1F3D0_6-TCP-ALLOW-194.73.17.47 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 194.73.17.47 + } + } + rule 2210 { + action accept + description FW0E383_9-TCP-ALLOW-77.68.115.33 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 77.68.115.33 + } + } + rule 2211 { + action accept + description FWA3EA3_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA3EA3_1 + } + port 943 + } + protocol tcp + } + rule 2212 { + action accept + description FW6863A_4-TCP-ALLOW-82.165.100.25 + destination { + group { + address-group DT_FW6863A_4 + } + port 21-10000 + } + protocol tcp + source { + address 82.165.100.25 + } + } + rule 2213 { + action accept + description FWECBFB_14-TCP-ALLOW-109.228.59.50 + destination { + group { + address-group DT_FWECBFB_14 + } + port 22 + } + protocol tcp + source { + address 109.228.59.50 + } + } + rule 2214 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.100 + destination { + group { + address-group DT_FW2F868_6 + } + port 22 + } + protocol tcp + source { + address 213.171.217.100 + } + } + rule 2215 { + action accept + description FWD7EAB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD7EAB_1 + } + port 60000-60100 + } + protocol tcp + } + rule 2216 { + action accept + description FWEB321_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWEB321_1 + } + port 113,4190 + } + protocol tcp + } + rule 2217 { + action accept + description FW9C682_3-TCP-ALLOW-195.206.180.132 + destination { + group { + address-group DT_FW9C682_3 + } + port 8443,22 + } + protocol tcp + source { + address 195.206.180.132 + } + } + rule 2218 { + action accept + description VPN-8159-ANY-ALLOW-10.4.58.91 + destination { + group { + address-group DT_VPN-8159 + } + } + source { + address 10.4.58.91 + } + } + rule 2219 { + action accept + description VPN-21673-ANY-ALLOW-10.4.88.187 + destination { + group { + address-group DT_VPN-21673 + } + } + source { + address 10.4.88.187 + } + } + rule 2220 { + action accept + description VPN-21673-ANY-ALLOW-10.4.89.187 + destination { + group { + address-group DT_VPN-21673 + } + } + source { + address 10.4.89.187 + } + } + rule 2221 { + action accept + description VPN-21821-ANY-ALLOW-10.4.88.49 + destination { + group { + address-group DT_VPN-21821 + } + } + source { + address 10.4.88.49 + } + } + rule 2222 { + action accept + description VPN-21821-ANY-ALLOW-10.4.89.49 + destination { + group { + address-group DT_VPN-21821 + } + } + source { + address 10.4.89.49 + } + } + rule 2223 { + action accept + description FWECBFB_14-TCP-ALLOW-81.133.80.58 + destination { + group { + address-group DT_FWECBFB_14 + } + port 22 + } + protocol tcp + source { + address 81.133.80.58 + } + } + rule 2224 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.238 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.238 + } + } + rule 2225 { + action accept + description FW826BA_3-TCP-ALLOW-185.212.168.51 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,1433,21 + } + protocol tcp + source { + address 185.212.168.51 + } + } + rule 2226 { + action accept + description FW8B21D_1-ANY-ALLOW-212.187.250.2 + destination { + group { + address-group DT_FW8B21D_1 + } + } + source { + address 212.187.250.2 + } + } + rule 2227 { + action accept + description FW35F7B_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW35F7B_1 + } + port 1434 + } + protocol tcp_udp + } + rule 2228 { + action accept + description FWD338A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD338A_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2229 { + action accept + description FW35F7B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW35F7B_1 + } + port 56791 + } + protocol tcp + } + rule 2230 { + action accept + description FW0E383_9-TCP-ALLOW-77.68.77.114 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 77.68.77.114 + } + } + rule 2231 { + action accept + description FW90AE3_1-TCP-ALLOW-194.74.137.17 + destination { + group { + address-group DT_FW90AE3_1 + } + port 22 + } + protocol tcp + source { + address 194.74.137.17 + } + } + rule 2232 { + action accept + description FW52F6F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW52F6F_1 + } + port 53 + } + protocol tcp_udp + } + rule 2233 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.23.109 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 77.68.23.109 + } + } + rule 2234 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.247 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.247 + } + } + rule 2235 { + action accept + description FW4E314_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW4E314_1 + } + port 53 + } + protocol tcp_udp + } + rule 2236 { + action accept + description FW73573_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73573_2 + } + port 25 + } + protocol tcp_udp + } + rule 2237 { + action accept + description FW0E383_9-TCP-ALLOW-77.68.93.89 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 77.68.93.89 + } + } + rule 2238 { + action accept + description FW856FA_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW856FA_1 + } + port 6003 + } + protocol tcp + } + rule 2239 { + action accept + description FWECBFB_14-TCP-ALLOW-81.19.214.155 + destination { + group { + address-group DT_FWECBFB_14 + } + port 22 + } + protocol tcp + source { + address 81.19.214.155 + } + } + rule 2240 { + action accept + description FW826BA_3-TCP-ALLOW-51.219.168.170 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,1433,21 + } + protocol tcp + source { + address 51.219.168.170 + } + } + rule 2241 { + action accept + description FW30D21_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW30D21_1 + } + port 2083-2087,53,2812,2096,25,993,587 + } + protocol tcp_udp + } + rule 2242 { + action accept + description FWA076E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA076E_1 + } + port 2199,2197 + } + protocol tcp + } + rule 2243 { + action accept + description FWA076E_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA076E_1 + } + port 8000-8010 + } + protocol tcp_udp + } + rule 2244 { + action accept + description FW8A3FC_3-TCP-ALLOW-82.165.166.41 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 8447,8443,443,80,22 + } + protocol tcp + source { + address 82.165.166.41 + } + } + rule 2245 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.180 + destination { + group { + address-group DT_FW2F868_6 + } + port 22,80 + } + protocol tcp + source { + address 213.171.217.180 + } + } + rule 2246 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.184 + destination { + group { + address-group DT_FW2F868_6 + } + port 22 + } + protocol tcp + source { + address 213.171.217.184 + } + } + rule 2247 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.185 + destination { + group { + address-group DT_FW2F868_6 + } + port 22 + } + protocol tcp + source { + address 213.171.217.185 + } + } + rule 2248 { + action accept + description FW2F868_6-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2F868_6 + } + port 161 + } + protocol udp + } + rule 2249 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.102 + destination { + group { + address-group DT_FW2F868_6 + } + port 22,24 + } + protocol tcp + source { + address 213.171.217.102 + } + } + rule 2250 { + action accept + description FW9C682_3-TCP-ALLOW-80.194.78.162 + destination { + group { + address-group DT_FW9C682_3 + } + port 8443,22 + } + protocol tcp + source { + address 80.194.78.162 + } + } + rule 2251 { + action accept + description VPN-21822-ANY-ALLOW-10.4.54.47 + destination { + group { + address-group DT_VPN-21822 + } + } + source { + address 10.4.54.47 + } + } + rule 2252 { + action accept + description FW825C8_19-TCP-ALLOW-77.68.75.244 + destination { + group { + address-group DT_FW825C8_19 + } + port 1433 + } + protocol tcp + source { + address 77.68.75.244 + } + } + rule 2253 { + action accept + description FW2B279_4-TCP-ALLOW-195.147.173.92 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 195.147.173.92 + } + } + rule 2254 { + action accept + description FW1D511_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1D511_2 + } + port 8090 + } + protocol tcp + } + rule 2255 { + action accept + description FW8A3FC_3-TCP-ALLOW-85.17.25.47 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 85.17.25.47 + } + } + rule 2256 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.89.209 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 77.68.89.209 + } + } + rule 2257 { + action accept + description FWE2AB5_8-TCP-ALLOW-213.171.217.184 + destination { + group { + address-group DT_FWE2AB5_8 + } + port 7000 + } + protocol tcp + source { + address 213.171.217.184 + } + } + rule 2258 { + action accept + description FW0E383_9-TCP-ALLOW-77.68.94.177 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 77.68.94.177 + } + } + rule 2259 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.95.129 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 77.68.95.129 + } + } + rule 2260 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.104.118.136 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.104.118.136 + } + } + rule 2261 { + action accept + description FW1FA9E_1-TCP-ALLOW-78.88.254.99 + destination { + group { + address-group DT_FW1FA9E_1 + } + port 9000,8200,5601,4444 + } + protocol tcp + source { + address 78.88.254.99 + } + } + rule 2262 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.27 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.46.27 + } + } + rule 2263 { + action accept + description FWA7A50_1-TCP-ALLOW-81.110.192.198 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp + source { + address 81.110.192.198 + } + } + rule 2264 { + action accept + description VPN-21822-ANY-ALLOW-10.4.55.47 + destination { + group { + address-group DT_VPN-21822 + } + } + source { + address 10.4.55.47 + } + } + rule 2265 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.31.195 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 77.68.31.195 + } + } + rule 2266 { + action accept + description FW45BEB_1-TCP-ALLOW-62.3.71.238 + destination { + group { + address-group DT_FW45BEB_1 + } + port 3389 + } + protocol tcp + source { + address 62.3.71.238 + } + } + rule 2267 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.113 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.113 + } + } + rule 2268 { + action accept + description VPN-23946-ANY-ALLOW-10.4.58.13 + destination { + group { + address-group DT_VPN-23946 + } + } + source { + address 10.4.58.13 + } + } + rule 2269 { + action accept + description FW98818_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW98818_1 + } + port 27015 + } + protocol tcp + } + rule 2270 { + action accept + description VPN-23946-ANY-ALLOW-10.4.59.13 + destination { + group { + address-group DT_VPN-23946 + } + } + source { + address 10.4.59.13 + } + } + rule 2271 { + action accept + description VPN-28031-ANY-ALLOW-10.4.88.197 + destination { + group { + address-group DT_VPN-28031 + } + } + source { + address 10.4.88.197 + } + } + rule 2272 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.104.118.231 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.104.118.231 + } + } + rule 2273 { + action accept + description FW5A5D7_3-TCP_UDP-ALLOW-51.219.222.28 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 500 + } + protocol tcp_udp + source { + address 51.219.222.28 + } + } + rule 2274 { + action accept + description FW32EFF_25-TCP-ALLOW-185.106.220.231 + destination { + group { + address-group DT_FW32EFF_25 + } + port 443 + } + protocol tcp + source { + address 185.106.220.231 + } + } + rule 2275 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.104.118.66 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.104.118.66 + } + } + rule 2276 { + action accept + description FW934AE_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW934AE_1 + } + port 1194 + } + protocol udp + } + rule 2277 { + action accept + description VPN-28031-ANY-ALLOW-10.4.89.197 + destination { + group { + address-group DT_VPN-28031 + } + } + source { + address 10.4.89.197 + } + } + rule 2278 { + action accept + description FW6863A_4-TCP_UDP-ALLOW-82.165.166.41 + destination { + group { + address-group DT_FW6863A_4 + } + port 21-10000 + } + protocol tcp_udp + source { + address 82.165.166.41 + } + } + rule 2279 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.104.119.162 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.104.119.162 + } + } + rule 2280 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.74.199.143 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.74.199.143 + } + } + rule 2281 { + action accept + description FW1F3D0_6-TCP-ALLOW-185.92.25.48 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 185.92.25.48 + } + } + rule 2282 { + action accept + description FW1F3D0_6-TCP-ALLOW-207.148.2.40 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 207.148.2.40 + } + } + rule 2283 { + action accept + description FW1F3D0_6-TCP-ALLOW-45.76.235.62 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 45.76.235.62 + } + } + rule 2284 { + action accept + description FW1F3D0_6-TCP-ALLOW-45.76.236.93 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 45.76.236.93 + } + } + rule 2285 { + action accept + description FW1F3D0_6-TCP-ALLOW-45.76.59.5 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 45.76.59.5 + } + } + rule 2286 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.15.134 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4444,3306 + } + protocol tcp + source { + address 77.68.15.134 + } + } + rule 2287 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.22.208 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4444,3306 + } + protocol tcp + source { + address 77.68.22.208 + } + } + rule 2288 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.23.108 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.23.108 + } + } + rule 2289 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.23.54 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.23.54 + } + } + rule 2290 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.30.45 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.30.45 + } + } + rule 2291 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.7.198 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.7.198 + } + } + rule 2292 { + action accept + description VPN-29631-ANY-ALLOW-10.4.54.76 + destination { + group { + address-group DT_VPN-29631 + } + } + source { + address 10.4.54.76 + } + } + rule 2293 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.89.200 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4444,3306 + } + protocol tcp + source { + address 77.68.89.200 + } + } + rule 2294 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.91.50 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.91.50 + } + } + rule 2295 { + action accept + description FW1F3D0_6-TCP-ALLOW-82.165.206.230 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 82.165.206.230 + } + } + rule 2296 { + action accept + description FW1F3D0_6-TCP-ALLOW-82.165.207.109 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4444,3306 + } + protocol tcp + source { + address 82.165.207.109 + } + } + rule 2297 { + action accept + description FW1F3D0_6-TCP-ALLOW-94.196.156.5 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 94.196.156.5 + } + } + rule 2298 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-77.68.15.134 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 77.68.15.134 + } + } + rule 2299 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-77.68.22.208 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 77.68.22.208 + } + } + rule 2300 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-77.68.23.109 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 77.68.23.109 + } + } + rule 2301 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-77.68.89.200 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 77.68.89.200 + } + } + rule 2302 { + action accept + description FW05339_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW05339_1 + } + port 8085,5055,5013,5005,444 + } + protocol tcp + } + rule 2303 { + action accept + description FW32EFF_25-TCP-ALLOW-217.169.61.164 + destination { + group { + address-group DT_FW32EFF_25 + } + port 443 + } + protocol tcp + source { + address 217.169.61.164 + } + } + rule 2304 { + action accept + description FW89619_1-TCP_UDP-ALLOW-185.83.65.45 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 185.83.65.45 + } + } + rule 2305 { + action accept + description VPN-13983-ANY-ALLOW-10.4.58.176 + destination { + group { + address-group DT_VPN-13983 + } + } + source { + address 10.4.58.176 + } + } + rule 2306 { + action accept + description FWDAF47_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWDAF47_1 + } + port 8090,7080,443,53 + } + protocol tcp_udp + } + rule 2307 { + action accept + description VPN-29631-ANY-ALLOW-10.4.55.77 + destination { + group { + address-group DT_VPN-29631 + } + } + source { + address 10.4.55.77 + } + } + rule 2308 { + action accept + description VPN-34309-ANY-ALLOW-10.4.58.142 + destination { + group { + address-group DT_VPN-34309 + } + } + source { + address 10.4.58.142 + } + } + rule 2309 { + action accept + description FW27949_2-TCP-ALLOW-138.124.142.180 + destination { + group { + address-group DT_FW27949_2 + } + port 443,80 + } + protocol tcp + source { + address 138.124.142.180 + } + } + rule 2310 { + action accept + description FWF8F85_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF8F85_1 + } + port 3306 + } + protocol tcp_udp + } + rule 2311 { + action accept + description FWDAF47_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDAF47_1 + } + port 40110-40210 + } + protocol tcp + } + rule 2312 { + action accept + description VPN-34309-ANY-ALLOW-10.4.59.142 + destination { + group { + address-group DT_VPN-34309 + } + } + source { + address 10.4.59.142 + } + } + rule 2313 { + action accept + description FWA0531_1-TCP-ALLOW-87.224.39.220 + destination { + group { + address-group DT_FWA0531_1 + } + port 22 + } + protocol tcp + source { + address 87.224.39.220 + } + } + rule 2314 { + action accept + description FW5A5D7_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5A5D7_3 + } + port 1334 + } + protocol tcp + } + rule 2315 { + action accept + description FW8C927_1-TCP_UDP-ALLOW-84.92.125.78 + destination { + group { + address-group DT_FW8C927_1 + } + port 3306,22 + } + protocol tcp_udp + source { + address 84.92.125.78 + } + } + rule 2316 { + action accept + description FW8C927_1-TCP_UDP-ALLOW-88.208.238.152 + destination { + group { + address-group DT_FW8C927_1 + } + port 3306,22 + } + protocol tcp_udp + source { + address 88.208.238.152 + } + } + rule 2317 { + action accept + description FW81138_1-ICMP-ALLOW-82.165.232.19 + destination { + group { + address-group DT_FW81138_1 + } + } + protocol icmp + source { + address 82.165.232.19 + } + } + rule 2318 { + action accept + description FW28892_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW28892_1 + } + port 7000 + } + protocol tcp + } + rule 2319 { + action accept + description FWC96A1_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC96A1_1 + } + port 222 + } + protocol tcp + } + rule 2320 { + action accept + description VPN-13983-ANY-ALLOW-10.4.59.176 + destination { + group { + address-group DT_VPN-13983 + } + } + source { + address 10.4.59.176 + } + } + rule 2321 { + action accept + description FW2FB61_1-TCP-ALLOW-5.183.104.15 + destination { + group { + address-group DT_FW2FB61_1 + } + port 22 + } + protocol tcp + source { + address 5.183.104.15 + } + } + rule 2322 { + action accept + description FW81138_1-ICMP-ALLOW-82.20.69.137 + destination { + group { + address-group DT_FW81138_1 + } + } + protocol icmp + source { + address 82.20.69.137 + } + } + rule 2323 { + action accept + description FW72F37_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW72F37_1 + } + port 7770-7800,44445 + } + protocol tcp + } + rule 2324 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-81.111.155.34 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 81.111.155.34 + } + } + rule 2325 { + action accept + description VPN-20306-ANY-ALLOW-10.4.88.173 + destination { + group { + address-group DT_VPN-20306 + } + } + source { + address 10.4.88.173 + } + } + rule 2326 { + action accept + description FW6C992_1-TCP-ALLOW-89.33.185.0_24 + destination { + group { + address-group DT_FW6C992_1 + } + port 8447,8443,22 + } + protocol tcp + source { + address 89.33.185.0/24 + } + } + rule 2327 { + action accept + description FW2FB61_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2FB61_1 + } + port 45000 + } + protocol tcp + } + rule 2328 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.202 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 175.157.46.202 + } + } + rule 2329 { + action accept + description FWF9C28_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF9C28_2 + } + port 7770-7800,44445 + } + protocol tcp + } + rule 2330 { + action accept + description FW3DBF8_9-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW3DBF8_9 + } + port 8088,8080,5090,5060,3478,1935 + } + protocol tcp_udp + } + rule 2331 { + action accept + description FW3DBF8_9-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW3DBF8_9 + } + port 5062,5061,5015,5001 + } + protocol tcp + } + rule 2332 { + action accept + description VPN-16402-ANY-ALLOW-10.4.88.60 + destination { + group { + address-group DT_VPN-16402 + } + } + source { + address 10.4.88.60 + } + } + rule 2333 { + action accept + description FWC1315_1-TCP-ALLOW-62.3.71.238 + destination { + group { + address-group DT_FWC1315_1 + } + port 3389 + } + protocol tcp + source { + address 62.3.71.238 + } + } + rule 2334 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA7A50_1 + } + port 8001,80 + } + protocol tcp_udp + } + rule 2335 { + action accept + description FWAFF0A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWAFF0A_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2336 { + action accept + description FW2B279_4-TCP-ALLOW-195.20.253.19 + destination { + group { + address-group DT_FW2B279_4 + } + port 22 + } + protocol tcp + source { + address 195.20.253.19 + } + } + rule 2337 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.73 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.73 + } + } + rule 2338 { + action accept + description VPN-16402-ANY-ALLOW-10.4.89.60 + destination { + group { + address-group DT_VPN-16402 + } + } + source { + address 10.4.89.60 + } + } + rule 2339 { + action accept + description VPN-15951-ANY-ALLOW-10.4.86.90 + destination { + group { + address-group DT_VPN-15951 + } + } + source { + address 10.4.86.90 + } + } + rule 2340 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.77.181 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 77.68.77.181 + } + } + rule 2341 { + action accept + description FWE9F7D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE9F7D_1 + } + port 4035 + } + protocol tcp + } + rule 2342 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.131 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.131 + } + } + rule 2343 { + action accept + description VPN-15951-ANY-ALLOW-10.4.87.90 + destination { + group { + address-group DT_VPN-15951 + } + } + source { + address 10.4.87.90 + } + } + rule 2344 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.93.190 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 77.68.93.190 + } + } + rule 2345 { + action accept + description VPN-8159-ANY-ALLOW-10.4.59.91 + destination { + group { + address-group DT_VPN-8159 + } + } + source { + address 10.4.59.91 + } + } + rule 2346 { + action accept + description VPN-12870-ANY-ALLOW-10.4.54.67 + destination { + group { + address-group DT_VPN-12870 + } + } + source { + address 10.4.54.67 + } + } + rule 2347 { + action accept + description FW930F3_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW930F3_1 + } + port 53 + } + protocol tcp_udp + } + rule 2348 { + action accept + description FW12C32_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW12C32_1 + } + port 465,53,25 + } + protocol tcp_udp + } + rule 2349 { + action accept + description FW28EC8_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW28EC8_1 + } + port 20443 + } + protocol tcp + } + rule 2350 { + action accept + description VPN-12870-ANY-ALLOW-10.4.55.68 + destination { + group { + address-group DT_VPN-12870 + } + } + source { + address 10.4.55.68 + } + } + rule 2351 { + action accept + description FW934AE_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW934AE_1 + } + port 32401,32400,8081 + } + protocol tcp_udp + } + rule 2352 { + action accept + description FW6863A_4-TCP-ALLOW-185.173.161.154 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 185.173.161.154 + } + } + rule 2353 { + action accept + description FW013EF_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW013EF_2 + } + port 10600-10998,9000-9398,5090,5060-5070 + } + protocol udp + } + rule 2354 { + action accept + description FW85040_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW85040_1 + } + port 3210 + } + protocol tcp_udp + } + rule 2355 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-131.153.100.98 + destination { + group { + address-group DT_FW8B21D_1 + } + port 22 + } + protocol tcp_udp + source { + address 131.153.100.98 + } + } + rule 2356 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-213.133.99.176 + destination { + group { + address-group DT_FW8B21D_1 + } + port 22 + } + protocol tcp_udp + source { + address 213.133.99.176 + } + } + rule 2357 { + action accept + description FW6EFD7_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6EFD7_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2358 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-62.253.153.163 + destination { + group { + address-group DT_FW8B21D_1 + } + port 8443,22 + } + protocol tcp_udp + source { + address 62.253.153.163 + } + } + rule 2359 { + action accept + description FWCB0CF_7-TCP-ALLOW-212.159.153.201 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 6443,5432-5434,5000-5100,3306-3308,990,989,22,21 + } + protocol tcp + source { + address 212.159.153.201 + } + } + rule 2360 { + action accept + description FW75CA4_6-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW75CA4_6 + } + port 51472,3747,3420 + } + protocol tcp + } + rule 2361 { + action accept + description FWF9C28_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF9C28_4 + } + port 23,7770-7800,44445,6109 + } + protocol tcp + } + rule 2362 { + action accept + description FW6B39D_1-TCP-ALLOW-120.72.95.88_29 + destination { + group { + address-group DT_FW6B39D_1 + } + port 3306 + } + protocol tcp + source { + address 120.72.95.88/29 + } + } + rule 2363 { + action accept + description FW934AE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW934AE_1 + } + port 20000 + } + protocol tcp + } + rule 2364 { + action accept + description FW12C32_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW12C32_1 + } + port 2323,953 + } + protocol tcp + } + rule 2365 { + action accept + description FW49897_1-TCP-ALLOW-2.121.90.207 + destination { + group { + address-group DT_FW49897_1 + } + port 22 + } + protocol tcp + source { + address 2.121.90.207 + } + } + rule 2366 { + action accept + description FW6B39D_1-TCP-ALLOW-120.72.91.104_29 + destination { + group { + address-group DT_FW6B39D_1 + } + port 3306 + } + protocol tcp + source { + address 120.72.91.104/29 + } + } + rule 2367 { + action accept + description FW4F5EE_10-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4F5EE_10 + } + port 83,86,82 + } + protocol tcp + } + rule 2368 { + action accept + description FWF791C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF791C_1 + } + port 6001 + } + protocol tcp + } + rule 2369 { + action accept + description FWEF92E_5-ESP-ALLOW-109.228.37.19 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 109.228.37.19 + } + } + rule 2370 { + action accept + description FWE57AD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE57AD_1 + } + port 57000-58000 + } + protocol tcp + } + rule 2371 { + action accept + description FWC0CE0_1-TCP-ALLOW-62.232.209.221 + destination { + group { + address-group DT_FWC0CE0_1 + } + port 49152-65535,8447,8443,22,21 + } + protocol tcp + source { + address 62.232.209.221 + } + } + rule 2372 { + action accept + description FW0192C_1-TCP-ALLOW-41.140.242.86 + destination { + group { + address-group DT_FW0192C_1 + } + port 3306,22 + } + protocol tcp + source { + address 41.140.242.86 + } + } + rule 2373 { + action accept + description FWEEC75_1-TCP-ALLOW-54.171.71.110 + destination { + group { + address-group DT_FWEEC75_1 + } + port 21 + } + protocol tcp + source { + address 54.171.71.110 + } + } + rule 2374 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-95.149.182.69 + destination { + group { + address-group DT_FW8B21D_1 + } + port 22 + } + protocol tcp_udp + source { + address 95.149.182.69 + } + } + rule 2375 { + action accept + description FW8B21D_1-TCP-ALLOW-185.201.16.0_22 + destination { + group { + address-group DT_FW8B21D_1 + } + port 25 + } + protocol tcp + source { + address 185.201.16.0/22 + } + } + rule 2376 { + action accept + description FW8B21D_1-TCP-ALLOW-213.133.99.176 + destination { + group { + address-group DT_FW8B21D_1 + } + port 25 + } + protocol tcp + source { + address 213.133.99.176 + } + } + rule 2377 { + action accept + description FW8B21D_1-TCP-ALLOW-95.211.160.147 + destination { + group { + address-group DT_FW8B21D_1 + } + port 25 + } + protocol tcp + source { + address 95.211.160.147 + } + } + rule 2378 { + action accept + description FW6863A_4-TCP-ALLOW-212.227.9.72 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 212.227.9.72 + } + } + rule 2379 { + action accept + description FW8B21D_1-ESP-ALLOW-ANY + destination { + group { + address-group DT_FW8B21D_1 + } + } + protocol esp + } + rule 2380 { + action accept + description FW8B21D_1-AH-ALLOW-ANY + destination { + group { + address-group DT_FW8B21D_1 + } + } + protocol ah + } + rule 2381 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8B21D_1 + } + port 8181,4500,1194,993,941,500,53 + } + protocol tcp_udp + } + rule 2382 { + action accept + description FW6863A_4-TCP-ALLOW-85.17.25.47 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 85.17.25.47 + } + } + rule 2383 { + action accept + description FW6863A_4-TCP-ALLOW-91.232.105.39 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 91.232.105.39 + } + } + rule 2384 { + action accept + description FW6863A_4-TCP-ALLOW-93.190.142.120 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 93.190.142.120 + } + } + rule 2385 { + action accept + description FW6863A_4-TCP-ALLOW-95.168.171.130 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 95.168.171.130 + } + } + rule 2386 { + action accept + description FW6863A_4-TCP-ALLOW-95.168.171.157 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 95.168.171.157 + } + } + rule 2387 { + action accept + description FWD4A27_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD4A27_1 + } + port 32400 + } + protocol tcp + } + rule 2388 { + action accept + description FW2ACFF_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2ACFF_1 + } + port 10299,60050-60055 + } + protocol tcp_udp + } + rule 2389 { + action accept + description FWCB0CF_7-TCP-ALLOW-193.248.62.45 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 22 + } + protocol tcp + source { + address 193.248.62.45 + } + } + rule 2390 { + action accept + description FWCB0CF_7-TCP-ALLOW-78.249.208.17 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 22 + } + protocol tcp + source { + address 78.249.208.17 + } + } + rule 2391 { + action accept + description FWC8E8E_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC8E8E_1 + } + port 6000 + } + protocol tcp_udp + } + rule 2392 { + action accept + description FW30D21_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW30D21_1 + } + port 2476 + } + protocol tcp + } + rule 2393 { + action accept + description FW0192C_1-TCP-ALLOW-41.140.242.94 + destination { + group { + address-group DT_FW0192C_1 + } + port 3306,22 + } + protocol tcp + source { + address 41.140.242.94 + } + } + rule 2394 { + action accept + description FW59F39_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW59F39_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2395 { + action accept + description FWEF92E_7-ESP-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_7 + } + } + protocol esp + source { + address 77.68.77.57 + } + } + rule 2396 { + action accept + description FW826BA_3-TCP-ALLOW-51.219.47.177 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,21 + } + protocol tcp + source { + address 51.219.47.177 + } + } + rule 2397 { + action accept + description FW826BA_3-TCP-ALLOW-86.172.128.50 + destination { + group { + address-group DT_FW826BA_3 + } + port 1433,21 + } + protocol tcp + source { + address 86.172.128.50 + } + } + rule 2398 { + action accept + description FW826BA_3-TCP-ALLOW-88.105.1.20 + destination { + group { + address-group DT_FW826BA_3 + } + port 21 + } + protocol tcp + source { + address 88.105.1.20 + } + } + rule 2399 { + action accept + description FW6863A_4-TCP-ALLOW-95.211.243.198 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 95.211.243.198 + } + } + rule 2400 { + action accept + description FW25843_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW25843_1 + } + port 9001,7070,5500,5488,5000,4500,4000,3500,3000,1883,1880 + } + protocol tcp + } + rule 2401 { + action accept + description FW89619_1-TCP_UDP-ALLOW-185.83.65.46 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 185.83.65.46 + } + } + rule 2402 { + action accept + description FW5858F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5858F_1 + } + port 1883 + } + protocol tcp + } + rule 2403 { + action accept + description FW826BA_3-TCP-ALLOW-95.147.108.173 + destination { + group { + address-group DT_FW826BA_3 + } + port 21 + } + protocol tcp + source { + address 95.147.108.173 + } + } + rule 2404 { + action accept + description FW9C682_3-TCP-ALLOW-52.56.193.88 + destination { + group { + address-group DT_FW9C682_3 + } + port 3306 + } + protocol tcp + source { + address 52.56.193.88 + } + } + rule 2405 { + action accept + description FW0745F_5-TCP-ALLOW-109.228.63.82 + destination { + group { + address-group DT_FW0745F_5 + } + port 5666 + } + protocol tcp + source { + address 109.228.63.82 + } + } + rule 2406 { + action accept + description FWC0CE0_1-TCP-ALLOW-90.255.228.213 + destination { + group { + address-group DT_FWC0CE0_1 + } + port 49152-65535,8443,21 + } + protocol tcp + source { + address 90.255.228.213 + } + } + rule 2407 { + action accept + description FW210E2_8-AH-ALLOW-ANY + destination { + group { + address-group DT_FW210E2_8 + } + } + protocol ah + } + rule 2408 { + action accept + description FW210E2_8-ESP-ALLOW-ANY + destination { + group { + address-group DT_FW210E2_8 + } + } + protocol esp + } + rule 2409 { + action accept + description FW210E2_8-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW210E2_8 + } + port 41,62000,23,4500,50,9876,3391,88,135 + } + protocol tcp + } + rule 2410 { + action accept + description FW210E2_8-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW210E2_8 + } + port 500 + } + protocol udp + } + rule 2411 { + action accept + description VPN-8625-ANY-ALLOW-10.4.54.103 + destination { + group { + address-group DT_VPN-8625 + } + } + source { + address 10.4.54.103 + } + } + rule 2412 { + action accept + description VPN-8625-ANY-ALLOW-10.4.55.104 + destination { + group { + address-group DT_VPN-8625 + } + } + source { + address 10.4.55.104 + } + } + rule 2413 { + action accept + description FW73A64_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW73A64_1 + } + port 61616,8181,8161,8082,4244,4243,4242,4241 + } + protocol tcp + } + rule 2414 { + action accept + description VPN-19135-ANY-ALLOW-10.4.86.165 + destination { + group { + address-group DT_VPN-19135 + } + } + source { + address 10.4.86.165 + } + } + rule 2415 { + action accept + description FWCB0CF_7-TCP-ALLOW-82.65.107.3 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 22 + } + protocol tcp + source { + address 82.65.107.3 + } + } + rule 2416 { + action accept + description FWCB0CF_7-TCP-ALLOW-195.2.139.221 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 5432-5434,3306-3308 + } + protocol tcp + source { + address 195.2.139.221 + } + } + rule 2417 { + action accept + description VPN-19135-ANY-ALLOW-10.4.87.165 + destination { + group { + address-group DT_VPN-19135 + } + } + source { + address 10.4.87.165 + } + } + rule 2418 { + action accept + description FW2BB8D_1-TCP-ALLOW-87.75.109.83 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 87.75.109.83 + } + } + rule 2419 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.83 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.83 + } + } + rule 2420 { + action accept + description FW2ED4D_2-TCP-ALLOW-84.92.65.192 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 22 + } + protocol tcp + source { + address 84.92.65.192 + } + } + rule 2421 { + action accept + description FW73A64_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73A64_1 + } + port 9200,5601,4247,4246,4245 + } + protocol tcp_udp + } + rule 2422 { + action accept + description FW4735F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4735F_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2423 { + action accept + description FW2ED4D_2-TCP-ALLOW-109.176.154.238 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 7990,3389 + } + protocol tcp + source { + address 109.176.154.238 + } + } + rule 2424 { + action accept + description FW6863A_4-TCP-ALLOW-95.211.243.206 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 95.211.243.206 + } + } + rule 2425 { + action accept + description FW89619_1-TCP_UDP-ALLOW-81.133.80.114 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 81.133.80.114 + } + } + rule 2426 { + action accept + description FW89619_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW89619_1 + } + port 5090 + } + protocol tcp_udp + } + rule 2427 { + action accept + description FW8A57A_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8A57A_1 + } + port 49155,49154,7700,53,43 + } + protocol tcp_udp + } + rule 2428 { + action accept + description FW8C72E_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8C72E_1 + } + port 500,4500 + } + protocol udp + } + rule 2429 { + action accept + description FW2ED4D_2-TCP-ALLOW-18.135.66.162 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 18.135.66.162 + } + } + rule 2430 { + action accept + description FW2C5AE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2C5AE_1 + } + port 58080,58008,8545,7175 + } + protocol tcp + } + rule 2431 { + action accept + description FW2ED4D_2-TCP-ALLOW-80.209.144.52 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 80.209.144.52 + } + } + rule 2432 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.153.21.103 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 7990,3389 + } + protocol tcp + source { + address 82.153.21.103 + } + } + rule 2433 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.41 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.41 + } + } + rule 2434 { + action accept + description FW0745F_5-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0745F_5 + } + port 32770,8001,7801 + } + protocol tcp + } + rule 2435 { + action accept + description FW85E02_11-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW85E02_11 + } + port 5090,5060 + } + protocol tcp_udp + } + rule 2436 { + action accept + description VPN-21982-ANY-ALLOW-10.4.58.43 + destination { + group { + address-group DT_VPN-21982 + } + } + source { + address 10.4.58.43 + } + } + rule 2437 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.17.52.191 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.17.52.191 + } + } + rule 2438 { + action accept + description FW66347_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW66347_1 + } + port 53 + } + protocol tcp_udp + } + rule 2439 { + action accept + description FW11082_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW11082_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2440 { + action accept + description VPN-21982-ANY-ALLOW-10.4.59.43 + destination { + group { + address-group DT_VPN-21982 + } + } + source { + address 10.4.59.43 + } + } + rule 2441 { + action accept + description FW2BB8D_1-TCP-ALLOW-92.207.193.203 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 5000 + } + protocol tcp + source { + address 92.207.193.203 + } + } + rule 2442 { + action accept + description FWC2D30_1-TCP-ALLOW-77.99.253.161 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,22,21 + } + protocol tcp + source { + address 77.99.253.161 + } + } + rule 2443 { + action accept + description FW0E383_9-TCP-ALLOW-77.99.245.103 + destination { + group { + address-group DT_FW0E383_9 + } + port 3389 + } + protocol tcp + source { + address 77.99.245.103 + } + } + rule 2444 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.19.19.52 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 7990,3389 + } + protocol tcp + source { + address 82.19.19.52 + } + } + rule 2445 { + action accept + description FWEF92E_7-AH-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_7 + } + } + protocol ah + source { + address 77.68.77.57 + } + } + rule 2446 { + action accept + description VPN-16450-ANY-ALLOW-10.4.88.99 + destination { + group { + address-group DT_VPN-16450 + } + } + source { + address 10.4.88.99 + } + } + rule 2447 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.2.186.129 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.2.186.129 + } + } + rule 2448 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.157 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.215.157 + } + } + rule 2449 { + action accept + description FW8EA04_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8EA04_1 + } + port 1194 + } + protocol udp + } + rule 2450 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.21.59.207 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.21.59.207 + } + } + rule 2451 { + action accept + description FWC2D30_1-TCP-ALLOW-82.9.22.158 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 82.9.22.158 + } + } + rule 2452 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF3A1B_1 + } + port 1981,53 + } + protocol tcp_udp + } + rule 2453 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.11.54 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.11.54 + } + } + rule 2454 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.40.177.186 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.40.177.186 + } + } + rule 2455 { + action accept + description FW0C25B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0C25B_1 + } + port 49152-65535,5224 + } + protocol tcp + } + rule 2456 { + action accept + description FW85A7C_1-TCP-ALLOW-82.24.242.137 + destination { + group { + address-group DT_FW85A7C_1 + } + port 22 + } + protocol tcp + source { + address 82.24.242.137 + } + } + rule 2457 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.68.25.66 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.68.25.66 + } + } + rule 2458 { + action accept + description FW826BA_3-TCP-ALLOW-51.89.148.173 + destination { + group { + address-group DT_FW826BA_3 + } + port 1433 + } + protocol tcp + source { + address 51.89.148.173 + } + } + rule 2459 { + action accept + description FWA69A0_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA69A0_1 + } + port 48402 + } + protocol udp + } + rule 2460 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.69.79.85 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.69.79.85 + } + } + rule 2461 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.77.149 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.77.149 + } + } + rule 2462 { + action accept + description FWEF92E_6-ESP-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_6 + } + } + protocol esp + source { + address 77.68.77.57 + } + } + rule 2463 { + action accept + description FWEF92E_7-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FWEF92E_7 + } + port 3389,445 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2464 { + action accept + description FW49C3D_4-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FW49C3D_4 + } + port 3389,445,443,80 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2465 { + action accept + description FW49C3D_6-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FW49C3D_6 + } + port 3389,445 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2466 { + action accept + description FW34C91_3-TCP-ALLOW-77.68.121.4 + destination { + group { + address-group DT_FW34C91_3 + } + port 1433 + } + protocol tcp + source { + address 77.68.121.4 + } + } + rule 2467 { + action accept + description VPN-16450-ANY-ALLOW-10.4.89.99 + destination { + group { + address-group DT_VPN-16450 + } + } + source { + address 10.4.89.99 + } + } + rule 2468 { + action accept + description FW0BB22_1-AH-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + } + protocol ah + } + rule 2469 { + action accept + description FW2ED4D_2-TCP-ALLOW-86.139.57.116 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 86.139.57.116 + } + } + rule 2470 { + action accept + description FW9E550_1-TCP-ALLOW-86.142.67.13 + destination { + group { + address-group DT_FW9E550_1 + } + port 3389 + } + protocol tcp + source { + address 86.142.67.13 + } + } + rule 2471 { + action accept + description FW8B21D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8B21D_1 + } + port 2096,2095,2087,2086,2083,2082 + } + protocol tcp + } + rule 2472 { + action accept + description FW050AC_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW050AC_1 + } + port 2087 + } + protocol tcp + } + rule 2473 { + action accept + description FW1FA9E_1-TCP-ALLOW-109.228.50.206 + destination { + group { + address-group DT_FW1FA9E_1 + } + port 5432 + } + protocol tcp + source { + address 109.228.50.206 + } + } + rule 2474 { + action accept + description FW8A3FC_3-TCP-ALLOW-217.23.11.155 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 217.23.11.155 + } + } + rule 2475 { + action accept + description FW2ED4D_2-TCP-ALLOW-88.96.110.198 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 88.96.110.198 + } + } + rule 2476 { + action accept + description FWEAE53_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWEAE53_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2477 { + action accept + description VPN-19474-ANY-ALLOW-10.4.88.161 + destination { + group { + address-group DT_VPN-19474 + } + } + source { + address 10.4.88.161 + } + } + rule 2478 { + action accept + description VPN-19474-ANY-ALLOW-10.4.89.161 + destination { + group { + address-group DT_VPN-19474 + } + } + source { + address 10.4.89.161 + } + } + rule 2479 { + action accept + description FW90AE3_1-TCP-ALLOW-68.33.220.233 + destination { + group { + address-group DT_FW90AE3_1 + } + port 22 + } + protocol tcp + source { + address 68.33.220.233 + } + } + rule 2480 { + action accept + description FWC2D30_1-TCP-ALLOW-86.10.163.127 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 86.10.163.127 + } + } + rule 2481 { + action accept + description FW2FB61_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2FB61_1 + } + port 60182 + } + protocol udp + } + rule 2482 { + action accept + description FW85A7C_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW85A7C_1 + } + port 2457,2456 + } + protocol tcp_udp + } + rule 2483 { + action accept + description FWBED52_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBED52_1 + } + port 1221,9000 + } + protocol tcp + } + rule 2484 { + action accept + description FWA86ED_101-TCP-ALLOW-90.250.2.109 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 90.250.2.109 + } + } + rule 2485 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.49 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.213.49 + } + } + rule 2486 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.77.70 + } + } + rule 2487 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.250 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.250 + } + } + rule 2488 { + action accept + description FW8A3FC_3-TCP-ALLOW-95.168.171.131 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 95.168.171.131 + } + } + rule 2489 { + action accept + description FW2379F_14-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2379F_14 + } + port 48030,10997,10993,10992,10991,10902,1723,1701 + } + protocol tcp + } + rule 2490 { + action accept + description FW8C927_1-TCP-ALLOW-84.92.125.78 + destination { + group { + address-group DT_FW8C927_1 + } + port 80 + } + protocol tcp + source { + address 84.92.125.78 + } + } + rule 2491 { + action accept + description FWC2D30_1-TCP-ALLOW-86.146.220.229 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 86.146.220.229 + } + } + rule 2492 { + action accept + description FW2B279_4-TCP-ALLOW-2.218.5.59 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 2.218.5.59 + } + } + rule 2493 { + action accept + description VPN-18830-ANY-ALLOW-10.4.86.156 + destination { + group { + address-group DT_VPN-18830 + } + } + source { + address 10.4.86.156 + } + } + rule 2494 { + action accept + description VPN-18830-ANY-ALLOW-10.4.87.156 + destination { + group { + address-group DT_VPN-18830 + } + } + source { + address 10.4.87.156 + } + } + rule 2495 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.92.33 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.92.33 + } + } + rule 2496 { + action accept + description FWA86ED_101-TCP-ALLOW-146.198.100.105 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 146.198.100.105 + } + } + rule 2497 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.55 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.211.55 + } + } + rule 2498 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.113 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 123.231.84.113 + } + } + rule 2499 { + action accept + description FW8C72E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8C72E_1 + } + port 60134,60135 + } + protocol tcp + } + rule 2500 { + action accept + description FWAB44B_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWAB44B_1 + } + port 3306 + } + protocol tcp_udp + } + rule 2501 { + action accept + description FW2379F_14-TCP-ALLOW-51.148.87.29 + destination { + group { + address-group DT_FW2379F_14 + } + port 3389,21 + } + protocol tcp + source { + address 51.148.87.29 + } + } + rule 2502 { + action accept + description VPN-23738-ANY-ALLOW-10.4.56.13 + destination { + group { + address-group DT_VPN-23738 + } + } + source { + address 10.4.56.13 + } + } + rule 2503 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.100 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.100 + } + } + rule 2504 { + action accept + description FW996B4_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW996B4_2 + } + port 43595,30160 + } + protocol tcp + } + rule 2505 { + action accept + description FW8871B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8871B_1 + } + port 15672,8083,8082,8081,5672 + } + protocol tcp + } + rule 2506 { + action accept + description FWAB44B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWAB44B_1 + } + port 9090,8069,5432 + } + protocol tcp + } + rule 2507 { + action accept + description FW6187E_1-ICMP-ALLOW-85.214.201.250 + destination { + group { + address-group DT_FW6187E_1 + } + } + protocol icmp + source { + address 85.214.201.250 + } + } + rule 2508 { + action accept + description FW8A3FC_3-TCP-ALLOW-217.23.11.126 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 217.23.11.126 + } + } + rule 2509 { + action accept + description FW78137_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW78137_1 + } + port 1-65535 + } + protocol tcp + } + rule 2510 { + action accept + description FW32EFF_25-TCP-ALLOW-46.252.65.10 + destination { + group { + address-group DT_FW32EFF_25 + } + port 443 + } + protocol tcp + source { + address 46.252.65.10 + } + } + rule 2511 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.50 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.50 + } + } + rule 2512 { + action accept + description FW6A684_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6A684_1 + } + port 53 + } + protocol tcp_udp + } + rule 2513 { + action accept + description FWF48EB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF48EB_1 + } + port 9204,9202,3395 + } + protocol tcp + } + rule 2514 { + action accept + description FW44217_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW44217_2 + } + port 443,80 + } + protocol tcp_udp + } + rule 2515 { + action accept + description FW6187E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6187E_1 + } + port 2282 + } + protocol tcp + } + rule 2516 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.0.58 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.0.58 + } + } + rule 2517 { + action accept + description VPN-34501-ANY-ALLOW-10.4.86.235 + destination { + group { + address-group DT_VPN-34501 + } + } + source { + address 10.4.86.235 + } + } + rule 2518 { + action accept + description FW1271A_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1271A_2 + } + port 5090,5061,5060,5015,5001 + } + protocol tcp + } + rule 2519 { + action accept + description FW1271A_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1271A_2 + } + port 9000-10999,5090,5060 + } + protocol udp + } + rule 2520 { + action accept + description FW1226C_3-TCP-ALLOW-216.113.160.71 + destination { + group { + address-group DT_FW1226C_3 + } + port 80,22 + } + protocol tcp + source { + address 216.113.160.71 + } + } + rule 2521 { + action accept + description FW32EFF_16-TCP-ALLOW-84.19.45.82 + destination { + group { + address-group DT_FW32EFF_16 + } + port 33888 + } + protocol tcp + source { + address 84.19.45.82 + } + } + rule 2522 { + action accept + description FW03F2E_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW03F2E_1 + } + port 1194 + } + protocol udp + } + rule 2523 { + action accept + description FW03F2E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW03F2E_1 + } + port 4432,4431,4430 + } + protocol tcp + } + rule 2524 { + action accept + description FW1226C_3-TCP-ALLOW-216.113.162.65 + destination { + group { + address-group DT_FW1226C_3 + } + port 80,22 + } + protocol tcp + source { + address 216.113.162.65 + } + } + rule 2525 { + action accept + description VPN-20306-ANY-ALLOW-10.4.89.173 + destination { + group { + address-group DT_VPN-20306 + } + } + source { + address 10.4.89.173 + } + } + rule 2526 { + action accept + description FW8A49A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8A49A_1 + } + port 2525,8448-65535 + } + protocol tcp + } + rule 2527 { + action accept + description FWD3431_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD3431_2 + } + port 43595,30377,30289 + } + protocol tcp + } + rule 2528 { + action accept + description FW1226C_3-TCP-ALLOW-66.135.200.200 + destination { + group { + address-group DT_FW1226C_3 + } + port 80,22 + } + protocol tcp + source { + address 66.135.200.200 + } + } + rule 2529 { + action accept + description FW1226C_3-TCP-ALLOW-193.28.178.38 + destination { + group { + address-group DT_FW1226C_3 + } + port 80 + } + protocol tcp + source { + address 193.28.178.38 + } + } + rule 2530 { + action accept + description FWAE88B_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWAE88B_1 + } + port 65432,8080,7300,1195,1194,993,587,465,443,442,143,110,80,53,22 + } + protocol tcp_udp + } + rule 2531 { + action accept + description FW1226C_3-TCP-ALLOW-195.234.136.80 + destination { + group { + address-group DT_FW1226C_3 + } + port 80 + } + protocol tcp + source { + address 195.234.136.80 + } + } + rule 2532 { + action accept + description FW1226C_3-TCP-ALLOW-93.94.41.83 + destination { + group { + address-group DT_FW1226C_3 + } + port 80 + } + protocol tcp + source { + address 93.94.41.83 + } + } + rule 2533 { + action accept + description VPN-6103-ANY-ALLOW-10.4.56.102 + destination { + group { + address-group DT_VPN-6103 + } + } + source { + address 10.4.56.102 + } + } + rule 2534 { + action accept + description VPN-6103-ANY-ALLOW-10.4.57.102 + destination { + group { + address-group DT_VPN-6103 + } + } + source { + address 10.4.57.102 + } + } + rule 2535 { + action accept + description FW9E550_1-TCP-ALLOW-86.198.190.104 + destination { + group { + address-group DT_FW9E550_1 + } + port 3389 + } + protocol tcp + source { + address 86.198.190.104 + } + } + rule 2536 { + action accept + description FW34C91_3-TCP-ALLOW-81.149.71.244 + destination { + group { + address-group DT_FW34C91_3 + } + port 1433 + } + protocol tcp + source { + address 81.149.71.244 + } + } + rule 2537 { + action accept + description FW0BB22_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + port 27917,27017,9592,9092,1080,587 + } + protocol tcp_udp + } + rule 2538 { + action accept + description FWC2D30_1-TCP-ALLOW-89.213.26.156 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 89.213.26.156 + } + } + rule 2539 { + action accept + description FW34C91_3-UDP-ALLOW-81.149.71.244 + destination { + group { + address-group DT_FW34C91_3 + } + port 1434 + } + protocol udp + source { + address 81.149.71.244 + } + } + rule 2540 { + action accept + description VPN-17207-ANY-ALLOW-10.4.86.121 + destination { + group { + address-group DT_VPN-17207 + } + } + source { + address 10.4.86.121 + } + } + rule 2541 { + action accept + description FW0B352_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0B352_1 + } + port 4500,500 + } + protocol udp + } + rule 2542 { + action accept + description FW85E02_11-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW85E02_11 + } + port 5854,5853,5061 + } + protocol tcp + } + rule 2543 { + action accept + description FW0BB22_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + port 9200,8082 + } + protocol tcp + } + rule 2544 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.140 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.140 + } + } + rule 2545 { + action accept + description FWC2D30_1-TCP-ALLOW-91.125.244.28 + destination { + group { + address-group DT_FWC2D30_1 + } + port 21 + } + protocol tcp + source { + address 91.125.244.28 + } + } + rule 2546 { + action accept + description FWA86ED_101-TCP-ALLOW-86.172.252.221 + destination { + group { + address-group DT_FWA86ED_101 + } + port 80-3389 + } + protocol tcp + source { + address 86.172.252.221 + } + } + rule 2547 { + action accept + description FWC2D30_1-TCP-ALLOW-92.207.184.106 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 92.207.184.106 + } + } + rule 2548 { + action accept + description FW45F3D_1-ANY-ALLOW-146.255.0.198 + destination { + group { + address-group DT_FW45F3D_1 + } + } + source { + address 146.255.0.198 + } + } + rule 2549 { + action accept + description FWBFDED_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBFDED_1 + } + port 1723,445 + } + protocol tcp + } + rule 2550 { + action accept + description FW8A3FC_3-TCP-ALLOW-212.227.9.72 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 212.227.9.72 + } + } + rule 2551 { + action accept + description FWE928F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE928F_1 + } + port 2082,2083,2086,2087,2096 + } + protocol tcp + } + rule 2552 { + action accept + description FW5CBB2_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5CBB2_1 + } + port 2082,2083,2086,2087 + } + protocol tcp + } + rule 2553 { + action accept + description FW63230_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW63230_1 + } + port 445,139 + } + protocol tcp_udp + } + rule 2554 { + action accept + description FW90AE3_1-TCP-ALLOW-71.244.176.5 + destination { + group { + address-group DT_FW90AE3_1 + } + port 22 + } + protocol tcp + source { + address 71.244.176.5 + } + } + rule 2555 { + action accept + description FWA4BC8_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA4BC8_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2556 { + action accept + description VPN-17207-ANY-ALLOW-10.4.87.121 + destination { + group { + address-group DT_VPN-17207 + } + } + source { + address 10.4.87.121 + } + } + rule 2557 { + action accept + description VPN-17558-ANY-ALLOW-10.4.86.143 + destination { + group { + address-group DT_VPN-17558 + } + } + source { + address 10.4.86.143 + } + } + rule 2558 { + action accept + description FWB2CD2_1-TCP-ALLOW-86.167.68.241 + destination { + group { + address-group DT_FWB2CD2_1 + } + port 21 + } + protocol tcp + source { + address 86.167.68.241 + } + } + rule 2559 { + action accept + description FW32EFF_25-TCP-ALLOW-84.19.45.82 + destination { + group { + address-group DT_FW32EFF_25 + } + port 33888,443 + } + protocol tcp + source { + address 84.19.45.82 + } + } + rule 2560 { + action accept + description FW44217_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW44217_2 + } + port 9001,7946,2376 + } + protocol tcp + } + rule 2561 { + action accept + description FW7DAE2_3-TCP-ALLOW-212.227.253.11 + destination { + group { + address-group DT_FW7DAE2_3 + } + port 25,22 + } + protocol tcp + source { + address 212.227.253.11 + } + } + rule 2562 { + action accept + description FW7DAE2_3-TCP-ALLOW-217.160.126.118 + destination { + group { + address-group DT_FW7DAE2_3 + } + port 25,22 + } + protocol tcp + source { + address 217.160.126.118 + } + } + rule 2563 { + action accept + description FWAF6E8_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWAF6E8_1 + } + port 2082,2083,2086,2087,2096 + } + protocol tcp + } + rule 2564 { + action accept + description FWCD7CE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWCD7CE_1 + } + port 49152-65534 + } + protocol tcp + } + rule 2565 { + action accept + description FW32EFF_16-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW32EFF_16 + } + port 47779,47778,47777,47776 + } + protocol tcp + } + rule 2566 { + action accept + description FW0745F_5-TCP-ALLOW-77.68.117.222 + destination { + group { + address-group DT_FW0745F_5 + } + port 49170 + } + protocol tcp + source { + address 77.68.117.222 + } + } + rule 2567 { + action accept + description FWC2D30_1-TCP-ALLOW-92.207.199.107 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,22,21 + } + protocol tcp + source { + address 92.207.199.107 + } + } + rule 2568 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.0.89 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.0.89 + } + } + rule 2569 { + action accept + description FW8A3FC_3-TCP-ALLOW-190.2.130.41 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 190.2.130.41 + } + } + rule 2570 { + action accept + description FWFDCC7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWFDCC7_1 + } + port 10000 + } + protocol tcp_udp + } + rule 2571 { + action accept + description FWF19FB_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF19FB_2 + } + port 43595,40001,30616-30631,30531,30204-30435 + } + protocol tcp + } + rule 2572 { + action accept + description FW2B279_4-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 2573 { + action accept + description FW4E314_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4E314_1 + } + port 21543,888 + } + protocol tcp + } + rule 2574 { + action accept + description FW73215_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73215_1 + } + port 4380 + } + protocol udp + } + rule 2575 { + action accept + description VPN-31301-ANY-ALLOW-10.4.86.223 + destination { + group { + address-group DT_VPN-31301 + } + } + source { + address 10.4.86.223 + } + } + rule 2576 { + action accept + description FW8428B_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8428B_1 + } + port 48402 + } + protocol udp + } + rule 2577 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-185.195.124.169 + destination { + group { + address-group DT_FWF3A1B_1 + } + port 2222 + } + protocol tcp_udp + source { + address 185.195.124.169 + } + } + rule 2578 { + action accept + description FW34C91_3-UDP-ALLOW-77.68.121.4 + destination { + group { + address-group DT_FW34C91_3 + } + port 1434 + } + protocol udp + source { + address 77.68.121.4 + } + } + rule 2579 { + action accept + description FW73215_1-TCP-ALLOW-82.38.58.135 + destination { + group { + address-group DT_FW73215_1 + } + port 10685 + } + protocol tcp + source { + address 82.38.58.135 + } + } + rule 2580 { + action accept + description FW52F6F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW52F6F_1 + } + port 8888 + } + protocol tcp + } + rule 2581 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.86 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.86 + } + } + rule 2582 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.125.13 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.125.13 + } + } + rule 2583 { + action accept + description FWEE03C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWEE03C_1 + } + port 2087,2083 + } + protocol tcp + } + rule 2584 { + action accept + description FW748B7_1-TCP-ALLOW-157.231.123.154 + destination { + group { + address-group DT_FW748B7_1 + } + port 22 + } + protocol tcp + source { + address 157.231.123.154 + } + } + rule 2585 { + action accept + description VPN-34501-ANY-ALLOW-10.4.87.235 + destination { + group { + address-group DT_VPN-34501 + } + } + source { + address 10.4.87.235 + } + } + rule 2586 { + action accept + description FWE47DA_1-TCP-ALLOW-81.134.85.245 + destination { + group { + address-group DT_FWE47DA_1 + } + port 22 + } + protocol tcp + source { + address 81.134.85.245 + } + } + rule 2587 { + action accept + description FWD61BF_1-ANY-ALLOW-193.237.81.213_32 + destination { + group { + address-group DT_FWD61BF_1 + } + } + source { + address 193.237.81.213/32 + } + } + rule 2588 { + action accept + description FW2B279_4-TCP-ALLOW-23.106.238.241 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,3306,22 + } + protocol tcp + source { + address 23.106.238.241 + } + } + rule 2589 { + action accept + description FW2B279_4-TCP-ALLOW-35.204.202.196 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,3306,22 + } + protocol tcp + source { + address 35.204.202.196 + } + } + rule 2590 { + action accept + description FW2B279_4-TCP-ALLOW-35.242.141.128 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,3306,22 + } + protocol tcp + source { + address 35.242.141.128 + } + } + rule 2591 { + action accept + description FWC2EF2_2-TCP-ALLOW-90.251.221.19 + destination { + group { + address-group DT_FWC2EF2_2 + } + port 995,993,587,465,143,110,25,22 + } + protocol tcp + source { + address 90.251.221.19 + } + } + rule 2592 { + action accept + description VPN-14673-ANY-ALLOW-10.4.88.44 + destination { + group { + address-group DT_VPN-14673 + } + } + source { + address 10.4.88.44 + } + } + rule 2593 { + action accept + description FWA83DF_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA83DF_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2594 { + action accept + description FW31525_6-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW31525_6 + } + port 35467 + } + protocol tcp + } + rule 2595 { + action accept + description FW4293B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4293B_1 + } + port 9080,8888,8881,7815,8419 + } + protocol tcp + } + rule 2596 { + action accept + description FW4AE7D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4AE7D_1 + } + port 8083,81 + } + protocol tcp + } + rule 2597 { + action accept + description FWC2D30_1-TCP-ALLOW-143.52.53.22 + destination { + group { + address-group DT_FWC2D30_1 + } + port 22 + } + protocol tcp + source { + address 143.52.53.22 + } + } + rule 2598 { + action accept + description FW44217_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW44217_2 + } + port 7946,4789 + } + protocol udp + } + rule 2599 { + action accept + description FW2B279_4-TCP-ALLOW-46.249.82.162 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 46.249.82.162 + } + } + rule 2600 { + action accept + description FW27949_2-TCP-ALLOW-80.95.202.106 + destination { + group { + address-group DT_FW27949_2 + } + port 443,80 + } + protocol tcp + source { + address 80.95.202.106 + } + } + rule 2601 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.93.82 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.93.82 + } + } + rule 2602 { + action accept + description FW2ACFF_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2ACFF_1 + } + port 8082,5093 + } + protocol tcp + } + rule 2603 { + action accept + description FWC2EF2_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC2EF2_2 + } + port 10000,953,53 + } + protocol tcp_udp + } + rule 2604 { + action accept + description FW0C8E1_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0C8E1_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2605 { + action accept + description FWA86ED_101-TCP_UDP-ALLOW-82.5.189.5 + destination { + group { + address-group DT_FWA86ED_101 + } + port 1-65535 + } + protocol tcp_udp + source { + address 82.5.189.5 + } + } + rule 2606 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.179 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.179 + } + } + rule 2607 { + action accept + description FWEF92E_5-ESP-ALLOW-88.208.198.93 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 88.208.198.93 + } + } + rule 2608 { + action accept + description FW5658C_1-TCP-ALLOW-39.45.43.109 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.45.43.109 + } + } + rule 2609 { + action accept + description FW5658C_1-TCP-ALLOW-5.67.3.195 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 5.67.3.195 + } + } + rule 2610 { + action accept + description FWDCA36_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDCA36_3 + } + port 49152-65534,5901 + } + protocol tcp + } + rule 2611 { + action accept + description FWE928F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE928F_1 + } + port 53 + } + protocol tcp_udp + } + rule 2612 { + action accept + description FW69D6D_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW69D6D_2 + } + port 5001,5090,5060,5015 + } + protocol tcp + } + rule 2613 { + action accept + description FW69D6D_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW69D6D_2 + } + port 5090,5060,9000-9500 + } + protocol udp + } + rule 2614 { + action accept + description VPN-9765-ANY-ALLOW-10.4.56.45 + destination { + group { + address-group DT_VPN-9765 + } + } + source { + address 10.4.56.45 + } + } + rule 2615 { + action accept + description VPN-9765-ANY-ALLOW-10.4.57.45 + destination { + group { + address-group DT_VPN-9765 + } + } + source { + address 10.4.57.45 + } + } + rule 2616 { + action accept + description FW4C136_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW4C136_1 + } + port 1194 + } + protocol tcp_udp + } + rule 2617 { + action accept + description FW6F539_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6F539_1 + } + port 49152-65534 + } + protocol tcp + } + rule 2618 { + action accept + description FWDD089_5-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWDD089_5 + } + port 5666-5667,12489 + } + protocol tcp_udp + } + rule 2619 { + action accept + description FWDD089_5-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDD089_5 + } + port 161-162 + } + protocol tcp + } + rule 2620 { + action accept + description FWEF92E_5-AH-ALLOW-109.228.37.19 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 109.228.37.19 + } + } + rule 2621 { + action accept + description FW0A5C4_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0A5C4_1 + } + port 9000,6697,6667,5000 + } + protocol tcp + } + rule 2622 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.11.54 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.11.54 + } + } + rule 2623 { + action accept + description FW2BB8D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2BB8D_1 + } + port 7990 + } + protocol tcp + } + rule 2624 { + action accept + description FWAF6E8_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWAF6E8_1 + } + port 7770-7800,44445,53 + } + protocol tcp_udp + } + rule 2625 { + action accept + description FW81286_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW81286_1 + } + port 2082,2083,2086,2087,2096 + } + protocol tcp + } + rule 2626 { + action accept + description FW05064_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW05064_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2627 { + action accept + description FWD7382_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWD7382_1 + } + port 4500,1701,500 + } + protocol udp + } + rule 2628 { + action accept + description FWD7382_1-TCP-ALLOW-174.91.7.198 + destination { + group { + address-group DT_FWD7382_1 + } + port 3389 + } + protocol tcp + source { + address 174.91.7.198 + } + } + rule 2629 { + action accept + description VPN-9484-ANY-ALLOW-10.4.56.164 + destination { + group { + address-group DT_VPN-9484 + } + } + source { + address 10.4.56.164 + } + } + rule 2630 { + action accept + description VPN-9484-ANY-ALLOW-10.4.57.164 + destination { + group { + address-group DT_VPN-9484 + } + } + source { + address 10.4.57.164 + } + } + rule 2631 { + action accept + description VPN-9749-ANY-ALLOW-10.4.58.144 + destination { + group { + address-group DT_VPN-9749 + } + } + source { + address 10.4.58.144 + } + } + rule 2632 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.77.149 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.77.149 + } + } + rule 2633 { + action accept + description FW10FEE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW10FEE_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2634 { + action accept + description FW5658C_1-TCP-ALLOW-5.71.30.141 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 5.71.30.141 + } + } + rule 2635 { + action accept + description VPN-9749-ANY-ALLOW-10.4.59.144 + destination { + group { + address-group DT_VPN-9749 + } + } + source { + address 10.4.59.144 + } + } + rule 2636 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.77.70 + } + } + rule 2637 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.92.33 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.92.33 + } + } + rule 2638 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.93.82 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.93.82 + } + } + rule 2639 { + action accept + description FWEF92E_6-AH-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_6 + } + } + protocol ah + source { + address 77.68.77.57 + } + } + rule 2640 { + action accept + description FWEF92E_6-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FWEF92E_6 + } + port 3389,445 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2641 { + action accept + description FWEF92E_5-AH-ALLOW-88.208.198.93 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 88.208.198.93 + } + } + rule 2642 { + action accept + description FWEF92E_7-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FWEF92E_7 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2643 { + action accept + description FWEF92E_7-TCP-ALLOW-87.224.6.174 + destination { + group { + address-group DT_FWEF92E_7 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.6.174 + } + } + rule 2644 { + action accept + description FWEF92E_5-TCP-ALLOW-109.228.37.19 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 109.228.37.19 + } + } + rule 2645 { + action accept + description FW49C3D_4-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FW49C3D_4 + } + port 3389,445,80 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2646 { + action accept + description FW49C3D_4-TCP-ALLOW-82.0.198.226 + destination { + group { + address-group DT_FW49C3D_4 + } + port 3389,445 + } + protocol tcp + source { + address 82.0.198.226 + } + } + rule 2647 { + action accept + description FW49C3D_6-TCP-ALLOW-82.0.198.226 + destination { + group { + address-group DT_FW49C3D_6 + } + port 3389,445 + } + protocol tcp + source { + address 82.0.198.226 + } + } + rule 2648 { + action accept + description FW49C3D_6-TCP-ALLOW-83.100.136.74 + destination { + group { + address-group DT_FW49C3D_6 + } + port 3389,445 + } + protocol tcp + source { + address 83.100.136.74 + } + } + rule 2649 { + action accept + description FWEF92E_6-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FWEF92E_6 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2650 { + action accept + description FWEF92E_5-TCP-ALLOW-194.145.189.162 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 194.145.189.162 + } + } + rule 2651 { + action accept + description FW3DBF8_9-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW3DBF8_9 + } + port 9000-10999 + } + protocol udp + } + rule 2652 { + action accept + description VPN-19807-ANY-ALLOW-10.4.86.172 + destination { + group { + address-group DT_VPN-19807 + } + } + source { + address 10.4.86.172 + } + } + rule 2653 { + action accept + description FWEEC75_1-TCP-ALLOW-82.8.245.40 + destination { + group { + address-group DT_FWEEC75_1 + } + port 21 + } + protocol tcp + source { + address 82.8.245.40 + } + } + rule 2654 { + action accept + description FW3AD6F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW3AD6F_1 + } + port 53,465 + } + protocol tcp_udp + } + rule 2655 { + action accept + description FWCDBC7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWCDBC7_1 + } + port 53 + } + protocol tcp_udp + } + rule 2656 { + action accept + description FWA373F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA373F_1 + } + port 2087,2086,2083,2082 + } + protocol tcp + } + rule 2657 { + action accept + description FW2B279_4-TCP-ALLOW-94.155.221.50 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 94.155.221.50 + } + } + rule 2658 { + action accept + description FWC2D30_1-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,22 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 2659 { + action accept + description VPN-30791-ANY-ALLOW-10.4.88.215 + destination { + group { + address-group DT_VPN-30791 + } + } + source { + address 10.4.88.215 + } + } + rule 2660 { + action accept + description VPN-30791-ANY-ALLOW-10.4.89.215 + destination { + group { + address-group DT_VPN-30791 + } + } + source { + address 10.4.89.215 + } + } + rule 2661 { + action accept + description FW2EF2C_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2EF2C_1 + } + port 10000,3478 + } + protocol udp + } + rule 2662 { + action accept + description FW32EFF_49-TCP-ALLOW-195.217.232.0_26 + destination { + group { + address-group DT_FW32EFF_49 + } + port 5589 + } + protocol tcp + source { + address 195.217.232.0/26 + } + } + rule 2663 { + action accept + description FW4AE7D_1-TCP-ALLOW-81.136.8.24 + destination { + group { + address-group DT_FW4AE7D_1 + } + port 3389 + } + protocol tcp + source { + address 81.136.8.24 + } + } + rule 2664 { + action accept + description FW2EF2C_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2EF2C_1 + } + port 5222 + } + protocol tcp_udp + } + rule 2665 { + action accept + description FW48A55_2-TCP-ALLOW-86.29.225.60 + destination { + group { + address-group DT_FW48A55_2 + } + port 443,80,22 + } + protocol tcp + source { + address 86.29.225.60 + } + } + rule 2666 { + action accept + description FW48A55_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW48A55_2 + } + port 1337 + } + protocol udp + } + rule 2667 { + action accept + description VPN-11913-ANY-ALLOW-10.4.56.191 + destination { + group { + address-group DT_VPN-11913 + } + } + source { + address 10.4.56.191 + } + } + rule 2668 { + action accept + description FWEF92E_5-TCP-ALLOW-194.145.189.163 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 194.145.189.163 + } + } + rule 2669 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.0.90 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.0.90 + } + } + rule 2670 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.24.66 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.24.66 + } + } + rule 2671 { + action accept + description VPN-11913-ANY-ALLOW-10.4.57.191 + destination { + group { + address-group DT_VPN-11913 + } + } + source { + address 10.4.57.191 + } + } + rule 2672 { + action accept + description FW73573_2-TCP-ALLOW-86.9.185.195 + destination { + group { + address-group DT_FW73573_2 + } + port 22 + } + protocol tcp + source { + address 86.9.185.195 + } + } + rule 2673 { + action accept + description VPN-17558-ANY-ALLOW-10.4.87.143 + destination { + group { + address-group DT_VPN-17558 + } + } + source { + address 10.4.87.143 + } + } + rule 2674 { + action accept + description FW748B7_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW748B7_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2675 { + action accept + description FW16375_5-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW16375_5 + } + port 2082,2083,2086,2087 + } + protocol tcp + } + rule 2676 { + action accept + description FW5A77C_16-TCP-ALLOW-88.98.204.68 + destination { + group { + address-group DT_FW5A77C_16 + } + port 22 + } + protocol tcp + source { + address 88.98.204.68 + } + } + rule 2677 { + action accept + description FW73573_1-TCP-ALLOW-86.9.185.195 + destination { + group { + address-group DT_FW73573_1 + } + port 22 + } + protocol tcp + source { + address 86.9.185.195 + } + } + rule 2678 { + action accept + description FWEF92E_5-TCP-ALLOW-194.145.190.4 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 194.145.190.4 + } + } + rule 2679 { + action accept + description FWC2D30_1-TCP-ALLOW-140.82.112.0_20 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 140.82.112.0/20 + } + } + rule 2680 { + action accept + description FW62858_12-ICMP-ALLOW-77.68.122.41 + destination { + group { + address-group DT_FW62858_12 + } + } + protocol icmp + source { + address 77.68.122.41 + } + } + rule 2681 { + action accept + description FWB118A_1-TCP-ALLOW-147.148.96.136 + destination { + group { + address-group DT_FWB118A_1 + } + port 49152-65534,8447,8443,22,21,20 + } + protocol tcp + source { + address 147.148.96.136 + } + } + rule 2682 { + action accept + description FW5A77C_16-TCP-ALLOW-92.207.237.42 + destination { + group { + address-group DT_FW5A77C_16 + } + port 10000,22 + } + protocol tcp + source { + address 92.207.237.42 + } + } + rule 2683 { + action accept + description FW364CF_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW364CF_1 + } + port 4022,8099 + } + protocol tcp + } + rule 2684 { + action accept + description VPN-25822-ANY-ALLOW-10.4.54.42 + destination { + group { + address-group DT_VPN-25822 + } + } + source { + address 10.4.54.42 + } + } + rule 2685 { + action accept + description FW7F28A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW7F28A_1 + } + port 10051,10050 + } + protocol tcp + } + rule 2686 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.53.159 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.53.159 + } + } + rule 2687 { + action accept + description FWE47DA_1-TCP-ALLOW-185.22.211.0_24 + destination { + group { + address-group DT_FWE47DA_1 + } + port 22 + } + protocol tcp + source { + address 185.22.211.0/24 + } + } + rule 2688 { + action accept + description FWC6301_1-TCP-ALLOW-95.34.208.4 + destination { + group { + address-group DT_FWC6301_1 + } + port 22 + } + protocol tcp + source { + address 95.34.208.4 + } + } + rule 2689 { + action accept + description FW45000_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW45000_1 + } + port 990 + } + protocol tcp + } + rule 2690 { + action accept + description FW481D7_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW481D7_1 + } + port 6789 + } + protocol tcp + } + rule 2691 { + action accept + description VPN-8203-ANY-ALLOW-10.4.59.109 + destination { + group { + address-group DT_VPN-8203 + } + } + source { + address 10.4.59.109 + } + } + rule 2692 { + action accept + description VPN-3575-ANY-ALLOW-10.4.54.124 + destination { + group { + address-group DT_VPN-3575 + } + } + source { + address 10.4.54.124 + } + } + rule 2693 { + action accept + description VPN-3575-ANY-ALLOW-10.4.55.125 + destination { + group { + address-group DT_VPN-3575 + } + } + source { + address 10.4.55.125 + } + } + rule 2694 { + action accept + description FW42661_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW42661_3 + } + port 44445,25672,15672,9876,7770-7800 + } + protocol tcp + } + rule 2695 { + action accept + description FWBF494_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBF494_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2696 { + action accept + description FWD0E22_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD0E22_4 + } + port 8000,19005 + } + protocol tcp + } + rule 2697 { + action accept + description FW98818_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW98818_1 + } + port 27015 + } + protocol udp + } + rule 2698 { + action accept + description FW62858_12-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW62858_12 + } + port 5001,5000 + } + protocol tcp + } + rule 2699 { + action accept + description VPN-34006-ANY-ALLOW-10.4.86.242 + destination { + group { + address-group DT_VPN-34006 + } + } + source { + address 10.4.86.242 + } + } + rule 2700 { + action accept + description VPN-34006-ANY-ALLOW-10.4.87.242 + destination { + group { + address-group DT_VPN-34006 + } + } + source { + address 10.4.87.242 + } + } + rule 2701 { + action accept + description FWF879C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF879C_1 + } + port 8888 + } + protocol tcp + } + rule 2702 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.11.54 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.11.54 + } + } + rule 2703 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.74.89 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.74.89 + } + } + rule 2704 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.77.149 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.77.149 + } + } + rule 2705 { + action accept + description FW8A57A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8A57A_1 + } + port 49153,5666 + } + protocol tcp + } + rule 2706 { + action accept + description FW62858_12-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW62858_12 + } + port 5090,5061,5060 + } + protocol tcp_udp + } + rule 2707 { + action accept + description FW62858_12-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW62858_12 + } + port 9000-10999 + } + protocol udp + } + rule 2708 { + action accept + description FW0E2EE_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0E2EE_1 + } + port 1024-65535 + } + protocol tcp_udp + } + rule 2709 { + action accept + description FWEEC75_1-TCP-ALLOW-82.5.80.210 + destination { + group { + address-group DT_FWEEC75_1 + } + port 22 + } + protocol tcp + source { + address 82.5.80.210 + } + } + rule 2710 { + action accept + description FW4F81F_4-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW4F81F_4 + } + port 26900,27005,27015,51000,51005,51030 + } + protocol tcp_udp + } + rule 2711 { + action accept + description VPN-7902-ANY-ALLOW-10.4.56.78 + destination { + group { + address-group DT_VPN-7902 + } + } + source { + address 10.4.56.78 + } + } + rule 2712 { + action accept + description VPN-7902-ANY-ALLOW-10.4.57.78 + destination { + group { + address-group DT_VPN-7902 + } + } + source { + address 10.4.57.78 + } + } + rule 2713 { + action accept + description FWB36A0_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWB36A0_1 + } + port 20-21,990 + } + protocol tcp_udp + } + rule 2714 { + action accept + description FWD2082_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD2082_1 + } + port 8001,8002 + } + protocol tcp + } + rule 2715 { + action accept + description FW8A3FC_3-TCP-ALLOW-212.8.242.171 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 212.8.242.171 + } + } + rule 2716 { + action accept + description FWB9699_11-TCP-ALLOW-213.171.217.184 + destination { + group { + address-group DT_FWB9699_11 + } + port 443,80,8800,22 + } + protocol tcp + source { + address 213.171.217.184 + } + } + rule 2717 { + action accept + description VPN-11083-ANY-ALLOW-10.4.54.186 + destination { + group { + address-group DT_VPN-11083 + } + } + source { + address 10.4.54.186 + } + } + rule 2718 { + action accept + description VPN-11083-ANY-ALLOW-10.4.55.187 + destination { + group { + address-group DT_VPN-11083 + } + } + source { + address 10.4.55.187 + } + } + rule 2719 { + action accept + description VPN-34583-ANY-ALLOW-10.4.86.243 + destination { + group { + address-group DT_VPN-34583 + } + } + source { + address 10.4.86.243 + } + } + rule 2720 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.155 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.84.155 + } + } + rule 2721 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.117 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.117 + } + } + rule 2722 { + action accept + description FW7A9B0_9-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW7A9B0_9 + } + port 11112 + } + protocol tcp + } + rule 2723 { + action accept + description FW3F465_1-TCP-ALLOW-77.68.127.177 + destination { + group { + address-group DT_FW3F465_1 + } + port 3306 + } + protocol tcp + source { + address 77.68.127.177 + } + } + rule 2724 { + action accept + description VPN-34583-ANY-ALLOW-10.4.87.243 + destination { + group { + address-group DT_VPN-34583 + } + } + source { + address 10.4.87.243 + } + } + rule 2725 { + action accept + description FW930F3_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW930F3_1 + } + port 9089,5900,5666,5272 + } + protocol tcp + } + rule 2726 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.165 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.165 + } + } + rule 2727 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.140 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.140 + } + } + rule 2728 { + action accept + description FW90AE3_1-TCP-ALLOW-82.11.114.136 + destination { + group { + address-group DT_FW90AE3_1 + } + port 3306,22 + } + protocol tcp + source { + address 82.11.114.136 + } + } + rule 2729 { + action accept + description FW73215_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73215_1 + } + port 27015 + } + protocol tcp_udp + } + rule 2730 { + action accept + description FWC2EF2_1-TCP-ALLOW-18.130.156.250 + destination { + group { + address-group DT_FWC2EF2_1 + } + port 22 + } + protocol tcp + source { + address 18.130.156.250 + } + } + rule 2731 { + action accept + description FWC2EF2_1-TCP-ALLOW-90.251.221.19 + destination { + group { + address-group DT_FWC2EF2_1 + } + port 22 + } + protocol tcp + source { + address 90.251.221.19 + } + } + rule 2732 { + action accept + description FW90AE3_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW90AE3_1 + } + port 8765,8001,8000 + } + protocol tcp + } + rule 2733 { + action accept + description FWC2EF2_1-TCP-ALLOW-87.74.110.191 + destination { + group { + address-group DT_FWC2EF2_1 + } + port 8443 + } + protocol tcp + source { + address 87.74.110.191 + } + } + rule 2734 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.77.70 + } + } + rule 2735 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.93 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.93 + } + } + rule 2736 { + action accept + description FW81138_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW81138_1 + } + port 123 + } + protocol udp + } + rule 2737 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.64 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.64 + } + } + rule 2738 { + action accept + description FW03B35_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW03B35_1 + } + port 1-65535 + } + protocol tcp_udp + } + rule 2739 { + action accept + description VPN-19807-ANY-ALLOW-10.4.87.172 + destination { + group { + address-group DT_VPN-19807 + } + } + source { + address 10.4.87.172 + } + } + rule 2740 { + action accept + description FW5658C_1-TCP-ALLOW-94.12.73.154 + destination { + group { + address-group DT_FW5658C_1 + } + port 8447 + } + protocol tcp + source { + address 94.12.73.154 + } + } + rule 2741 { + action accept + description FW5658C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5658C_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2742 { + action accept + description FW0B352_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0B352_1 + } + port 3443 + } + protocol tcp_udp + } + rule 2743 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FWEF92E_5 + } + port 3389,445,443 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2744 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.92.33 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.92.33 + } + } + rule 2745 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.93.82 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.93.82 + } + } + rule 2746 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.44 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.44 + } + } + rule 2747 { + action accept + description FW34C91_3-TCP-ALLOW-188.220.176.104 + destination { + group { + address-group DT_FW34C91_3 + } + port 1433 + } + protocol tcp + source { + address 188.220.176.104 + } + } + rule 2748 { + action accept + description FW3F465_1-TCP-ALLOW-77.68.16.101 + destination { + group { + address-group DT_FW3F465_1 + } + port 3306 + } + protocol tcp + source { + address 77.68.16.101 + } + } + rule 2749 { + action accept + description FWEF92E_5-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FWEF92E_5 + } + port 3389,445,443 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2750 { + action accept + description FW34C91_3-UDP-ALLOW-188.220.176.104 + destination { + group { + address-group DT_FW34C91_3 + } + port 1434 + } + protocol udp + source { + address 188.220.176.104 + } + } + rule 2751 { + action accept + description FWE47DA_1-TCP-ALLOW-185.22.208.0_25 + destination { + group { + address-group DT_FWE47DA_1 + } + port 22 + } + protocol tcp + source { + address 185.22.208.0/25 + } + } + rule 2752 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.187 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.187 + } + } + rule 2753 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.84 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.84 + } + } + rule 2754 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.52 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 116.206.246.52 + } + } + rule 2755 { + action accept + description FW8AFF1_7-TCP-ALLOW-77.68.92.154 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 77.68.92.154 + } + } + rule 2756 { + action accept + description FW8AFF1_7-TCP-ALLOW-77.68.93.156 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 77.68.93.156 + } + } + rule 2757 { + action accept + description VPN-24398-ANY-ALLOW-10.4.88.151 + destination { + group { + address-group DT_VPN-24398 + } + } + source { + address 10.4.88.151 + } + } + rule 2758 { + action accept + description VPN-24398-ANY-ALLOW-10.4.89.151 + destination { + group { + address-group DT_VPN-24398 + } + } + source { + address 10.4.89.151 + } + } + rule 2759 { + action accept + description VPN-24589-ANY-ALLOW-10.4.56.9 + destination { + group { + address-group DT_VPN-24589 + } + } + source { + address 10.4.56.9 + } + } + rule 2760 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.29 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.29 + } + } + rule 2761 { + action accept + description FWC7D36_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC7D36_1 + } + port 27017,11080 + } + protocol tcp + } + rule 2762 { + action accept + description FWBB718_1-TCP_UDP-ALLOW-77.68.73.116 + destination { + group { + address-group DT_FWBB718_1 + } + port 1433 + } + protocol tcp_udp + source { + address 77.68.73.116 + } + } + rule 2763 { + action accept + description FWBB718_1-UDP-ALLOW-77.68.73.116 + destination { + group { + address-group DT_FWBB718_1 + } + port 1434 + } + protocol udp + source { + address 77.68.73.116 + } + } + rule 2764 { + action accept + description FWB9699_11-TCP-ALLOW-213.171.217.102 + destination { + group { + address-group DT_FWB9699_11 + } + port 22,80,443,8800 + } + protocol tcp + source { + address 213.171.217.102 + } + } + rule 2765 { + action accept + description FW18E6E_3-TCP-ALLOW-103.8.164.5 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 103.8.164.5 + } + } + rule 2766 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.193 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.193 + } + } + rule 2768 { + action accept + description FW26F0A_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW26F0A_1 + } + port 53 + } + protocol tcp_udp + } + rule 2769 { + action accept + description FWCC18F_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWCC18F_2 + } + port 8883,1883 + } + protocol tcp + } + rule 2771 { + action accept + description FW633DD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW633DD_1 + } + port 28967,14002,9984,9983,9982,9981,8888,8884 + } + protocol tcp + } + rule 2772 { + action accept + description FWDEDB9_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDEDB9_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2773 { + action accept + description VPN-18646-ANY-ALLOW-10.4.88.109 + destination { + group { + address-group DT_VPN-18646 + } + } + source { + address 10.4.88.109 + } + } + rule 2774 { + action accept + description VPN-18646-ANY-ALLOW-10.4.89.109 + destination { + group { + address-group DT_VPN-18646 + } + } + source { + address 10.4.89.109 + } + } + rule 2775 { + action accept + description FWA0531_1-TCP-ALLOW-87.224.39.221 + destination { + group { + address-group DT_FWA0531_1 + } + port 8082,3003,22 + } + protocol tcp + source { + address 87.224.39.221 + } + } + rule 2776 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.94 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.94 + } + } + rule 2777 { + action accept + description FWA0531_1-TCP-ALLOW-92.237.97.92 + destination { + group { + address-group DT_FWA0531_1 + } + port 8082,3003,22 + } + protocol tcp + source { + address 92.237.97.92 + } + } + rule 2778 { + action accept + description VPN-25822-ANY-ALLOW-10.4.55.42 + destination { + group { + address-group DT_VPN-25822 + } + } + source { + address 10.4.55.42 + } + } + rule 2779 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.88 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.211.88 + } + } + rule 2780 { + action accept + description FWC2D30_1-TCP-ALLOW-143.55.64.0_20 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 143.55.64.0/20 + } + } + rule 2781 { + action accept + description FW18E6E_3-TCP-ALLOW-194.176.78.206 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 194.176.78.206 + } + } + rule 2782 { + action accept + description FW18E6E_3-TCP-ALLOW-195.243.221.50 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 195.243.221.50 + } + } + rule 2783 { + action accept + description FW18E6E_3-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 2784 { + action accept + description FW18E6E_3-TCP-ALLOW-81.150.168.54 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306,22 + } + protocol tcp + source { + address 81.150.168.54 + } + } + rule 2785 { + action accept + description FW18E6E_3-TCP-ALLOW-89.197.133.235 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 89.197.133.235 + } + } + rule 2786 { + action accept + description FW18E6E_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW18E6E_3 + } + port 60000-60100,873 + } + protocol tcp + } + rule 2787 { + action accept + description FW2BF20_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2BF20_3 + } + port 49152-65534,990 + } + protocol tcp + } + rule 2788 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.98 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.98 + } + } + rule 2789 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.65 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.65 + } + } + rule 2791 { + action accept + description FW197DB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW197DB_1 + } + port 49152-65534 + } + protocol tcp + } + rule 2792 { + action accept + description FW1208C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1208C_1 + } + port 2087,2083,2096 + } + protocol tcp + } + rule 2793 { + action accept + description FW00D98_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW00D98_1 + } + port 4430 + } + protocol tcp + } + rule 2794 { + action accept + description FW03B35_1-ESP-ALLOW-ANY + destination { + group { + address-group DT_FW03B35_1 + } + } + protocol esp + } + rule 2795 { + action accept + description FW03B35_1-AH-ALLOW-ANY + destination { + group { + address-group DT_FW03B35_1 + } + } + protocol ah + } + rule 2796 { + action accept + description FWEF92E_5-TCP-ALLOW-87.224.6.174 + destination { + group { + address-group DT_FWEF92E_5 + } + port 3389,445,443 + } + protocol tcp + source { + address 87.224.6.174 + } + } + rule 2797 { + action accept + description FW825C8_19-TCP-ALLOW-159.253.51.74 + destination { + group { + address-group DT_FW825C8_19 + } + port 3389,1433,995 + } + protocol tcp + source { + address 159.253.51.74 + } + } + rule 2798 { + action accept + description FW825C8_19-TCP-ALLOW-77.68.76.111 + destination { + group { + address-group DT_FW825C8_19 + } + port 1433 + } + protocol tcp + source { + address 77.68.76.111 + } + } + rule 2799 { + action accept + description FW825C8_19-TCP-ALLOW-77.68.28.63 + destination { + group { + address-group DT_FW825C8_19 + } + port 995 + } + protocol tcp + source { + address 77.68.28.63 + } + } + rule 2801 { + action accept + description FW2EF2C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2EF2C_1 + } + port 5349 + } + protocol tcp + } + rule 2802 { + action accept + description FWEF92E_5-TCP-ALLOW-88.208.198.93 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 88.208.198.93 + } + } + rule 2803 { + action accept + description FWC3921_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC3921_1 + } + port 25000,25001-25005,26000-26006 + } + protocol tcp + } + rule 2804 { + action accept + description FWEF92E_5-UDP-ALLOW-109.228.37.19 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 109.228.37.19 + } + } + rule 2805 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.11.54 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.11.54 + } + } + rule 2806 { + action accept + description FW5AE10_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW5AE10_1 + } + port 53 + } + protocol tcp_udp + } + rule 2810 { + action accept + description FW45F87_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW45F87_1 + } + port 60000-60100 + } + protocol tcp + } + rule 2811 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.108.158 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 123.231.108.158 + } + } + rule 2813 { + action accept + description FW825C8_19-TCP-ALLOW-109.228.1.233 + destination { + group { + address-group DT_FW825C8_19 + } + port 1433 + } + protocol tcp + source { + address 109.228.1.233 + } + } + rule 2814 { + action accept + description FW20449_2-ICMP-ALLOW-3.10.221.168 + destination { + group { + address-group DT_FW20449_2 + } + } + protocol icmp + source { + address 3.10.221.168 + } + } + rule 2815 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.100 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.100 + } + } + rule 2816 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.180 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.180 + } + } + rule 2817 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.184 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.184 + } + } + rule 2818 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.185 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.185 + } + } + rule 2819 { + action accept + description FWB9699_7-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWB9699_7 + } + port 161 + } + protocol udp + } + rule 2820 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.102 + destination { + group { + address-group DT_FWB9699_7 + } + port 22,8443 + } + protocol tcp + source { + address 213.171.217.102 + } + } + rule 2821 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.103 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.103 + } + } + rule 2824 { + action accept + description FWE3E77_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE3E77_1 + } + port 10010,10009 + } + protocol tcp + } + rule 2825 { + action accept + description FW8A3FC_3-TCP-ALLOW-93.190.142.120 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 93.190.142.120 + } + } + rule 2826 { + action accept + description FW20449_2-ICMP-ALLOW-82.20.69.137 + destination { + group { + address-group DT_FW20449_2 + } + } + protocol icmp + source { + address 82.20.69.137 + } + } + rule 2827 { + action accept + description FW8A3FC_3-TCP-ALLOW-46.101.232.93 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 21-10000 + } + protocol tcp + source { + address 46.101.232.93 + } + } + rule 2828 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.5 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.5 + } + } + rule 2829 { + action accept + description FWD2440_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD2440_1 + } + port 1-65535 + } + protocol tcp + } + rule 2831 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.105 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.105 + } + } + rule 2833 { + action accept + description FW825C8_24-TCP-ALLOW-159.253.51.74 + destination { + group { + address-group DT_FW825C8_24 + } + port 3389,1433,995 + } + protocol tcp + source { + address 159.253.51.74 + } + } + rule 2834 { + action accept + description FW825C8_24-TCP-ALLOW-77.68.77.120 + destination { + group { + address-group DT_FW825C8_24 + } + port 1433 + } + protocol tcp + source { + address 77.68.77.120 + } + } + rule 2839 { + action accept + description FWD2440_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWD2440_1 + } + port 1-65535 + } + protocol udp + } + rule 2840 { + action accept + description FW1C8F2_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1C8F2_1 + } + port 7000-10000,5554,5443,5080,1935,1111 + } + protocol tcp + } + rule 2843 { + action accept + description FWE7180_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE7180_1 + } + port 443,53 + } + protocol tcp_udp + } + rule 2844 { + action accept + description FWC6301_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC6301_1 + } + port 2456 + } + protocol tcp_udp + } + rule 2845 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.113 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.113 + } + } + rule 2846 { + action accept + description VPN-24589-ANY-ALLOW-10.4.57.9 + destination { + group { + address-group DT_VPN-24589 + } + } + source { + address 10.4.57.9 + } + } + rule 2847 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.237 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.212.237 + } + } + rule 2849 { + action accept + description FWFD9AF_9-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWFD9AF_9 + } + port 445 + } + protocol tcp_udp + } + rule 2850 { + action accept + description VPN-23209-ANY-ALLOW-10.4.58.8 + destination { + group { + address-group DT_VPN-23209 + } + } + source { + address 10.4.58.8 + } + } + rule 2851 { + action accept + description VPN-23209-ANY-ALLOW-10.4.59.8 + destination { + group { + address-group DT_VPN-23209 + } + } + source { + address 10.4.59.8 + } + } + rule 2853 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.29 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.29 + } + } + rule 2854 { + action accept + description FW16375_5-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW16375_5 + } + port 2096 + } + protocol tcp_udp + } + rule 2856 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.173 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.173 + } + } + rule 2858 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.35 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.35 + } + } + rule 2859 { + action accept + description FW73573_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73573_1 + } + port 25 + } + protocol tcp_udp + } + rule 2860 { + action accept + description FW18E6E_3-TCP-ALLOW-148.253.173.242 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 148.253.173.242 + } + } + rule 2861 { + action accept + description FW8ECF4_1-TCP-ALLOW-77.68.2.215 + destination { + group { + address-group DT_FW8ECF4_1 + } + port 3306 + } + protocol tcp + source { + address 77.68.2.215 + } + } + rule 2862 { + action accept + description FW8A3FC_3-TCP_UDP-ALLOW-82.165.100.25 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 21-10000 + } + protocol tcp_udp + source { + address 82.165.100.25 + } + } + rule 2863 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.235 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.235 + } + } + rule 2864 { + action accept + description VPN-18647-ANY-ALLOW-10.4.86.114 + destination { + group { + address-group DT_VPN-18647 + } + } + source { + address 10.4.86.114 + } + } + rule 2865 { + action accept + description VPN-18647-ANY-ALLOW-10.4.87.114 + destination { + group { + address-group DT_VPN-18647 + } + } + source { + address 10.4.87.114 + } + } + rule 2867 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.107 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.107 + } + } + rule 2868 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.239 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.239 + } + } + rule 2869 { + action accept + description FWF699D_4-TCP-ALLOW-164.39.151.3 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 164.39.151.3 + } + } + rule 2870 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.245 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.245 + } + } + rule 2873 { + action accept + description FWEF92E_6-TCP-ALLOW-87.224.6.174 + destination { + group { + address-group DT_FWEF92E_6 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.6.174 + } + } + rule 2874 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.130 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.130 + } + } + rule 2875 { + action accept + description FW44BF9_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW44BF9_1 + } + port 49160-49200 + } + protocol tcp + } + rule 2876 { + action accept + description VPN-24591-ANY-ALLOW-10.4.86.4 + destination { + group { + address-group DT_VPN-24591 + } + } + source { + address 10.4.86.4 + } + } + rule 2877 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.60 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.60 + } + } + rule 2879 { + action accept + description FWEF92E_6-UDP-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_6 + } + port 500 + } + protocol udp + source { + address 77.68.77.57 + } + } + rule 2880 { + action accept + description FWF699D_4-TCP-ALLOW-185.132.38.110 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 185.132.38.110 + } + } + rule 2881 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.216 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.216 + } + } + rule 2882 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.77.149 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.77.149 + } + } + rule 2883 { + action accept + description FWA2FF8_4-TCP-ALLOW-80.229.18.102 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 3306,21,22 + } + protocol tcp + source { + address 80.229.18.102 + } + } + rule 2884 { + action accept + description FWA2FF8_4-TCP-ALLOW-109.169.33.69 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 3306,21,22 + } + protocol tcp + source { + address 109.169.33.69 + } + } + rule 2885 { + action accept + description FWA2FF8_4-TCP-ALLOW-46.102.209.35 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 3306,21 + } + protocol tcp + source { + address 46.102.209.35 + } + } + rule 2886 { + action accept + description FWA2FF8_4-TCP-ALLOW-90.213.48.16 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 3306,21 + } + protocol tcp + source { + address 90.213.48.16 + } + } + rule 2887 { + action accept + description FWA2FF8_4-TCP-ALLOW-77.68.76.129 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 22 + } + protocol tcp + source { + address 77.68.76.129 + } + } + rule 2888 { + action accept + description FWA2FF8_4-TCP-ALLOW-109.228.50.145 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 22 + } + protocol tcp + source { + address 109.228.50.145 + } + } + rule 2889 { + action accept + description FWA2FF8_4-TCP-ALLOW-77.68.76.231 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 22 + } + protocol tcp + source { + address 77.68.76.231 + } + } + rule 2890 { + action accept + description FW4513E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4513E_1 + } + port 50000-50020,990 + } + protocol tcp + } + rule 2893 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.40.7 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.40.7 + } + } + rule 2894 { + action accept + description VPN-21876-ANY-ALLOW-10.4.88.96 + destination { + group { + address-group DT_VPN-21876 + } + } + source { + address 10.4.88.96 + } + } + rule 2895 { + action accept + description VPN-21876-ANY-ALLOW-10.4.89.96 + destination { + group { + address-group DT_VPN-21876 + } + } + source { + address 10.4.89.96 + } + } + rule 2896 { + action accept + description VPN-26124-ANY-ALLOW-10.4.54.75 + destination { + group { + address-group DT_VPN-26124 + } + } + source { + address 10.4.54.75 + } + } + rule 2897 { + action accept + description VPN-26124-ANY-ALLOW-10.4.55.76 + destination { + group { + address-group DT_VPN-26124 + } + } + source { + address 10.4.55.76 + } + } + rule 2898 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.21 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.21 + } + } + rule 2899 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.213 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.213 + } + } + rule 2901 { + action accept + description FWC6301_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC6301_1 + } + port 5555 + } + protocol udp + } + rule 2902 { + action accept + description VPN-13261-ANY-ALLOW-10.4.56.173 + destination { + group { + address-group DT_VPN-13261 + } + } + source { + address 10.4.56.173 + } + } + rule 2903 { + action accept + description VPN-13261-ANY-ALLOW-10.4.57.173 + destination { + group { + address-group DT_VPN-13261 + } + } + source { + address 10.4.57.173 + } + } + rule 2909 { + action accept + description VPN-24591-ANY-ALLOW-10.4.87.4 + destination { + group { + address-group DT_VPN-24591 + } + } + source { + address 10.4.87.4 + } + } + rule 2911 { + action accept + description FWE7180_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE7180_1 + } + port 40110-40210,8090 + } + protocol tcp + } + rule 2914 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.247 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.247 + } + } + rule 2915 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.129 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.129 + } + } + rule 2916 { + action accept + description FWCB29D_1-TCP-ALLOW-51.146.16.162 + destination { + group { + address-group DT_FWCB29D_1 + } + port 8447,8443,22 + } + protocol tcp + source { + address 51.146.16.162 + } + } + rule 2917 { + action accept + description FW4E399_1-TCP-ALLOW-51.155.19.77 + destination { + group { + address-group DT_FW4E399_1 + } + port 3306 + } + protocol tcp + source { + address 51.155.19.77 + } + } + rule 2919 { + action accept + description FWC72E5_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC72E5_1 + } + port 9000-9100,6667 + } + protocol tcp + } + rule 2922 { + action accept + description FW21A75_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW21A75_2 + } + port 3000 + } + protocol tcp + } + rule 2923 { + action accept + description FW3B068_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW3B068_2 + } + port 990,60000-65000 + } + protocol tcp + } + rule 2924 { + action accept + description FW48814_3-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW48814_3 + } + port 3306 + } + protocol tcp_udp + } + rule 2925 { + action accept + description FW48814_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW48814_3 + } + port 49152-65534 + } + protocol tcp + } + rule 2926 { + action accept + description FW2B279_4-TCP-ALLOW-178.128.39.210 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443 + } + protocol tcp + source { + address 178.128.39.210 + } + } + rule 2927 { + action accept + description FW2B279_4-TCP-ALLOW-82.165.232.19 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443 + } + protocol tcp + source { + address 82.165.232.19 + } + } + rule 2928 { + action accept + description FW2B279_4-TCP-ALLOW-84.64.186.31 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443 + } + protocol tcp + source { + address 84.64.186.31 + } + } + rule 2929 { + action accept + description FW1C8F2_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1C8F2_1 + } + port 5000-65000 + } + protocol udp + } + rule 2930 { + action accept + description FW2B279_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2B279_4 + } + port 49152-65535 + } + protocol tcp + } + rule 2931 { + action accept + description FW608FA_1-TCP-ALLOW-195.10.106.114 + destination { + group { + address-group DT_FW608FA_1 + } + port 22 + } + protocol tcp + source { + address 195.10.106.114 + } + } + rule 2932 { + action accept + description FW608FA_1-TCP-ALLOW-213.137.25.134 + destination { + group { + address-group DT_FW608FA_1 + } + port 22 + } + protocol tcp + source { + address 213.137.25.134 + } + } + rule 2933 { + action accept + description FW608FA_1-TCP-ALLOW-92.39.202.189 + destination { + group { + address-group DT_FW608FA_1 + } + port 22 + } + protocol tcp + source { + address 92.39.202.189 + } + } + rule 2935 { + action accept + description FWC37B9_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC37B9_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2936 { + action accept + description FW15C99_6-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW15C99_6 + } + port 32410-32414,1900 + } + protocol udp + } + rule 2937 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.244.146 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 116.206.244.146 + } + } + rule 2938 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.158 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.211.158 + } + } + rule 2939 { + action accept + description FW15C99_6-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW15C99_6 + } + port 32469,32400 + } + protocol tcp + } + rule 2940 { + action accept + description FW0192C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0192C_1 + } + port 2053 + } + protocol tcp + } + rule 2941 { + action accept + description FW27949_2-TCP-ALLOW-86.179.23.119 + destination { + group { + address-group DT_FW27949_2 + } + port 443,80 + } + protocol tcp + source { + address 86.179.23.119 + } + } + rule 2942 { + action accept + description FW27949_2-TCP-ALLOW-92.15.208.193 + destination { + group { + address-group DT_FW27949_2 + } + port 443,80 + } + protocol tcp + source { + address 92.15.208.193 + } + } + rule 2943 { + action accept + description VPN-34122-ANY-ALLOW-10.4.56.122 + destination { + group { + address-group DT_VPN-34122 + } + } + source { + address 10.4.56.122 + } + } + rule 2944 { + action accept + description VPN-34122-ANY-ALLOW-10.4.57.122 + destination { + group { + address-group DT_VPN-34122 + } + } + source { + address 10.4.57.122 + } + } + rule 2945 { + action accept + description FWF323F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF323F_1 + } + port 25565,9999,8080,5001,3306 + } + protocol tcp_udp + } + rule 2946 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.132 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.132 + } + } + rule 2948 { + action accept + description VPN-30261-ANY-ALLOW-10.4.86.110 + destination { + group { + address-group DT_VPN-30261 + } + } + source { + address 10.4.86.110 + } + } + rule 2949 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.246 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.246 + } + } + rule 2951 { + action accept + description FWC2D30_1-TCP-ALLOW-157.231.100.222 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 157.231.100.222 + } + } + rule 2952 { + action accept + description FWC2D30_1-TCP-ALLOW-164.39.131.31 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 164.39.131.31 + } + } + rule 2953 { + action accept + description FWC2D30_1-TCP-ALLOW-185.199.108.0_22 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 185.199.108.0/22 + } + } + rule 2954 { + action accept + description FWC2D30_1-TCP-ALLOW-192.30.252.0_22 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 192.30.252.0/22 + } + } + rule 2955 { + action accept + description FWC2D30_1-TCP-ALLOW-80.252.78.202 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 80.252.78.202 + } + } + rule 2956 { + action accept + description FWC2D30_1-TCP-ALLOW-86.15.158.234 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 86.15.158.234 + } + } + rule 2957 { + action accept + description VPN-30261-ANY-ALLOW-10.4.87.110 + destination { + group { + address-group DT_VPN-30261 + } + } + source { + address 10.4.87.110 + } + } + rule 2958 { + action accept + description VPN-30262-ANY-ALLOW-10.4.88.36 + destination { + group { + address-group DT_VPN-30262 + } + } + source { + address 10.4.88.36 + } + } + rule 2961 { + action accept + description VPN-15950-ANY-ALLOW-10.4.88.89 + destination { + group { + address-group DT_VPN-15950 + } + } + source { + address 10.4.88.89 + } + } + rule 2962 { + action accept + description FWBFDED_1-TCP-ALLOW-78.141.24.164 + destination { + group { + address-group DT_FWBFDED_1 + } + port 3389 + } + protocol tcp + source { + address 78.141.24.164 + } + } + rule 2963 { + action accept + description VPN-30262-ANY-ALLOW-10.4.89.36 + destination { + group { + address-group DT_VPN-30262 + } + } + source { + address 10.4.89.36 + } + } + rule 2964 { + action accept + description FW1F126_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1F126_1 + } + port 2087,2083 + } + protocol tcp + } + rule 2965 { + action accept + description FWA7A50_1-ANY-ALLOW-40.120.53.80 + destination { + group { + address-group DT_FWA7A50_1 + } + } + source { + address 40.120.53.80 + } + } + rule 2967 { + action accept + description VPN-23729-ANY-ALLOW-10.4.54.10 + destination { + group { + address-group DT_VPN-23729 + } + } + source { + address 10.4.54.10 + } + } + rule 2968 { + action accept + description VPN-23729-ANY-ALLOW-10.4.55.10 + destination { + group { + address-group DT_VPN-23729 + } + } + source { + address 10.4.55.10 + } + } + rule 2969 { + action accept + description VPN-23733-ANY-ALLOW-10.4.58.12 + destination { + group { + address-group DT_VPN-23733 + } + } + source { + address 10.4.58.12 + } + } + rule 2970 { + action accept + description VPN-23733-ANY-ALLOW-10.4.59.12 + destination { + group { + address-group DT_VPN-23733 + } + } + source { + address 10.4.59.12 + } + } + rule 2971 { + action accept + description VPN-23734-ANY-ALLOW-10.4.56.29 + destination { + group { + address-group DT_VPN-23734 + } + } + source { + address 10.4.56.29 + } + } + rule 2972 { + action accept + description VPN-23734-ANY-ALLOW-10.4.57.29 + destination { + group { + address-group DT_VPN-23734 + } + } + source { + address 10.4.57.29 + } + } + rule 2975 { + action accept + description VPN-23738-ANY-ALLOW-10.4.57.13 + destination { + group { + address-group DT_VPN-23738 + } + } + source { + address 10.4.57.13 + } + } + rule 2976 { + action accept + description FWD8DD1_2-TCP-ALLOW-77.153.164.226 + destination { + group { + address-group DT_FWD8DD1_2 + } + port 3306,22 + } + protocol tcp + source { + address 77.153.164.226 + } + } + rule 2977 { + action accept + description FWE012D_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE012D_1 + } + port 143,25 + } + protocol tcp_udp + } + rule 2978 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.120.196 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.120.196 + } + } + rule 2981 { + action accept + description FW24AB7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW24AB7_1 + } + port 40110-40210 + } + protocol tcp_udp + } + rule 2985 { + action accept + description FW2379F_14-TCP-ALLOW-194.72.140.178 + destination { + group { + address-group DT_FW2379F_14 + } + port 3389,21 + } + protocol tcp + source { + address 194.72.140.178 + } + } + rule 2986 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.97 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.97 + } + } + rule 2988 { + action accept + description FW883EB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW883EB_1 + } + port 5005,5004,5003,5002,5001 + } + protocol tcp + } + rule 2992 { + action accept + description FW310C6_3-ANY-ALLOW-62.30.207.232 + destination { + group { + address-group DT_FW310C6_3 + } + } + source { + address 62.30.207.232 + } + } + rule 2993 { + action accept + description VPN-15950-ANY-ALLOW-10.4.89.89 + destination { + group { + address-group DT_VPN-15950 + } + } + source { + address 10.4.89.89 + } + } + rule 2994 { + action accept + description VPN-15960-ANY-ALLOW-10.4.88.90 + destination { + group { + address-group DT_VPN-15960 + } + } + source { + address 10.4.88.90 + } + } + rule 2995 { + action accept + description FWEF92E_7-UDP-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_7 + } + port 500 + } + protocol udp + source { + address 77.68.77.57 + } + } + rule 2996 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.135 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.135 + } + } + rule 2998 { + action accept + description VPN-31002-ANY-ALLOW-10.4.88.126 + destination { + group { + address-group DT_VPN-31002 + } + } + source { + address 10.4.88.126 + } + } + rule 2999 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.110 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 116.206.246.110 + } + } + rule 3000 { + action accept + description FW08061_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW08061_1 + } + port 49152-65535 + } + protocol tcp + } + rule 3001 { + action accept + description VPN-15960-ANY-ALLOW-10.4.89.90 + destination { + group { + address-group DT_VPN-15960 + } + } + source { + address 10.4.89.90 + } + } + rule 3003 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.56 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.56 + } + } + rule 3004 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.47.47 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 175.157.47.47 + } + } + rule 3005 { + action accept + description FW10C3D_19-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW10C3D_19 + } + port 49152-65535,14147 + } + protocol tcp + } + rule 3006 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.136 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.136 + } + } + rule 3009 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.44.109 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.44.109 + } + } + rule 3010 { + action accept + description VPN-24592-ANY-ALLOW-10.4.88.9 + destination { + group { + address-group DT_VPN-24592 + } + } + source { + address 10.4.88.9 + } + } + rule 3011 { + action accept + description FW05AD0_2-TCP-ALLOW-213.171.209.161 + destination { + group { + address-group DT_FW05AD0_2 + } + port 3389,1433,21 + } + protocol tcp + source { + address 213.171.209.161 + } + } + rule 3012 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.86.254 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.86.254 + } + } + rule 3014 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.16 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.16 + } + } + rule 3018 { + action accept + description VPN-24592-ANY-ALLOW-10.4.89.9 + destination { + group { + address-group DT_VPN-24592 + } + } + source { + address 10.4.89.9 + } + } + rule 3019 { + action accept + description VPN-24593-ANY-ALLOW-10.4.54.6 + destination { + group { + address-group DT_VPN-24593 + } + } + source { + address 10.4.54.6 + } + } + rule 3020 { + action accept + description VPN-24593-ANY-ALLOW-10.4.55.6 + destination { + group { + address-group DT_VPN-24593 + } + } + source { + address 10.4.55.6 + } + } + rule 3021 { + action accept + description VPN-24594-ANY-ALLOW-10.4.58.6 + destination { + group { + address-group DT_VPN-24594 + } + } + source { + address 10.4.58.6 + } + } + rule 3022 { + action accept + description VPN-24594-ANY-ALLOW-10.4.59.6 + destination { + group { + address-group DT_VPN-24594 + } + } + source { + address 10.4.59.6 + } + } + rule 3023 { + action accept + description VPN-24595-ANY-ALLOW-10.4.56.14 + destination { + group { + address-group DT_VPN-24595 + } + } + source { + address 10.4.56.14 + } + } + rule 3024 { + action accept + description VPN-24595-ANY-ALLOW-10.4.57.14 + destination { + group { + address-group DT_VPN-24595 + } + } + source { + address 10.4.57.14 + } + } + rule 3025 { + action accept + description VPN-32528-ANY-ALLOW-10.4.58.67 + destination { + group { + address-group DT_VPN-32528 + } + } + source { + address 10.4.58.67 + } + } + rule 3026 { + action accept + description VPN-32528-ANY-ALLOW-10.4.59.67 + destination { + group { + address-group DT_VPN-32528 + } + } + source { + address 10.4.59.67 + } + } + rule 3027 { + action accept + description FW6187E_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6187E_1 + } + port 51195 + } + protocol udp + } + rule 3028 { + action accept + description FW406AB_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW406AB_1 + } + port 37013,25461,8881,8080,2095,2082,1992 + } + protocol tcp_udp + } + rule 3029 { + action accept + description FWA86A4_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA86A4_1 + } + port 30333,5666 + } + protocol tcp + } + rule 3032 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.52 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.52 + } + } + rule 3033 { + action accept + description FWC055A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC055A_1 + } + port 2195 + } + protocol tcp + } + rule 3035 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.81 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.81 + } + } + rule 3039 { + action accept + description FW42BC7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW42BC7_1 + } + port 53 + } + protocol tcp_udp + } + rule 3040 { + action accept + description FW42BC7_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW42BC7_1 + } + port 49152-65535 + } + protocol tcp + } + rule 3041 { + action accept + description FW310C6_3-ANY-ALLOW-88.208.198.39 + destination { + group { + address-group DT_FW310C6_3 + } + } + source { + address 88.208.198.39 + } + } + rule 3042 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.235 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.235 + } + } + rule 3043 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.205 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.212.205 + } + } + rule 3044 { + action accept + description FWBE878_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWBE878_1 + } + port 8989,5003,3000 + } + protocol tcp_udp + } + rule 3045 { + action accept + description VPN-30679-ANY-ALLOW-10.4.58.195 + destination { + group { + address-group DT_VPN-30679 + } + } + source { + address 10.4.58.195 + } + } + rule 3046 { + action accept + description FW6B9B9_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6B9B9_1 + } + port 30006-65000,27017,7101,4200,2990-3009 + } + protocol tcp + } + rule 3047 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.212 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.212 + } + } + rule 3049 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.125.4 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 123.231.125.4 + } + } + rule 3050 { + action accept + description FW49C3D_4-TCP-ALLOW-83.100.136.74 + destination { + group { + address-group DT_FW49C3D_4 + } + port 3389,445 + } + protocol tcp + source { + address 83.100.136.74 + } + } + rule 3051 { + action accept + description FW49C3D_6-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FW49C3D_6 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 3053 { + action accept + description FW89619_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW89619_1 + } + port 9000-10999 + } + protocol udp + } + rule 3054 { + action accept + description FWBD9D0_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBD9D0_1 + } + port 9090 + } + protocol tcp + } + rule 3055 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.47.236 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 175.157.47.236 + } + } + rule 3056 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.226 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.46.226 + } + } + rule 3058 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.205 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.211.205 + } + } + rule 3060 { + action accept + description FWF7B68_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF7B68_1 + } + port 49152-65535 + } + protocol tcp + } + rule 3061 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.253 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.253 + } + } + rule 3063 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.0 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.210.0 + } + } + rule 3065 { + action accept + description FW85619_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW85619_1 + } + port 6433 + } + protocol tcp + } + rule 3066 { + action accept + description FW5A5D7_3-TCP-ALLOW-188.66.79.94 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 8172,3389 + } + protocol tcp + source { + address 188.66.79.94 + } + } + rule 3067 { + action accept + description FWF30BD_1-TCP-ALLOW-81.133.80.114 + destination { + group { + address-group DT_FWF30BD_1 + } + port 22 + } + protocol tcp + source { + address 81.133.80.114 + } + } + rule 3068 { + action accept + description FWF30BD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF30BD_1 + } + port 5061,5015,5001 + } + protocol tcp + } + rule 3069 { + action accept + description FWBD9D0_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWBD9D0_1 + } + port 51820 + } + protocol udp + } + rule 3070 { + action accept + description FW7C4D9_14-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW7C4D9_14 + } + port 25565,2456-2458 + } + protocol tcp_udp + } + rule 3071 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.23 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.23 + } + } + rule 3072 { + action accept + description FWEEC75_1-TCP-ALLOW-81.96.100.32 + destination { + group { + address-group DT_FWEEC75_1 + } + port 8447 + } + protocol tcp + source { + address 81.96.100.32 + } + } + rule 3073 { + action accept + description FW8A3FC_3-TCP-ALLOW-95.168.164.208 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 95.168.164.208 + } + } + rule 3074 { + action accept + description VPN-19992-ANY-ALLOW-10.4.86.158 + destination { + group { + address-group DT_VPN-19992 + } + } + source { + address 10.4.86.158 + } + } + rule 3075 { + action accept + description FWF30BD_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF30BD_1 + } + port 5090,5060 + } + protocol tcp_udp + } + rule 3076 { + action accept + description VPN-30679-ANY-ALLOW-10.4.59.195 + destination { + group { + address-group DT_VPN-30679 + } + } + source { + address 10.4.59.195 + } + } + rule 3077 { + action accept + description FW930F3_3-ANY-ALLOW-77.68.112.254 + destination { + group { + address-group DT_FW930F3_3 + } + } + source { + address 77.68.112.254 + } + } + rule 3078 { + action accept + description FW672AB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW672AB_1 + } + port 5432 + } + protocol tcp + } + rule 3079 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.252 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.211.252 + } + } + rule 3080 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.86.192 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.86.192 + } + } + rule 3081 { + action accept + description VPN-33204-ANY-ALLOW-10.4.56.176 + destination { + group { + address-group DT_VPN-33204 + } + } + source { + address 10.4.56.176 + } + } + rule 3083 { + action accept + description FW1FA8E_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1FA8E_1 + } + port 33434 + } + protocol udp + } + rule 3084 { + action accept + description FWD2440_1-ESP-ALLOW-ANY + destination { + group { + address-group DT_FWD2440_1 + } + } + protocol esp + } + rule 3085 { + action accept + description FWA0531_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA0531_1 + } + port 53 + } + protocol tcp_udp + } + rule 3090 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.70 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.70 + } + } + rule 3091 { + action accept + description FWF7BFA_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF7BFA_1 + } + port 8000,5901,5479,5478 + } + protocol tcp + } + rule 3092 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.212 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.212 + } + } + rule 3094 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.125 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.212.125 + } + } + rule 3096 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.89 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.89 + } + } + rule 3097 { + action accept + description FWD56A2_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD56A2_1 + } + port 8001,8000 + } + protocol tcp + } + rule 3098 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.109 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.109 + } + } + rule 3099 { + action accept + description FW36425_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW36425_1 + } + port 44445,7770-7800 + } + protocol tcp + } + rule 3100 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.238 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.238 + } + } + rule 3102 { + action accept + description FW6B39D_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6B39D_1 + } + port 49216,49215 + } + protocol tcp_udp + } + rule 3103 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.121 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.121 + } + } + rule 3105 { + action accept + description FW2379F_14-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2379F_14 + } + port 443 + } + protocol tcp_udp + } + rule 3107 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.38 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.38 + } + } + rule 3109 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.191 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.191 + } + } + rule 3111 { + action accept + description FW27947_1-TCP-ALLOW-213.229.100.148 + destination { + group { + address-group DT_FW27947_1 + } + port 3306 + } + protocol tcp + source { + address 213.229.100.148 + } + } + rule 3112 { + action accept + description FWD42CF_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD42CF_1 + } + port 5432,5001,5000 + } + protocol tcp + } + rule 3114 { + action accept + description FW3A12F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW3A12F_1 + } + port 53 + } + protocol tcp_udp + } + rule 3116 { + action accept + description FW5A5D7_3-TCP-ALLOW-194.62.184.87 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 3389 + } + protocol tcp + source { + address 194.62.184.87 + } + } + rule 3117 { + action accept + description FW5A5D7_3-TCP-ALLOW-51.219.31.78 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 8172,3389 + } + protocol tcp + source { + address 51.219.31.78 + } + } + rule 3118 { + action accept + description VPN-26157-ANY-ALLOW-10.4.86.57 + destination { + group { + address-group DT_VPN-26157 + } + } + source { + address 10.4.86.57 + } + } + rule 3119 { + action accept + description VPN-26157-ANY-ALLOW-10.4.87.57 + destination { + group { + address-group DT_VPN-26157 + } + } + source { + address 10.4.87.57 + } + } + rule 3120 { + action accept + description FWA7625_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA7625_1 + } + port 943 + } + protocol tcp + } + rule 3121 { + action accept + description FWC96A1_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC96A1_1 + } + port 1194 + } + protocol udp + } + rule 3122 { + action accept + description FWA7625_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA7625_1 + } + port 1194 + } + protocol udp + } + rule 3123 { + action accept + description FWA7625_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA7625_1 + } + port 32400,10108 + } + protocol tcp_udp + } + rule 3125 { + action accept + description FW8A3FC_3-TCP-ALLOW-185.173.161.154 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 185.173.161.154 + } + } + rule 3127 { + action accept + description FW05339_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW05339_1 + } + port 46961 + } + protocol udp + } + rule 3130 { + action accept + description FWA0AA0_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA0AA0_1 + } + port 1194 + } + protocol udp + } + rule 3132 { + action accept + description FWD8DD1_2-TCP_UDP-ALLOW-77.153.164.226 + destination { + group { + address-group DT_FWD8DD1_2 + } + port 443,80 + } + protocol tcp_udp + source { + address 77.153.164.226 + } + } + rule 3134 { + action accept + description FW19987_4-TCP-ALLOW-87.224.6.174 + destination { + group { + address-group DT_FW19987_4 + } + port 3389,445,443 + } + protocol tcp + source { + address 87.224.6.174 + } + } + rule 3135 { + action accept + description FW40AE4_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW40AE4_1 + } + port 53 + } + protocol tcp_udp + } + rule 3136 { + action accept + description VPN-33204-ANY-ALLOW-10.4.57.176 + destination { + group { + address-group DT_VPN-33204 + } + } + source { + address 10.4.57.176 + } + } + rule 3137 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-86.132.125.4 + destination { + group { + address-group DT_FWF3A1B_1 + } + port 2222 + } + protocol tcp_udp + source { + address 86.132.125.4 + } + } + rule 3138 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-91.205.173.51 + destination { + group { + address-group DT_FWF3A1B_1 + } + port 2222 + } + protocol tcp_udp + source { + address 91.205.173.51 + } + } + rule 3143 { + action accept + description FWA86ED_101-TCP-ALLOW-109.149.121.73 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 109.149.121.73 + } + } + rule 3144 { + action accept + description FWA0AA0_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA0AA0_1 + } + port 28083,28015-28016,1935 + } + protocol tcp_udp + } + rule 3146 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-92.233.27.144 + destination { + group { + address-group DT_FWF3A1B_1 + } + port 2222 + } + protocol tcp_udp + source { + address 92.233.27.144 + } + } + rule 3148 { + action accept + description FWA86ED_101-TCP-ALLOW-151.228.194.190 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 151.228.194.190 + } + } + rule 3149 { + action accept + description FW9B6FB_1-ICMP-ALLOW-77.68.89.115_32 + destination { + group { + address-group DT_FW9B6FB_1 + } + } + protocol icmp + source { + address 77.68.89.115/32 + } + } + rule 3153 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.199 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.199 + } + } + rule 3155 { + action accept + description FW45F3D_1-ANY-ALLOW-195.224.110.168 + destination { + group { + address-group DT_FW45F3D_1 + } + } + source { + address 195.224.110.168 + } + } + rule 3156 { + action accept + description FWF8E67_1-TCP-ALLOW-82.14.188.35 + destination { + group { + address-group DT_FWF8E67_1 + } + port 22 + } + protocol tcp + source { + address 82.14.188.35 + } + } + rule 3157 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.58 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.58 + } + } + rule 3158 { + action accept + description VPN-19992-ANY-ALLOW-10.4.87.158 + destination { + group { + address-group DT_VPN-19992 + } + } + source { + address 10.4.87.158 + } + } + rule 3159 { + action accept + description FWA86ED_101-TCP-ALLOW-5.66.24.185 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 5.66.24.185 + } + } + rule 3160 { + action accept + description FWF8E67_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF8E67_1 + } + port 3001 + } + protocol tcp + } + rule 3161 { + action accept + description FWD2440_1-AH-ALLOW-ANY + destination { + group { + address-group DT_FWD2440_1 + } + } + protocol ah + } + rule 3166 { + action accept + description FW3EBC8_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW3EBC8_1 + } + port 9001-9900,9000 + } + protocol tcp + } + rule 3167 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.244 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.244 + } + } + rule 3168 { + action accept + description FWA0531_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA0531_1 + } + port 3000 + } + protocol tcp + } + rule 3170 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.137 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.137 + } + } + rule 3173 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.104 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.104 + } + } + rule 3176 { + action accept + description FW6906B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6906B_1 + } + port 4190 + } + protocol tcp + } + rule 3177 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.230 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 116.206.246.230 + } + } + rule 3178 { + action accept + description FW444AF_1-TCP-ALLOW-91.135.10.140 + destination { + group { + address-group DT_FW444AF_1 + } + port 27017 + } + protocol tcp + source { + address 91.135.10.140 + } + } + rule 3180 { + action accept + description FWA86ED_101-TCP-ALLOW-81.150.13.34 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 81.150.13.34 + } + } + rule 3181 { + action accept + description FWA86ED_101-TCP-ALLOW-82.10.14.73 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 82.10.14.73 + } + } + rule 3183 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.25 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.25 + } + } + rule 3184 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.224 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.224 + } + } + rule 3185 { + action accept + description FW9B6FB_1-TCP-ALLOW-77.68.89.115_32 + destination { + group { + address-group DT_FW9B6FB_1 + } + port 10050 + } + protocol tcp + source { + address 77.68.89.115/32 + } + } + rule 3186 { + action accept + description VPN-14673-ANY-ALLOW-10.4.89.44 + destination { + group { + address-group DT_VPN-14673 + } + } + source { + address 10.4.89.44 + } + } + rule 3187 { + action accept + description FWCA628_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWCA628_1 + } + port 2096,2095,2087,2086,2083,2082 + } + protocol tcp + } + rule 3189 { + action accept + description VPN-28484-ANY-ALLOW-10.4.58.159 + destination { + group { + address-group DT_VPN-28484 + } + } + source { + address 10.4.58.159 + } + } + rule 3190 { + action accept + description FW028C0_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW028C0_2 + } + port 44491-44498,44474 + } + protocol tcp + } + rule 3191 { + action accept + description VPN-28484-ANY-ALLOW-10.4.59.159 + destination { + group { + address-group DT_VPN-28484 + } + } + source { + address 10.4.59.159 + } + } + rule 3192 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.119 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.119 + } + } + rule 3194 { + action accept + description FWF699D_4-TCP-ALLOW-195.74.108.130 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 195.74.108.130 + } + } + rule 3195 { + action accept + description FWF699D_4-TCP-ALLOW-31.54.149.143 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 31.54.149.143 + } + } + rule 3196 { + action accept + description FWF699D_4-TCP-ALLOW-35.204.243.120 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 35.204.243.120 + } + } + rule 3197 { + action accept + description FWF699D_4-TCP-ALLOW-81.150.55.65 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 81.150.55.65 + } + } + rule 3198 { + action accept + description FWF699D_4-TCP-ALLOW-81.150.55.70 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 81.150.55.70 + } + } + rule 3199 { + action accept + description FWF699D_4-TCP-ALLOW-86.142.112.4 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 86.142.112.4 + } + } + rule 3200 { + action accept + description FWF699D_4-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF699D_4 + } + port 8983 + } + protocol tcp_udp + } + rule 3201 { + action accept + description FWF699D_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF699D_4 + } + port 11009,10009 + } + protocol tcp + } + rule 3202 { + action accept + description VPN-2661-ANY-ALLOW-10.4.54.24 + destination { + group { + address-group DT_VPN-2661 + } + } + source { + address 10.4.54.24 + } + } + rule 3203 { + action accept + description VPN-2661-ANY-ALLOW-10.4.55.24 + destination { + group { + address-group DT_VPN-2661 + } + } + source { + address 10.4.55.24 + } + } + rule 3204 { + action accept + description VPN-9727-ANY-ALLOW-10.4.54.118 + destination { + group { + address-group DT_VPN-9727 + } + } + source { + address 10.4.54.118 + } + } + rule 3205 { + action accept + description VPN-9727-ANY-ALLOW-10.4.55.119 + destination { + group { + address-group DT_VPN-9727 + } + } + source { + address 10.4.55.119 + } + } + rule 3207 { + action accept + description FWF0221_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF0221_1 + } + port 65000,8099,8080 + } + protocol tcp_udp + } + rule 3208 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.180 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.180 + } + } + rule 3209 { + action accept + description FWA86ED_101-TCP-ALLOW-82.5.189.5 + destination { + group { + address-group DT_FWA86ED_101 + } + port 443 + } + protocol tcp + source { + address 82.5.189.5 + } + } + rule 3210 { + action accept + description FW60FD6_5-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW60FD6_5 + } + port 1194 + } + protocol udp + } + rule 3211 { + action accept + description FW60FD6_5-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW60FD6_5 + } + port 9500,9191,9090,8090,2222 + } + protocol tcp + } + rule 3212 { + action accept + description FWA86ED_101-TCP-ALLOW-84.65.217.114 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 84.65.217.114 + } + } + rule 3213 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.43.21 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.43.21 + } + } + rule 3214 { + action accept + description FW45F3D_1-ANY-ALLOW-77.68.126.251 + destination { + group { + address-group DT_FW45F3D_1 + } + } + source { + address 77.68.126.251 + } + } + rule 3215 { + action accept + description FWA86ED_101-TCP-ALLOW-86.14.23.23 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 86.14.23.23 + } + } + rule 3217 { + action accept + description FW85E02_11-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW85E02_11 + } + port 9000-10999 + } + protocol udp + } + rule 3218 { + action accept + description FW5D0FA_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW5D0FA_1 + } + port 53 + } + protocol tcp_udp + } + rule 3222 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.141 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.141 + } + } + rule 3223 { + action accept + description FWCDD8B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWCDD8B_1 + } + port 2222 + } + protocol tcp + } + rule 3224 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.185 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.185 + } + } + rule 3225 { + action accept + description FW06940_3-TCP_UDP-ALLOW-213.171.210.153 + destination { + group { + address-group DT_FW06940_3 + } + port 1-65535 + } + protocol tcp_udp + source { + address 213.171.210.153 + } + } + rule 3226 { + action accept + description FW06940_3-TCP_UDP-ALLOW-70.29.113.102 + destination { + group { + address-group DT_FW06940_3 + } + port 1-65535 + } + protocol tcp_udp + source { + address 70.29.113.102 + } + } + rule 3227 { + action accept + description FWC32BE_1-ANY-ALLOW-3.127.0.177 + destination { + group { + address-group DT_FWC32BE_1 + } + } + source { + address 3.127.0.177 + } + } + rule 3228 { + action accept + description FWA86ED_101-TCP-ALLOW-93.115.195.58 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 93.115.195.58 + } + } + rule 3229 { + action accept + description FWE32F2_8-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE32F2_8 + } + port 40120,30120,30110 + } + protocol tcp + } + rule 3230 { + action accept + description VPN-28515-ANY-ALLOW-10.4.56.162 + destination { + group { + address-group DT_VPN-28515 + } + } + source { + address 10.4.56.162 + } + } + rule 3231 { + action accept + description FW06940_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW06940_3 + } + port 30000-30400,8443-8447,445,80-110,21-25 + } + protocol tcp + } + rule 3232 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.134 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.211.134 + } + } + rule 3236 { + action accept + description VPN-28515-ANY-ALLOW-10.4.57.162 + destination { + group { + address-group DT_VPN-28515 + } + } + source { + address 10.4.57.162 + } + } + rule 3237 { + action accept + description FWF4063_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF4063_1 + } + port 3000 + } + protocol tcp + } + rule 3240 { + action accept + description FW06940_3-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW06940_3 + } + port 49152-65535,6379,5666,5432-5454 + } + protocol tcp_udp + } + rule 3242 { + action accept + description FW2E8D4_1-TCP-ALLOW-63.35.92.185 + destination { + group { + address-group DT_FW2E8D4_1 + } + port 3389 + } + protocol tcp + source { + address 63.35.92.185 + } + } + rule 3244 { + action accept + description FWF30BD_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF30BD_1 + } + port 9000-10999 + } + protocol udp + } + rule 3245 { + action accept + description FWE30A1_4-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE30A1_4 + } + port 65057 + } + protocol tcp_udp + } + rule 3246 { + action accept + description VPN-26772-ANY-ALLOW-10.4.54.123 + destination { + group { + address-group DT_VPN-26772 + } + } + source { + address 10.4.54.123 + } + } + rule 3249 { + action accept + description FW56496_1-ANY-ALLOW-77.68.82.49 + destination { + group { + address-group DT_FW56496_1 + } + } + source { + address 77.68.82.49 + } + } + rule 3251 { + action accept + description FWDA443_6-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDA443_6 + } + port 30175,12050 + } + protocol tcp + } + rule 3253 { + action accept + description FW5A521_3-TCP-ALLOW-88.98.75.17 + destination { + group { + address-group DT_FW5A521_3 + } + port 22 + } + protocol tcp + source { + address 88.98.75.17 + } + } + rule 3254 { + action accept + description FW5A521_3-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW5A521_3 + } + port 161-162 + } + protocol udp + } + rule 3255 { + action accept + description FW5A521_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5A521_3 + } + port 5900 + } + protocol tcp + } + rule 3259 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.178 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.214.178 + } + } + rule 3260 { + action accept + description VPN-26772-ANY-ALLOW-10.4.55.124 + destination { + group { + address-group DT_VPN-26772 + } + } + source { + address 10.4.55.124 + } + } + rule 3262 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.114 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.114 + } + } + rule 3272 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.30 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 116.206.246.30 + } + } + rule 3273 { + action accept + description FW2B4BA_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2B4BA_1 + } + port 30000-31000 + } + protocol tcp + } + rule 3284 { + action accept + description FW06940_3-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FW06940_3 + } + port 8443 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 3285 { + action accept + description FW0952B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0952B_1 + } + port 9030,9001 + } + protocol tcp + } + rule 3286 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.85.35 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.85.35 + } + } + rule 3290 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.232 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.232 + } + } + rule 3294 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.21 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.21 + } + } + rule 3295 { + action accept + description FW0EA3F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0EA3F_1 + } + port 1-65535 + } + protocol tcp_udp + } + rule 3296 { + action accept + description FW9D5C7_1-TCP-ALLOW-209.97.176.108 + destination { + group { + address-group DT_FW9D5C7_1 + } + port 8447,8443,22 + } + protocol tcp + source { + address 209.97.176.108 + } + } + rule 3297 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.188 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.188 + } + } + rule 3298 { + action accept + description FW9D5C7_1-TCP-ALLOW-165.227.231.227 + destination { + group { + address-group DT_FW9D5C7_1 + } + port 9117,9113,9104,9100 + } + protocol tcp + source { + address 165.227.231.227 + } + } + rule 3299 { + action accept + description FW4DB0A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4DB0A_1 + } + port 953 + } + protocol tcp + } + rule 3300 { + action accept + description FW4DB0A_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW4DB0A_1 + } + port 953 + } + protocol udp + } + rule 3301 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.91 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.91 + } + } + rule 3303 { + action accept + description FW56496_1-TCP-ALLOW-176.255.93.149 + destination { + group { + address-group DT_FW56496_1 + } + port 3389 + } + protocol tcp + source { + address 176.255.93.149 + } + } + rule 3304 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.79 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.79 + } + } + rule 3305 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.43 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.43 + } + } + rule 3306 { + action accept + description FW310C6_3-ANY-ALLOW-88.208.198.40 + destination { + group { + address-group DT_FW310C6_3 + } + } + source { + address 88.208.198.40 + } + } + rule 3307 { + action accept + description FW597A6_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW597A6_1 + } + port 49152-65535,990 + } + protocol tcp + } + rule 3308 { + action accept + description FW597A6_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW597A6_1 + } + port 3306 + } + protocol tcp_udp + } + rule 3309 { + action accept + description FWBC280_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBC280_1 + } + port 49152-65535,20-21 + } + protocol tcp + } + rule 3310 { + action accept + description VPN-31301-ANY-ALLOW-10.4.87.223 + destination { + group { + address-group DT_VPN-31301 + } + } + source { + address 10.4.87.223 + } + } + rule 3311 { + action accept + description FW18E6E_3-TCP-ALLOW-148.253.173.243 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 148.253.173.243 + } + } + rule 3312 { + action accept + description FW9EEDD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW9EEDD_1 + } + port 990,197,20-23 + } + protocol tcp + } + rule 3313 { + action accept + description FW9EEDD_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW9EEDD_1 + } + port 49152-65535 + } + protocol tcp_udp + } + rule 3314 { + action accept + description VPN-31002-ANY-ALLOW-10.4.89.126 + destination { + group { + address-group DT_VPN-31002 + } + } + source { + address 10.4.89.126 + } + } + rule 3316 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.11 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.11 + } + } + rule 3317 { + action accept + description FW32EFF_49-TCP-ALLOW-195.59.191.128_25 + destination { + group { + address-group DT_FW32EFF_49 + } + port 5589 + } + protocol tcp + source { + address 195.59.191.128/25 + } + } + rule 3318 { + action accept + description FW32EFF_49-TCP-ALLOW-213.71.130.0_26 + destination { + group { + address-group DT_FW32EFF_49 + } + port 5589 + } + protocol tcp + source { + address 213.71.130.0/26 + } + } + rule 3319 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.88 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.88 + } + } + rule 3320 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.173 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.173 + } + } + rule 3321 { + action accept + description FW32EFF_49-TCP-ALLOW-84.19.45.82 + destination { + group { + address-group DT_FW32EFF_49 + } + port 5589 + } + protocol tcp + source { + address 84.19.45.82 + } + } + rule 3322 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.43.122 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.43.122 + } + } + rule 3323 { + action accept + description FWC1ACD_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC1ACD_1 + } + port 28061,28060,8080 + } + protocol tcp_udp + } + rule 3324 { + action accept + description FWA5D67_1-TCP_UDP-ALLOW-84.74.32.74 + destination { + group { + address-group DT_FWA5D67_1 + } + port 3389 + } + protocol tcp_udp + source { + address 84.74.32.74 + } + } + rule 3325 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.169 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.169 + } + } + rule 3326 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.89 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.89 + } + } + rule 3329 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.35 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.35 + } + } + rule 3330 { + action accept + description FWCE020_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWCE020_1 + } + port 48402 + } + protocol udp + } + rule 3333 { + action accept + description FWF3574_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF3574_1 + } + port 8060,445,139 + } + protocol tcp + } + rule 3334 { + action accept + description FWE6AB2_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE6AB2_1 + } + port 44158,945,943 + } + protocol tcp + } + rule 3335 { + action accept + description FWBFC02_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBFC02_1 + } + port 44158,945,943 + } + protocol tcp + } + rule 3336 { + action accept + description FWBFC02_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWBFC02_1 + } + port 1194 + } + protocol udp + } + rule 3337 { + action accept + description FWE6AB2_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE6AB2_1 + } + port 1194 + } + protocol udp + } + rule 3338 { + action accept + description FWBC8A6_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBC8A6_1 + } + port 44158,945,943 + } + protocol tcp + } + rule 3339 { + action accept + description FWBC8A6_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWBC8A6_1 + } + port 1194 + } + protocol udp + } + rule 3340 { + action accept + description FWA0AA0_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA0AA0_1 + } + port 2302 + } + protocol tcp + } + rule 3342 { + action accept + description FW56496_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW56496_1 + } + port 22 + } + protocol tcp_udp + } + rule 3343 { + action accept + description FW56496_1-TCP-ALLOW-157.231.178.162 + destination { + group { + address-group DT_FW56496_1 + } + port 21 + } + protocol tcp + source { + address 157.231.178.162 + } + } + rule 3344 { + action accept + description FW56496_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW56496_1 + } + port 2443,1022 + } + protocol tcp + } + rule 3345 { + action accept + description FW56496_1-TCP_UDP-ALLOW-46.16.211.142 + destination { + group { + address-group DT_FW56496_1 + } + port 3389,21 + } + protocol tcp_udp + source { + address 46.16.211.142 + } + } + rule 3347 { + action accept + description FW2379F_14-GRE-ALLOW-ANY + destination { + group { + address-group DT_FW2379F_14 + } + } + protocol gre + } + rule 3348 { + action accept + description FW0E383_9-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0E383_9 + } + port 52000 + } + protocol tcp + } + rule 3350 { + action accept + description FWB4438_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWB4438_2 + } + port 993-995,7 + } + protocol tcp + } + rule 3351 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-82.165.207.109 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 82.165.207.109 + } + } + rule 3352 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.77 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.77 + } + } + rule 3358 { + action accept + description FW46F4A_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW46F4A_1 + } + port 51820 + } + protocol udp + } + rule 3359 { + action accept + description FW53C72_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW53C72_1 + } + port 48402 + } + protocol udp + } + rule 3360 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.251 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.251 + } + } + rule 3362 { + action accept + description FWAA38E_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWAA38E_1 + } + port 1001-65535 + } + protocol tcp_udp + } + rule 3363 { + action accept + description FW138F8_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW138F8_1 + } + port 21,20 + } + protocol tcp_udp + } + rule 3364 { + action accept + description FW0BD92_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0BD92_3 + } + port 18081,18080 + } + protocol tcp + } + rule 3365 { + action accept + description FWFEF05_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWFEF05_1 + } + port 1935 + } + protocol tcp_udp + } + rule 3367 { + action accept + description FW26846_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW26846_1 + } + port 8000 + } + protocol tcp + } + rule 3368 { + action accept + description FWB4438_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWB4438_2 + } + port 53 + } + protocol tcp_udp + } + rule 3369 { + action accept + description FWA884B_5-TCP-ALLOW-51.146.16.162 + destination { + group { + address-group DT_FWA884B_5 + } + port 8447,8443,22 + } + protocol tcp + source { + address 51.146.16.162 + } + } + rule 3370 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.22 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.22 + } + } + rule 3371 { + action accept + description FWFDE34_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWFDE34_1 + } + port 18081,18080 + } + protocol tcp + } + rule 3373 { + action accept + description FWB6101_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWB6101_1 + } + port 2280 + } + protocol tcp + } + rule 3377 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.203 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.84.203 + } + } + rule 3378 { + action accept + description FW1D511_2-TCP-ALLOW-92.29.46.47 + destination { + group { + address-group DT_FW1D511_2 + } + port 9090 + } + protocol tcp + source { + address 92.29.46.47 + } + } + rule 3386 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.175 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.208.175 + } + } + rule 3387 { + action accept + description FW1ACD9_2-TCP-ALLOW-89.197.148.38 + destination { + group { + address-group DT_FW1ACD9_2 + } + port 5015,22 + } + protocol tcp + source { + address 89.197.148.38 + } + } + rule 3388 { + action accept + description FW1ACD9_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1ACD9_2 + } + port 9000-10999,5090,5060 + } + protocol udp + } + rule 3389 { + action accept + description FW1ACD9_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1ACD9_2 + } + port 5090,5060-5062 + } + protocol tcp + } + rule 3391 { + action accept + description FWA0B7F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA0B7F_1 + } + port 53 + } + protocol tcp_udp + } + rule 3392 { + action accept + description FW56335_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW56335_2 + } + port 18081,18080 + } + protocol tcp + } + rule 3395 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.90 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.212.90 + } + } + rule 3396 { + action accept + description FW4D3E6_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4D3E6_1 + } + port 18081,18080 + } + protocol tcp + } + rule 3397 { + action accept + description FWB118A_1-TCP-ALLOW-188.65.177.58 + destination { + group { + address-group DT_FWB118A_1 + } + port 49152-65534,8447,8443,22,21,20 + } + protocol tcp + source { + address 188.65.177.58 + } + } + rule 3398 { + action accept + description FWB118A_1-TCP-ALLOW-77.68.103.13 + destination { + group { + address-group DT_FWB118A_1 + } + port 49152-65534,8447,8443,22,21,20 + } + protocol tcp + source { + address 77.68.103.13 + } + } + rule 3399 { + action accept + description FWB118A_1-TCP-ALLOW-80.5.71.130 + destination { + group { + address-group DT_FWB118A_1 + } + port 49152-65534,8447,8443,22,21,20 + } + protocol tcp + source { + address 80.5.71.130 + } + } + rule 3402 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.205 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.205 + } + } + rule 3408 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.31 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.31 + } + } + rule 3409 { + action accept + description FW539FB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW539FB_1 + } + port 389 + } + protocol tcp + } + rule 3411 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.185 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.185 + } + } + rule 3415 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.245.124 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 116.206.245.124 + } + } + rule 3416 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.75 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.75 + } + } + rule 3417 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.34 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.214.34 + } + } + rule 3418 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.77.70 + } + } + rule 3419 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.92.33 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.92.33 + } + } + rule 3420 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.93.82 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.93.82 + } + } + rule 3421 { + action accept + description FWEF92E_5-UDP-ALLOW-88.208.198.93 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 88.208.198.93 + } + } + rule 3422 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.94 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.94 + } + } + rule 3424 { + action accept + description FW18E6E_3-TCP-ALLOW-148.253.173.244 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 148.253.173.244 + } + } + rule 3425 { + action accept + description FW18E6E_3-TCP-ALLOW-148.253.173.246 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 148.253.173.246 + } + } + rule 3426 { + action accept + description FW18E6E_3-TCP-ALLOW-195.97.222.122 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 195.97.222.122 + } + } + rule 3431 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.111 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.111 + } + } + rule 3432 { + action accept + description FW06940_3-TCP_UDP-ALLOW-74.208.41.119 + destination { + group { + address-group DT_FW06940_3 + } + port 1-65535 + } + protocol tcp_udp + source { + address 74.208.41.119 + } + } + rule 3438 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.252 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.252 + } + } + rule 3440 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.118 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.118 + } + } + rule 3442 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.15 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.15 + } + } + rule 3446 { + action accept + description FWC32BE_1-ANY-ALLOW-3.65.3.75 + destination { + group { + address-group DT_FWC32BE_1 + } + } + source { + address 3.65.3.75 + } + } + rule 3447 { + action accept + description FWC32BE_1-TCP-ALLOW-217.155.2.52 + destination { + group { + address-group DT_FWC32BE_1 + } + port 22 + } + protocol tcp + source { + address 217.155.2.52 + } + } + rule 3448 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.243 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.243 + } + } + rule 3449 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.117 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.214.117 + } + } + rule 3450 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.4 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.4 + } + } + rule 3452 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.177 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.177 + } + } + rule 3454 { + action accept + description FWD498E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD498E_1 + } + port 44158 + } + protocol tcp + } + rule 3455 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.147 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.147 + } + } + rule 8500 { + action drop + description "Deny traffic to any private address" + destination { + group { + network-group RFC1918 + } + } + source { + group { + address-group CLUSTER_ADDRESSES + } + } + } + rule 8510 { + action accept + description "Default allow rule" + destination { + group { + address-group !CLUSTER_ADDRESSES + } + } + source { + group { + address-group CLUSTER_ADDRESSES + } + } + } + } + name LOCAL-LAN { + default-action drop + rule 2 { + action accept + destination { + address 10.255.255.1 + } + protocol icmp + source { + group { + address-group CLUSTER_ADDRESSES + } + } + } + rule 4 { + action accept + destination { + group { + address-group LAN_ADDRESSES + } + } + source { + group { + address-group LAN_ADDRESSES + } + } + } + rule 10 { + action accept + description "Multicast para VRRP" + destination { + address 224.0.0.18 + } + source { + group { + address-group LAN_ADDRESSES + } + } + } + } + name LOCAL-SYNC { + default-action drop + rule 5 { + action accept + description "Permitir trafico sync entre nodos" + destination { + address 10.4.51.132/30 + } + source { + address 10.4.51.132/30 + } + } + } + name LOCAL-WAN { + default-action drop + description "External connections from VLAN2701 to this system" + rule 10 { + action accept + description "Allow intra-vlan connections" + destination { + address 109.228.63.128/25 + } + source { + address 109.228.63.128/25 + } + } + rule 20 { + action accept + description "Allow Arsys desktops to contact this system" + source { + group { + address-group MANAGEMENT_ADDRESSES + } + } + } + } + name WAN-INBOUND { + default-action drop + rule 10 { + action accept + description "Management from HN-ES" + source { + group { + address-group MANAGEMENT_ADDRESSES + } + } + } + rule 20 { + action accept + description "Connections from Load Balancer to Frontends - TCP Proxy" + destination { + group { + address-group CLUSTER_ADDRESSES + } + } + source { + group { + address-group NLB_ADDRESSES + } + } + } + rule 30 { + action accept + description "Allow external probes" + destination { + group { + address-group NAGIOS_PROBES + } + } + protocol icmp + } + rule 40 { + action accept + description "Allow Centreon servers traffic to VMs" + destination { + group { + address-group CLUSTER_ADDRESSES + } + } + source { + group { + address-group CENTREON_SERVERS + } + } + } + rule 50 { + action accept + description "Allow CMK to check dnscache servers - TCP" + destination { + group { + address-group DNSCACHE_SERVERS + } + port 22,53,6556 + } + protocol tcp + source { + group { + address-group CMK_SATELLITES + } + } + } + rule 65 { + action accept + description "Allow CMK to check dnscache servers - UDP" + destination { + group { + address-group DNSCACHE_SERVERS + } + port 53 + } + protocol udp + source { + group { + address-group CMK_SATELLITES + } + } + } + rule 70 { + action accept + description "Allow CMK to check dnscache servers - ICMP" + destination { + group { + address-group DNSCACHE_SERVERS + } + } + protocol icmp + source { + group { + address-group CMK_SATELLITES + } + } + } + rule 80 { + action accept + description "Allow CMK to check monitoring sensors - TCP" + destination { + group { + address-group NAGIOS_PROBES + } + port 6556 + } + protocol tcp + source { + group { + address-group CMK_SATELLITES + } + } + } + rule 90 { + action accept + description "Allow CMK to check monitoring sensors - ICMP" + destination { + group { + address-group NAGIOS_PROBES + } + } + protocol icmp + source { + group { + address-group CMK_SATELLITES + } + } + } + rule 2000 { + action accept + description "TOP port - SSH" + destination { + group { + address-group G-22-TCP + } + port ssh + } + protocol tcp + } + rule 2001 { + action accept + description "TOP port - RDESKTOP" + destination { + group { + address-group G-3389-TCP + } + port 3389 + } + protocol tcp + } + rule 2002 { + action accept + description "TOP port - HTTP" + destination { + group { + address-group G-80-TCP + } + port http + } + protocol tcp + } + rule 2003 { + action accept + description "TOP port - HTTPS" + destination { + group { + address-group G-443-TCP + } + port https + } + protocol tcp + } + rule 2004 { + action accept + description "TOP port - DOMAIN TCP" + destination { + group { + address-group G-53-TCP + } + port domain + } + protocol tcp + } + rule 2005 { + action accept + description "TOP port - DOMAIN UDP" + destination { + group { + address-group G-53-UDP + } + port domain + } + protocol udp + } + rule 2006 { + action accept + description "TOP port - SMTP" + destination { + group { + address-group G-25-TCP + } + port smtp + } + protocol tcp + } + rule 2007 { + action accept + description "TOP port - IMAP" + destination { + group { + address-group G-143-TCP + } + port imap2 + } + protocol tcp + } + rule 2008 { + action accept + description "TOP port - POP3" + destination { + group { + address-group G-110-TCP + } + port pop3 + } + protocol tcp + } + rule 2009 { + action accept + description "TOP port - MSSQL TCP" + destination { + group { + address-group G-1433-TCP + } + port ms-sql-s + } + protocol tcp + } + rule 2010 { + action accept + description "TOP port - MYSQL TCP" + destination { + group { + address-group G-3306-TCP + } + port mysql + } + protocol tcp + } + rule 2011 { + action accept + description "TOP port - FTPDATA" + destination { + group { + address-group G-20-TCP + } + port ftp-data + } + protocol tcp + } + rule 2012 { + action accept + description "TOP port - FTP" + destination { + group { + address-group G-21-TCP + } + port ftp + } + protocol tcp + } + rule 2013 { + action accept + description "TOP port - SSMTP" + destination { + group { + address-group G-465-TCP + } + port ssmtp + } + protocol tcp + } + rule 2014 { + action accept + description "TOP port - SMTPS" + destination { + group { + address-group G-587-TCP + } + port 587 + } + protocol tcp + } + rule 2015 { + action accept + description "TOP port - IMAPS" + destination { + group { + address-group G-993-TCP + } + port imaps + } + protocol tcp + } + rule 2016 { + action accept + description "TOP port - POP3S" + destination { + group { + address-group G-995-TCP + } + port pop3s + } + protocol tcp + } + rule 2017 { + action accept + description "TOP port - TOMCAT" + destination { + group { + address-group G-8080-TCP + } + port 8080 + } + protocol tcp + } + rule 2018 { + action accept + description "TOP port - Alternative HTTPS" + destination { + group { + address-group G-8443-TCP + } + port 8443 + } + protocol tcp + } + rule 2019 { + action accept + description "TOP port - 10000/TCP" + destination { + group { + address-group G-10000-TCP + } + port 10000 + } + protocol tcp + } + rule 2020 { + action accept + description "TOP port - 8447/TCP" + destination { + group { + address-group G-8447-TCP + } + port 8447 + } + protocol tcp + } + rule 2040 { + action accept + description "TOP port - All ports open" + destination { + group { + address-group G-ALL_OPEN + } + } + } + rule 2050 { + action accept + description "ICMP group" + destination { + group { + address-group G-ICMP + } + } + protocol icmp + } + rule 2100 { + action accept + description FW2BB8D_1-TCP-ALLOW-104.192.143.2 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 7999,22 + } + protocol tcp + source { + address 104.192.143.2 + } + } + rule 2101 { + action accept + description FW19987_4-TCP-ALLOW-77.68.74.54 + destination { + group { + address-group DT_FW19987_4 + } + port 443 + } + protocol tcp + source { + address 77.68.74.54 + } + } + rule 2102 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-109.72.210.46 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 109.72.210.46 + } + } + rule 2103 { + action accept + description FW5A77C_16-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FW5A77C_16 + } + port 22 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 2104 { + action accept + description FW826BA_3-TCP-ALLOW-164.177.156.192 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,1433,21 + } + protocol tcp + source { + address 164.177.156.192 + } + } + rule 2105 { + action accept + description FWDAA4F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDAA4F_1 + } + port 22335 + } + protocol tcp + } + rule 2106 { + action accept + description FW6D0CD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6D0CD_1 + } + port 6900,7000 + } + protocol tcp + } + rule 2107 { + action accept + description FW6D0CD_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6D0CD_1 + } + port 9001 + } + protocol tcp_udp + } + rule 2108 { + action accept + description FW06176_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW06176_1 + } + port 5900 + } + protocol tcp + } + rule 2109 { + action accept + description FW19987_4-TCP-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FW19987_4 + } + port 443 + } + protocol tcp + source { + address 77.68.77.70 + } + } + rule 2110 { + action accept + description FWF7B68_1-TCP-ALLOW-54.221.251.224 + destination { + group { + address-group DT_FWF7B68_1 + } + port 8443,3306,22,21,20 + } + protocol tcp + source { + address 54.221.251.224 + } + } + rule 2111 { + action accept + description FW05AD0_2-TCP-ALLOW-178.251.181.41 + destination { + group { + address-group DT_FW05AD0_2 + } + port 3389,1433,21 + } + protocol tcp + source { + address 178.251.181.41 + } + } + rule 2112 { + action accept + description FW05AD0_2-TCP-ALLOW-178.251.181.6 + destination { + group { + address-group DT_FW05AD0_2 + } + port 3389,1433,21 + } + protocol tcp + source { + address 178.251.181.6 + } + } + rule 2113 { + action accept + description VPN-7030-ANY-ALLOW-10.4.58.119 + destination { + group { + address-group DT_VPN-7030 + } + } + source { + address 10.4.58.119 + } + } + rule 2114 { + action accept + description FW58C69_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW58C69_4 + } + port 5666 + } + protocol tcp + } + rule 2115 { + action accept + description FW2BB8D_1-TCP-ALLOW-185.201.180.35 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000,22 + } + protocol tcp + source { + address 185.201.180.35 + } + } + rule 2116 { + action accept + description FW19987_4-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FW19987_4 + } + port 3389,445,443 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2117 { + action accept + description FW19987_4-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FW19987_4 + } + port 3389,445,443 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2118 { + action accept + description FW5658C_1-TCP-ALLOW-212.159.160.65 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443,3389,3306,22,21 + } + protocol tcp + source { + address 212.159.160.65 + } + } + rule 2119 { + action accept + description FW5658C_1-TCP-ALLOW-79.78.20.149 + destination { + group { + address-group DT_FW5658C_1 + } + port 8447,8443,3389,3306,993,143,22,21 + } + protocol tcp + source { + address 79.78.20.149 + } + } + rule 2120 { + action accept + description FW5658C_1-TCP-ALLOW-77.68.77.185 + destination { + group { + address-group DT_FW5658C_1 + } + port 3306 + } + protocol tcp + source { + address 77.68.77.185 + } + } + rule 2121 { + action accept + description FW5658C_1-TCP-ALLOW-82.165.232.19 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443,3389 + } + protocol tcp + source { + address 82.165.232.19 + } + } + rule 2122 { + action accept + description FW2C5AE_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2C5AE_1 + } + port 30303,5717 + } + protocol tcp_udp + } + rule 2123 { + action accept + description VPN-12899-ANY-ALLOW-10.4.58.207 + destination { + group { + address-group DT_VPN-12899 + } + } + source { + address 10.4.58.207 + } + } + rule 2124 { + action accept + description FW7648D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW7648D_1 + } + port 8501,8050,7801,4444,1443 + } + protocol tcp + } + rule 2125 { + action accept + description FW0C2E6_4-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0C2E6_4 + } + port 1194 + } + protocol udp + } + rule 2126 { + action accept + description FW5658C_1-TCP-ALLOW-39.37.175.132 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.37.175.132 + } + } + rule 2127 { + action accept + description FW826BA_3-TCP-ALLOW-165.255.242.223 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,1433,21 + } + protocol tcp + source { + address 165.255.242.223 + } + } + rule 2128 { + action accept + description VPN-10131-ANY-ALLOW-10.4.56.51 + destination { + group { + address-group DT_VPN-10131 + } + } + source { + address 10.4.56.51 + } + } + rule 2129 { + action accept + description FW2BB8D_1-TCP-ALLOW-212.227.84.142 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 22 + } + protocol tcp + source { + address 212.227.84.142 + } + } + rule 2130 { + action accept + description FW2BB8D_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2BB8D_1 + } + port 53 + } + protocol tcp_udp + } + rule 2131 { + action accept + description FWFDD94_15-TCP-ALLOW-90.29.180.234 + destination { + group { + address-group DT_FWFDD94_15 + } + port 5683,1883 + } + protocol tcp + source { + address 90.29.180.234 + } + } + rule 2132 { + action accept + description VPN-10131-ANY-ALLOW-10.4.57.51 + destination { + group { + address-group DT_VPN-10131 + } + } + source { + address 10.4.57.51 + } + } + rule 2133 { + action accept + description FW2BB8D_1-TCP-ALLOW-109.228.49.193 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 5000 + } + protocol tcp + source { + address 109.228.49.193 + } + } + rule 2134 { + action accept + description FW81138_1-ICMP-ALLOW-3.10.221.168 + destination { + group { + address-group DT_FW81138_1 + } + } + protocol icmp + source { + address 3.10.221.168 + } + } + rule 2135 { + action accept + description FWB28B6_5-AH-ALLOW-77.68.36.46 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol ah + source { + address 77.68.36.46 + } + } + rule 2136 { + action accept + description FWB28B6_5-ESP-ALLOW-77.68.36.46 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol esp + source { + address 77.68.36.46 + } + } + rule 2137 { + action accept + description FW825C8_24-TCP-ALLOW-77.68.87.201 + destination { + group { + address-group DT_FW825C8_24 + } + port 1433 + } + protocol tcp + source { + address 77.68.87.201 + } + } + rule 2138 { + action accept + description FWB28B6_5-AH-ALLOW-213.171.196.146 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol ah + source { + address 213.171.196.146 + } + } + rule 2139 { + action accept + description FWB28B6_5-ESP-ALLOW-213.171.196.146 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol esp + source { + address 213.171.196.146 + } + } + rule 2140 { + action accept + description FWB28B6_5-UDP-ALLOW-213.171.196.146 + destination { + group { + address-group DT_FWB28B6_5 + } + port 500,4500 + } + protocol udp + source { + address 213.171.196.146 + } + } + rule 2141 { + action accept + description FWB28B6_5-TCP_UDP-ALLOW-213.171.196.146 + destination { + group { + address-group DT_FWB28B6_5 + } + port 1701 + } + protocol tcp_udp + source { + address 213.171.196.146 + } + } + rule 2142 { + action accept + description FWB28B6_5-TCP_UDP-ALLOW-77.68.36.46 + destination { + group { + address-group DT_FWB28B6_5 + } + port 1701 + } + protocol tcp_udp + source { + address 77.68.36.46 + } + } + rule 2143 { + action accept + description FWB28B6_5-UDP-ALLOW-77.68.36.46 + destination { + group { + address-group DT_FWB28B6_5 + } + port 500,4500 + } + protocol udp + source { + address 77.68.36.46 + } + } + rule 2144 { + action accept + description VPN-12899-ANY-ALLOW-10.4.59.207 + destination { + group { + address-group DT_VPN-12899 + } + } + source { + address 10.4.59.207 + } + } + rule 2145 { + action accept + description FWB28B6_5-TCP-ALLOW-81.130.141.175 + destination { + group { + address-group DT_FWB28B6_5 + } + port 3389 + } + protocol tcp + source { + address 81.130.141.175 + } + } + rule 2146 { + action accept + description FWB28B6_5-UDP-ALLOW-77.68.38.195 + destination { + group { + address-group DT_FWB28B6_5 + } + port 4500,500 + } + protocol udp + source { + address 77.68.38.195 + } + } + rule 2147 { + action accept + description FWB28B6_5-AH-ALLOW-77.68.38.195 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol ah + source { + address 77.68.38.195 + } + } + rule 2148 { + action accept + description FWB28B6_5-ESP-ALLOW-77.68.38.195 + destination { + group { + address-group DT_FWB28B6_5 + } + } + protocol esp + source { + address 77.68.38.195 + } + } + rule 2149 { + action accept + description FWB28B6_5-TCP_UDP-ALLOW-77.68.38.195 + destination { + group { + address-group DT_FWB28B6_5 + } + port 1701 + } + protocol tcp_udp + source { + address 77.68.38.195 + } + } + rule 2150 { + action accept + description FW5658C_1-TCP-ALLOW-39.37.178.77 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.37.178.77 + } + } + rule 2151 { + action accept + description FW5A77C_16-TCP-ALLOW-51.241.139.56 + destination { + group { + address-group DT_FW5A77C_16 + } + port 22 + } + protocol tcp + source { + address 51.241.139.56 + } + } + rule 2152 { + action accept + description FWA86ED_101-TCP-ALLOW-150.143.57.138 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389 + } + protocol tcp + source { + address 150.143.57.138 + } + } + rule 2153 { + action accept + description FW6ECA4_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6ECA4_1 + } + port 3939,3335,3334,3333,3000,999,444 + } + protocol tcp_udp + } + rule 2154 { + action accept + description FW5658C_1-TCP-ALLOW-39.45.13.20 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.45.13.20 + } + } + rule 2155 { + action accept + description FW481D7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW481D7_1 + } + port 3478 + } + protocol tcp_udp + } + rule 2156 { + action accept + description FW5A5D7_3-GRE-ALLOW-51.219.222.28 + destination { + group { + address-group DT_FW5A5D7_3 + } + } + protocol gre + source { + address 51.219.222.28 + } + } + rule 2157 { + action accept + description FWA86ED_101-TCP-ALLOW-94.195.127.217 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 94.195.127.217 + } + } + rule 2158 { + action accept + description FW2E060_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2E060_1 + } + port 49152-65535,8443-8447 + } + protocol tcp + } + rule 2159 { + action accept + description FWFDD94_15-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWFDD94_15 + } + port 9090,5080,1935 + } + protocol tcp + } + rule 2160 { + action accept + description FW5658C_1-TCP-ALLOW-39.45.190.224 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.45.190.224 + } + } + rule 2161 { + action accept + description FW9E550_1-TCP-ALLOW-109.249.187.56 + destination { + group { + address-group DT_FW9E550_1 + } + port 3389 + } + protocol tcp + source { + address 109.249.187.56 + } + } + rule 2162 { + action accept + description FW89619_1-TCP-ALLOW-81.133.80.114 + destination { + group { + address-group DT_FW89619_1 + } + port 22 + } + protocol tcp + source { + address 81.133.80.114 + } + } + rule 2163 { + action accept + description FW8A3FC_3-TCP-ALLOW-212.227.72.218 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 212.227.72.218 + } + } + rule 2164 { + action accept + description FW0E383_9-TCP-ALLOW-151.229.59.51 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 151.229.59.51 + } + } + rule 2165 { + action accept + description FW8AFF1_7-TCP-ALLOW-178.251.181.41 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433,21 + } + protocol tcp + source { + address 178.251.181.41 + } + } + rule 2166 { + action accept + description FW3CAAB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW3CAAB_1 + } + port 49152-65535,30000-30400,8443-8447,5432,80-110,21-25 + } + protocol tcp + } + rule 2167 { + action accept + description FW91B7A_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW91B7A_1 + } + port 3389,80 + } + protocol tcp_udp + } + rule 2168 { + action accept + description FW40416_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW40416_1 + } + port 1-65535 + } + protocol tcp + } + rule 2169 { + action accept + description FW5A77C_16-TCP-ALLOW-81.151.24.216 + destination { + group { + address-group DT_FW5A77C_16 + } + port 10000,22 + } + protocol tcp + source { + address 81.151.24.216 + } + } + rule 2170 { + action accept + description VPN-7030-ANY-ALLOW-10.4.59.119 + destination { + group { + address-group DT_VPN-7030 + } + } + source { + address 10.4.59.119 + } + } + rule 2171 { + action accept + description FW0E383_9-TCP-ALLOW-62.252.94.138 + destination { + group { + address-group DT_FW0E383_9 + } + port 3389,1433 + } + protocol tcp + source { + address 62.252.94.138 + } + } + rule 2172 { + action accept + description FW89619_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW89619_1 + } + port 5015,5001,5000 + } + protocol tcp + } + rule 2173 { + action accept + description FW89619_1-TCP_UDP-ALLOW-167.98.162.142 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 167.98.162.142 + } + } + rule 2174 { + action accept + description FW013EF_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW013EF_2 + } + port 44445,7770-7800,5090,5060-5070,5015,5001,2000-2500 + } + protocol tcp + } + rule 2175 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.12 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.12 + } + } + rule 2176 { + action accept + description VPN-15625-ANY-ALLOW-10.4.88.79 + destination { + group { + address-group DT_VPN-15625 + } + } + source { + address 10.4.88.79 + } + } + rule 2177 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.228.53.128 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 109.228.53.128 + } + } + rule 2178 { + action accept + description FW8AFF1_7-TCP-ALLOW-178.251.181.6 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 3389,1433,21 + } + protocol tcp + source { + address 178.251.181.6 + } + } + rule 2179 { + action accept + description FW578BE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW578BE_1 + } + port 23,1521,1522 + } + protocol tcp + } + rule 2180 { + action accept + description FWE012D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE012D_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2181 { + action accept + description FW8AFF1_7-TCP-ALLOW-213.171.209.161 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 3389,1433,21 + } + protocol tcp + source { + address 213.171.209.161 + } + } + rule 2182 { + action accept + description VPN-8203-ANY-ALLOW-10.4.58.109 + destination { + group { + address-group DT_VPN-8203 + } + } + source { + address 10.4.58.109 + } + } + rule 2183 { + action accept + description VPN-9415-ANY-ALLOW-10.4.58.168 + destination { + group { + address-group DT_VPN-9415 + } + } + source { + address 10.4.58.168 + } + } + rule 2184 { + action accept + description VPN-9415-ANY-ALLOW-10.4.59.168 + destination { + group { + address-group DT_VPN-9415 + } + } + source { + address 10.4.59.168 + } + } + rule 2185 { + action accept + description FW27A8F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW27A8F_1 + } + port 9990,8458,8090,6543,5432 + } + protocol tcp + } + rule 2186 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.11.224 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 5000 + } + protocol tcp + source { + address 77.68.11.224 + } + } + rule 2187 { + action accept + description VPN-15625-ANY-ALLOW-10.4.89.79 + destination { + group { + address-group DT_VPN-15625 + } + } + source { + address 10.4.89.79 + } + } + rule 2188 { + action accept + description VPN-14649-ANY-ALLOW-10.4.86.35 + destination { + group { + address-group DT_VPN-14649 + } + } + source { + address 10.4.86.35 + } + } + rule 2189 { + action accept + description VPN-14649-ANY-ALLOW-10.4.87.35 + destination { + group { + address-group DT_VPN-14649 + } + } + source { + address 10.4.87.35 + } + } + rule 2190 { + action accept + description VPN-14657-ANY-ALLOW-10.4.86.38 + destination { + group { + address-group DT_VPN-14657 + } + } + source { + address 10.4.86.38 + } + } + rule 2191 { + action accept + description VPN-14657-ANY-ALLOW-10.4.87.38 + destination { + group { + address-group DT_VPN-14657 + } + } + source { + address 10.4.87.38 + } + } + rule 2192 { + action accept + description VPN-14658-ANY-ALLOW-10.4.88.38 + destination { + group { + address-group DT_VPN-14658 + } + } + source { + address 10.4.88.38 + } + } + rule 2193 { + action accept + description VPN-14658-ANY-ALLOW-10.4.89.38 + destination { + group { + address-group DT_VPN-14658 + } + } + source { + address 10.4.89.38 + } + } + rule 2194 { + action accept + description FW0BB22_1-GRE-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + } + protocol gre + } + rule 2195 { + action accept + description FW0BB22_1-ESP-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + } + protocol esp + } + rule 2196 { + action accept + description FW1CC15_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1CC15_2 + } + port 8089,8085,990,81 + } + protocol tcp + } + rule 2197 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.0.124 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.0.124 + } + } + rule 2198 { + action accept + description FW5A5D7_3-TCP-ALLOW-51.219.222.28 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 8172,3389,1723,1701,47 + } + protocol tcp + source { + address 51.219.222.28 + } + } + rule 2199 { + action accept + description FW1CB16_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1CB16_1 + } + port 3306,27017,53 + } + protocol tcp_udp + } + rule 2200 { + action accept + description FWE47DA_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE47DA_1 + } + port 7770-7800,44445 + } + protocol tcp + } + rule 2201 { + action accept + description FW37E59_5-TCP-ALLOW-77.68.20.244 + destination { + group { + address-group DT_FW37E59_5 + } + port 30303 + } + protocol tcp + source { + address 77.68.20.244 + } + } + rule 2202 { + action accept + description FW274FD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW274FD_1 + } + port 49152-65534 + } + protocol tcp + } + rule 2203 { + action accept + description FW6CD7E_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6CD7E_2 + } + port 49152-65535 + } + protocol tcp + } + rule 2204 { + action accept + description FW826BA_3-TCP-ALLOW-178.17.252.59 + destination { + group { + address-group DT_FW826BA_3 + } + port 21 + } + protocol tcp + source { + address 178.17.252.59 + } + } + rule 2205 { + action accept + description FW89619_1-TCP_UDP-ALLOW-185.83.64.108 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 185.83.64.108 + } + } + rule 2206 { + action accept + description FW0937A_1-TCP-ALLOW-83.135.134.13 + destination { + group { + address-group DT_FW0937A_1 + } + port 22 + } + protocol tcp + source { + address 83.135.134.13 + } + } + rule 2207 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.112.64 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 77.68.112.64 + } + } + rule 2208 { + action accept + description FW6CD7E_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6CD7E_2 + } + port 53 + } + protocol tcp_udp + } + rule 2209 { + action accept + description FW1F3D0_6-TCP-ALLOW-194.73.17.47 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 194.73.17.47 + } + } + rule 2210 { + action accept + description FW0E383_9-TCP-ALLOW-77.68.115.33 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 77.68.115.33 + } + } + rule 2211 { + action accept + description FWA3EA3_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA3EA3_1 + } + port 943 + } + protocol tcp + } + rule 2212 { + action accept + description FW6863A_4-TCP-ALLOW-82.165.100.25 + destination { + group { + address-group DT_FW6863A_4 + } + port 21-10000 + } + protocol tcp + source { + address 82.165.100.25 + } + } + rule 2213 { + action accept + description FWECBFB_14-TCP-ALLOW-109.228.59.50 + destination { + group { + address-group DT_FWECBFB_14 + } + port 22 + } + protocol tcp + source { + address 109.228.59.50 + } + } + rule 2214 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.100 + destination { + group { + address-group DT_FW2F868_6 + } + port 22 + } + protocol tcp + source { + address 213.171.217.100 + } + } + rule 2215 { + action accept + description FWD7EAB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD7EAB_1 + } + port 60000-60100 + } + protocol tcp + } + rule 2216 { + action accept + description FWEB321_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWEB321_1 + } + port 113,4190 + } + protocol tcp + } + rule 2217 { + action accept + description FW9C682_3-TCP-ALLOW-195.206.180.132 + destination { + group { + address-group DT_FW9C682_3 + } + port 8443,22 + } + protocol tcp + source { + address 195.206.180.132 + } + } + rule 2218 { + action accept + description VPN-8159-ANY-ALLOW-10.4.58.91 + destination { + group { + address-group DT_VPN-8159 + } + } + source { + address 10.4.58.91 + } + } + rule 2219 { + action accept + description VPN-21673-ANY-ALLOW-10.4.88.187 + destination { + group { + address-group DT_VPN-21673 + } + } + source { + address 10.4.88.187 + } + } + rule 2220 { + action accept + description VPN-21673-ANY-ALLOW-10.4.89.187 + destination { + group { + address-group DT_VPN-21673 + } + } + source { + address 10.4.89.187 + } + } + rule 2221 { + action accept + description VPN-21821-ANY-ALLOW-10.4.88.49 + destination { + group { + address-group DT_VPN-21821 + } + } + source { + address 10.4.88.49 + } + } + rule 2222 { + action accept + description VPN-21821-ANY-ALLOW-10.4.89.49 + destination { + group { + address-group DT_VPN-21821 + } + } + source { + address 10.4.89.49 + } + } + rule 2223 { + action accept + description FWECBFB_14-TCP-ALLOW-81.133.80.58 + destination { + group { + address-group DT_FWECBFB_14 + } + port 22 + } + protocol tcp + source { + address 81.133.80.58 + } + } + rule 2224 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.238 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.238 + } + } + rule 2225 { + action accept + description FW826BA_3-TCP-ALLOW-185.212.168.51 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,1433,21 + } + protocol tcp + source { + address 185.212.168.51 + } + } + rule 2226 { + action accept + description FW8B21D_1-ANY-ALLOW-212.187.250.2 + destination { + group { + address-group DT_FW8B21D_1 + } + } + source { + address 212.187.250.2 + } + } + rule 2227 { + action accept + description FW35F7B_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW35F7B_1 + } + port 1434 + } + protocol tcp_udp + } + rule 2228 { + action accept + description FWD338A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD338A_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2229 { + action accept + description FW35F7B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW35F7B_1 + } + port 56791 + } + protocol tcp + } + rule 2230 { + action accept + description FW0E383_9-TCP-ALLOW-77.68.77.114 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 77.68.77.114 + } + } + rule 2231 { + action accept + description FW90AE3_1-TCP-ALLOW-194.74.137.17 + destination { + group { + address-group DT_FW90AE3_1 + } + port 22 + } + protocol tcp + source { + address 194.74.137.17 + } + } + rule 2232 { + action accept + description FW52F6F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW52F6F_1 + } + port 53 + } + protocol tcp_udp + } + rule 2233 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.23.109 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 77.68.23.109 + } + } + rule 2234 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.247 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.247 + } + } + rule 2235 { + action accept + description FW4E314_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW4E314_1 + } + port 53 + } + protocol tcp_udp + } + rule 2236 { + action accept + description FW73573_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73573_2 + } + port 25 + } + protocol tcp_udp + } + rule 2237 { + action accept + description FW0E383_9-TCP-ALLOW-77.68.93.89 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 77.68.93.89 + } + } + rule 2238 { + action accept + description FW856FA_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW856FA_1 + } + port 6003 + } + protocol tcp + } + rule 2239 { + action accept + description FWECBFB_14-TCP-ALLOW-81.19.214.155 + destination { + group { + address-group DT_FWECBFB_14 + } + port 22 + } + protocol tcp + source { + address 81.19.214.155 + } + } + rule 2240 { + action accept + description FW826BA_3-TCP-ALLOW-51.219.168.170 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,1433,21 + } + protocol tcp + source { + address 51.219.168.170 + } + } + rule 2241 { + action accept + description FW30D21_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW30D21_1 + } + port 2083-2087,53,2812,2096,25,993,587 + } + protocol tcp_udp + } + rule 2242 { + action accept + description FWA076E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA076E_1 + } + port 2199,2197 + } + protocol tcp + } + rule 2243 { + action accept + description FWA076E_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA076E_1 + } + port 8000-8010 + } + protocol tcp_udp + } + rule 2244 { + action accept + description FW8A3FC_3-TCP-ALLOW-82.165.166.41 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 8447,8443,443,80,22 + } + protocol tcp + source { + address 82.165.166.41 + } + } + rule 2245 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.180 + destination { + group { + address-group DT_FW2F868_6 + } + port 22,80 + } + protocol tcp + source { + address 213.171.217.180 + } + } + rule 2246 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.184 + destination { + group { + address-group DT_FW2F868_6 + } + port 22 + } + protocol tcp + source { + address 213.171.217.184 + } + } + rule 2247 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.185 + destination { + group { + address-group DT_FW2F868_6 + } + port 22 + } + protocol tcp + source { + address 213.171.217.185 + } + } + rule 2248 { + action accept + description FW2F868_6-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2F868_6 + } + port 161 + } + protocol udp + } + rule 2249 { + action accept + description FW2F868_6-TCP-ALLOW-213.171.217.102 + destination { + group { + address-group DT_FW2F868_6 + } + port 22,24 + } + protocol tcp + source { + address 213.171.217.102 + } + } + rule 2250 { + action accept + description FW9C682_3-TCP-ALLOW-80.194.78.162 + destination { + group { + address-group DT_FW9C682_3 + } + port 8443,22 + } + protocol tcp + source { + address 80.194.78.162 + } + } + rule 2251 { + action accept + description VPN-21822-ANY-ALLOW-10.4.54.47 + destination { + group { + address-group DT_VPN-21822 + } + } + source { + address 10.4.54.47 + } + } + rule 2252 { + action accept + description FW825C8_19-TCP-ALLOW-77.68.75.244 + destination { + group { + address-group DT_FW825C8_19 + } + port 1433 + } + protocol tcp + source { + address 77.68.75.244 + } + } + rule 2253 { + action accept + description FW2B279_4-TCP-ALLOW-195.147.173.92 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 195.147.173.92 + } + } + rule 2254 { + action accept + description FW1D511_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1D511_2 + } + port 8090 + } + protocol tcp + } + rule 2255 { + action accept + description FW8A3FC_3-TCP-ALLOW-85.17.25.47 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 85.17.25.47 + } + } + rule 2256 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.89.209 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 77.68.89.209 + } + } + rule 2257 { + action accept + description FWE2AB5_8-TCP-ALLOW-213.171.217.184 + destination { + group { + address-group DT_FWE2AB5_8 + } + port 7000 + } + protocol tcp + source { + address 213.171.217.184 + } + } + rule 2258 { + action accept + description FW0E383_9-TCP-ALLOW-77.68.94.177 + destination { + group { + address-group DT_FW0E383_9 + } + port 1433 + } + protocol tcp + source { + address 77.68.94.177 + } + } + rule 2259 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.95.129 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306,22 + } + protocol tcp + source { + address 77.68.95.129 + } + } + rule 2260 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.104.118.136 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.104.118.136 + } + } + rule 2261 { + action accept + description FW1FA9E_1-TCP-ALLOW-78.88.254.99 + destination { + group { + address-group DT_FW1FA9E_1 + } + port 9000,8200,5601,4444 + } + protocol tcp + source { + address 78.88.254.99 + } + } + rule 2262 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.27 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.46.27 + } + } + rule 2263 { + action accept + description FWA7A50_1-TCP-ALLOW-81.110.192.198 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp + source { + address 81.110.192.198 + } + } + rule 2264 { + action accept + description VPN-21822-ANY-ALLOW-10.4.55.47 + destination { + group { + address-group DT_VPN-21822 + } + } + source { + address 10.4.55.47 + } + } + rule 2265 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.31.195 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 77.68.31.195 + } + } + rule 2266 { + action accept + description FW45BEB_1-TCP-ALLOW-62.3.71.238 + destination { + group { + address-group DT_FW45BEB_1 + } + port 3389 + } + protocol tcp + source { + address 62.3.71.238 + } + } + rule 2267 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.113 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.113 + } + } + rule 2268 { + action accept + description VPN-23946-ANY-ALLOW-10.4.58.13 + destination { + group { + address-group DT_VPN-23946 + } + } + source { + address 10.4.58.13 + } + } + rule 2269 { + action accept + description FW98818_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW98818_1 + } + port 27015 + } + protocol tcp + } + rule 2270 { + action accept + description VPN-23946-ANY-ALLOW-10.4.59.13 + destination { + group { + address-group DT_VPN-23946 + } + } + source { + address 10.4.59.13 + } + } + rule 2271 { + action accept + description VPN-28031-ANY-ALLOW-10.4.88.197 + destination { + group { + address-group DT_VPN-28031 + } + } + source { + address 10.4.88.197 + } + } + rule 2272 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.104.118.231 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.104.118.231 + } + } + rule 2273 { + action accept + description FW5A5D7_3-TCP_UDP-ALLOW-51.219.222.28 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 500 + } + protocol tcp_udp + source { + address 51.219.222.28 + } + } + rule 2274 { + action accept + description FW32EFF_25-TCP-ALLOW-185.106.220.231 + destination { + group { + address-group DT_FW32EFF_25 + } + port 443 + } + protocol tcp + source { + address 185.106.220.231 + } + } + rule 2275 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.104.118.66 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.104.118.66 + } + } + rule 2276 { + action accept + description FW934AE_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW934AE_1 + } + port 1194 + } + protocol udp + } + rule 2277 { + action accept + description VPN-28031-ANY-ALLOW-10.4.89.197 + destination { + group { + address-group DT_VPN-28031 + } + } + source { + address 10.4.89.197 + } + } + rule 2278 { + action accept + description FW6863A_4-TCP_UDP-ALLOW-82.165.166.41 + destination { + group { + address-group DT_FW6863A_4 + } + port 21-10000 + } + protocol tcp_udp + source { + address 82.165.166.41 + } + } + rule 2279 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.104.119.162 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.104.119.162 + } + } + rule 2280 { + action accept + description FW1F3D0_6-TCP-ALLOW-109.74.199.143 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 109.74.199.143 + } + } + rule 2281 { + action accept + description FW1F3D0_6-TCP-ALLOW-185.92.25.48 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 185.92.25.48 + } + } + rule 2282 { + action accept + description FW1F3D0_6-TCP-ALLOW-207.148.2.40 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 207.148.2.40 + } + } + rule 2283 { + action accept + description FW1F3D0_6-TCP-ALLOW-45.76.235.62 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 45.76.235.62 + } + } + rule 2284 { + action accept + description FW1F3D0_6-TCP-ALLOW-45.76.236.93 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 45.76.236.93 + } + } + rule 2285 { + action accept + description FW1F3D0_6-TCP-ALLOW-45.76.59.5 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 45.76.59.5 + } + } + rule 2286 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.15.134 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4444,3306 + } + protocol tcp + source { + address 77.68.15.134 + } + } + rule 2287 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.22.208 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4444,3306 + } + protocol tcp + source { + address 77.68.22.208 + } + } + rule 2288 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.23.108 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.23.108 + } + } + rule 2289 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.23.54 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.23.54 + } + } + rule 2290 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.30.45 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.30.45 + } + } + rule 2291 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.7.198 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.7.198 + } + } + rule 2292 { + action accept + description VPN-29631-ANY-ALLOW-10.4.54.76 + destination { + group { + address-group DT_VPN-29631 + } + } + source { + address 10.4.54.76 + } + } + rule 2293 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.89.200 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4444,3306 + } + protocol tcp + source { + address 77.68.89.200 + } + } + rule 2294 { + action accept + description FW1F3D0_6-TCP-ALLOW-77.68.91.50 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 77.68.91.50 + } + } + rule 2295 { + action accept + description FW1F3D0_6-TCP-ALLOW-82.165.206.230 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 82.165.206.230 + } + } + rule 2296 { + action accept + description FW1F3D0_6-TCP-ALLOW-82.165.207.109 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4444,3306 + } + protocol tcp + source { + address 82.165.207.109 + } + } + rule 2297 { + action accept + description FW1F3D0_6-TCP-ALLOW-94.196.156.5 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 3306 + } + protocol tcp + source { + address 94.196.156.5 + } + } + rule 2298 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-77.68.15.134 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 77.68.15.134 + } + } + rule 2299 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-77.68.22.208 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 77.68.22.208 + } + } + rule 2300 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-77.68.23.109 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 77.68.23.109 + } + } + rule 2301 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-77.68.89.200 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 77.68.89.200 + } + } + rule 2302 { + action accept + description FW05339_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW05339_1 + } + port 8085,5055,5013,5005,444 + } + protocol tcp + } + rule 2303 { + action accept + description FW32EFF_25-TCP-ALLOW-217.169.61.164 + destination { + group { + address-group DT_FW32EFF_25 + } + port 443 + } + protocol tcp + source { + address 217.169.61.164 + } + } + rule 2304 { + action accept + description FW89619_1-TCP_UDP-ALLOW-185.83.65.45 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 185.83.65.45 + } + } + rule 2305 { + action accept + description VPN-13983-ANY-ALLOW-10.4.58.176 + destination { + group { + address-group DT_VPN-13983 + } + } + source { + address 10.4.58.176 + } + } + rule 2306 { + action accept + description FWDAF47_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWDAF47_1 + } + port 8090,7080,443,53 + } + protocol tcp_udp + } + rule 2307 { + action accept + description VPN-29631-ANY-ALLOW-10.4.55.77 + destination { + group { + address-group DT_VPN-29631 + } + } + source { + address 10.4.55.77 + } + } + rule 2308 { + action accept + description VPN-34309-ANY-ALLOW-10.4.58.142 + destination { + group { + address-group DT_VPN-34309 + } + } + source { + address 10.4.58.142 + } + } + rule 2309 { + action accept + description FW27949_2-TCP-ALLOW-138.124.142.180 + destination { + group { + address-group DT_FW27949_2 + } + port 443,80 + } + protocol tcp + source { + address 138.124.142.180 + } + } + rule 2310 { + action accept + description FWF8F85_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF8F85_1 + } + port 3306 + } + protocol tcp_udp + } + rule 2311 { + action accept + description FWDAF47_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDAF47_1 + } + port 40110-40210 + } + protocol tcp + } + rule 2312 { + action accept + description VPN-34309-ANY-ALLOW-10.4.59.142 + destination { + group { + address-group DT_VPN-34309 + } + } + source { + address 10.4.59.142 + } + } + rule 2313 { + action accept + description FWA0531_1-TCP-ALLOW-87.224.39.220 + destination { + group { + address-group DT_FWA0531_1 + } + port 22 + } + protocol tcp + source { + address 87.224.39.220 + } + } + rule 2314 { + action accept + description FW5A5D7_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5A5D7_3 + } + port 1334 + } + protocol tcp + } + rule 2315 { + action accept + description FW8C927_1-TCP_UDP-ALLOW-84.92.125.78 + destination { + group { + address-group DT_FW8C927_1 + } + port 3306,22 + } + protocol tcp_udp + source { + address 84.92.125.78 + } + } + rule 2316 { + action accept + description FW8C927_1-TCP_UDP-ALLOW-88.208.238.152 + destination { + group { + address-group DT_FW8C927_1 + } + port 3306,22 + } + protocol tcp_udp + source { + address 88.208.238.152 + } + } + rule 2317 { + action accept + description FW81138_1-ICMP-ALLOW-82.165.232.19 + destination { + group { + address-group DT_FW81138_1 + } + } + protocol icmp + source { + address 82.165.232.19 + } + } + rule 2318 { + action accept + description FW28892_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW28892_1 + } + port 7000 + } + protocol tcp + } + rule 2319 { + action accept + description FWC96A1_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC96A1_1 + } + port 222 + } + protocol tcp + } + rule 2320 { + action accept + description VPN-13983-ANY-ALLOW-10.4.59.176 + destination { + group { + address-group DT_VPN-13983 + } + } + source { + address 10.4.59.176 + } + } + rule 2321 { + action accept + description FW2FB61_1-TCP-ALLOW-5.183.104.15 + destination { + group { + address-group DT_FW2FB61_1 + } + port 22 + } + protocol tcp + source { + address 5.183.104.15 + } + } + rule 2322 { + action accept + description FW81138_1-ICMP-ALLOW-82.20.69.137 + destination { + group { + address-group DT_FW81138_1 + } + } + protocol icmp + source { + address 82.20.69.137 + } + } + rule 2323 { + action accept + description FW72F37_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW72F37_1 + } + port 7770-7800,44445 + } + protocol tcp + } + rule 2324 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-81.111.155.34 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 81.111.155.34 + } + } + rule 2325 { + action accept + description VPN-20306-ANY-ALLOW-10.4.88.173 + destination { + group { + address-group DT_VPN-20306 + } + } + source { + address 10.4.88.173 + } + } + rule 2326 { + action accept + description FW6C992_1-TCP-ALLOW-89.33.185.0_24 + destination { + group { + address-group DT_FW6C992_1 + } + port 8447,8443,22 + } + protocol tcp + source { + address 89.33.185.0/24 + } + } + rule 2327 { + action accept + description FW2FB61_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2FB61_1 + } + port 45000 + } + protocol tcp + } + rule 2328 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.202 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 175.157.46.202 + } + } + rule 2329 { + action accept + description FWF9C28_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF9C28_2 + } + port 7770-7800,44445 + } + protocol tcp + } + rule 2330 { + action accept + description FW3DBF8_9-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW3DBF8_9 + } + port 8088,8080,5090,5060,3478,1935 + } + protocol tcp_udp + } + rule 2331 { + action accept + description FW3DBF8_9-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW3DBF8_9 + } + port 5062,5061,5015,5001 + } + protocol tcp + } + rule 2332 { + action accept + description VPN-16402-ANY-ALLOW-10.4.88.60 + destination { + group { + address-group DT_VPN-16402 + } + } + source { + address 10.4.88.60 + } + } + rule 2333 { + action accept + description FWC1315_1-TCP-ALLOW-62.3.71.238 + destination { + group { + address-group DT_FWC1315_1 + } + port 3389 + } + protocol tcp + source { + address 62.3.71.238 + } + } + rule 2334 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA7A50_1 + } + port 8001,80 + } + protocol tcp_udp + } + rule 2335 { + action accept + description FWAFF0A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWAFF0A_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2336 { + action accept + description FW2B279_4-TCP-ALLOW-195.20.253.19 + destination { + group { + address-group DT_FW2B279_4 + } + port 22 + } + protocol tcp + source { + address 195.20.253.19 + } + } + rule 2337 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.73 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.73 + } + } + rule 2338 { + action accept + description VPN-16402-ANY-ALLOW-10.4.89.60 + destination { + group { + address-group DT_VPN-16402 + } + } + source { + address 10.4.89.60 + } + } + rule 2339 { + action accept + description VPN-15951-ANY-ALLOW-10.4.86.90 + destination { + group { + address-group DT_VPN-15951 + } + } + source { + address 10.4.86.90 + } + } + rule 2340 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.77.181 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 77.68.77.181 + } + } + rule 2341 { + action accept + description FWE9F7D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE9F7D_1 + } + port 4035 + } + protocol tcp + } + rule 2342 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.131 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.131 + } + } + rule 2343 { + action accept + description VPN-15951-ANY-ALLOW-10.4.87.90 + destination { + group { + address-group DT_VPN-15951 + } + } + source { + address 10.4.87.90 + } + } + rule 2344 { + action accept + description FW2BB8D_1-TCP-ALLOW-77.68.93.190 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 77.68.93.190 + } + } + rule 2345 { + action accept + description VPN-8159-ANY-ALLOW-10.4.59.91 + destination { + group { + address-group DT_VPN-8159 + } + } + source { + address 10.4.59.91 + } + } + rule 2346 { + action accept + description VPN-12870-ANY-ALLOW-10.4.54.67 + destination { + group { + address-group DT_VPN-12870 + } + } + source { + address 10.4.54.67 + } + } + rule 2347 { + action accept + description FW930F3_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW930F3_1 + } + port 53 + } + protocol tcp_udp + } + rule 2348 { + action accept + description FW12C32_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW12C32_1 + } + port 465,53,25 + } + protocol tcp_udp + } + rule 2349 { + action accept + description FW28EC8_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW28EC8_1 + } + port 20443 + } + protocol tcp + } + rule 2350 { + action accept + description VPN-12870-ANY-ALLOW-10.4.55.68 + destination { + group { + address-group DT_VPN-12870 + } + } + source { + address 10.4.55.68 + } + } + rule 2351 { + action accept + description FW934AE_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW934AE_1 + } + port 32401,32400,8081 + } + protocol tcp_udp + } + rule 2352 { + action accept + description FW6863A_4-TCP-ALLOW-185.173.161.154 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 185.173.161.154 + } + } + rule 2353 { + action accept + description FW013EF_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW013EF_2 + } + port 10600-10998,9000-9398,5090,5060-5070 + } + protocol udp + } + rule 2354 { + action accept + description FW85040_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW85040_1 + } + port 3210 + } + protocol tcp_udp + } + rule 2355 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-131.153.100.98 + destination { + group { + address-group DT_FW8B21D_1 + } + port 22 + } + protocol tcp_udp + source { + address 131.153.100.98 + } + } + rule 2356 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-213.133.99.176 + destination { + group { + address-group DT_FW8B21D_1 + } + port 22 + } + protocol tcp_udp + source { + address 213.133.99.176 + } + } + rule 2357 { + action accept + description FW6EFD7_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6EFD7_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2358 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-62.253.153.163 + destination { + group { + address-group DT_FW8B21D_1 + } + port 8443,22 + } + protocol tcp_udp + source { + address 62.253.153.163 + } + } + rule 2359 { + action accept + description FWCB0CF_7-TCP-ALLOW-212.159.153.201 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 6443,5432-5434,5000-5100,3306-3308,990,989,22,21 + } + protocol tcp + source { + address 212.159.153.201 + } + } + rule 2360 { + action accept + description FW75CA4_6-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW75CA4_6 + } + port 51472,3747,3420 + } + protocol tcp + } + rule 2361 { + action accept + description FWF9C28_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF9C28_4 + } + port 23,7770-7800,44445,6109 + } + protocol tcp + } + rule 2362 { + action accept + description FW6B39D_1-TCP-ALLOW-120.72.95.88_29 + destination { + group { + address-group DT_FW6B39D_1 + } + port 3306 + } + protocol tcp + source { + address 120.72.95.88/29 + } + } + rule 2363 { + action accept + description FW934AE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW934AE_1 + } + port 20000 + } + protocol tcp + } + rule 2364 { + action accept + description FW12C32_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW12C32_1 + } + port 2323,953 + } + protocol tcp + } + rule 2365 { + action accept + description FW49897_1-TCP-ALLOW-2.121.90.207 + destination { + group { + address-group DT_FW49897_1 + } + port 22 + } + protocol tcp + source { + address 2.121.90.207 + } + } + rule 2366 { + action accept + description FW6B39D_1-TCP-ALLOW-120.72.91.104_29 + destination { + group { + address-group DT_FW6B39D_1 + } + port 3306 + } + protocol tcp + source { + address 120.72.91.104/29 + } + } + rule 2367 { + action accept + description FW4F5EE_10-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4F5EE_10 + } + port 83,86,82 + } + protocol tcp + } + rule 2368 { + action accept + description FWF791C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF791C_1 + } + port 6001 + } + protocol tcp + } + rule 2369 { + action accept + description FWEF92E_5-ESP-ALLOW-109.228.37.19 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 109.228.37.19 + } + } + rule 2370 { + action accept + description FWE57AD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE57AD_1 + } + port 57000-58000 + } + protocol tcp + } + rule 2371 { + action accept + description FWC0CE0_1-TCP-ALLOW-62.232.209.221 + destination { + group { + address-group DT_FWC0CE0_1 + } + port 49152-65535,8447,8443,22,21 + } + protocol tcp + source { + address 62.232.209.221 + } + } + rule 2372 { + action accept + description FW0192C_1-TCP-ALLOW-41.140.242.86 + destination { + group { + address-group DT_FW0192C_1 + } + port 3306,22 + } + protocol tcp + source { + address 41.140.242.86 + } + } + rule 2373 { + action accept + description FWEEC75_1-TCP-ALLOW-54.171.71.110 + destination { + group { + address-group DT_FWEEC75_1 + } + port 21 + } + protocol tcp + source { + address 54.171.71.110 + } + } + rule 2374 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-95.149.182.69 + destination { + group { + address-group DT_FW8B21D_1 + } + port 22 + } + protocol tcp_udp + source { + address 95.149.182.69 + } + } + rule 2375 { + action accept + description FW8B21D_1-TCP-ALLOW-185.201.16.0_22 + destination { + group { + address-group DT_FW8B21D_1 + } + port 25 + } + protocol tcp + source { + address 185.201.16.0/22 + } + } + rule 2376 { + action accept + description FW8B21D_1-TCP-ALLOW-213.133.99.176 + destination { + group { + address-group DT_FW8B21D_1 + } + port 25 + } + protocol tcp + source { + address 213.133.99.176 + } + } + rule 2377 { + action accept + description FW8B21D_1-TCP-ALLOW-95.211.160.147 + destination { + group { + address-group DT_FW8B21D_1 + } + port 25 + } + protocol tcp + source { + address 95.211.160.147 + } + } + rule 2378 { + action accept + description FW6863A_4-TCP-ALLOW-212.227.9.72 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 212.227.9.72 + } + } + rule 2379 { + action accept + description FW8B21D_1-ESP-ALLOW-ANY + destination { + group { + address-group DT_FW8B21D_1 + } + } + protocol esp + } + rule 2380 { + action accept + description FW8B21D_1-AH-ALLOW-ANY + destination { + group { + address-group DT_FW8B21D_1 + } + } + protocol ah + } + rule 2381 { + action accept + description FW8B21D_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8B21D_1 + } + port 8181,4500,1194,993,941,500,53 + } + protocol tcp_udp + } + rule 2382 { + action accept + description FW6863A_4-TCP-ALLOW-85.17.25.47 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 85.17.25.47 + } + } + rule 2383 { + action accept + description FW6863A_4-TCP-ALLOW-91.232.105.39 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 91.232.105.39 + } + } + rule 2384 { + action accept + description FW6863A_4-TCP-ALLOW-93.190.142.120 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 93.190.142.120 + } + } + rule 2385 { + action accept + description FW6863A_4-TCP-ALLOW-95.168.171.130 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 95.168.171.130 + } + } + rule 2386 { + action accept + description FW6863A_4-TCP-ALLOW-95.168.171.157 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 95.168.171.157 + } + } + rule 2387 { + action accept + description FWD4A27_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD4A27_1 + } + port 32400 + } + protocol tcp + } + rule 2388 { + action accept + description FW2ACFF_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2ACFF_1 + } + port 10299,60050-60055 + } + protocol tcp_udp + } + rule 2389 { + action accept + description FWCB0CF_7-TCP-ALLOW-193.248.62.45 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 22 + } + protocol tcp + source { + address 193.248.62.45 + } + } + rule 2390 { + action accept + description FWCB0CF_7-TCP-ALLOW-78.249.208.17 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 22 + } + protocol tcp + source { + address 78.249.208.17 + } + } + rule 2391 { + action accept + description FWC8E8E_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC8E8E_1 + } + port 6000 + } + protocol tcp_udp + } + rule 2392 { + action accept + description FW30D21_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW30D21_1 + } + port 2476 + } + protocol tcp + } + rule 2393 { + action accept + description FW0192C_1-TCP-ALLOW-41.140.242.94 + destination { + group { + address-group DT_FW0192C_1 + } + port 3306,22 + } + protocol tcp + source { + address 41.140.242.94 + } + } + rule 2394 { + action accept + description FW59F39_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW59F39_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2395 { + action accept + description FWEF92E_7-ESP-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_7 + } + } + protocol esp + source { + address 77.68.77.57 + } + } + rule 2396 { + action accept + description FW826BA_3-TCP-ALLOW-51.219.47.177 + destination { + group { + address-group DT_FW826BA_3 + } + port 3389,21 + } + protocol tcp + source { + address 51.219.47.177 + } + } + rule 2397 { + action accept + description FW826BA_3-TCP-ALLOW-86.172.128.50 + destination { + group { + address-group DT_FW826BA_3 + } + port 1433,21 + } + protocol tcp + source { + address 86.172.128.50 + } + } + rule 2398 { + action accept + description FW826BA_3-TCP-ALLOW-88.105.1.20 + destination { + group { + address-group DT_FW826BA_3 + } + port 21 + } + protocol tcp + source { + address 88.105.1.20 + } + } + rule 2399 { + action accept + description FW6863A_4-TCP-ALLOW-95.211.243.198 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 95.211.243.198 + } + } + rule 2400 { + action accept + description FW25843_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW25843_1 + } + port 9001,7070,5500,5488,5000,4500,4000,3500,3000,1883,1880 + } + protocol tcp + } + rule 2401 { + action accept + description FW89619_1-TCP_UDP-ALLOW-185.83.65.46 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 185.83.65.46 + } + } + rule 2402 { + action accept + description FW5858F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5858F_1 + } + port 1883 + } + protocol tcp + } + rule 2403 { + action accept + description FW826BA_3-TCP-ALLOW-95.147.108.173 + destination { + group { + address-group DT_FW826BA_3 + } + port 21 + } + protocol tcp + source { + address 95.147.108.173 + } + } + rule 2404 { + action accept + description FW9C682_3-TCP-ALLOW-52.56.193.88 + destination { + group { + address-group DT_FW9C682_3 + } + port 3306 + } + protocol tcp + source { + address 52.56.193.88 + } + } + rule 2405 { + action accept + description FW0745F_5-TCP-ALLOW-109.228.63.82 + destination { + group { + address-group DT_FW0745F_5 + } + port 5666 + } + protocol tcp + source { + address 109.228.63.82 + } + } + rule 2406 { + action accept + description FWC0CE0_1-TCP-ALLOW-90.255.228.213 + destination { + group { + address-group DT_FWC0CE0_1 + } + port 49152-65535,8443,21 + } + protocol tcp + source { + address 90.255.228.213 + } + } + rule 2407 { + action accept + description FW210E2_8-AH-ALLOW-ANY + destination { + group { + address-group DT_FW210E2_8 + } + } + protocol ah + } + rule 2408 { + action accept + description FW210E2_8-ESP-ALLOW-ANY + destination { + group { + address-group DT_FW210E2_8 + } + } + protocol esp + } + rule 2409 { + action accept + description FW210E2_8-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW210E2_8 + } + port 41,62000,23,4500,50,9876,3391,88,135 + } + protocol tcp + } + rule 2410 { + action accept + description FW210E2_8-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW210E2_8 + } + port 500 + } + protocol udp + } + rule 2411 { + action accept + description VPN-8625-ANY-ALLOW-10.4.54.103 + destination { + group { + address-group DT_VPN-8625 + } + } + source { + address 10.4.54.103 + } + } + rule 2412 { + action accept + description VPN-8625-ANY-ALLOW-10.4.55.104 + destination { + group { + address-group DT_VPN-8625 + } + } + source { + address 10.4.55.104 + } + } + rule 2413 { + action accept + description FW73A64_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW73A64_1 + } + port 61616,8181,8161,8082,4244,4243,4242,4241 + } + protocol tcp + } + rule 2414 { + action accept + description VPN-19135-ANY-ALLOW-10.4.86.165 + destination { + group { + address-group DT_VPN-19135 + } + } + source { + address 10.4.86.165 + } + } + rule 2415 { + action accept + description FWCB0CF_7-TCP-ALLOW-82.65.107.3 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 22 + } + protocol tcp + source { + address 82.65.107.3 + } + } + rule 2416 { + action accept + description FWCB0CF_7-TCP-ALLOW-195.2.139.221 + destination { + group { + address-group DT_FWCB0CF_7 + } + port 5432-5434,3306-3308 + } + protocol tcp + source { + address 195.2.139.221 + } + } + rule 2417 { + action accept + description VPN-19135-ANY-ALLOW-10.4.87.165 + destination { + group { + address-group DT_VPN-19135 + } + } + source { + address 10.4.87.165 + } + } + rule 2418 { + action accept + description FW2BB8D_1-TCP-ALLOW-87.75.109.83 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 27017,5000 + } + protocol tcp + source { + address 87.75.109.83 + } + } + rule 2419 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.83 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.83 + } + } + rule 2420 { + action accept + description FW2ED4D_2-TCP-ALLOW-84.92.65.192 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 22 + } + protocol tcp + source { + address 84.92.65.192 + } + } + rule 2421 { + action accept + description FW73A64_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73A64_1 + } + port 9200,5601,4247,4246,4245 + } + protocol tcp_udp + } + rule 2422 { + action accept + description FW4735F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4735F_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2423 { + action accept + description FW2ED4D_2-TCP-ALLOW-109.176.154.238 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 7990,3389 + } + protocol tcp + source { + address 109.176.154.238 + } + } + rule 2424 { + action accept + description FW6863A_4-TCP-ALLOW-95.211.243.206 + destination { + group { + address-group DT_FW6863A_4 + } + port 465 + } + protocol tcp + source { + address 95.211.243.206 + } + } + rule 2425 { + action accept + description FW89619_1-TCP_UDP-ALLOW-81.133.80.114 + destination { + group { + address-group DT_FW89619_1 + } + port 5060 + } + protocol tcp_udp + source { + address 81.133.80.114 + } + } + rule 2426 { + action accept + description FW89619_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW89619_1 + } + port 5090 + } + protocol tcp_udp + } + rule 2427 { + action accept + description FW8A57A_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8A57A_1 + } + port 49155,49154,7700,53,43 + } + protocol tcp_udp + } + rule 2428 { + action accept + description FW8C72E_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8C72E_1 + } + port 500,4500 + } + protocol udp + } + rule 2429 { + action accept + description FW2ED4D_2-TCP-ALLOW-18.135.66.162 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 18.135.66.162 + } + } + rule 2430 { + action accept + description FW2C5AE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2C5AE_1 + } + port 58080,58008,8545,7175 + } + protocol tcp + } + rule 2431 { + action accept + description FW2ED4D_2-TCP-ALLOW-80.209.144.52 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 80.209.144.52 + } + } + rule 2432 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.153.21.103 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 7990,3389 + } + protocol tcp + source { + address 82.153.21.103 + } + } + rule 2433 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.41 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.41 + } + } + rule 2434 { + action accept + description FW0745F_5-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0745F_5 + } + port 32770,8001,7801 + } + protocol tcp + } + rule 2435 { + action accept + description FW85E02_11-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW85E02_11 + } + port 5090,5060 + } + protocol tcp_udp + } + rule 2436 { + action accept + description VPN-21982-ANY-ALLOW-10.4.58.43 + destination { + group { + address-group DT_VPN-21982 + } + } + source { + address 10.4.58.43 + } + } + rule 2437 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.17.52.191 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.17.52.191 + } + } + rule 2438 { + action accept + description FW66347_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW66347_1 + } + port 53 + } + protocol tcp_udp + } + rule 2439 { + action accept + description FW11082_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW11082_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2440 { + action accept + description VPN-21982-ANY-ALLOW-10.4.59.43 + destination { + group { + address-group DT_VPN-21982 + } + } + source { + address 10.4.59.43 + } + } + rule 2441 { + action accept + description FW2BB8D_1-TCP-ALLOW-92.207.193.203 + destination { + group { + address-group DT_FW2BB8D_1 + } + port 5000 + } + protocol tcp + source { + address 92.207.193.203 + } + } + rule 2442 { + action accept + description FWC2D30_1-TCP-ALLOW-77.99.253.161 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,22,21 + } + protocol tcp + source { + address 77.99.253.161 + } + } + rule 2443 { + action accept + description FW0E383_9-TCP-ALLOW-77.99.245.103 + destination { + group { + address-group DT_FW0E383_9 + } + port 3389 + } + protocol tcp + source { + address 77.99.245.103 + } + } + rule 2444 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.19.19.52 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 7990,3389 + } + protocol tcp + source { + address 82.19.19.52 + } + } + rule 2445 { + action accept + description FWEF92E_7-AH-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_7 + } + } + protocol ah + source { + address 77.68.77.57 + } + } + rule 2446 { + action accept + description VPN-16450-ANY-ALLOW-10.4.88.99 + destination { + group { + address-group DT_VPN-16450 + } + } + source { + address 10.4.88.99 + } + } + rule 2447 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.2.186.129 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.2.186.129 + } + } + rule 2448 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.157 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.215.157 + } + } + rule 2449 { + action accept + description FW8EA04_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8EA04_1 + } + port 1194 + } + protocol udp + } + rule 2450 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.21.59.207 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.21.59.207 + } + } + rule 2451 { + action accept + description FWC2D30_1-TCP-ALLOW-82.9.22.158 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 82.9.22.158 + } + } + rule 2452 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF3A1B_1 + } + port 1981,53 + } + protocol tcp_udp + } + rule 2453 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.11.54 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.11.54 + } + } + rule 2454 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.40.177.186 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.40.177.186 + } + } + rule 2455 { + action accept + description FW0C25B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0C25B_1 + } + port 49152-65535,5224 + } + protocol tcp + } + rule 2456 { + action accept + description FW85A7C_1-TCP-ALLOW-82.24.242.137 + destination { + group { + address-group DT_FW85A7C_1 + } + port 22 + } + protocol tcp + source { + address 82.24.242.137 + } + } + rule 2457 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.68.25.66 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.68.25.66 + } + } + rule 2458 { + action accept + description FW826BA_3-TCP-ALLOW-51.89.148.173 + destination { + group { + address-group DT_FW826BA_3 + } + port 1433 + } + protocol tcp + source { + address 51.89.148.173 + } + } + rule 2459 { + action accept + description FWA69A0_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA69A0_1 + } + port 48402 + } + protocol udp + } + rule 2460 { + action accept + description FW2ED4D_2-TCP-ALLOW-82.69.79.85 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 82.69.79.85 + } + } + rule 2461 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.77.149 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.77.149 + } + } + rule 2462 { + action accept + description FWEF92E_6-ESP-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_6 + } + } + protocol esp + source { + address 77.68.77.57 + } + } + rule 2463 { + action accept + description FWEF92E_7-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FWEF92E_7 + } + port 3389,445 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2464 { + action accept + description FW49C3D_4-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FW49C3D_4 + } + port 3389,445,443,80 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2465 { + action accept + description FW49C3D_6-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FW49C3D_6 + } + port 3389,445 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2466 { + action accept + description FW34C91_3-TCP-ALLOW-77.68.121.4 + destination { + group { + address-group DT_FW34C91_3 + } + port 1433 + } + protocol tcp + source { + address 77.68.121.4 + } + } + rule 2467 { + action accept + description VPN-16450-ANY-ALLOW-10.4.89.99 + destination { + group { + address-group DT_VPN-16450 + } + } + source { + address 10.4.89.99 + } + } + rule 2468 { + action accept + description FW0BB22_1-AH-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + } + protocol ah + } + rule 2469 { + action accept + description FW2ED4D_2-TCP-ALLOW-86.139.57.116 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 86.139.57.116 + } + } + rule 2470 { + action accept + description FW9E550_1-TCP-ALLOW-86.142.67.13 + destination { + group { + address-group DT_FW9E550_1 + } + port 3389 + } + protocol tcp + source { + address 86.142.67.13 + } + } + rule 2471 { + action accept + description FW8B21D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8B21D_1 + } + port 2096,2095,2087,2086,2083,2082 + } + protocol tcp + } + rule 2472 { + action accept + description FW050AC_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW050AC_1 + } + port 2087 + } + protocol tcp + } + rule 2473 { + action accept + description FW1FA9E_1-TCP-ALLOW-109.228.50.206 + destination { + group { + address-group DT_FW1FA9E_1 + } + port 5432 + } + protocol tcp + source { + address 109.228.50.206 + } + } + rule 2474 { + action accept + description FW8A3FC_3-TCP-ALLOW-217.23.11.155 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 217.23.11.155 + } + } + rule 2475 { + action accept + description FW2ED4D_2-TCP-ALLOW-88.96.110.198 + destination { + group { + address-group DT_FW2ED4D_2 + } + port 3389 + } + protocol tcp + source { + address 88.96.110.198 + } + } + rule 2476 { + action accept + description FWEAE53_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWEAE53_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2477 { + action accept + description VPN-19474-ANY-ALLOW-10.4.88.161 + destination { + group { + address-group DT_VPN-19474 + } + } + source { + address 10.4.88.161 + } + } + rule 2478 { + action accept + description VPN-19474-ANY-ALLOW-10.4.89.161 + destination { + group { + address-group DT_VPN-19474 + } + } + source { + address 10.4.89.161 + } + } + rule 2479 { + action accept + description FW90AE3_1-TCP-ALLOW-68.33.220.233 + destination { + group { + address-group DT_FW90AE3_1 + } + port 22 + } + protocol tcp + source { + address 68.33.220.233 + } + } + rule 2480 { + action accept + description FWC2D30_1-TCP-ALLOW-86.10.163.127 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 86.10.163.127 + } + } + rule 2481 { + action accept + description FW2FB61_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2FB61_1 + } + port 60182 + } + protocol udp + } + rule 2482 { + action accept + description FW85A7C_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW85A7C_1 + } + port 2457,2456 + } + protocol tcp_udp + } + rule 2483 { + action accept + description FWBED52_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBED52_1 + } + port 1221,9000 + } + protocol tcp + } + rule 2484 { + action accept + description FWA86ED_101-TCP-ALLOW-90.250.2.109 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 90.250.2.109 + } + } + rule 2485 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.49 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.213.49 + } + } + rule 2486 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.77.70 + } + } + rule 2487 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.250 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.250 + } + } + rule 2488 { + action accept + description FW8A3FC_3-TCP-ALLOW-95.168.171.131 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 95.168.171.131 + } + } + rule 2489 { + action accept + description FW2379F_14-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2379F_14 + } + port 48030,10997,10993,10992,10991,10902,1723,1701 + } + protocol tcp + } + rule 2490 { + action accept + description FW8C927_1-TCP-ALLOW-84.92.125.78 + destination { + group { + address-group DT_FW8C927_1 + } + port 80 + } + protocol tcp + source { + address 84.92.125.78 + } + } + rule 2491 { + action accept + description FWC2D30_1-TCP-ALLOW-86.146.220.229 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 86.146.220.229 + } + } + rule 2492 { + action accept + description FW2B279_4-TCP-ALLOW-2.218.5.59 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 2.218.5.59 + } + } + rule 2493 { + action accept + description VPN-18830-ANY-ALLOW-10.4.86.156 + destination { + group { + address-group DT_VPN-18830 + } + } + source { + address 10.4.86.156 + } + } + rule 2494 { + action accept + description VPN-18830-ANY-ALLOW-10.4.87.156 + destination { + group { + address-group DT_VPN-18830 + } + } + source { + address 10.4.87.156 + } + } + rule 2495 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.92.33 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.92.33 + } + } + rule 2496 { + action accept + description FWA86ED_101-TCP-ALLOW-146.198.100.105 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 146.198.100.105 + } + } + rule 2497 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.55 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.211.55 + } + } + rule 2498 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.113 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 123.231.84.113 + } + } + rule 2499 { + action accept + description FW8C72E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8C72E_1 + } + port 60134,60135 + } + protocol tcp + } + rule 2500 { + action accept + description FWAB44B_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWAB44B_1 + } + port 3306 + } + protocol tcp_udp + } + rule 2501 { + action accept + description FW2379F_14-TCP-ALLOW-51.148.87.29 + destination { + group { + address-group DT_FW2379F_14 + } + port 3389,21 + } + protocol tcp + source { + address 51.148.87.29 + } + } + rule 2502 { + action accept + description VPN-23738-ANY-ALLOW-10.4.56.13 + destination { + group { + address-group DT_VPN-23738 + } + } + source { + address 10.4.56.13 + } + } + rule 2503 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.100 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.100 + } + } + rule 2504 { + action accept + description FW996B4_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW996B4_2 + } + port 43595,30160 + } + protocol tcp + } + rule 2505 { + action accept + description FW8871B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8871B_1 + } + port 15672,8083,8082,8081,5672 + } + protocol tcp + } + rule 2506 { + action accept + description FWAB44B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWAB44B_1 + } + port 9090,8069,5432 + } + protocol tcp + } + rule 2507 { + action accept + description FW6187E_1-ICMP-ALLOW-85.214.201.250 + destination { + group { + address-group DT_FW6187E_1 + } + } + protocol icmp + source { + address 85.214.201.250 + } + } + rule 2508 { + action accept + description FW8A3FC_3-TCP-ALLOW-217.23.11.126 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 217.23.11.126 + } + } + rule 2509 { + action accept + description FW78137_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW78137_1 + } + port 1-65535 + } + protocol tcp + } + rule 2510 { + action accept + description FW32EFF_25-TCP-ALLOW-46.252.65.10 + destination { + group { + address-group DT_FW32EFF_25 + } + port 443 + } + protocol tcp + source { + address 46.252.65.10 + } + } + rule 2511 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.50 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.50 + } + } + rule 2512 { + action accept + description FW6A684_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6A684_1 + } + port 53 + } + protocol tcp_udp + } + rule 2513 { + action accept + description FWF48EB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF48EB_1 + } + port 9204,9202,3395 + } + protocol tcp + } + rule 2514 { + action accept + description FW44217_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW44217_2 + } + port 443,80 + } + protocol tcp_udp + } + rule 2515 { + action accept + description FW6187E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6187E_1 + } + port 2282 + } + protocol tcp + } + rule 2516 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.0.58 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.0.58 + } + } + rule 2517 { + action accept + description VPN-34501-ANY-ALLOW-10.4.86.235 + destination { + group { + address-group DT_VPN-34501 + } + } + source { + address 10.4.86.235 + } + } + rule 2518 { + action accept + description FW1271A_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1271A_2 + } + port 5090,5061,5060,5015,5001 + } + protocol tcp + } + rule 2519 { + action accept + description FW1271A_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1271A_2 + } + port 9000-10999,5090,5060 + } + protocol udp + } + rule 2520 { + action accept + description FW1226C_3-TCP-ALLOW-216.113.160.71 + destination { + group { + address-group DT_FW1226C_3 + } + port 80,22 + } + protocol tcp + source { + address 216.113.160.71 + } + } + rule 2521 { + action accept + description FW32EFF_16-TCP-ALLOW-84.19.45.82 + destination { + group { + address-group DT_FW32EFF_16 + } + port 33888 + } + protocol tcp + source { + address 84.19.45.82 + } + } + rule 2522 { + action accept + description FW03F2E_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW03F2E_1 + } + port 1194 + } + protocol udp + } + rule 2523 { + action accept + description FW03F2E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW03F2E_1 + } + port 4432,4431,4430 + } + protocol tcp + } + rule 2524 { + action accept + description FW1226C_3-TCP-ALLOW-216.113.162.65 + destination { + group { + address-group DT_FW1226C_3 + } + port 80,22 + } + protocol tcp + source { + address 216.113.162.65 + } + } + rule 2525 { + action accept + description VPN-20306-ANY-ALLOW-10.4.89.173 + destination { + group { + address-group DT_VPN-20306 + } + } + source { + address 10.4.89.173 + } + } + rule 2526 { + action accept + description FW8A49A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8A49A_1 + } + port 2525,8448-65535 + } + protocol tcp + } + rule 2527 { + action accept + description FWD3431_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD3431_2 + } + port 43595,30377,30289 + } + protocol tcp + } + rule 2528 { + action accept + description FW1226C_3-TCP-ALLOW-66.135.200.200 + destination { + group { + address-group DT_FW1226C_3 + } + port 80,22 + } + protocol tcp + source { + address 66.135.200.200 + } + } + rule 2529 { + action accept + description FW1226C_3-TCP-ALLOW-193.28.178.38 + destination { + group { + address-group DT_FW1226C_3 + } + port 80 + } + protocol tcp + source { + address 193.28.178.38 + } + } + rule 2530 { + action accept + description FWAE88B_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWAE88B_1 + } + port 65432,8080,7300,1195,1194,993,587,465,443,442,143,110,80,53,22 + } + protocol tcp_udp + } + rule 2531 { + action accept + description FW1226C_3-TCP-ALLOW-195.234.136.80 + destination { + group { + address-group DT_FW1226C_3 + } + port 80 + } + protocol tcp + source { + address 195.234.136.80 + } + } + rule 2532 { + action accept + description FW1226C_3-TCP-ALLOW-93.94.41.83 + destination { + group { + address-group DT_FW1226C_3 + } + port 80 + } + protocol tcp + source { + address 93.94.41.83 + } + } + rule 2533 { + action accept + description VPN-6103-ANY-ALLOW-10.4.56.102 + destination { + group { + address-group DT_VPN-6103 + } + } + source { + address 10.4.56.102 + } + } + rule 2534 { + action accept + description VPN-6103-ANY-ALLOW-10.4.57.102 + destination { + group { + address-group DT_VPN-6103 + } + } + source { + address 10.4.57.102 + } + } + rule 2535 { + action accept + description FW9E550_1-TCP-ALLOW-86.198.190.104 + destination { + group { + address-group DT_FW9E550_1 + } + port 3389 + } + protocol tcp + source { + address 86.198.190.104 + } + } + rule 2536 { + action accept + description FW34C91_3-TCP-ALLOW-81.149.71.244 + destination { + group { + address-group DT_FW34C91_3 + } + port 1433 + } + protocol tcp + source { + address 81.149.71.244 + } + } + rule 2537 { + action accept + description FW0BB22_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + port 27917,27017,9592,9092,1080,587 + } + protocol tcp_udp + } + rule 2538 { + action accept + description FWC2D30_1-TCP-ALLOW-89.213.26.156 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 89.213.26.156 + } + } + rule 2539 { + action accept + description FW34C91_3-UDP-ALLOW-81.149.71.244 + destination { + group { + address-group DT_FW34C91_3 + } + port 1434 + } + protocol udp + source { + address 81.149.71.244 + } + } + rule 2540 { + action accept + description VPN-17207-ANY-ALLOW-10.4.86.121 + destination { + group { + address-group DT_VPN-17207 + } + } + source { + address 10.4.86.121 + } + } + rule 2541 { + action accept + description FW0B352_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0B352_1 + } + port 4500,500 + } + protocol udp + } + rule 2542 { + action accept + description FW85E02_11-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW85E02_11 + } + port 5854,5853,5061 + } + protocol tcp + } + rule 2543 { + action accept + description FW0BB22_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0BB22_1 + } + port 9200,8082 + } + protocol tcp + } + rule 2544 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.140 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.140 + } + } + rule 2545 { + action accept + description FWC2D30_1-TCP-ALLOW-91.125.244.28 + destination { + group { + address-group DT_FWC2D30_1 + } + port 21 + } + protocol tcp + source { + address 91.125.244.28 + } + } + rule 2546 { + action accept + description FWA86ED_101-TCP-ALLOW-86.172.252.221 + destination { + group { + address-group DT_FWA86ED_101 + } + port 80-3389 + } + protocol tcp + source { + address 86.172.252.221 + } + } + rule 2547 { + action accept + description FWC2D30_1-TCP-ALLOW-92.207.184.106 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,21 + } + protocol tcp + source { + address 92.207.184.106 + } + } + rule 2548 { + action accept + description FW45F3D_1-ANY-ALLOW-146.255.0.198 + destination { + group { + address-group DT_FW45F3D_1 + } + } + source { + address 146.255.0.198 + } + } + rule 2549 { + action accept + description FWBFDED_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBFDED_1 + } + port 1723,445 + } + protocol tcp + } + rule 2550 { + action accept + description FW8A3FC_3-TCP-ALLOW-212.227.9.72 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 212.227.9.72 + } + } + rule 2551 { + action accept + description FWE928F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE928F_1 + } + port 2082,2083,2086,2087,2096 + } + protocol tcp + } + rule 2552 { + action accept + description FW5CBB2_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5CBB2_1 + } + port 2082,2083,2086,2087 + } + protocol tcp + } + rule 2553 { + action accept + description FW63230_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW63230_1 + } + port 445,139 + } + protocol tcp_udp + } + rule 2554 { + action accept + description FW90AE3_1-TCP-ALLOW-71.244.176.5 + destination { + group { + address-group DT_FW90AE3_1 + } + port 22 + } + protocol tcp + source { + address 71.244.176.5 + } + } + rule 2555 { + action accept + description FWA4BC8_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA4BC8_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2556 { + action accept + description VPN-17207-ANY-ALLOW-10.4.87.121 + destination { + group { + address-group DT_VPN-17207 + } + } + source { + address 10.4.87.121 + } + } + rule 2557 { + action accept + description VPN-17558-ANY-ALLOW-10.4.86.143 + destination { + group { + address-group DT_VPN-17558 + } + } + source { + address 10.4.86.143 + } + } + rule 2558 { + action accept + description FWB2CD2_1-TCP-ALLOW-86.167.68.241 + destination { + group { + address-group DT_FWB2CD2_1 + } + port 21 + } + protocol tcp + source { + address 86.167.68.241 + } + } + rule 2559 { + action accept + description FW32EFF_25-TCP-ALLOW-84.19.45.82 + destination { + group { + address-group DT_FW32EFF_25 + } + port 33888,443 + } + protocol tcp + source { + address 84.19.45.82 + } + } + rule 2560 { + action accept + description FW44217_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW44217_2 + } + port 9001,7946,2376 + } + protocol tcp + } + rule 2561 { + action accept + description FW7DAE2_3-TCP-ALLOW-212.227.253.11 + destination { + group { + address-group DT_FW7DAE2_3 + } + port 25,22 + } + protocol tcp + source { + address 212.227.253.11 + } + } + rule 2562 { + action accept + description FW7DAE2_3-TCP-ALLOW-217.160.126.118 + destination { + group { + address-group DT_FW7DAE2_3 + } + port 25,22 + } + protocol tcp + source { + address 217.160.126.118 + } + } + rule 2563 { + action accept + description FWAF6E8_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWAF6E8_1 + } + port 2082,2083,2086,2087,2096 + } + protocol tcp + } + rule 2564 { + action accept + description FWCD7CE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWCD7CE_1 + } + port 49152-65534 + } + protocol tcp + } + rule 2565 { + action accept + description FW32EFF_16-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW32EFF_16 + } + port 47779,47778,47777,47776 + } + protocol tcp + } + rule 2566 { + action accept + description FW0745F_5-TCP-ALLOW-77.68.117.222 + destination { + group { + address-group DT_FW0745F_5 + } + port 49170 + } + protocol tcp + source { + address 77.68.117.222 + } + } + rule 2567 { + action accept + description FWC2D30_1-TCP-ALLOW-92.207.199.107 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,22,21 + } + protocol tcp + source { + address 92.207.199.107 + } + } + rule 2568 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.0.89 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.0.89 + } + } + rule 2569 { + action accept + description FW8A3FC_3-TCP-ALLOW-190.2.130.41 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 190.2.130.41 + } + } + rule 2570 { + action accept + description FWFDCC7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWFDCC7_1 + } + port 10000 + } + protocol tcp_udp + } + rule 2571 { + action accept + description FWF19FB_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF19FB_2 + } + port 43595,40001,30616-30631,30531,30204-30435 + } + protocol tcp + } + rule 2572 { + action accept + description FW2B279_4-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 2573 { + action accept + description FW4E314_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4E314_1 + } + port 21543,888 + } + protocol tcp + } + rule 2574 { + action accept + description FW73215_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73215_1 + } + port 4380 + } + protocol udp + } + rule 2575 { + action accept + description VPN-31301-ANY-ALLOW-10.4.86.223 + destination { + group { + address-group DT_VPN-31301 + } + } + source { + address 10.4.86.223 + } + } + rule 2576 { + action accept + description FW8428B_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW8428B_1 + } + port 48402 + } + protocol udp + } + rule 2577 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-185.195.124.169 + destination { + group { + address-group DT_FWF3A1B_1 + } + port 2222 + } + protocol tcp_udp + source { + address 185.195.124.169 + } + } + rule 2578 { + action accept + description FW34C91_3-UDP-ALLOW-77.68.121.4 + destination { + group { + address-group DT_FW34C91_3 + } + port 1434 + } + protocol udp + source { + address 77.68.121.4 + } + } + rule 2579 { + action accept + description FW73215_1-TCP-ALLOW-82.38.58.135 + destination { + group { + address-group DT_FW73215_1 + } + port 10685 + } + protocol tcp + source { + address 82.38.58.135 + } + } + rule 2580 { + action accept + description FW52F6F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW52F6F_1 + } + port 8888 + } + protocol tcp + } + rule 2581 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.86 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.86 + } + } + rule 2582 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.125.13 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.125.13 + } + } + rule 2583 { + action accept + description FWEE03C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWEE03C_1 + } + port 2087,2083 + } + protocol tcp + } + rule 2584 { + action accept + description FW748B7_1-TCP-ALLOW-157.231.123.154 + destination { + group { + address-group DT_FW748B7_1 + } + port 22 + } + protocol tcp + source { + address 157.231.123.154 + } + } + rule 2585 { + action accept + description VPN-34501-ANY-ALLOW-10.4.87.235 + destination { + group { + address-group DT_VPN-34501 + } + } + source { + address 10.4.87.235 + } + } + rule 2586 { + action accept + description FWE47DA_1-TCP-ALLOW-81.134.85.245 + destination { + group { + address-group DT_FWE47DA_1 + } + port 22 + } + protocol tcp + source { + address 81.134.85.245 + } + } + rule 2587 { + action accept + description FWD61BF_1-ANY-ALLOW-193.237.81.213_32 + destination { + group { + address-group DT_FWD61BF_1 + } + } + source { + address 193.237.81.213/32 + } + } + rule 2588 { + action accept + description FW2B279_4-TCP-ALLOW-23.106.238.241 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,3306,22 + } + protocol tcp + source { + address 23.106.238.241 + } + } + rule 2589 { + action accept + description FW2B279_4-TCP-ALLOW-35.204.202.196 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,3306,22 + } + protocol tcp + source { + address 35.204.202.196 + } + } + rule 2590 { + action accept + description FW2B279_4-TCP-ALLOW-35.242.141.128 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,3306,22 + } + protocol tcp + source { + address 35.242.141.128 + } + } + rule 2591 { + action accept + description FWC2EF2_2-TCP-ALLOW-90.251.221.19 + destination { + group { + address-group DT_FWC2EF2_2 + } + port 995,993,587,465,143,110,25,22 + } + protocol tcp + source { + address 90.251.221.19 + } + } + rule 2592 { + action accept + description VPN-14673-ANY-ALLOW-10.4.88.44 + destination { + group { + address-group DT_VPN-14673 + } + } + source { + address 10.4.88.44 + } + } + rule 2593 { + action accept + description FWA83DF_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA83DF_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2594 { + action accept + description FW31525_6-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW31525_6 + } + port 35467 + } + protocol tcp + } + rule 2595 { + action accept + description FW4293B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4293B_1 + } + port 9080,8888,8881,7815,8419 + } + protocol tcp + } + rule 2596 { + action accept + description FW4AE7D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4AE7D_1 + } + port 8083,81 + } + protocol tcp + } + rule 2597 { + action accept + description FWC2D30_1-TCP-ALLOW-143.52.53.22 + destination { + group { + address-group DT_FWC2D30_1 + } + port 22 + } + protocol tcp + source { + address 143.52.53.22 + } + } + rule 2598 { + action accept + description FW44217_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW44217_2 + } + port 7946,4789 + } + protocol udp + } + rule 2599 { + action accept + description FW2B279_4-TCP-ALLOW-46.249.82.162 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 46.249.82.162 + } + } + rule 2600 { + action accept + description FW27949_2-TCP-ALLOW-80.95.202.106 + destination { + group { + address-group DT_FW27949_2 + } + port 443,80 + } + protocol tcp + source { + address 80.95.202.106 + } + } + rule 2601 { + action accept + description FWEF92E_5-ESP-ALLOW-77.68.93.82 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 77.68.93.82 + } + } + rule 2602 { + action accept + description FW2ACFF_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2ACFF_1 + } + port 8082,5093 + } + protocol tcp + } + rule 2603 { + action accept + description FWC2EF2_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC2EF2_2 + } + port 10000,953,53 + } + protocol tcp_udp + } + rule 2604 { + action accept + description FW0C8E1_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0C8E1_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2605 { + action accept + description FWA86ED_101-TCP_UDP-ALLOW-82.5.189.5 + destination { + group { + address-group DT_FWA86ED_101 + } + port 1-65535 + } + protocol tcp_udp + source { + address 82.5.189.5 + } + } + rule 2606 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.179 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.179 + } + } + rule 2607 { + action accept + description FWEF92E_5-ESP-ALLOW-88.208.198.93 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol esp + source { + address 88.208.198.93 + } + } + rule 2608 { + action accept + description FW5658C_1-TCP-ALLOW-39.45.43.109 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 39.45.43.109 + } + } + rule 2609 { + action accept + description FW5658C_1-TCP-ALLOW-5.67.3.195 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 5.67.3.195 + } + } + rule 2610 { + action accept + description FWDCA36_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDCA36_3 + } + port 49152-65534,5901 + } + protocol tcp + } + rule 2611 { + action accept + description FWE928F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE928F_1 + } + port 53 + } + protocol tcp_udp + } + rule 2612 { + action accept + description FW69D6D_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW69D6D_2 + } + port 5001,5090,5060,5015 + } + protocol tcp + } + rule 2613 { + action accept + description FW69D6D_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW69D6D_2 + } + port 5090,5060,9000-9500 + } + protocol udp + } + rule 2614 { + action accept + description VPN-9765-ANY-ALLOW-10.4.56.45 + destination { + group { + address-group DT_VPN-9765 + } + } + source { + address 10.4.56.45 + } + } + rule 2615 { + action accept + description VPN-9765-ANY-ALLOW-10.4.57.45 + destination { + group { + address-group DT_VPN-9765 + } + } + source { + address 10.4.57.45 + } + } + rule 2616 { + action accept + description FW4C136_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW4C136_1 + } + port 1194 + } + protocol tcp_udp + } + rule 2617 { + action accept + description FW6F539_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6F539_1 + } + port 49152-65534 + } + protocol tcp + } + rule 2618 { + action accept + description FWDD089_5-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWDD089_5 + } + port 5666-5667,12489 + } + protocol tcp_udp + } + rule 2619 { + action accept + description FWDD089_5-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDD089_5 + } + port 161-162 + } + protocol tcp + } + rule 2620 { + action accept + description FWEF92E_5-AH-ALLOW-109.228.37.19 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 109.228.37.19 + } + } + rule 2621 { + action accept + description FW0A5C4_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0A5C4_1 + } + port 9000,6697,6667,5000 + } + protocol tcp + } + rule 2622 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.11.54 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.11.54 + } + } + rule 2623 { + action accept + description FW2BB8D_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2BB8D_1 + } + port 7990 + } + protocol tcp + } + rule 2624 { + action accept + description FWAF6E8_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWAF6E8_1 + } + port 7770-7800,44445,53 + } + protocol tcp_udp + } + rule 2625 { + action accept + description FW81286_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW81286_1 + } + port 2082,2083,2086,2087,2096 + } + protocol tcp + } + rule 2626 { + action accept + description FW05064_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW05064_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2627 { + action accept + description FWD7382_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWD7382_1 + } + port 4500,1701,500 + } + protocol udp + } + rule 2628 { + action accept + description FWD7382_1-TCP-ALLOW-174.91.7.198 + destination { + group { + address-group DT_FWD7382_1 + } + port 3389 + } + protocol tcp + source { + address 174.91.7.198 + } + } + rule 2629 { + action accept + description VPN-9484-ANY-ALLOW-10.4.56.164 + destination { + group { + address-group DT_VPN-9484 + } + } + source { + address 10.4.56.164 + } + } + rule 2630 { + action accept + description VPN-9484-ANY-ALLOW-10.4.57.164 + destination { + group { + address-group DT_VPN-9484 + } + } + source { + address 10.4.57.164 + } + } + rule 2631 { + action accept + description VPN-9749-ANY-ALLOW-10.4.58.144 + destination { + group { + address-group DT_VPN-9749 + } + } + source { + address 10.4.58.144 + } + } + rule 2632 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.77.149 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.77.149 + } + } + rule 2633 { + action accept + description FW10FEE_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW10FEE_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2634 { + action accept + description FW5658C_1-TCP-ALLOW-5.71.30.141 + destination { + group { + address-group DT_FW5658C_1 + } + port 8443 + } + protocol tcp + source { + address 5.71.30.141 + } + } + rule 2635 { + action accept + description VPN-9749-ANY-ALLOW-10.4.59.144 + destination { + group { + address-group DT_VPN-9749 + } + } + source { + address 10.4.59.144 + } + } + rule 2636 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.77.70 + } + } + rule 2637 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.92.33 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.92.33 + } + } + rule 2638 { + action accept + description FWEF92E_5-AH-ALLOW-77.68.93.82 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 77.68.93.82 + } + } + rule 2639 { + action accept + description FWEF92E_6-AH-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_6 + } + } + protocol ah + source { + address 77.68.77.57 + } + } + rule 2640 { + action accept + description FWEF92E_6-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FWEF92E_6 + } + port 3389,445 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2641 { + action accept + description FWEF92E_5-AH-ALLOW-88.208.198.93 + destination { + group { + address-group DT_FWEF92E_5 + } + } + protocol ah + source { + address 88.208.198.93 + } + } + rule 2642 { + action accept + description FWEF92E_7-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FWEF92E_7 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2643 { + action accept + description FWEF92E_7-TCP-ALLOW-87.224.6.174 + destination { + group { + address-group DT_FWEF92E_7 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.6.174 + } + } + rule 2644 { + action accept + description FWEF92E_5-TCP-ALLOW-109.228.37.19 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 109.228.37.19 + } + } + rule 2645 { + action accept + description FW49C3D_4-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FW49C3D_4 + } + port 3389,445,80 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2646 { + action accept + description FW49C3D_4-TCP-ALLOW-82.0.198.226 + destination { + group { + address-group DT_FW49C3D_4 + } + port 3389,445 + } + protocol tcp + source { + address 82.0.198.226 + } + } + rule 2647 { + action accept + description FW49C3D_6-TCP-ALLOW-82.0.198.226 + destination { + group { + address-group DT_FW49C3D_6 + } + port 3389,445 + } + protocol tcp + source { + address 82.0.198.226 + } + } + rule 2648 { + action accept + description FW49C3D_6-TCP-ALLOW-83.100.136.74 + destination { + group { + address-group DT_FW49C3D_6 + } + port 3389,445 + } + protocol tcp + source { + address 83.100.136.74 + } + } + rule 2649 { + action accept + description FWEF92E_6-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FWEF92E_6 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2650 { + action accept + description FWEF92E_5-TCP-ALLOW-194.145.189.162 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 194.145.189.162 + } + } + rule 2651 { + action accept + description FW3DBF8_9-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW3DBF8_9 + } + port 9000-10999 + } + protocol udp + } + rule 2652 { + action accept + description VPN-19807-ANY-ALLOW-10.4.86.172 + destination { + group { + address-group DT_VPN-19807 + } + } + source { + address 10.4.86.172 + } + } + rule 2653 { + action accept + description FWEEC75_1-TCP-ALLOW-82.8.245.40 + destination { + group { + address-group DT_FWEEC75_1 + } + port 21 + } + protocol tcp + source { + address 82.8.245.40 + } + } + rule 2654 { + action accept + description FW3AD6F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW3AD6F_1 + } + port 53,465 + } + protocol tcp_udp + } + rule 2655 { + action accept + description FWCDBC7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWCDBC7_1 + } + port 53 + } + protocol tcp_udp + } + rule 2656 { + action accept + description FWA373F_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA373F_1 + } + port 2087,2086,2083,2082 + } + protocol tcp + } + rule 2657 { + action accept + description FW2B279_4-TCP-ALLOW-94.155.221.50 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443,22 + } + protocol tcp + source { + address 94.155.221.50 + } + } + rule 2658 { + action accept + description FWC2D30_1-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443,22 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 2659 { + action accept + description VPN-30791-ANY-ALLOW-10.4.88.215 + destination { + group { + address-group DT_VPN-30791 + } + } + source { + address 10.4.88.215 + } + } + rule 2660 { + action accept + description VPN-30791-ANY-ALLOW-10.4.89.215 + destination { + group { + address-group DT_VPN-30791 + } + } + source { + address 10.4.89.215 + } + } + rule 2661 { + action accept + description FW2EF2C_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2EF2C_1 + } + port 10000,3478 + } + protocol udp + } + rule 2662 { + action accept + description FW32EFF_49-TCP-ALLOW-195.217.232.0_26 + destination { + group { + address-group DT_FW32EFF_49 + } + port 5589 + } + protocol tcp + source { + address 195.217.232.0/26 + } + } + rule 2663 { + action accept + description FW4AE7D_1-TCP-ALLOW-81.136.8.24 + destination { + group { + address-group DT_FW4AE7D_1 + } + port 3389 + } + protocol tcp + source { + address 81.136.8.24 + } + } + rule 2664 { + action accept + description FW2EF2C_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2EF2C_1 + } + port 5222 + } + protocol tcp_udp + } + rule 2665 { + action accept + description FW48A55_2-TCP-ALLOW-86.29.225.60 + destination { + group { + address-group DT_FW48A55_2 + } + port 443,80,22 + } + protocol tcp + source { + address 86.29.225.60 + } + } + rule 2666 { + action accept + description FW48A55_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW48A55_2 + } + port 1337 + } + protocol udp + } + rule 2667 { + action accept + description VPN-11913-ANY-ALLOW-10.4.56.191 + destination { + group { + address-group DT_VPN-11913 + } + } + source { + address 10.4.56.191 + } + } + rule 2668 { + action accept + description FWEF92E_5-TCP-ALLOW-194.145.189.163 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 194.145.189.163 + } + } + rule 2669 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.0.90 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.0.90 + } + } + rule 2670 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.24.66 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.24.66 + } + } + rule 2671 { + action accept + description VPN-11913-ANY-ALLOW-10.4.57.191 + destination { + group { + address-group DT_VPN-11913 + } + } + source { + address 10.4.57.191 + } + } + rule 2672 { + action accept + description FW73573_2-TCP-ALLOW-86.9.185.195 + destination { + group { + address-group DT_FW73573_2 + } + port 22 + } + protocol tcp + source { + address 86.9.185.195 + } + } + rule 2673 { + action accept + description VPN-17558-ANY-ALLOW-10.4.87.143 + destination { + group { + address-group DT_VPN-17558 + } + } + source { + address 10.4.87.143 + } + } + rule 2674 { + action accept + description FW748B7_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW748B7_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2675 { + action accept + description FW16375_5-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW16375_5 + } + port 2082,2083,2086,2087 + } + protocol tcp + } + rule 2676 { + action accept + description FW5A77C_16-TCP-ALLOW-88.98.204.68 + destination { + group { + address-group DT_FW5A77C_16 + } + port 22 + } + protocol tcp + source { + address 88.98.204.68 + } + } + rule 2677 { + action accept + description FW73573_1-TCP-ALLOW-86.9.185.195 + destination { + group { + address-group DT_FW73573_1 + } + port 22 + } + protocol tcp + source { + address 86.9.185.195 + } + } + rule 2678 { + action accept + description FWEF92E_5-TCP-ALLOW-194.145.190.4 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 194.145.190.4 + } + } + rule 2679 { + action accept + description FWC2D30_1-TCP-ALLOW-140.82.112.0_20 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 140.82.112.0/20 + } + } + rule 2680 { + action accept + description FW62858_12-ICMP-ALLOW-77.68.122.41 + destination { + group { + address-group DT_FW62858_12 + } + } + protocol icmp + source { + address 77.68.122.41 + } + } + rule 2681 { + action accept + description FWB118A_1-TCP-ALLOW-147.148.96.136 + destination { + group { + address-group DT_FWB118A_1 + } + port 49152-65534,8447,8443,22,21,20 + } + protocol tcp + source { + address 147.148.96.136 + } + } + rule 2682 { + action accept + description FW5A77C_16-TCP-ALLOW-92.207.237.42 + destination { + group { + address-group DT_FW5A77C_16 + } + port 10000,22 + } + protocol tcp + source { + address 92.207.237.42 + } + } + rule 2683 { + action accept + description FW364CF_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW364CF_1 + } + port 4022,8099 + } + protocol tcp + } + rule 2684 { + action accept + description VPN-25822-ANY-ALLOW-10.4.54.42 + destination { + group { + address-group DT_VPN-25822 + } + } + source { + address 10.4.54.42 + } + } + rule 2685 { + action accept + description FW7F28A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW7F28A_1 + } + port 10051,10050 + } + protocol tcp + } + rule 2686 { + action accept + description FW8AFF1_7-TCP-ALLOW-109.228.53.159 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 109.228.53.159 + } + } + rule 2687 { + action accept + description FWE47DA_1-TCP-ALLOW-185.22.211.0_24 + destination { + group { + address-group DT_FWE47DA_1 + } + port 22 + } + protocol tcp + source { + address 185.22.211.0/24 + } + } + rule 2688 { + action accept + description FWC6301_1-TCP-ALLOW-95.34.208.4 + destination { + group { + address-group DT_FWC6301_1 + } + port 22 + } + protocol tcp + source { + address 95.34.208.4 + } + } + rule 2689 { + action accept + description FW45000_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW45000_1 + } + port 990 + } + protocol tcp + } + rule 2690 { + action accept + description FW481D7_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW481D7_1 + } + port 6789 + } + protocol tcp + } + rule 2691 { + action accept + description VPN-8203-ANY-ALLOW-10.4.59.109 + destination { + group { + address-group DT_VPN-8203 + } + } + source { + address 10.4.59.109 + } + } + rule 2692 { + action accept + description VPN-3575-ANY-ALLOW-10.4.54.124 + destination { + group { + address-group DT_VPN-3575 + } + } + source { + address 10.4.54.124 + } + } + rule 2693 { + action accept + description VPN-3575-ANY-ALLOW-10.4.55.125 + destination { + group { + address-group DT_VPN-3575 + } + } + source { + address 10.4.55.125 + } + } + rule 2694 { + action accept + description FW42661_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW42661_3 + } + port 44445,25672,15672,9876,7770-7800 + } + protocol tcp + } + rule 2695 { + action accept + description FWBF494_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBF494_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2696 { + action accept + description FWD0E22_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD0E22_4 + } + port 8000,19005 + } + protocol tcp + } + rule 2697 { + action accept + description FW98818_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW98818_1 + } + port 27015 + } + protocol udp + } + rule 2698 { + action accept + description FW62858_12-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW62858_12 + } + port 5001,5000 + } + protocol tcp + } + rule 2699 { + action accept + description VPN-34006-ANY-ALLOW-10.4.86.242 + destination { + group { + address-group DT_VPN-34006 + } + } + source { + address 10.4.86.242 + } + } + rule 2700 { + action accept + description VPN-34006-ANY-ALLOW-10.4.87.242 + destination { + group { + address-group DT_VPN-34006 + } + } + source { + address 10.4.87.242 + } + } + rule 2701 { + action accept + description FWF879C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF879C_1 + } + port 8888 + } + protocol tcp + } + rule 2702 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.11.54 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.11.54 + } + } + rule 2703 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.74.89 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.74.89 + } + } + rule 2704 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.77.149 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.77.149 + } + } + rule 2705 { + action accept + description FW8A57A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW8A57A_1 + } + port 49153,5666 + } + protocol tcp + } + rule 2706 { + action accept + description FW62858_12-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW62858_12 + } + port 5090,5061,5060 + } + protocol tcp_udp + } + rule 2707 { + action accept + description FW62858_12-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW62858_12 + } + port 9000-10999 + } + protocol udp + } + rule 2708 { + action accept + description FW0E2EE_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0E2EE_1 + } + port 1024-65535 + } + protocol tcp_udp + } + rule 2709 { + action accept + description FWEEC75_1-TCP-ALLOW-82.5.80.210 + destination { + group { + address-group DT_FWEEC75_1 + } + port 22 + } + protocol tcp + source { + address 82.5.80.210 + } + } + rule 2710 { + action accept + description FW4F81F_4-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW4F81F_4 + } + port 26900,27005,27015,51000,51005,51030 + } + protocol tcp_udp + } + rule 2711 { + action accept + description VPN-7902-ANY-ALLOW-10.4.56.78 + destination { + group { + address-group DT_VPN-7902 + } + } + source { + address 10.4.56.78 + } + } + rule 2712 { + action accept + description VPN-7902-ANY-ALLOW-10.4.57.78 + destination { + group { + address-group DT_VPN-7902 + } + } + source { + address 10.4.57.78 + } + } + rule 2713 { + action accept + description FWB36A0_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWB36A0_1 + } + port 20-21,990 + } + protocol tcp_udp + } + rule 2714 { + action accept + description FWD2082_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD2082_1 + } + port 8001,8002 + } + protocol tcp + } + rule 2715 { + action accept + description FW8A3FC_3-TCP-ALLOW-212.8.242.171 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 212.8.242.171 + } + } + rule 2716 { + action accept + description FWB9699_11-TCP-ALLOW-213.171.217.184 + destination { + group { + address-group DT_FWB9699_11 + } + port 443,80,8800,22 + } + protocol tcp + source { + address 213.171.217.184 + } + } + rule 2717 { + action accept + description VPN-11083-ANY-ALLOW-10.4.54.186 + destination { + group { + address-group DT_VPN-11083 + } + } + source { + address 10.4.54.186 + } + } + rule 2718 { + action accept + description VPN-11083-ANY-ALLOW-10.4.55.187 + destination { + group { + address-group DT_VPN-11083 + } + } + source { + address 10.4.55.187 + } + } + rule 2719 { + action accept + description VPN-34583-ANY-ALLOW-10.4.86.243 + destination { + group { + address-group DT_VPN-34583 + } + } + source { + address 10.4.86.243 + } + } + rule 2720 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.155 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.84.155 + } + } + rule 2721 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.117 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.117 + } + } + rule 2722 { + action accept + description FW7A9B0_9-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW7A9B0_9 + } + port 11112 + } + protocol tcp + } + rule 2723 { + action accept + description FW3F465_1-TCP-ALLOW-77.68.127.177 + destination { + group { + address-group DT_FW3F465_1 + } + port 3306 + } + protocol tcp + source { + address 77.68.127.177 + } + } + rule 2724 { + action accept + description VPN-34583-ANY-ALLOW-10.4.87.243 + destination { + group { + address-group DT_VPN-34583 + } + } + source { + address 10.4.87.243 + } + } + rule 2725 { + action accept + description FW930F3_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW930F3_1 + } + port 9089,5900,5666,5272 + } + protocol tcp + } + rule 2726 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.165 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.165 + } + } + rule 2727 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.140 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.140 + } + } + rule 2728 { + action accept + description FW90AE3_1-TCP-ALLOW-82.11.114.136 + destination { + group { + address-group DT_FW90AE3_1 + } + port 3306,22 + } + protocol tcp + source { + address 82.11.114.136 + } + } + rule 2729 { + action accept + description FW73215_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73215_1 + } + port 27015 + } + protocol tcp_udp + } + rule 2730 { + action accept + description FWC2EF2_1-TCP-ALLOW-18.130.156.250 + destination { + group { + address-group DT_FWC2EF2_1 + } + port 22 + } + protocol tcp + source { + address 18.130.156.250 + } + } + rule 2731 { + action accept + description FWC2EF2_1-TCP-ALLOW-90.251.221.19 + destination { + group { + address-group DT_FWC2EF2_1 + } + port 22 + } + protocol tcp + source { + address 90.251.221.19 + } + } + rule 2732 { + action accept + description FW90AE3_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW90AE3_1 + } + port 8765,8001,8000 + } + protocol tcp + } + rule 2733 { + action accept + description FWC2EF2_1-TCP-ALLOW-87.74.110.191 + destination { + group { + address-group DT_FWC2EF2_1 + } + port 8443 + } + protocol tcp + source { + address 87.74.110.191 + } + } + rule 2734 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.77.70 + } + } + rule 2735 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.93 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.93 + } + } + rule 2736 { + action accept + description FW81138_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW81138_1 + } + port 123 + } + protocol udp + } + rule 2737 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.64 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.64 + } + } + rule 2738 { + action accept + description FW03B35_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW03B35_1 + } + port 1-65535 + } + protocol tcp_udp + } + rule 2739 { + action accept + description VPN-19807-ANY-ALLOW-10.4.87.172 + destination { + group { + address-group DT_VPN-19807 + } + } + source { + address 10.4.87.172 + } + } + rule 2740 { + action accept + description FW5658C_1-TCP-ALLOW-94.12.73.154 + destination { + group { + address-group DT_FW5658C_1 + } + port 8447 + } + protocol tcp + source { + address 94.12.73.154 + } + } + rule 2741 { + action accept + description FW5658C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5658C_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2742 { + action accept + description FW0B352_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0B352_1 + } + port 3443 + } + protocol tcp_udp + } + rule 2743 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.8.74 + destination { + group { + address-group DT_FWEF92E_5 + } + port 3389,445,443 + } + protocol tcp + source { + address 77.68.8.74 + } + } + rule 2744 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.92.33 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.92.33 + } + } + rule 2745 { + action accept + description FWEF92E_5-TCP-ALLOW-77.68.93.82 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 77.68.93.82 + } + } + rule 2746 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.44 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.44 + } + } + rule 2747 { + action accept + description FW34C91_3-TCP-ALLOW-188.220.176.104 + destination { + group { + address-group DT_FW34C91_3 + } + port 1433 + } + protocol tcp + source { + address 188.220.176.104 + } + } + rule 2748 { + action accept + description FW3F465_1-TCP-ALLOW-77.68.16.101 + destination { + group { + address-group DT_FW3F465_1 + } + port 3306 + } + protocol tcp + source { + address 77.68.16.101 + } + } + rule 2749 { + action accept + description FWEF92E_5-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FWEF92E_5 + } + port 3389,445,443 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 2750 { + action accept + description FW34C91_3-UDP-ALLOW-188.220.176.104 + destination { + group { + address-group DT_FW34C91_3 + } + port 1434 + } + protocol udp + source { + address 188.220.176.104 + } + } + rule 2751 { + action accept + description FWE47DA_1-TCP-ALLOW-185.22.208.0_25 + destination { + group { + address-group DT_FWE47DA_1 + } + port 22 + } + protocol tcp + source { + address 185.22.208.0/25 + } + } + rule 2752 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.187 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.187 + } + } + rule 2753 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.84 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.84 + } + } + rule 2754 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.52 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 116.206.246.52 + } + } + rule 2755 { + action accept + description FW8AFF1_7-TCP-ALLOW-77.68.92.154 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 77.68.92.154 + } + } + rule 2756 { + action accept + description FW8AFF1_7-TCP-ALLOW-77.68.93.156 + destination { + group { + address-group DT_FW8AFF1_7 + } + port 1433 + } + protocol tcp + source { + address 77.68.93.156 + } + } + rule 2757 { + action accept + description VPN-24398-ANY-ALLOW-10.4.88.151 + destination { + group { + address-group DT_VPN-24398 + } + } + source { + address 10.4.88.151 + } + } + rule 2758 { + action accept + description VPN-24398-ANY-ALLOW-10.4.89.151 + destination { + group { + address-group DT_VPN-24398 + } + } + source { + address 10.4.89.151 + } + } + rule 2759 { + action accept + description VPN-24589-ANY-ALLOW-10.4.56.9 + destination { + group { + address-group DT_VPN-24589 + } + } + source { + address 10.4.56.9 + } + } + rule 2760 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.29 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.29 + } + } + rule 2761 { + action accept + description FWC7D36_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC7D36_1 + } + port 27017,11080 + } + protocol tcp + } + rule 2762 { + action accept + description FWBB718_1-TCP_UDP-ALLOW-77.68.73.116 + destination { + group { + address-group DT_FWBB718_1 + } + port 1433 + } + protocol tcp_udp + source { + address 77.68.73.116 + } + } + rule 2763 { + action accept + description FWBB718_1-UDP-ALLOW-77.68.73.116 + destination { + group { + address-group DT_FWBB718_1 + } + port 1434 + } + protocol udp + source { + address 77.68.73.116 + } + } + rule 2764 { + action accept + description FWB9699_11-TCP-ALLOW-213.171.217.102 + destination { + group { + address-group DT_FWB9699_11 + } + port 22,80,443,8800 + } + protocol tcp + source { + address 213.171.217.102 + } + } + rule 2765 { + action accept + description FW18E6E_3-TCP-ALLOW-103.8.164.5 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 103.8.164.5 + } + } + rule 2766 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.193 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.193 + } + } + rule 2768 { + action accept + description FW26F0A_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW26F0A_1 + } + port 53 + } + protocol tcp_udp + } + rule 2769 { + action accept + description FWCC18F_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWCC18F_2 + } + port 8883,1883 + } + protocol tcp + } + rule 2771 { + action accept + description FW633DD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW633DD_1 + } + port 28967,14002,9984,9983,9982,9981,8888,8884 + } + protocol tcp + } + rule 2772 { + action accept + description FWDEDB9_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDEDB9_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2773 { + action accept + description VPN-18646-ANY-ALLOW-10.4.88.109 + destination { + group { + address-group DT_VPN-18646 + } + } + source { + address 10.4.88.109 + } + } + rule 2774 { + action accept + description VPN-18646-ANY-ALLOW-10.4.89.109 + destination { + group { + address-group DT_VPN-18646 + } + } + source { + address 10.4.89.109 + } + } + rule 2775 { + action accept + description FWA0531_1-TCP-ALLOW-87.224.39.221 + destination { + group { + address-group DT_FWA0531_1 + } + port 8082,3003,22 + } + protocol tcp + source { + address 87.224.39.221 + } + } + rule 2776 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.94 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.94 + } + } + rule 2777 { + action accept + description FWA0531_1-TCP-ALLOW-92.237.97.92 + destination { + group { + address-group DT_FWA0531_1 + } + port 8082,3003,22 + } + protocol tcp + source { + address 92.237.97.92 + } + } + rule 2778 { + action accept + description VPN-25822-ANY-ALLOW-10.4.55.42 + destination { + group { + address-group DT_VPN-25822 + } + } + source { + address 10.4.55.42 + } + } + rule 2779 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.88 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.211.88 + } + } + rule 2780 { + action accept + description FWC2D30_1-TCP-ALLOW-143.55.64.0_20 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 143.55.64.0/20 + } + } + rule 2781 { + action accept + description FW18E6E_3-TCP-ALLOW-194.176.78.206 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 194.176.78.206 + } + } + rule 2782 { + action accept + description FW18E6E_3-TCP-ALLOW-195.243.221.50 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 195.243.221.50 + } + } + rule 2783 { + action accept + description FW18E6E_3-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 2784 { + action accept + description FW18E6E_3-TCP-ALLOW-81.150.168.54 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306,22 + } + protocol tcp + source { + address 81.150.168.54 + } + } + rule 2785 { + action accept + description FW18E6E_3-TCP-ALLOW-89.197.133.235 + destination { + group { + address-group DT_FW18E6E_3 + } + port 22 + } + protocol tcp + source { + address 89.197.133.235 + } + } + rule 2786 { + action accept + description FW18E6E_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW18E6E_3 + } + port 60000-60100,873 + } + protocol tcp + } + rule 2787 { + action accept + description FW2BF20_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2BF20_3 + } + port 49152-65534,990 + } + protocol tcp + } + rule 2788 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.98 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.98 + } + } + rule 2789 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.65 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.65 + } + } + rule 2791 { + action accept + description FW197DB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW197DB_1 + } + port 49152-65534 + } + protocol tcp + } + rule 2792 { + action accept + description FW1208C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1208C_1 + } + port 2087,2083,2096 + } + protocol tcp + } + rule 2793 { + action accept + description FW00D98_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW00D98_1 + } + port 4430 + } + protocol tcp + } + rule 2794 { + action accept + description FW03B35_1-ESP-ALLOW-ANY + destination { + group { + address-group DT_FW03B35_1 + } + } + protocol esp + } + rule 2795 { + action accept + description FW03B35_1-AH-ALLOW-ANY + destination { + group { + address-group DT_FW03B35_1 + } + } + protocol ah + } + rule 2796 { + action accept + description FWEF92E_5-TCP-ALLOW-87.224.6.174 + destination { + group { + address-group DT_FWEF92E_5 + } + port 3389,445,443 + } + protocol tcp + source { + address 87.224.6.174 + } + } + rule 2797 { + action accept + description FW825C8_19-TCP-ALLOW-159.253.51.74 + destination { + group { + address-group DT_FW825C8_19 + } + port 3389,1433,995 + } + protocol tcp + source { + address 159.253.51.74 + } + } + rule 2798 { + action accept + description FW825C8_19-TCP-ALLOW-77.68.76.111 + destination { + group { + address-group DT_FW825C8_19 + } + port 1433 + } + protocol tcp + source { + address 77.68.76.111 + } + } + rule 2799 { + action accept + description FW825C8_19-TCP-ALLOW-77.68.28.63 + destination { + group { + address-group DT_FW825C8_19 + } + port 995 + } + protocol tcp + source { + address 77.68.28.63 + } + } + rule 2801 { + action accept + description FW2EF2C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2EF2C_1 + } + port 5349 + } + protocol tcp + } + rule 2802 { + action accept + description FWEF92E_5-TCP-ALLOW-88.208.198.93 + destination { + group { + address-group DT_FWEF92E_5 + } + port 443 + } + protocol tcp + source { + address 88.208.198.93 + } + } + rule 2803 { + action accept + description FWC3921_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC3921_1 + } + port 25000,25001-25005,26000-26006 + } + protocol tcp + } + rule 2804 { + action accept + description FWEF92E_5-UDP-ALLOW-109.228.37.19 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 109.228.37.19 + } + } + rule 2805 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.11.54 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.11.54 + } + } + rule 2806 { + action accept + description FW5AE10_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW5AE10_1 + } + port 53 + } + protocol tcp_udp + } + rule 2810 { + action accept + description FW45F87_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW45F87_1 + } + port 60000-60100 + } + protocol tcp + } + rule 2811 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.108.158 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 123.231.108.158 + } + } + rule 2813 { + action accept + description FW825C8_19-TCP-ALLOW-109.228.1.233 + destination { + group { + address-group DT_FW825C8_19 + } + port 1433 + } + protocol tcp + source { + address 109.228.1.233 + } + } + rule 2814 { + action accept + description FW20449_2-ICMP-ALLOW-3.10.221.168 + destination { + group { + address-group DT_FW20449_2 + } + } + protocol icmp + source { + address 3.10.221.168 + } + } + rule 2815 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.100 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.100 + } + } + rule 2816 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.180 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.180 + } + } + rule 2817 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.184 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.184 + } + } + rule 2818 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.185 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.185 + } + } + rule 2819 { + action accept + description FWB9699_7-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWB9699_7 + } + port 161 + } + protocol udp + } + rule 2820 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.102 + destination { + group { + address-group DT_FWB9699_7 + } + port 22,8443 + } + protocol tcp + source { + address 213.171.217.102 + } + } + rule 2821 { + action accept + description FWB9699_7-TCP-ALLOW-213.171.217.103 + destination { + group { + address-group DT_FWB9699_7 + } + port 22 + } + protocol tcp + source { + address 213.171.217.103 + } + } + rule 2824 { + action accept + description FWE3E77_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE3E77_1 + } + port 10010,10009 + } + protocol tcp + } + rule 2825 { + action accept + description FW8A3FC_3-TCP-ALLOW-93.190.142.120 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 93.190.142.120 + } + } + rule 2826 { + action accept + description FW20449_2-ICMP-ALLOW-82.20.69.137 + destination { + group { + address-group DT_FW20449_2 + } + } + protocol icmp + source { + address 82.20.69.137 + } + } + rule 2827 { + action accept + description FW8A3FC_3-TCP-ALLOW-46.101.232.93 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 21-10000 + } + protocol tcp + source { + address 46.101.232.93 + } + } + rule 2828 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.5 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.5 + } + } + rule 2829 { + action accept + description FWD2440_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD2440_1 + } + port 1-65535 + } + protocol tcp + } + rule 2831 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.105 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.105 + } + } + rule 2833 { + action accept + description FW825C8_24-TCP-ALLOW-159.253.51.74 + destination { + group { + address-group DT_FW825C8_24 + } + port 3389,1433,995 + } + protocol tcp + source { + address 159.253.51.74 + } + } + rule 2834 { + action accept + description FW825C8_24-TCP-ALLOW-77.68.77.120 + destination { + group { + address-group DT_FW825C8_24 + } + port 1433 + } + protocol tcp + source { + address 77.68.77.120 + } + } + rule 2839 { + action accept + description FWD2440_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWD2440_1 + } + port 1-65535 + } + protocol udp + } + rule 2840 { + action accept + description FW1C8F2_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1C8F2_1 + } + port 7000-10000,5554,5443,5080,1935,1111 + } + protocol tcp + } + rule 2843 { + action accept + description FWE7180_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE7180_1 + } + port 443,53 + } + protocol tcp_udp + } + rule 2844 { + action accept + description FWC6301_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC6301_1 + } + port 2456 + } + protocol tcp_udp + } + rule 2845 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.113 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.113 + } + } + rule 2846 { + action accept + description VPN-24589-ANY-ALLOW-10.4.57.9 + destination { + group { + address-group DT_VPN-24589 + } + } + source { + address 10.4.57.9 + } + } + rule 2847 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.237 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.212.237 + } + } + rule 2849 { + action accept + description FWFD9AF_9-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWFD9AF_9 + } + port 445 + } + protocol tcp_udp + } + rule 2850 { + action accept + description VPN-23209-ANY-ALLOW-10.4.58.8 + destination { + group { + address-group DT_VPN-23209 + } + } + source { + address 10.4.58.8 + } + } + rule 2851 { + action accept + description VPN-23209-ANY-ALLOW-10.4.59.8 + destination { + group { + address-group DT_VPN-23209 + } + } + source { + address 10.4.59.8 + } + } + rule 2853 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.29 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.29 + } + } + rule 2854 { + action accept + description FW16375_5-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW16375_5 + } + port 2096 + } + protocol tcp_udp + } + rule 2856 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.173 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.173 + } + } + rule 2858 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.35 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.35 + } + } + rule 2859 { + action accept + description FW73573_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW73573_1 + } + port 25 + } + protocol tcp_udp + } + rule 2860 { + action accept + description FW18E6E_3-TCP-ALLOW-148.253.173.242 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 148.253.173.242 + } + } + rule 2861 { + action accept + description FW8ECF4_1-TCP-ALLOW-77.68.2.215 + destination { + group { + address-group DT_FW8ECF4_1 + } + port 3306 + } + protocol tcp + source { + address 77.68.2.215 + } + } + rule 2862 { + action accept + description FW8A3FC_3-TCP_UDP-ALLOW-82.165.100.25 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 21-10000 + } + protocol tcp_udp + source { + address 82.165.100.25 + } + } + rule 2863 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.235 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.235 + } + } + rule 2864 { + action accept + description VPN-18647-ANY-ALLOW-10.4.86.114 + destination { + group { + address-group DT_VPN-18647 + } + } + source { + address 10.4.86.114 + } + } + rule 2865 { + action accept + description VPN-18647-ANY-ALLOW-10.4.87.114 + destination { + group { + address-group DT_VPN-18647 + } + } + source { + address 10.4.87.114 + } + } + rule 2867 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.107 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.107 + } + } + rule 2868 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.239 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.239 + } + } + rule 2869 { + action accept + description FWF699D_4-TCP-ALLOW-164.39.151.3 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 164.39.151.3 + } + } + rule 2870 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.245 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.245 + } + } + rule 2873 { + action accept + description FWEF92E_6-TCP-ALLOW-87.224.6.174 + destination { + group { + address-group DT_FWEF92E_6 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.6.174 + } + } + rule 2874 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.130 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.130 + } + } + rule 2875 { + action accept + description FW44BF9_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW44BF9_1 + } + port 49160-49200 + } + protocol tcp + } + rule 2876 { + action accept + description VPN-24591-ANY-ALLOW-10.4.86.4 + destination { + group { + address-group DT_VPN-24591 + } + } + source { + address 10.4.86.4 + } + } + rule 2877 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.60 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.60 + } + } + rule 2879 { + action accept + description FWEF92E_6-UDP-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_6 + } + port 500 + } + protocol udp + source { + address 77.68.77.57 + } + } + rule 2880 { + action accept + description FWF699D_4-TCP-ALLOW-185.132.38.110 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 185.132.38.110 + } + } + rule 2881 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.216 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.216 + } + } + rule 2882 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.77.149 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.77.149 + } + } + rule 2883 { + action accept + description FWA2FF8_4-TCP-ALLOW-80.229.18.102 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 3306,21,22 + } + protocol tcp + source { + address 80.229.18.102 + } + } + rule 2884 { + action accept + description FWA2FF8_4-TCP-ALLOW-109.169.33.69 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 3306,21,22 + } + protocol tcp + source { + address 109.169.33.69 + } + } + rule 2885 { + action accept + description FWA2FF8_4-TCP-ALLOW-46.102.209.35 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 3306,21 + } + protocol tcp + source { + address 46.102.209.35 + } + } + rule 2886 { + action accept + description FWA2FF8_4-TCP-ALLOW-90.213.48.16 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 3306,21 + } + protocol tcp + source { + address 90.213.48.16 + } + } + rule 2887 { + action accept + description FWA2FF8_4-TCP-ALLOW-77.68.76.129 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 22 + } + protocol tcp + source { + address 77.68.76.129 + } + } + rule 2888 { + action accept + description FWA2FF8_4-TCP-ALLOW-109.228.50.145 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 22 + } + protocol tcp + source { + address 109.228.50.145 + } + } + rule 2889 { + action accept + description FWA2FF8_4-TCP-ALLOW-77.68.76.231 + destination { + group { + address-group DT_FWA2FF8_4 + } + port 22 + } + protocol tcp + source { + address 77.68.76.231 + } + } + rule 2890 { + action accept + description FW4513E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4513E_1 + } + port 50000-50020,990 + } + protocol tcp + } + rule 2893 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.40.7 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.40.7 + } + } + rule 2894 { + action accept + description VPN-21876-ANY-ALLOW-10.4.88.96 + destination { + group { + address-group DT_VPN-21876 + } + } + source { + address 10.4.88.96 + } + } + rule 2895 { + action accept + description VPN-21876-ANY-ALLOW-10.4.89.96 + destination { + group { + address-group DT_VPN-21876 + } + } + source { + address 10.4.89.96 + } + } + rule 2896 { + action accept + description VPN-26124-ANY-ALLOW-10.4.54.75 + destination { + group { + address-group DT_VPN-26124 + } + } + source { + address 10.4.54.75 + } + } + rule 2897 { + action accept + description VPN-26124-ANY-ALLOW-10.4.55.76 + destination { + group { + address-group DT_VPN-26124 + } + } + source { + address 10.4.55.76 + } + } + rule 2898 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.21 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.21 + } + } + rule 2899 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.213 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.213 + } + } + rule 2901 { + action accept + description FWC6301_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC6301_1 + } + port 5555 + } + protocol udp + } + rule 2902 { + action accept + description VPN-13261-ANY-ALLOW-10.4.56.173 + destination { + group { + address-group DT_VPN-13261 + } + } + source { + address 10.4.56.173 + } + } + rule 2903 { + action accept + description VPN-13261-ANY-ALLOW-10.4.57.173 + destination { + group { + address-group DT_VPN-13261 + } + } + source { + address 10.4.57.173 + } + } + rule 2909 { + action accept + description VPN-24591-ANY-ALLOW-10.4.87.4 + destination { + group { + address-group DT_VPN-24591 + } + } + source { + address 10.4.87.4 + } + } + rule 2911 { + action accept + description FWE7180_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE7180_1 + } + port 40110-40210,8090 + } + protocol tcp + } + rule 2914 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.247 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.247 + } + } + rule 2915 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.129 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.129 + } + } + rule 2916 { + action accept + description FWCB29D_1-TCP-ALLOW-51.146.16.162 + destination { + group { + address-group DT_FWCB29D_1 + } + port 8447,8443,22 + } + protocol tcp + source { + address 51.146.16.162 + } + } + rule 2917 { + action accept + description FW4E399_1-TCP-ALLOW-51.155.19.77 + destination { + group { + address-group DT_FW4E399_1 + } + port 3306 + } + protocol tcp + source { + address 51.155.19.77 + } + } + rule 2919 { + action accept + description FWC72E5_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC72E5_1 + } + port 9000-9100,6667 + } + protocol tcp + } + rule 2922 { + action accept + description FW21A75_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW21A75_2 + } + port 3000 + } + protocol tcp + } + rule 2923 { + action accept + description FW3B068_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW3B068_2 + } + port 990,60000-65000 + } + protocol tcp + } + rule 2924 { + action accept + description FW48814_3-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW48814_3 + } + port 3306 + } + protocol tcp_udp + } + rule 2925 { + action accept + description FW48814_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW48814_3 + } + port 49152-65534 + } + protocol tcp + } + rule 2926 { + action accept + description FW2B279_4-TCP-ALLOW-178.128.39.210 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443 + } + protocol tcp + source { + address 178.128.39.210 + } + } + rule 2927 { + action accept + description FW2B279_4-TCP-ALLOW-82.165.232.19 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443 + } + protocol tcp + source { + address 82.165.232.19 + } + } + rule 2928 { + action accept + description FW2B279_4-TCP-ALLOW-84.64.186.31 + destination { + group { + address-group DT_FW2B279_4 + } + port 8443 + } + protocol tcp + source { + address 84.64.186.31 + } + } + rule 2929 { + action accept + description FW1C8F2_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1C8F2_1 + } + port 5000-65000 + } + protocol udp + } + rule 2930 { + action accept + description FW2B279_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2B279_4 + } + port 49152-65535 + } + protocol tcp + } + rule 2931 { + action accept + description FW608FA_1-TCP-ALLOW-195.10.106.114 + destination { + group { + address-group DT_FW608FA_1 + } + port 22 + } + protocol tcp + source { + address 195.10.106.114 + } + } + rule 2932 { + action accept + description FW608FA_1-TCP-ALLOW-213.137.25.134 + destination { + group { + address-group DT_FW608FA_1 + } + port 22 + } + protocol tcp + source { + address 213.137.25.134 + } + } + rule 2933 { + action accept + description FW608FA_1-TCP-ALLOW-92.39.202.189 + destination { + group { + address-group DT_FW608FA_1 + } + port 22 + } + protocol tcp + source { + address 92.39.202.189 + } + } + rule 2935 { + action accept + description FWC37B9_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC37B9_1 + } + port 49152-65535 + } + protocol tcp + } + rule 2936 { + action accept + description FW15C99_6-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW15C99_6 + } + port 32410-32414,1900 + } + protocol udp + } + rule 2937 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.244.146 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 116.206.244.146 + } + } + rule 2938 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.158 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.211.158 + } + } + rule 2939 { + action accept + description FW15C99_6-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW15C99_6 + } + port 32469,32400 + } + protocol tcp + } + rule 2940 { + action accept + description FW0192C_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0192C_1 + } + port 2053 + } + protocol tcp + } + rule 2941 { + action accept + description FW27949_2-TCP-ALLOW-86.179.23.119 + destination { + group { + address-group DT_FW27949_2 + } + port 443,80 + } + protocol tcp + source { + address 86.179.23.119 + } + } + rule 2942 { + action accept + description FW27949_2-TCP-ALLOW-92.15.208.193 + destination { + group { + address-group DT_FW27949_2 + } + port 443,80 + } + protocol tcp + source { + address 92.15.208.193 + } + } + rule 2943 { + action accept + description VPN-34122-ANY-ALLOW-10.4.56.122 + destination { + group { + address-group DT_VPN-34122 + } + } + source { + address 10.4.56.122 + } + } + rule 2944 { + action accept + description VPN-34122-ANY-ALLOW-10.4.57.122 + destination { + group { + address-group DT_VPN-34122 + } + } + source { + address 10.4.57.122 + } + } + rule 2945 { + action accept + description FWF323F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF323F_1 + } + port 25565,9999,8080,5001,3306 + } + protocol tcp_udp + } + rule 2946 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.132 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.132 + } + } + rule 2948 { + action accept + description VPN-30261-ANY-ALLOW-10.4.86.110 + destination { + group { + address-group DT_VPN-30261 + } + } + source { + address 10.4.86.110 + } + } + rule 2949 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.246 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.246 + } + } + rule 2951 { + action accept + description FWC2D30_1-TCP-ALLOW-157.231.100.222 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 157.231.100.222 + } + } + rule 2952 { + action accept + description FWC2D30_1-TCP-ALLOW-164.39.131.31 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 164.39.131.31 + } + } + rule 2953 { + action accept + description FWC2D30_1-TCP-ALLOW-185.199.108.0_22 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 185.199.108.0/22 + } + } + rule 2954 { + action accept + description FWC2D30_1-TCP-ALLOW-192.30.252.0_22 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 192.30.252.0/22 + } + } + rule 2955 { + action accept + description FWC2D30_1-TCP-ALLOW-80.252.78.202 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 80.252.78.202 + } + } + rule 2956 { + action accept + description FWC2D30_1-TCP-ALLOW-86.15.158.234 + destination { + group { + address-group DT_FWC2D30_1 + } + port 8443 + } + protocol tcp + source { + address 86.15.158.234 + } + } + rule 2957 { + action accept + description VPN-30261-ANY-ALLOW-10.4.87.110 + destination { + group { + address-group DT_VPN-30261 + } + } + source { + address 10.4.87.110 + } + } + rule 2958 { + action accept + description VPN-30262-ANY-ALLOW-10.4.88.36 + destination { + group { + address-group DT_VPN-30262 + } + } + source { + address 10.4.88.36 + } + } + rule 2961 { + action accept + description VPN-15950-ANY-ALLOW-10.4.88.89 + destination { + group { + address-group DT_VPN-15950 + } + } + source { + address 10.4.88.89 + } + } + rule 2962 { + action accept + description FWBFDED_1-TCP-ALLOW-78.141.24.164 + destination { + group { + address-group DT_FWBFDED_1 + } + port 3389 + } + protocol tcp + source { + address 78.141.24.164 + } + } + rule 2963 { + action accept + description VPN-30262-ANY-ALLOW-10.4.89.36 + destination { + group { + address-group DT_VPN-30262 + } + } + source { + address 10.4.89.36 + } + } + rule 2964 { + action accept + description FW1F126_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1F126_1 + } + port 2087,2083 + } + protocol tcp + } + rule 2965 { + action accept + description FWA7A50_1-ANY-ALLOW-40.120.53.80 + destination { + group { + address-group DT_FWA7A50_1 + } + } + source { + address 40.120.53.80 + } + } + rule 2967 { + action accept + description VPN-23729-ANY-ALLOW-10.4.54.10 + destination { + group { + address-group DT_VPN-23729 + } + } + source { + address 10.4.54.10 + } + } + rule 2968 { + action accept + description VPN-23729-ANY-ALLOW-10.4.55.10 + destination { + group { + address-group DT_VPN-23729 + } + } + source { + address 10.4.55.10 + } + } + rule 2969 { + action accept + description VPN-23733-ANY-ALLOW-10.4.58.12 + destination { + group { + address-group DT_VPN-23733 + } + } + source { + address 10.4.58.12 + } + } + rule 2970 { + action accept + description VPN-23733-ANY-ALLOW-10.4.59.12 + destination { + group { + address-group DT_VPN-23733 + } + } + source { + address 10.4.59.12 + } + } + rule 2971 { + action accept + description VPN-23734-ANY-ALLOW-10.4.56.29 + destination { + group { + address-group DT_VPN-23734 + } + } + source { + address 10.4.56.29 + } + } + rule 2972 { + action accept + description VPN-23734-ANY-ALLOW-10.4.57.29 + destination { + group { + address-group DT_VPN-23734 + } + } + source { + address 10.4.57.29 + } + } + rule 2975 { + action accept + description VPN-23738-ANY-ALLOW-10.4.57.13 + destination { + group { + address-group DT_VPN-23738 + } + } + source { + address 10.4.57.13 + } + } + rule 2976 { + action accept + description FWD8DD1_2-TCP-ALLOW-77.153.164.226 + destination { + group { + address-group DT_FWD8DD1_2 + } + port 3306,22 + } + protocol tcp + source { + address 77.153.164.226 + } + } + rule 2977 { + action accept + description FWE012D_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE012D_1 + } + port 143,25 + } + protocol tcp_udp + } + rule 2978 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.120.196 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.120.196 + } + } + rule 2981 { + action accept + description FW24AB7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW24AB7_1 + } + port 40110-40210 + } + protocol tcp_udp + } + rule 2985 { + action accept + description FW2379F_14-TCP-ALLOW-194.72.140.178 + destination { + group { + address-group DT_FW2379F_14 + } + port 3389,21 + } + protocol tcp + source { + address 194.72.140.178 + } + } + rule 2986 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.97 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.97 + } + } + rule 2988 { + action accept + description FW883EB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW883EB_1 + } + port 5005,5004,5003,5002,5001 + } + protocol tcp + } + rule 2992 { + action accept + description FW310C6_3-ANY-ALLOW-62.30.207.232 + destination { + group { + address-group DT_FW310C6_3 + } + } + source { + address 62.30.207.232 + } + } + rule 2993 { + action accept + description VPN-15950-ANY-ALLOW-10.4.89.89 + destination { + group { + address-group DT_VPN-15950 + } + } + source { + address 10.4.89.89 + } + } + rule 2994 { + action accept + description VPN-15960-ANY-ALLOW-10.4.88.90 + destination { + group { + address-group DT_VPN-15960 + } + } + source { + address 10.4.88.90 + } + } + rule 2995 { + action accept + description FWEF92E_7-UDP-ALLOW-77.68.77.57 + destination { + group { + address-group DT_FWEF92E_7 + } + port 500 + } + protocol udp + source { + address 77.68.77.57 + } + } + rule 2996 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.135 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.135 + } + } + rule 2998 { + action accept + description VPN-31002-ANY-ALLOW-10.4.88.126 + destination { + group { + address-group DT_VPN-31002 + } + } + source { + address 10.4.88.126 + } + } + rule 2999 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.110 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 116.206.246.110 + } + } + rule 3000 { + action accept + description FW08061_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW08061_1 + } + port 49152-65535 + } + protocol tcp + } + rule 3001 { + action accept + description VPN-15960-ANY-ALLOW-10.4.89.90 + destination { + group { + address-group DT_VPN-15960 + } + } + source { + address 10.4.89.90 + } + } + rule 3003 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.56 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.56 + } + } + rule 3004 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.47.47 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 175.157.47.47 + } + } + rule 3005 { + action accept + description FW10C3D_19-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW10C3D_19 + } + port 49152-65535,14147 + } + protocol tcp + } + rule 3006 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.136 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.136 + } + } + rule 3009 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.44.109 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.44.109 + } + } + rule 3010 { + action accept + description VPN-24592-ANY-ALLOW-10.4.88.9 + destination { + group { + address-group DT_VPN-24592 + } + } + source { + address 10.4.88.9 + } + } + rule 3011 { + action accept + description FW05AD0_2-TCP-ALLOW-213.171.209.161 + destination { + group { + address-group DT_FW05AD0_2 + } + port 3389,1433,21 + } + protocol tcp + source { + address 213.171.209.161 + } + } + rule 3012 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.86.254 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.86.254 + } + } + rule 3014 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.16 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.16 + } + } + rule 3018 { + action accept + description VPN-24592-ANY-ALLOW-10.4.89.9 + destination { + group { + address-group DT_VPN-24592 + } + } + source { + address 10.4.89.9 + } + } + rule 3019 { + action accept + description VPN-24593-ANY-ALLOW-10.4.54.6 + destination { + group { + address-group DT_VPN-24593 + } + } + source { + address 10.4.54.6 + } + } + rule 3020 { + action accept + description VPN-24593-ANY-ALLOW-10.4.55.6 + destination { + group { + address-group DT_VPN-24593 + } + } + source { + address 10.4.55.6 + } + } + rule 3021 { + action accept + description VPN-24594-ANY-ALLOW-10.4.58.6 + destination { + group { + address-group DT_VPN-24594 + } + } + source { + address 10.4.58.6 + } + } + rule 3022 { + action accept + description VPN-24594-ANY-ALLOW-10.4.59.6 + destination { + group { + address-group DT_VPN-24594 + } + } + source { + address 10.4.59.6 + } + } + rule 3023 { + action accept + description VPN-24595-ANY-ALLOW-10.4.56.14 + destination { + group { + address-group DT_VPN-24595 + } + } + source { + address 10.4.56.14 + } + } + rule 3024 { + action accept + description VPN-24595-ANY-ALLOW-10.4.57.14 + destination { + group { + address-group DT_VPN-24595 + } + } + source { + address 10.4.57.14 + } + } + rule 3025 { + action accept + description VPN-32528-ANY-ALLOW-10.4.58.67 + destination { + group { + address-group DT_VPN-32528 + } + } + source { + address 10.4.58.67 + } + } + rule 3026 { + action accept + description VPN-32528-ANY-ALLOW-10.4.59.67 + destination { + group { + address-group DT_VPN-32528 + } + } + source { + address 10.4.59.67 + } + } + rule 3027 { + action accept + description FW6187E_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6187E_1 + } + port 51195 + } + protocol udp + } + rule 3028 { + action accept + description FW406AB_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW406AB_1 + } + port 37013,25461,8881,8080,2095,2082,1992 + } + protocol tcp_udp + } + rule 3029 { + action accept + description FWA86A4_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA86A4_1 + } + port 30333,5666 + } + protocol tcp + } + rule 3032 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.52 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.52 + } + } + rule 3033 { + action accept + description FWC055A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWC055A_1 + } + port 2195 + } + protocol tcp + } + rule 3035 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.81 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.81 + } + } + rule 3039 { + action accept + description FW42BC7_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW42BC7_1 + } + port 53 + } + protocol tcp_udp + } + rule 3040 { + action accept + description FW42BC7_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW42BC7_1 + } + port 49152-65535 + } + protocol tcp + } + rule 3041 { + action accept + description FW310C6_3-ANY-ALLOW-88.208.198.39 + destination { + group { + address-group DT_FW310C6_3 + } + } + source { + address 88.208.198.39 + } + } + rule 3042 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.235 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.235 + } + } + rule 3043 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.205 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.212.205 + } + } + rule 3044 { + action accept + description FWBE878_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWBE878_1 + } + port 8989,5003,3000 + } + protocol tcp_udp + } + rule 3045 { + action accept + description VPN-30679-ANY-ALLOW-10.4.58.195 + destination { + group { + address-group DT_VPN-30679 + } + } + source { + address 10.4.58.195 + } + } + rule 3046 { + action accept + description FW6B9B9_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6B9B9_1 + } + port 30006-65000,27017,7101,4200,2990-3009 + } + protocol tcp + } + rule 3047 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.212 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.212 + } + } + rule 3049 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.125.4 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 123.231.125.4 + } + } + rule 3050 { + action accept + description FW49C3D_4-TCP-ALLOW-83.100.136.74 + destination { + group { + address-group DT_FW49C3D_4 + } + port 3389,445 + } + protocol tcp + source { + address 83.100.136.74 + } + } + rule 3051 { + action accept + description FW49C3D_6-TCP-ALLOW-87.224.33.215 + destination { + group { + address-group DT_FW49C3D_6 + } + port 3389,445 + } + protocol tcp + source { + address 87.224.33.215 + } + } + rule 3053 { + action accept + description FW89619_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW89619_1 + } + port 9000-10999 + } + protocol udp + } + rule 3054 { + action accept + description FWBD9D0_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBD9D0_1 + } + port 9090 + } + protocol tcp + } + rule 3055 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.47.236 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 175.157.47.236 + } + } + rule 3056 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.46.226 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.46.226 + } + } + rule 3058 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.205 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.211.205 + } + } + rule 3060 { + action accept + description FWF7B68_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF7B68_1 + } + port 49152-65535 + } + protocol tcp + } + rule 3061 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.253 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.253 + } + } + rule 3063 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.0 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.210.0 + } + } + rule 3065 { + action accept + description FW85619_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW85619_1 + } + port 6433 + } + protocol tcp + } + rule 3066 { + action accept + description FW5A5D7_3-TCP-ALLOW-188.66.79.94 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 8172,3389 + } + protocol tcp + source { + address 188.66.79.94 + } + } + rule 3067 { + action accept + description FWF30BD_1-TCP-ALLOW-81.133.80.114 + destination { + group { + address-group DT_FWF30BD_1 + } + port 22 + } + protocol tcp + source { + address 81.133.80.114 + } + } + rule 3068 { + action accept + description FWF30BD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF30BD_1 + } + port 5061,5015,5001 + } + protocol tcp + } + rule 3069 { + action accept + description FWBD9D0_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWBD9D0_1 + } + port 51820 + } + protocol udp + } + rule 3070 { + action accept + description FW7C4D9_14-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW7C4D9_14 + } + port 25565,2456-2458 + } + protocol tcp_udp + } + rule 3071 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.23 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.23 + } + } + rule 3072 { + action accept + description FWEEC75_1-TCP-ALLOW-81.96.100.32 + destination { + group { + address-group DT_FWEEC75_1 + } + port 8447 + } + protocol tcp + source { + address 81.96.100.32 + } + } + rule 3073 { + action accept + description FW8A3FC_3-TCP-ALLOW-95.168.164.208 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 95.168.164.208 + } + } + rule 3074 { + action accept + description VPN-19992-ANY-ALLOW-10.4.86.158 + destination { + group { + address-group DT_VPN-19992 + } + } + source { + address 10.4.86.158 + } + } + rule 3075 { + action accept + description FWF30BD_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF30BD_1 + } + port 5090,5060 + } + protocol tcp_udp + } + rule 3076 { + action accept + description VPN-30679-ANY-ALLOW-10.4.59.195 + destination { + group { + address-group DT_VPN-30679 + } + } + source { + address 10.4.59.195 + } + } + rule 3077 { + action accept + description FW930F3_3-ANY-ALLOW-77.68.112.254 + destination { + group { + address-group DT_FW930F3_3 + } + } + source { + address 77.68.112.254 + } + } + rule 3078 { + action accept + description FW672AB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW672AB_1 + } + port 5432 + } + protocol tcp + } + rule 3079 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.252 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.211.252 + } + } + rule 3080 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.86.192 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.86.192 + } + } + rule 3081 { + action accept + description VPN-33204-ANY-ALLOW-10.4.56.176 + destination { + group { + address-group DT_VPN-33204 + } + } + source { + address 10.4.56.176 + } + } + rule 3083 { + action accept + description FW1FA8E_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1FA8E_1 + } + port 33434 + } + protocol udp + } + rule 3084 { + action accept + description FWD2440_1-ESP-ALLOW-ANY + destination { + group { + address-group DT_FWD2440_1 + } + } + protocol esp + } + rule 3085 { + action accept + description FWA0531_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA0531_1 + } + port 53 + } + protocol tcp_udp + } + rule 3090 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.70 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.70 + } + } + rule 3091 { + action accept + description FWF7BFA_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF7BFA_1 + } + port 8000,5901,5479,5478 + } + protocol tcp + } + rule 3092 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.212 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.212 + } + } + rule 3094 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.125 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.212.125 + } + } + rule 3096 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.89 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.89 + } + } + rule 3097 { + action accept + description FWD56A2_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD56A2_1 + } + port 8001,8000 + } + protocol tcp + } + rule 3098 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.109 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.109 + } + } + rule 3099 { + action accept + description FW36425_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW36425_1 + } + port 44445,7770-7800 + } + protocol tcp + } + rule 3100 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.238 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.238 + } + } + rule 3102 { + action accept + description FW6B39D_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW6B39D_1 + } + port 49216,49215 + } + protocol tcp_udp + } + rule 3103 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.121 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.121 + } + } + rule 3105 { + action accept + description FW2379F_14-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW2379F_14 + } + port 443 + } + protocol tcp_udp + } + rule 3107 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.38 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.38 + } + } + rule 3109 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.191 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.191 + } + } + rule 3111 { + action accept + description FW27947_1-TCP-ALLOW-213.229.100.148 + destination { + group { + address-group DT_FW27947_1 + } + port 3306 + } + protocol tcp + source { + address 213.229.100.148 + } + } + rule 3112 { + action accept + description FWD42CF_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD42CF_1 + } + port 5432,5001,5000 + } + protocol tcp + } + rule 3114 { + action accept + description FW3A12F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW3A12F_1 + } + port 53 + } + protocol tcp_udp + } + rule 3116 { + action accept + description FW5A5D7_3-TCP-ALLOW-194.62.184.87 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 3389 + } + protocol tcp + source { + address 194.62.184.87 + } + } + rule 3117 { + action accept + description FW5A5D7_3-TCP-ALLOW-51.219.31.78 + destination { + group { + address-group DT_FW5A5D7_3 + } + port 8172,3389 + } + protocol tcp + source { + address 51.219.31.78 + } + } + rule 3118 { + action accept + description VPN-26157-ANY-ALLOW-10.4.86.57 + destination { + group { + address-group DT_VPN-26157 + } + } + source { + address 10.4.86.57 + } + } + rule 3119 { + action accept + description VPN-26157-ANY-ALLOW-10.4.87.57 + destination { + group { + address-group DT_VPN-26157 + } + } + source { + address 10.4.87.57 + } + } + rule 3120 { + action accept + description FWA7625_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA7625_1 + } + port 943 + } + protocol tcp + } + rule 3121 { + action accept + description FWC96A1_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC96A1_1 + } + port 1194 + } + protocol udp + } + rule 3122 { + action accept + description FWA7625_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA7625_1 + } + port 1194 + } + protocol udp + } + rule 3123 { + action accept + description FWA7625_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA7625_1 + } + port 32400,10108 + } + protocol tcp_udp + } + rule 3125 { + action accept + description FW8A3FC_3-TCP-ALLOW-185.173.161.154 + destination { + group { + address-group DT_FW8A3FC_3 + } + port 465 + } + protocol tcp + source { + address 185.173.161.154 + } + } + rule 3127 { + action accept + description FW05339_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW05339_1 + } + port 46961 + } + protocol udp + } + rule 3130 { + action accept + description FWA0AA0_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA0AA0_1 + } + port 1194 + } + protocol udp + } + rule 3132 { + action accept + description FWD8DD1_2-TCP_UDP-ALLOW-77.153.164.226 + destination { + group { + address-group DT_FWD8DD1_2 + } + port 443,80 + } + protocol tcp_udp + source { + address 77.153.164.226 + } + } + rule 3134 { + action accept + description FW19987_4-TCP-ALLOW-87.224.6.174 + destination { + group { + address-group DT_FW19987_4 + } + port 3389,445,443 + } + protocol tcp + source { + address 87.224.6.174 + } + } + rule 3135 { + action accept + description FW40AE4_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW40AE4_1 + } + port 53 + } + protocol tcp_udp + } + rule 3136 { + action accept + description VPN-33204-ANY-ALLOW-10.4.57.176 + destination { + group { + address-group DT_VPN-33204 + } + } + source { + address 10.4.57.176 + } + } + rule 3137 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-86.132.125.4 + destination { + group { + address-group DT_FWF3A1B_1 + } + port 2222 + } + protocol tcp_udp + source { + address 86.132.125.4 + } + } + rule 3138 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-91.205.173.51 + destination { + group { + address-group DT_FWF3A1B_1 + } + port 2222 + } + protocol tcp_udp + source { + address 91.205.173.51 + } + } + rule 3143 { + action accept + description FWA86ED_101-TCP-ALLOW-109.149.121.73 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 109.149.121.73 + } + } + rule 3144 { + action accept + description FWA0AA0_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA0AA0_1 + } + port 28083,28015-28016,1935 + } + protocol tcp_udp + } + rule 3146 { + action accept + description FWF3A1B_1-TCP_UDP-ALLOW-92.233.27.144 + destination { + group { + address-group DT_FWF3A1B_1 + } + port 2222 + } + protocol tcp_udp + source { + address 92.233.27.144 + } + } + rule 3148 { + action accept + description FWA86ED_101-TCP-ALLOW-151.228.194.190 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 151.228.194.190 + } + } + rule 3149 { + action accept + description FW9B6FB_1-ICMP-ALLOW-77.68.89.115_32 + destination { + group { + address-group DT_FW9B6FB_1 + } + } + protocol icmp + source { + address 77.68.89.115/32 + } + } + rule 3153 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.199 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.199 + } + } + rule 3155 { + action accept + description FW45F3D_1-ANY-ALLOW-195.224.110.168 + destination { + group { + address-group DT_FW45F3D_1 + } + } + source { + address 195.224.110.168 + } + } + rule 3156 { + action accept + description FWF8E67_1-TCP-ALLOW-82.14.188.35 + destination { + group { + address-group DT_FWF8E67_1 + } + port 22 + } + protocol tcp + source { + address 82.14.188.35 + } + } + rule 3157 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.58 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.58 + } + } + rule 3158 { + action accept + description VPN-19992-ANY-ALLOW-10.4.87.158 + destination { + group { + address-group DT_VPN-19992 + } + } + source { + address 10.4.87.158 + } + } + rule 3159 { + action accept + description FWA86ED_101-TCP-ALLOW-5.66.24.185 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 5.66.24.185 + } + } + rule 3160 { + action accept + description FWF8E67_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF8E67_1 + } + port 3001 + } + protocol tcp + } + rule 3161 { + action accept + description FWD2440_1-AH-ALLOW-ANY + destination { + group { + address-group DT_FWD2440_1 + } + } + protocol ah + } + rule 3166 { + action accept + description FW3EBC8_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW3EBC8_1 + } + port 9001-9900,9000 + } + protocol tcp + } + rule 3167 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.244 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.244 + } + } + rule 3168 { + action accept + description FWA0531_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA0531_1 + } + port 3000 + } + protocol tcp + } + rule 3170 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.137 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.137 + } + } + rule 3173 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.104 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.104 + } + } + rule 3176 { + action accept + description FW6906B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW6906B_1 + } + port 4190 + } + protocol tcp + } + rule 3177 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.230 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 116.206.246.230 + } + } + rule 3178 { + action accept + description FW444AF_1-TCP-ALLOW-91.135.10.140 + destination { + group { + address-group DT_FW444AF_1 + } + port 27017 + } + protocol tcp + source { + address 91.135.10.140 + } + } + rule 3180 { + action accept + description FWA86ED_101-TCP-ALLOW-81.150.13.34 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 81.150.13.34 + } + } + rule 3181 { + action accept + description FWA86ED_101-TCP-ALLOW-82.10.14.73 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 82.10.14.73 + } + } + rule 3183 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.25 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.25 + } + } + rule 3184 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.224 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.224 + } + } + rule 3185 { + action accept + description FW9B6FB_1-TCP-ALLOW-77.68.89.115_32 + destination { + group { + address-group DT_FW9B6FB_1 + } + port 10050 + } + protocol tcp + source { + address 77.68.89.115/32 + } + } + rule 3186 { + action accept + description VPN-14673-ANY-ALLOW-10.4.89.44 + destination { + group { + address-group DT_VPN-14673 + } + } + source { + address 10.4.89.44 + } + } + rule 3187 { + action accept + description FWCA628_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWCA628_1 + } + port 2096,2095,2087,2086,2083,2082 + } + protocol tcp + } + rule 3189 { + action accept + description VPN-28484-ANY-ALLOW-10.4.58.159 + destination { + group { + address-group DT_VPN-28484 + } + } + source { + address 10.4.58.159 + } + } + rule 3190 { + action accept + description FW028C0_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW028C0_2 + } + port 44491-44498,44474 + } + protocol tcp + } + rule 3191 { + action accept + description VPN-28484-ANY-ALLOW-10.4.59.159 + destination { + group { + address-group DT_VPN-28484 + } + } + source { + address 10.4.59.159 + } + } + rule 3192 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.119 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.119 + } + } + rule 3194 { + action accept + description FWF699D_4-TCP-ALLOW-195.74.108.130 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 195.74.108.130 + } + } + rule 3195 { + action accept + description FWF699D_4-TCP-ALLOW-31.54.149.143 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 31.54.149.143 + } + } + rule 3196 { + action accept + description FWF699D_4-TCP-ALLOW-35.204.243.120 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 35.204.243.120 + } + } + rule 3197 { + action accept + description FWF699D_4-TCP-ALLOW-81.150.55.65 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 81.150.55.65 + } + } + rule 3198 { + action accept + description FWF699D_4-TCP-ALLOW-81.150.55.70 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 81.150.55.70 + } + } + rule 3199 { + action accept + description FWF699D_4-TCP-ALLOW-86.142.112.4 + destination { + group { + address-group DT_FWF699D_4 + } + port 3389 + } + protocol tcp + source { + address 86.142.112.4 + } + } + rule 3200 { + action accept + description FWF699D_4-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF699D_4 + } + port 8983 + } + protocol tcp_udp + } + rule 3201 { + action accept + description FWF699D_4-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF699D_4 + } + port 11009,10009 + } + protocol tcp + } + rule 3202 { + action accept + description VPN-2661-ANY-ALLOW-10.4.54.24 + destination { + group { + address-group DT_VPN-2661 + } + } + source { + address 10.4.54.24 + } + } + rule 3203 { + action accept + description VPN-2661-ANY-ALLOW-10.4.55.24 + destination { + group { + address-group DT_VPN-2661 + } + } + source { + address 10.4.55.24 + } + } + rule 3204 { + action accept + description VPN-9727-ANY-ALLOW-10.4.54.118 + destination { + group { + address-group DT_VPN-9727 + } + } + source { + address 10.4.54.118 + } + } + rule 3205 { + action accept + description VPN-9727-ANY-ALLOW-10.4.55.119 + destination { + group { + address-group DT_VPN-9727 + } + } + source { + address 10.4.55.119 + } + } + rule 3207 { + action accept + description FWF0221_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF0221_1 + } + port 65000,8099,8080 + } + protocol tcp_udp + } + rule 3208 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.180 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.180 + } + } + rule 3209 { + action accept + description FWA86ED_101-TCP-ALLOW-82.5.189.5 + destination { + group { + address-group DT_FWA86ED_101 + } + port 443 + } + protocol tcp + source { + address 82.5.189.5 + } + } + rule 3210 { + action accept + description FW60FD6_5-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW60FD6_5 + } + port 1194 + } + protocol udp + } + rule 3211 { + action accept + description FW60FD6_5-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW60FD6_5 + } + port 9500,9191,9090,8090,2222 + } + protocol tcp + } + rule 3212 { + action accept + description FWA86ED_101-TCP-ALLOW-84.65.217.114 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 84.65.217.114 + } + } + rule 3213 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.43.21 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.43.21 + } + } + rule 3214 { + action accept + description FW45F3D_1-ANY-ALLOW-77.68.126.251 + destination { + group { + address-group DT_FW45F3D_1 + } + } + source { + address 77.68.126.251 + } + } + rule 3215 { + action accept + description FWA86ED_101-TCP-ALLOW-86.14.23.23 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 86.14.23.23 + } + } + rule 3217 { + action accept + description FW85E02_11-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW85E02_11 + } + port 9000-10999 + } + protocol udp + } + rule 3218 { + action accept + description FW5D0FA_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW5D0FA_1 + } + port 53 + } + protocol tcp_udp + } + rule 3222 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.141 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.141 + } + } + rule 3223 { + action accept + description FWCDD8B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWCDD8B_1 + } + port 2222 + } + protocol tcp + } + rule 3224 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.185 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.185 + } + } + rule 3225 { + action accept + description FW06940_3-TCP_UDP-ALLOW-213.171.210.153 + destination { + group { + address-group DT_FW06940_3 + } + port 1-65535 + } + protocol tcp_udp + source { + address 213.171.210.153 + } + } + rule 3226 { + action accept + description FW06940_3-TCP_UDP-ALLOW-70.29.113.102 + destination { + group { + address-group DT_FW06940_3 + } + port 1-65535 + } + protocol tcp_udp + source { + address 70.29.113.102 + } + } + rule 3227 { + action accept + description FWC32BE_1-ANY-ALLOW-3.127.0.177 + destination { + group { + address-group DT_FWC32BE_1 + } + } + source { + address 3.127.0.177 + } + } + rule 3228 { + action accept + description FWA86ED_101-TCP-ALLOW-93.115.195.58 + destination { + group { + address-group DT_FWA86ED_101 + } + port 3389,443 + } + protocol tcp + source { + address 93.115.195.58 + } + } + rule 3229 { + action accept + description FWE32F2_8-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE32F2_8 + } + port 40120,30120,30110 + } + protocol tcp + } + rule 3230 { + action accept + description VPN-28515-ANY-ALLOW-10.4.56.162 + destination { + group { + address-group DT_VPN-28515 + } + } + source { + address 10.4.56.162 + } + } + rule 3231 { + action accept + description FW06940_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW06940_3 + } + port 30000-30400,8443-8447,445,80-110,21-25 + } + protocol tcp + } + rule 3232 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.134 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.211.134 + } + } + rule 3236 { + action accept + description VPN-28515-ANY-ALLOW-10.4.57.162 + destination { + group { + address-group DT_VPN-28515 + } + } + source { + address 10.4.57.162 + } + } + rule 3237 { + action accept + description FWF4063_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF4063_1 + } + port 3000 + } + protocol tcp + } + rule 3240 { + action accept + description FW06940_3-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW06940_3 + } + port 49152-65535,6379,5666,5432-5454 + } + protocol tcp_udp + } + rule 3242 { + action accept + description FW2E8D4_1-TCP-ALLOW-63.35.92.185 + destination { + group { + address-group DT_FW2E8D4_1 + } + port 3389 + } + protocol tcp + source { + address 63.35.92.185 + } + } + rule 3244 { + action accept + description FWF30BD_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWF30BD_1 + } + port 9000-10999 + } + protocol udp + } + rule 3245 { + action accept + description FWE30A1_4-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE30A1_4 + } + port 65057 + } + protocol tcp_udp + } + rule 3246 { + action accept + description VPN-26772-ANY-ALLOW-10.4.54.123 + destination { + group { + address-group DT_VPN-26772 + } + } + source { + address 10.4.54.123 + } + } + rule 3249 { + action accept + description FW56496_1-ANY-ALLOW-77.68.82.49 + destination { + group { + address-group DT_FW56496_1 + } + } + source { + address 77.68.82.49 + } + } + rule 3251 { + action accept + description FWDA443_6-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWDA443_6 + } + port 30175,12050 + } + protocol tcp + } + rule 3253 { + action accept + description FW5A521_3-TCP-ALLOW-88.98.75.17 + destination { + group { + address-group DT_FW5A521_3 + } + port 22 + } + protocol tcp + source { + address 88.98.75.17 + } + } + rule 3254 { + action accept + description FW5A521_3-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW5A521_3 + } + port 161-162 + } + protocol udp + } + rule 3255 { + action accept + description FW5A521_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW5A521_3 + } + port 5900 + } + protocol tcp + } + rule 3259 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.178 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.214.178 + } + } + rule 3260 { + action accept + description VPN-26772-ANY-ALLOW-10.4.55.124 + destination { + group { + address-group DT_VPN-26772 + } + } + source { + address 10.4.55.124 + } + } + rule 3262 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.114 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.114 + } + } + rule 3272 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.246.30 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 116.206.246.30 + } + } + rule 3273 { + action accept + description FW2B4BA_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW2B4BA_1 + } + port 30000-31000 + } + protocol tcp + } + rule 3284 { + action accept + description FW06940_3-TCP-ALLOW-213.171.217.107 + destination { + group { + address-group DT_FW06940_3 + } + port 8443 + } + protocol tcp + source { + address 213.171.217.107 + } + } + rule 3285 { + action accept + description FW0952B_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0952B_1 + } + port 9030,9001 + } + protocol tcp + } + rule 3286 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.85.35 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.85.35 + } + } + rule 3290 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.232 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.208.232 + } + } + rule 3294 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.21 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.21 + } + } + rule 3295 { + action accept + description FW0EA3F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW0EA3F_1 + } + port 1-65535 + } + protocol tcp_udp + } + rule 3296 { + action accept + description FW9D5C7_1-TCP-ALLOW-209.97.176.108 + destination { + group { + address-group DT_FW9D5C7_1 + } + port 8447,8443,22 + } + protocol tcp + source { + address 209.97.176.108 + } + } + rule 3297 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.188 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.188 + } + } + rule 3298 { + action accept + description FW9D5C7_1-TCP-ALLOW-165.227.231.227 + destination { + group { + address-group DT_FW9D5C7_1 + } + port 9117,9113,9104,9100 + } + protocol tcp + source { + address 165.227.231.227 + } + } + rule 3299 { + action accept + description FW4DB0A_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4DB0A_1 + } + port 953 + } + protocol tcp + } + rule 3300 { + action accept + description FW4DB0A_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW4DB0A_1 + } + port 953 + } + protocol udp + } + rule 3301 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.91 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.91 + } + } + rule 3303 { + action accept + description FW56496_1-TCP-ALLOW-176.255.93.149 + destination { + group { + address-group DT_FW56496_1 + } + port 3389 + } + protocol tcp + source { + address 176.255.93.149 + } + } + rule 3304 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.79 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.79 + } + } + rule 3305 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.43 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.43 + } + } + rule 3306 { + action accept + description FW310C6_3-ANY-ALLOW-88.208.198.40 + destination { + group { + address-group DT_FW310C6_3 + } + } + source { + address 88.208.198.40 + } + } + rule 3307 { + action accept + description FW597A6_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW597A6_1 + } + port 49152-65535,990 + } + protocol tcp + } + rule 3308 { + action accept + description FW597A6_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW597A6_1 + } + port 3306 + } + protocol tcp_udp + } + rule 3309 { + action accept + description FWBC280_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBC280_1 + } + port 49152-65535,20-21 + } + protocol tcp + } + rule 3310 { + action accept + description VPN-31301-ANY-ALLOW-10.4.87.223 + destination { + group { + address-group DT_VPN-31301 + } + } + source { + address 10.4.87.223 + } + } + rule 3311 { + action accept + description FW18E6E_3-TCP-ALLOW-148.253.173.243 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 148.253.173.243 + } + } + rule 3312 { + action accept + description FW9EEDD_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW9EEDD_1 + } + port 990,197,20-23 + } + protocol tcp + } + rule 3313 { + action accept + description FW9EEDD_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW9EEDD_1 + } + port 49152-65535 + } + protocol tcp_udp + } + rule 3314 { + action accept + description VPN-31002-ANY-ALLOW-10.4.89.126 + destination { + group { + address-group DT_VPN-31002 + } + } + source { + address 10.4.89.126 + } + } + rule 3316 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.11 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.11 + } + } + rule 3317 { + action accept + description FW32EFF_49-TCP-ALLOW-195.59.191.128_25 + destination { + group { + address-group DT_FW32EFF_49 + } + port 5589 + } + protocol tcp + source { + address 195.59.191.128/25 + } + } + rule 3318 { + action accept + description FW32EFF_49-TCP-ALLOW-213.71.130.0_26 + destination { + group { + address-group DT_FW32EFF_49 + } + port 5589 + } + protocol tcp + source { + address 213.71.130.0/26 + } + } + rule 3319 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.88 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.215.88 + } + } + rule 3320 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.215.173 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.215.173 + } + } + rule 3321 { + action accept + description FW32EFF_49-TCP-ALLOW-84.19.45.82 + destination { + group { + address-group DT_FW32EFF_49 + } + port 5589 + } + protocol tcp + source { + address 84.19.45.82 + } + } + rule 3322 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-175.157.43.122 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 175.157.43.122 + } + } + rule 3323 { + action accept + description FWC1ACD_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWC1ACD_1 + } + port 28061,28060,8080 + } + protocol tcp_udp + } + rule 3324 { + action accept + description FWA5D67_1-TCP_UDP-ALLOW-84.74.32.74 + destination { + group { + address-group DT_FWA5D67_1 + } + port 3389 + } + protocol tcp_udp + source { + address 84.74.32.74 + } + } + rule 3325 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.169 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.169 + } + } + rule 3326 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.89 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.89 + } + } + rule 3329 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.35 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.35 + } + } + rule 3330 { + action accept + description FWCE020_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWCE020_1 + } + port 48402 + } + protocol udp + } + rule 3333 { + action accept + description FWF3574_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWF3574_1 + } + port 8060,445,139 + } + protocol tcp + } + rule 3334 { + action accept + description FWE6AB2_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWE6AB2_1 + } + port 44158,945,943 + } + protocol tcp + } + rule 3335 { + action accept + description FWBFC02_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBFC02_1 + } + port 44158,945,943 + } + protocol tcp + } + rule 3336 { + action accept + description FWBFC02_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWBFC02_1 + } + port 1194 + } + protocol udp + } + rule 3337 { + action accept + description FWE6AB2_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWE6AB2_1 + } + port 1194 + } + protocol udp + } + rule 3338 { + action accept + description FWBC8A6_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWBC8A6_1 + } + port 44158,945,943 + } + protocol tcp + } + rule 3339 { + action accept + description FWBC8A6_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FWBC8A6_1 + } + port 1194 + } + protocol udp + } + rule 3340 { + action accept + description FWA0AA0_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWA0AA0_1 + } + port 2302 + } + protocol tcp + } + rule 3342 { + action accept + description FW56496_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW56496_1 + } + port 22 + } + protocol tcp_udp + } + rule 3343 { + action accept + description FW56496_1-TCP-ALLOW-157.231.178.162 + destination { + group { + address-group DT_FW56496_1 + } + port 21 + } + protocol tcp + source { + address 157.231.178.162 + } + } + rule 3344 { + action accept + description FW56496_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW56496_1 + } + port 2443,1022 + } + protocol tcp + } + rule 3345 { + action accept + description FW56496_1-TCP_UDP-ALLOW-46.16.211.142 + destination { + group { + address-group DT_FW56496_1 + } + port 3389,21 + } + protocol tcp_udp + source { + address 46.16.211.142 + } + } + rule 3347 { + action accept + description FW2379F_14-GRE-ALLOW-ANY + destination { + group { + address-group DT_FW2379F_14 + } + } + protocol gre + } + rule 3348 { + action accept + description FW0E383_9-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0E383_9 + } + port 52000 + } + protocol tcp + } + rule 3350 { + action accept + description FWB4438_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWB4438_2 + } + port 993-995,7 + } + protocol tcp + } + rule 3351 { + action accept + description FW1F3D0_6-TCP_UDP-ALLOW-82.165.207.109 + destination { + group { + address-group DT_FW1F3D0_6 + } + port 4567-4568 + } + protocol tcp_udp + source { + address 82.165.207.109 + } + } + rule 3352 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.77 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.77 + } + } + rule 3358 { + action accept + description FW46F4A_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW46F4A_1 + } + port 51820 + } + protocol udp + } + rule 3359 { + action accept + description FW53C72_1-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW53C72_1 + } + port 48402 + } + protocol udp + } + rule 3360 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.251 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.210.251 + } + } + rule 3362 { + action accept + description FWAA38E_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWAA38E_1 + } + port 1001-65535 + } + protocol tcp_udp + } + rule 3363 { + action accept + description FW138F8_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FW138F8_1 + } + port 21,20 + } + protocol tcp_udp + } + rule 3364 { + action accept + description FW0BD92_3-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW0BD92_3 + } + port 18081,18080 + } + protocol tcp + } + rule 3365 { + action accept + description FWFEF05_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWFEF05_1 + } + port 1935 + } + protocol tcp_udp + } + rule 3367 { + action accept + description FW26846_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW26846_1 + } + port 8000 + } + protocol tcp + } + rule 3368 { + action accept + description FWB4438_2-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWB4438_2 + } + port 53 + } + protocol tcp_udp + } + rule 3369 { + action accept + description FWA884B_5-TCP-ALLOW-51.146.16.162 + destination { + group { + address-group DT_FWA884B_5 + } + port 8447,8443,22 + } + protocol tcp + source { + address 51.146.16.162 + } + } + rule 3370 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.22 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.22 + } + } + rule 3371 { + action accept + description FWFDE34_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWFDE34_1 + } + port 18081,18080 + } + protocol tcp + } + rule 3373 { + action accept + description FWB6101_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWB6101_1 + } + port 2280 + } + protocol tcp + } + rule 3377 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-123.231.84.203 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 123.231.84.203 + } + } + rule 3378 { + action accept + description FW1D511_2-TCP-ALLOW-92.29.46.47 + destination { + group { + address-group DT_FW1D511_2 + } + port 9090 + } + protocol tcp + source { + address 92.29.46.47 + } + } + rule 3386 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.208.175 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.208.175 + } + } + rule 3387 { + action accept + description FW1ACD9_2-TCP-ALLOW-89.197.148.38 + destination { + group { + address-group DT_FW1ACD9_2 + } + port 5015,22 + } + protocol tcp + source { + address 89.197.148.38 + } + } + rule 3388 { + action accept + description FW1ACD9_2-UDP-ALLOW-ANY + destination { + group { + address-group DT_FW1ACD9_2 + } + port 9000-10999,5090,5060 + } + protocol udp + } + rule 3389 { + action accept + description FW1ACD9_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW1ACD9_2 + } + port 5090,5060-5062 + } + protocol tcp + } + rule 3391 { + action accept + description FWA0B7F_1-TCP_UDP-ALLOW-ANY + destination { + group { + address-group DT_FWA0B7F_1 + } + port 53 + } + protocol tcp_udp + } + rule 3392 { + action accept + description FW56335_2-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW56335_2 + } + port 18081,18080 + } + protocol tcp + } + rule 3395 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.90 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.212.90 + } + } + rule 3396 { + action accept + description FW4D3E6_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW4D3E6_1 + } + port 18081,18080 + } + protocol tcp + } + rule 3397 { + action accept + description FWB118A_1-TCP-ALLOW-188.65.177.58 + destination { + group { + address-group DT_FWB118A_1 + } + port 49152-65534,8447,8443,22,21,20 + } + protocol tcp + source { + address 188.65.177.58 + } + } + rule 3398 { + action accept + description FWB118A_1-TCP-ALLOW-77.68.103.13 + destination { + group { + address-group DT_FWB118A_1 + } + port 49152-65534,8447,8443,22,21,20 + } + protocol tcp + source { + address 77.68.103.13 + } + } + rule 3399 { + action accept + description FWB118A_1-TCP-ALLOW-80.5.71.130 + destination { + group { + address-group DT_FWB118A_1 + } + port 49152-65534,8447,8443,22,21,20 + } + protocol tcp + source { + address 80.5.71.130 + } + } + rule 3402 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.205 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.205 + } + } + rule 3408 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.211.31 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.211.31 + } + } + rule 3409 { + action accept + description FW539FB_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FW539FB_1 + } + port 389 + } + protocol tcp + } + rule 3411 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.185 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.213.185 + } + } + rule 3415 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-116.206.245.124 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 116.206.245.124 + } + } + rule 3416 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.213.75 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.213.75 + } + } + rule 3417 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.34 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.214.34 + } + } + rule 3418 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.77.70 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.77.70 + } + } + rule 3419 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.92.33 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.92.33 + } + } + rule 3420 { + action accept + description FWEF92E_5-UDP-ALLOW-77.68.93.82 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 77.68.93.82 + } + } + rule 3421 { + action accept + description FWEF92E_5-UDP-ALLOW-88.208.198.93 + destination { + group { + address-group DT_FWEF92E_5 + } + port 500 + } + protocol udp + source { + address 88.208.198.93 + } + } + rule 3422 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.94 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.94 + } + } + rule 3424 { + action accept + description FW18E6E_3-TCP-ALLOW-148.253.173.244 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 148.253.173.244 + } + } + rule 3425 { + action accept + description FW18E6E_3-TCP-ALLOW-148.253.173.246 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 148.253.173.246 + } + } + rule 3426 { + action accept + description FW18E6E_3-TCP-ALLOW-195.97.222.122 + destination { + group { + address-group DT_FW18E6E_3 + } + port 3306 + } + protocol tcp + source { + address 195.97.222.122 + } + } + rule 3431 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.111 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.209.111 + } + } + rule 3432 { + action accept + description FW06940_3-TCP_UDP-ALLOW-74.208.41.119 + destination { + group { + address-group DT_FW06940_3 + } + port 1-65535 + } + protocol tcp_udp + source { + address 74.208.41.119 + } + } + rule 3438 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.252 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.252 + } + } + rule 3440 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.118 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.214.118 + } + } + rule 3442 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.209.15 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.209.15 + } + } + rule 3446 { + action accept + description FWC32BE_1-ANY-ALLOW-3.65.3.75 + destination { + group { + address-group DT_FWC32BE_1 + } + } + source { + address 3.65.3.75 + } + } + rule 3447 { + action accept + description FWC32BE_1-TCP-ALLOW-217.155.2.52 + destination { + group { + address-group DT_FWC32BE_1 + } + port 22 + } + protocol tcp + source { + address 217.155.2.52 + } + } + rule 3448 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.243 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.214.243 + } + } + rule 3449 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.214.117 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000,3389 + } + protocol tcp_udp + source { + address 112.134.214.117 + } + } + rule 3450 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.4 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.4 + } + } + rule 3452 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.210.177 + destination { + group { + address-group DT_FWA7A50_1 + } + port 9000 + } + protocol tcp_udp + source { + address 112.134.210.177 + } + } + rule 3454 { + action accept + description FWD498E_1-TCP-ALLOW-ANY + destination { + group { + address-group DT_FWD498E_1 + } + port 44158 + } + protocol tcp + } + rule 3455 { + action accept + description FWA7A50_1-TCP_UDP-ALLOW-112.134.212.147 + destination { + group { + address-group DT_FWA7A50_1 + } + port 3389 + } + protocol tcp_udp + source { + address 112.134.212.147 + } + } + } + receive-redirects disable + send-redirects disable + source-validation disable + state-policy { + established { + action accept + } + invalid { + action drop + } + related { + action accept + } + } + syn-cookies enable + twa-hazards-protection disable +} +high-availability { + vrrp { + group eth3-90 { + advertise-interval 3 + authentication { + password Ng-1p90 + type plaintext-password + } + interface eth3 + preempt-delay 30 + priority 10 + virtual-address 10.255.255.1/32 + virtual-address 169.254.169.254/32 + vrid 90 + } + sync-group VRRP-GROUP { + member eth3-90 + } + } +} +interfaces { + ethernet eth0 { + address 10.4.35.105/24 + description Management + duplex auto + smp-affinity auto + speed auto + } + ethernet eth1 { + description MicroVLANs + duplex auto + smp-affinity auto + speed auto + vif 3201 { + address 109.228.63.251/25 + description "MicroVLAN publica" + firewall { + in { + name WAN-INBOUND + } + local { + name LOCAL-WAN + } + } + } + } + ethernet eth2 { + address 10.4.51.133/30 + description Sync + duplex auto + firewall { + local { + name LOCAL-SYNC + } + } + smp-affinity auto + speed auto + } + ethernet eth3 { + address 10.255.255.2/20 + description "Customers LAN" + duplex auto + firewall { + in { + name LAN-INBOUND + } + local { + name LOCAL-LAN + } + } + smp-affinity auto + speed auto + } + loopback lo { + address 10.4.35.105/32 + } +} +nat { + destination { + rule 5 { + description cloud-init + destination { + address 169.254.169.254 + port http + } + inbound-interface eth3 + protocol tcp + translation { + address 82.223.45.35 + } + } + rule 20 { + description "TEMPORARY NAT for dnscache removal in favor of anycns" + destination { + address 77.68.76.12 + port domain + } + inbound-interface eth3 + protocol tcp_udp + translation { + address 212.227.123.16 + } + } + rule 25 { + description "TEMPORARY NAT for dnscache removal in favor of anycns" + destination { + address 77.68.77.12 + port domain + } + inbound-interface eth3 + protocol tcp_udp + translation { + address 212.227.123.17 + } + } + } +} +policy { + community-list 100 { + rule 10 { + action permit + regex 65500:1001 + } + } + community-list 200 { + rule 10 { + action permit + regex "65500:10**" + } + } + prefix-list Service-NETs { + rule 1 { + action permit + ge 32 + prefix 0.0.0.0/0 + } + } + route-map Any-Site-1 { + rule 10 { + action permit + match { + community { + community-list 200 + } + } + } + rule 20 { + action deny + } + } + route-map CLOUD-Service-NETs { + rule 10 { + action permit + match { + ip { + address { + prefix-list Service-NETs + } + } + } + set { + community 65500:1027 + } + } + rule 20 { + action deny + } + } + route-map None { + rule 10 { + action deny + } + } +} +protocols { + bgp 8560 { + address-family { + ipv4-unicast { + redistribute { + static { + } + } + } + } + neighbor 109.228.63.134 { + address-family { + ipv4-unicast { + route-map { + export CLOUD-Service-NETs + import Any-Site-1 + } + weight 150 + } + } + description RouteServer1-vyos + password VyOS123 + remote-as 8560 + timers { + holdtime 5 + keepalive 1 + } + } + neighbor 109.228.63.135 { + address-family { + ipv4-unicast { + route-map { + export CLOUD-Service-NETs + import Any-Site-1 + } + weight 125 + } + } + description RouteServer2-quagga + password VyOS123 + remote-as 8560 + } + neighbor 109.228.63.136 { + address-family { + ipv4-unicast { + route-map { + export CLOUD-Service-NETs + import Any-Site-1 + } + weight 100 + } + } + description RouteServer3-bird + password VyOS123 + remote-as 8560 + } + parameters { + log-neighbor-changes + router-id 10.4.35.105 + } + } + static { + interface-route 77.68.2.215/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.3.52/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.3.61/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.3.80/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.3.121/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.3.144/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.3.161/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.3.194/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.3.247/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.22/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.24/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.25/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.39/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.57/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.74/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.80/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.111/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.136/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.180/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.242/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.4.252/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.5.95/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.5.125/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.5.155/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.5.166/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.5.187/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.5.241/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.6.32/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.6.105/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.6.110/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.6.119/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.6.202/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.6.210/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.7.67/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.7.114/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.7.123/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.7.160/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.7.172/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.7.186/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.7.222/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.7.227/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.8.144/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.9.75/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.9.186/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.10.142/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.10.152/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.10.170/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.11.140/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.12.45/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.12.195/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.12.250/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.13.76/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.13.137/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.14.88/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.15.95/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.16.247/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.17.26/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.17.186/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.17.200/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.20.161/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.20.217/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.20.231/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.21.78/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.21.171/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.22.146/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.23.35/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.23.64/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.23.112/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.23.158/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.24.59/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.24.63/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.24.112/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.24.134/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.24.172/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.24.220/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.25.124/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.25.130/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.25.146/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.26.166/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.26.216/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.26.221/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.26.228/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.27.18/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.27.27/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.27.28/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.27.54/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.27.57/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.27.211/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.28.139/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.28.145/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.28.147/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.28.207/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.29.65/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.29.178/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.30.133/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.30.164/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.31.96/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.31.144/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.32.31/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.32.43/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.32.83/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.32.86/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.32.89/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.32.118/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.32.254/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.33.24/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.33.37/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.33.48/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.33.68/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.33.171/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.33.197/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.33.216/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.34.26/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.34.28/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.34.50/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.34.138/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.34.139/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.35.116/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.48.14/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.48.81/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.48.89/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.48.105/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.48.202/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.49.4/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.49.12/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.49.126/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.49.152/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.49.159/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.49.160/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.49.161/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.49.178/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.50.90/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.50.91/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.50.142/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.50.193/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.50.198/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.51.202/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.51.214/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.72.202/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.72.254/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.73.73/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.74.39/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.74.85/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.74.152/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.74.209/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.74.232/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.75.45/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.75.64/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.75.113/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.75.245/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.75.253/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.12/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.13/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.14/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.16/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.19/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.20/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.21/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.22/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.23/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.25/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.26/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.29/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.30/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.31/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.33/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.35/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.37/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.38/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.39/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.40/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.42/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.44/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.45/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.47/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.48/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.49/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.50/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.54/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.55/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.57/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.58/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.59/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.60/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.61/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.74/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.75/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.76/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.77/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.80/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.88/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.91/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.92/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.93/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.94/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.95/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.96/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.99/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.102/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.104/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.105/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.107/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.108/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.110/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.111/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.112/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.114/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.115/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.116/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.118/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.120/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.122/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.123/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.124/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.126/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.127/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.136/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.137/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.138/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.139/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.141/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.142/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.145/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.148/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.149/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.150/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.152/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.157/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.158/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.160/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.161/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.164/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.165/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.169/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.171/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.176/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.177/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.181/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.183/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.185/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.187/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.191/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.195/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.197/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.198/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.200/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.202/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.203/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.208/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.209/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.211/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.212/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.217/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.219/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.220/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.228/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.229/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.231/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.234/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.235/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.239/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.241/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.243/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.244/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.245/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.247/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.248/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.249/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.250/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.251/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.252/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.253/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.76.254/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.12/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.13/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.14/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.16/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.19/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.21/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.22/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.24/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.26/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.29/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.30/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.32/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.33/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.37/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.38/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.42/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.43/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.44/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.46/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.49/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.50/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.53/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.54/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.56/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.57/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.59/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.62/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.63/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.65/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.67/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.68/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.69/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.70/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.71/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.72/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.74/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.75/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.76/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.77/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.79/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.81/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.85/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.88/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.90/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.92/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.95/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.97/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.99/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.100/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.102/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.103/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.105/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.107/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.108/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.114/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.115/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.117/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.120/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.124/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.128/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.129/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.130/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.132/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.137/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.139/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.140/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.141/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.144/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.145/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.149/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.150/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.151/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.152/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.156/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.157/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.159/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.160/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.161/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.163/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.165/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.171/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.174/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.176/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.178/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.181/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.185/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.190/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.192/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.199/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.200/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.201/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.202/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.203/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.204/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.205/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.207/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.208/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.209/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.211/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.212/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.214/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.215/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.219/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.221/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.222/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.227/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.228/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.231/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.233/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.234/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.236/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.238/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.239/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.240/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.243/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.247/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.248/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.249/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.251/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.253/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.77.254/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.78.73/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.78.113/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.78.229/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.79.82/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.79.89/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.79.206/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.80.26/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.80.97/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.81.44/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.81.141/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.81.218/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.82.147/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.82.157/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.83.41/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.84.147/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.84.155/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.85.18/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.85.27/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.85.73/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.85.115/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.85.172/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.86.40/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.86.148/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.87.164/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.87.212/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.88.100/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.88.164/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.89.72/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.89.183/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.89.247/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.90.106/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.90.132/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.91.22/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.91.128/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.91.195/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.92.92/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.92.186/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.93.125/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.93.164/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.93.246/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.94.181/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.95.42/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.95.212/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.100.77/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.100.132/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.100.134/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.100.150/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.100.167/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.101.64/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.101.124/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.101.125/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.102.5/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.102.129/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.103.19/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.103.56/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.103.120/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.103.147/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.103.227/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.112.75/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.112.83/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.112.90/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.112.91/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.112.167/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.112.175/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.112.184/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.112.213/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.112.248/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.113.117/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.113.164/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.114.93/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.114.136/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.114.183/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.114.205/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.114.234/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.114.237/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.115.17/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.115.142/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.116.36/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.116.52/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.116.84/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.116.119/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.116.183/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.116.220/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.116.221/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.116.232/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.117.29/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.117.45/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.117.51/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.117.142/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.117.173/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.117.202/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.117.214/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.117.222/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.118.15/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.118.17/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.118.86/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.118.88/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.118.102/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.118.104/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.118.120/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.119.14/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.119.92/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.119.188/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.120.26/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.120.31/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.120.45/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.120.146/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.120.218/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.120.229/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.120.241/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.120.249/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.121.94/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.121.106/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.121.119/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.121.127/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.122.89/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.122.195/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.122.241/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.123.177/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.123.250/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.125.32/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.125.60/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.125.218/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.126.14/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.126.22/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.126.51/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.126.101/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.126.160/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.127.151/32 { + next-hop-interface eth3 { + } + } + interface-route 77.68.127.172/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.196.91/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.196.92/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.196.123/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.196.154/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.10/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.23/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.60/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.118/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.129/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.135/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.150/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.155/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.160/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.197.208/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.198.39/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.198.64/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.198.66/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.198.69/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.198.92/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.198.251/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.199.46/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.199.141/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.199.233/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.199.249/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.212.31/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.212.94/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.212.182/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.212.188/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.215.19/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.215.61/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.215.62/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.215.121/32 { + next-hop-interface eth3 { + } + } + interface-route 88.208.215.157/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.35.84/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.35.110/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.36.37/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.36.79/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.36.119/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.36.174/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.36.194/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.36.229/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.37.10/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.37.114/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.37.174/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.37.187/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.37.240/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.38.117/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.38.171/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.38.201/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.39.41/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.39.151/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.39.157/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.39.249/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.40.194/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.40.195/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.40.207/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.40.222/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.40.226/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.40.247/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.42.232/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.46.81/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.46.196/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.47.223/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.48.249/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.52.186/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.53.243/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.55.82/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.56.26/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.56.97/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.56.185/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.56.242/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.58.134/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.59.247/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.60.215/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.61.31/32 { + next-hop-interface eth3 { + } + } + interface-route 109.228.61.37/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.36.7/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.36.17/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.36.24/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.36.56/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.36.60/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.36.142/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.36.148/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.37.23/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.37.47/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.37.83/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.37.101/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.37.102/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.37.133/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.38.95/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.38.114/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.38.142/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.38.182/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.38.216/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.38.248/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.39.37/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.39.44/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.39.68/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.39.99/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.39.109/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.39.129/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.39.145/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.39.219/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.40.11/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.40.56/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.40.90/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.40.124/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.40.152/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.40.166/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.40.244/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.41.72/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.41.73/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.41.148/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.41.240/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.43.6/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.43.28/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.43.71/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.43.98/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.43.113/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.43.157/32 { + next-hop-interface eth3 { + } + } + interface-route 185.132.43.164/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.208.40/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.208.58/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.208.176/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.209.217/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.210.19/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.210.25/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.210.59/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.210.155/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.210.177/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.211.128/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.212.71/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.212.89/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.212.90/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.212.114/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.212.136/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.212.171/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.212.172/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.212.203/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.213.31/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.213.41/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.213.42/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.213.97/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.213.175/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.213.242/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.214.96/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.214.102/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.214.167/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.214.234/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.215.43/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.215.184/32 { + next-hop-interface eth3 { + } + } + interface-route 213.171.215.252/32 { + next-hop-interface eth3 { + } + } + route 0.0.0.0/0 { + next-hop 109.228.63.129 { + } + } + route 10.0.0.0/8 { + next-hop 10.4.35.1 { + } + } + route 10.7.197.0/24 { + next-hop 109.228.63.240 { + } + } + route 172.16.0.0/12 { + next-hop 10.4.35.1 { + } + } + route 192.168.0.0/16 { + next-hop 10.4.35.1 { + } + } + } +} +service { + lldp { + legacy-protocols { + cdp + } + snmp { + enable + } + } + snmp { + community 1Trpq25 { + authorization ro + } + contact network@arsys.es + description gb-glo-sg4ng1fw27-01 + listen-address 10.4.35.105 { + port 161 + } + location NGCS + trap-target 10.4.36.64 { + community 1Trpq25 + port 162 + } + trap-target 172.21.15.200 { + community 1Trpq25 + port 162 + } + } + ssh { + listen-address 10.4.35.105 + listen-address 10.4.51.133 + port 22 + } +} +system { + config-management { + commit-revisions 20 + } + conntrack { + expect-table-size 8192 + hash-size 262144 + modules { + sip { + disable + } + } + table-size 2097152 + timeout { + icmp 30 + other 120 + tcp { + close 10 + close-wait 60 + established 3600 + fin-wait 30 + last-ack 30 + syn-recv 5 + syn-sent 5 + time-wait 5 + } + udp { + other 10 + stream 10 + } + } + } + console { + device ttyS0 { + speed 115200 + } + } + host-name gb-glo-sg4ng1fw27-01 + ip { + arp { + table-size 2048 + } + } + ipv6 { + disable + } + login { + user vyos { + authentication { + encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ + plaintext-password "" + } + } + } + name-server 10.4.36.16 + name-server 10.4.37.16 + ntp { + server glo-ntp1.por-ngcs.lan { + } + server glo-ntp2.por-ngcs.lan { + } + } + syslog { + global { + facility all { + level notice + } + facility protocols { + level info + } + } + host 10.4.36.23 { + facility all { + level all + } + facility protocols { + level info + } + facility user { + level err + } + } + user all { + facility all { + level emerg + } + } + } + time-zone Europe/Madrid +} + + +/* Warning: Do not remove the following line. */ +/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@10:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ +/* Release version: 1.2.6-S1 */ + diff --git a/smoketest/configs/basic-vyos b/smoketest/configs/basic-vyos index 493feed5b..e6f89954f 100644 --- a/smoketest/configs/basic-vyos +++ b/smoketest/configs/basic-vyos @@ -6,16 +6,68 @@ interfaces { speed auto } ethernet eth1 { - address 100.64.0.0/31 duplex auto smp-affinity auto speed auto } + ethernet eth2 { + duplex auto + smp-affinity auto + speed auto + vif 100 { + address 100.100.0.1/24 + } + vif-s 200 { + address 100.64.200.254/24 + vif-c 201 { + address 100.64.201.254/24 + } + vif-c 202 { + address 100.64.202.254/24 + } + } + } loopback lo { } } protocols { static { + arp 192.168.0.20 { + hwaddr 00:50:00:00:00:20 + } + arp 192.168.0.30 { + hwaddr 00:50:00:00:00:30 + } + arp 192.168.0.40 { + hwaddr 00:50:00:00:00:40 + } + arp 100.100.0.2 { + hwaddr 00:50:00:00:02:02 + } + arp 100.100.0.3 { + hwaddr 00:50:00:00:02:03 + } + arp 100.100.0.4 { + hwaddr 00:50:00:00:02:04 + } + arp 100.64.200.1 { + hwaddr 00:50:00:00:00:01 + } + arp 100.64.200.2 { + hwaddr 00:50:00:00:00:02 + } + arp 100.64.201.10 { + hwaddr 00:50:00:00:00:10 + } + arp 100.64.201.20 { + hwaddr 00:50:00:00:00:20 + } + arp 100.64.202.30 { + hwaddr 00:50:00:00:00:30 + } + arp 100.64.202.40 { + hwaddr 00:50:00:00:00:40 + } route 0.0.0.0/0 { next-hop 100.64.0.1 { } diff --git a/smoketest/configs/bgp-big-as-cloud b/smoketest/configs/bgp-big-as-cloud index 10660ec87..65819256e 100644 --- a/smoketest/configs/bgp-big-as-cloud +++ b/smoketest/configs/bgp-big-as-cloud @@ -982,6 +982,10 @@ policy { } } } + set { + as-path-exclude "100 200 300" + as-path-prepend "64512 64512 64512" + } } rule 100 { action deny diff --git a/smoketest/configs/qos-basic b/smoketest/configs/qos-basic new file mode 100644 index 000000000..f94a5650d --- /dev/null +++ b/smoketest/configs/qos-basic @@ -0,0 +1,205 @@ +interfaces { + ethernet eth0 { + address 10.1.1.100/24 + traffic-policy { + out FS + } + } + ethernet eth1 { + address 10.2.1.1/24 + traffic-policy { + out M2 + } + } + ethernet eth2 { + address 10.9.9.1/24 + traffic-policy { + out MY-HTB + } + } + loopback lo { + } +} +protocols { + static { + route 0.0.0.0/0 { + next-hop 10.9.9.2 { + } + next-hop 10.1.1.1 { + } + } + } +} +system { + config-management { + commit-revisions 10 + } + conntrack { + modules { + ftp + h323 + nfs + pptp + sip + sqlnet + tftp + } + } + console { + device ttyS0 { + speed 115200 + } + } + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0 + plaintext-password "" + } + } + } + ntp { + server time1.vyos.net { + } + server time2.vyos.net { + } + server time3.vyos.net { + } + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } +} +traffic-policy { + shaper M2 { + bandwidth auto + class 10 { + bandwidth 100% + burst 15k + match ADDRESS10 { + ip { + dscp CS4 + } + } + queue-type fair-queue + set-dscp CS5 + } + default { + bandwidth 10mbit + burst 15k + queue-type fair-queue + } + } + shaper MY-HTB { + bandwidth 10mbit + class 30 { + bandwidth 10% + burst 15k + ceiling 50% + match ADDRESS30 { + ip { + source { + address 10.1.1.0/24 + } + } + } + priority 5 + queue-type fair-queue + } + class 40 { + bandwidth 90% + burst 15k + ceiling 100% + match ADDRESS40 { + ip { + dscp CS4 + source { + address 10.2.1.0/24 + } + } + } + priority 5 + queue-type fair-queue + } + class 50 { + bandwidth 100% + burst 15k + match ADDRESS50 { + ip { + dscp CS5 + } + } + queue-type fair-queue + set-dscp CS7 + } + default { + bandwidth 10% + burst 15k + ceiling 100% + priority 7 + queue-type fair-queue + set-dscp CS1 + } + } + shaper FS { + bandwidth auto + class 10 { + bandwidth 100% + burst 15k + match ADDRESS10 { + ip { + source { + address 172.17.1.2/32 + } + } + } + queue-type fair-queue + set-dscp CS4 + } + class 20 { + bandwidth 100% + burst 15k + match ADDRESS20 { + ip { + source { + address 172.17.1.3/32 + } + } + } + queue-type fair-queue + set-dscp CS5 + } + class 30 { + bandwidth 100% + burst 15k + match ADDRESS30 { + ip { + source { + address 172.17.1.4/32 + } + } + } + queue-type fair-queue + set-dscp CS6 + } + default { + bandwidth 10% + burst 15k + ceiling 100% + priority 7 + queue-type fair-queue + } + } +} +// Warning: Do not remove the following line. +// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" +// Release version: 1.3.1 + diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index ba5acf5d6..816ba6dcd 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -78,18 +78,25 @@ class BasicInterfaceTest: # choose IPv6 minimum MTU value for tests - this must always work _mtu = '1280' - def setUp(self): + @classmethod + def setUpClass(cls): + super(BasicInterfaceTest.TestCase, cls).setUpClass() + # Setup mirror interfaces for SPAN (Switch Port Analyzer) - for span in self._mirror_interfaces: + for span in cls._mirror_interfaces: section = Section.section(span) - self.cli_set(['interfaces', section, span]) + cls.cli_set(cls, ['interfaces', section, span]) - def tearDown(self): + @classmethod + def tearDownClass(cls): # Tear down mirror interfaces for SPAN (Switch Port Analyzer) - for span in self._mirror_interfaces: + for span in cls._mirror_interfaces: section = Section.section(span) - self.cli_delete(['interfaces', section, span]) + cls.cli_delete(cls, ['interfaces', section, span]) + super(BasicInterfaceTest.TestCase, cls).tearDownClass() + + def tearDown(self): self.cli_delete(self._base_path) self.cli_commit() @@ -232,6 +239,7 @@ class BasicInterfaceTest: self.cli_commit() for interface in self._interfaces: + self.assertIn(AF_INET6, ifaddresses(interface)) for addr in ifaddresses(interface)[AF_INET6]: self.assertTrue(is_ipv6_link_local(addr['addr'])) diff --git a/smoketest/scripts/cli/base_vyostest_shim.py b/smoketest/scripts/cli/base_vyostest_shim.py index 1652aa0d6..7cfb53045 100644 --- a/smoketest/scripts/cli/base_vyostest_shim.py +++ b/smoketest/scripts/cli/base_vyostest_shim.py @@ -16,6 +16,7 @@ import os import unittest from time import sleep +from typing import Type from vyos.configsession import ConfigSession from vyos.configsession import ConfigSessionError @@ -85,3 +86,17 @@ class VyOSUnitTestSHIM: print(f'\n\ncommand "{command}" returned:\n') pprint.pprint(out) return out + +# standard construction; typing suggestion: https://stackoverflow.com/a/70292317 +def ignore_warning(warning: Type[Warning]): + import warnings + from functools import wraps + + def inner(f): + @wraps(f) + def wrapped(*args, **kwargs): + with warnings.catch_warnings(): + warnings.simplefilter("ignore", category=warning) + return f(*args, **kwargs) + return wrapped + return inner diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py index 5448295fa..b8f944575 100755 --- a/smoketest/scripts/cli/test_firewall.py +++ b/smoketest/scripts/cli/test_firewall.py @@ -38,7 +38,7 @@ sysfs_config = { class TestFirewall(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestFirewall, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) @@ -49,8 +49,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): @classmethod def tearDownClass(cls): cls.cli_delete(cls, ['interfaces', 'ethernet', 'eth0', 'address', '172.16.10.1/24']) - - super(cls, cls).tearDownClass() + super(TestFirewall, cls).tearDownClass() def tearDown(self): self.cli_delete(['interfaces', 'ethernet', 'eth0', 'firewall']) @@ -174,6 +173,45 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): nftables_output = cmd(f'sudo nft list chain {table} {chain}') self.assertTrue('jump VYOS_STATE_POLICY' in nftables_output) + def test_state_and_status_rules(self): + self.cli_set(['firewall', 'name', 'smoketest', 'default-action', 'drop']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'action', 'accept']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'state', 'established', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'state', 'related', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'action', 'reject']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'state', 'invalid', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '3', 'action', 'accept']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '3', 'state', 'new', 'enable']) + + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '3', 'connection-status', 'nat', 'destination']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'action', 'accept']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'state', 'new', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'state', 'established', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'connection-status', 'nat', 'source']) + + self.cli_set(['interfaces', 'ethernet', 'eth0', 'firewall', 'in', 'name', 'smoketest']) + + self.cli_commit() + + nftables_search = [ + ['iifname "eth0"', 'jump NAME_smoketest'], + ['ct state { established, related }', 'return'], + ['ct state { invalid }', 'reject'], + ['ct state { new }', 'ct status { dnat }', 'return'], + ['ct state { established, new }', 'ct status { snat }', 'return'], + ['smoketest default-action', 'drop'] + ] + + nftables_output = cmd('sudo nft list table ip filter') + + for search in nftables_search: + matched = False + for line in nftables_output.split("\n"): + if all(item in line for item in search): + matched = True + break + self.assertTrue(matched, msg=search) + def test_sysfs(self): for name, conf in sysfs_config.items(): paths = glob(conf['sysfs']) diff --git a/smoketest/scripts/cli/test_interfaces_bonding.py b/smoketest/scripts/cli/test_interfaces_bonding.py index 9bb561275..237abb487 100755 --- a/smoketest/scripts/cli/test_interfaces_bonding.py +++ b/smoketest/scripts/cli/test_interfaces_bonding.py @@ -55,7 +55,7 @@ class BondingInterfaceTest(BasicInterfaceTest.TestCase): cls._interfaces = list(cls._options) # call base-classes classmethod - super(cls, cls).setUpClass() + super(BondingInterfaceTest, cls).setUpClass() def test_add_single_ip_address(self): super().test_add_single_ip_address() diff --git a/smoketest/scripts/cli/test_interfaces_bridge.py b/smoketest/scripts/cli/test_interfaces_bridge.py index f2e111425..ca0ead9e8 100755 --- a/smoketest/scripts/cli/test_interfaces_bridge.py +++ b/smoketest/scripts/cli/test_interfaces_bridge.py @@ -56,7 +56,7 @@ class BridgeInterfaceTest(BasicInterfaceTest.TestCase): cls._interfaces = list(cls._options) # call base-classes classmethod - super(cls, cls).setUpClass() + super(BridgeInterfaceTest, cls).setUpClass() def tearDown(self): for intf in self._interfaces: diff --git a/smoketest/scripts/cli/test_interfaces_dummy.py b/smoketest/scripts/cli/test_interfaces_dummy.py index dedc6fe05..d96ec2c5d 100755 --- a/smoketest/scripts/cli/test_interfaces_dummy.py +++ b/smoketest/scripts/cli/test_interfaces_dummy.py @@ -24,7 +24,7 @@ class DummyInterfaceTest(BasicInterfaceTest.TestCase): cls._base_path = ['interfaces', 'dummy'] cls._interfaces = ['dum435', 'dum8677', 'dum0931', 'dum089'] # call base-classes classmethod - super(cls, cls).setUpClass() + super(DummyInterfaceTest, cls).setUpClass() if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_interfaces_ethernet.py b/smoketest/scripts/cli/test_interfaces_ethernet.py index ee7649af8..05d2ae5f5 100755 --- a/smoketest/scripts/cli/test_interfaces_ethernet.py +++ b/smoketest/scripts/cli/test_interfaces_ethernet.py @@ -18,13 +18,19 @@ import os import re import unittest +from netifaces import AF_INET +from netifaces import AF_INET6 +from netifaces import ifaddresses + from base_interfaces_test import BasicInterfaceTest from vyos.configsession import ConfigSessionError from vyos.ifconfig import Section from vyos.pki import CERT_BEGIN +from vyos.template import is_ipv6 from vyos.util import cmd from vyos.util import process_named_running from vyos.util import read_file +from vyos.validate import is_ipv6_link_local server_ca_root_cert_data = """ MIIBcTCCARagAwIBAgIUDcAf1oIQV+6WRaW7NPcSnECQ/lUwCgYIKoZIzj0EAwIw @@ -128,7 +134,7 @@ class EthernetInterfaceTest(BasicInterfaceTest.TestCase): cls._macs[interface] = read_file(f'/sys/class/net/{interface}/address') # call base-classes classmethod - super(cls, cls).setUpClass() + super(EthernetInterfaceTest, cls).setUpClass() def tearDown(self): for interface in self._interfaces: @@ -140,13 +146,20 @@ class EthernetInterfaceTest(BasicInterfaceTest.TestCase): self.cli_set(self._base_path + [interface, 'speed', 'auto']) self.cli_set(self._base_path + [interface, 'hw-id', self._macs[interface]]) - # Tear down mirror interfaces for SPAN (Switch Port Analyzer) - for span in self._mirror_interfaces: - section = Section.section(span) - self.cli_delete(['interfaces', section, span]) - self.cli_commit() + # Verify that no address remains on the system as this is an eternal + # interface. + for intf in self._interfaces: + self.assertNotIn(AF_INET, ifaddresses(intf)) + # required for IPv6 link-local address + self.assertIn(AF_INET6, ifaddresses(intf)) + for addr in ifaddresses(intf)[AF_INET6]: + # checking link local addresses makes no sense + if is_ipv6_link_local(addr['addr']): + continue + self.assertFalse(is_intf_addr_assigned(intf, addr['addr'])) + def test_offloading_rps(self): # enable RPS on all available CPUs, RPS works woth a CPU bitmask, # where each bit represents a CPU (core/thread). The formula below diff --git a/smoketest/scripts/cli/test_interfaces_geneve.py b/smoketest/scripts/cli/test_interfaces_geneve.py index 430085e7f..0e5098aa7 100755 --- a/smoketest/scripts/cli/test_interfaces_geneve.py +++ b/smoketest/scripts/cli/test_interfaces_geneve.py @@ -34,7 +34,7 @@ class GeneveInterfaceTest(BasicInterfaceTest.TestCase): } cls._interfaces = list(cls._options) # call base-classes classmethod - super(cls, cls).setUpClass() + super(GeneveInterfaceTest, cls).setUpClass() def test_geneve_parameters(self): tos = '40' diff --git a/smoketest/scripts/cli/test_interfaces_l2tpv3.py b/smoketest/scripts/cli/test_interfaces_l2tpv3.py index 06ced5c40..aed8e6f15 100755 --- a/smoketest/scripts/cli/test_interfaces_l2tpv3.py +++ b/smoketest/scripts/cli/test_interfaces_l2tpv3.py @@ -39,7 +39,7 @@ class L2TPv3InterfaceTest(BasicInterfaceTest.TestCase): } cls._interfaces = list(cls._options) # call base-classes classmethod - super(cls, cls).setUpClass() + super(L2TPv3InterfaceTest, cls).setUpClass() def test_add_single_ip_address(self): super().test_add_single_ip_address() diff --git a/smoketest/scripts/cli/test_interfaces_loopback.py b/smoketest/scripts/cli/test_interfaces_loopback.py index 85b5ca6d6..5ff9c250e 100755 --- a/smoketest/scripts/cli/test_interfaces_loopback.py +++ b/smoketest/scripts/cli/test_interfaces_loopback.py @@ -29,7 +29,7 @@ class LoopbackInterfaceTest(BasicInterfaceTest.TestCase): cls._base_path = ['interfaces', 'loopback'] cls._interfaces = ['lo'] # call base-classes classmethod - super(cls, cls).setUpClass() + super(LoopbackInterfaceTest, cls).setUpClass() def tearDown(self): self.cli_delete(self._base_path) diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py index 5b10bfa44..e5e5a558e 100755 --- a/smoketest/scripts/cli/test_interfaces_macsec.py +++ b/smoketest/scripts/cli/test_interfaces_macsec.py @@ -53,7 +53,7 @@ class MACsecInterfaceTest(BasicInterfaceTest.TestCase): cls._interfaces = list(cls._options) # call base-classes classmethod - super(cls, cls).setUpClass() + super(MACsecInterfaceTest, cls).setUpClass() def test_macsec_encryption(self): # MACsec can be operating in authentication and encryption mode - both diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py index f8a6ae986..b2143d16e 100755 --- a/smoketest/scripts/cli/test_interfaces_openvpn.py +++ b/smoketest/scripts/cli/test_interfaces_openvpn.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -37,10 +37,46 @@ PROCESS_NAME = 'openvpn' base_path = ['interfaces', 'openvpn'] -cert_data = 'MIICFDCCAbugAwIBAgIUfMbIsB/ozMXijYgUYG80T1ry+mcwCgYIKoZIzj0EAwIwWTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MB4XDTIxMDcyMDEyNDUxMloXDTI2MDcxOTEyNDUxMlowWTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE01HrLcNttqq4/PtoMua8rMWEkOdBu7vP94xzDO7A8C92ls1v86eePy4QllKCzIw3QxBIoCuH2peGRfWgPRdFsKNhMF8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSu+JnU5ZC4mkuEpqg2+Mk4K79oeDAKBggqhkjOPQQDAgNHADBEAiBEFdzQ/Bc3LftzngrY605UhA6UprHhAogKgROv7iR4QgIgEFUxTtW3xXJcnUPWhhUFhyZoqfn8dE93+dm/LDnp7C0=' -key_data = 'MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPLpD0Ohhoq0g4nhx2KMIuze7ucKUt/lBEB2wc03IxXyhRANCAATTUestw222qrj8+2gy5rysxYSQ50G7u8/3jHMM7sDwL3aWzW/zp54/LhCWUoLMjDdDEEigK4fal4ZF9aA9F0Ww' -dh_data = 'MIIBCAKCAQEApzGAPcQlLJiOyfGZgl1qxNgufXkdpjG7lMaOrO4TGr1giFe3jIFOFxJNC/G9Dn+KSukaWssVVR+Jwr/JesZFPawihS03wC7cZsccykNRIjiteqJDwYJZUHieOxyCuCeY4pqOUCl1uswRGjLvIFtwynpnXKKuz2YtjNifma90PEgv/vVWKix+Q0TAbdbzJzO5xp8UVn9DuYfSr10k3LbDqDM7w5ezHZxFk24S5pN/yoOpdbxB8TS67q3IYXxR3F+RseKu4J3AvkxXSP1j7COXddPpLnvbJT/SW8NrjuC/n0eKGvmeyqNv108Y89jnT79MxMMRQk66iwlsd1m4pa/OYwIBAg==' -ovpn_key_data = '443f2a710ac411c36894b2531e62c4550b079b8f3f08997f4be57c64abfdaaa431d2396b01ecec3a2c0618959e8186d99f489742d25673ffb3268841ebb2e7042a2daabe584e79d51d2b1d7409bf8840f7e42efa3e660a521719b04ee88b9043e6315ae12da7c9abd55f67eeed71a9ee8c6e163b5d2661fc332cf90cb45658b4adf892f79537d37d3a3d90da283ce885adf325ffd2b5be92067cdf0345c7712c9d36b642c170351b6d9ce9f6230c7a2617b0c181121bce7d5373404fb68e65210b36e6d40ef2769cf8990503859f6f2db3c85ba74420430a6250d6a74ca51ece4b85124bfdfec0c8a530cefa7350378d81a4539f74bed832a902ae4798142e4a' +cert_data = """ +MIICFDCCAbugAwIBAgIUfMbIsB/ozMXijYgUYG80T1ry+mcwCgYIKoZIzj0EAwIw +WTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNv +bWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MB4XDTIx +MDcyMDEyNDUxMloXDTI2MDcxOTEyNDUxMlowWTELMAkGA1UEBhMCR0IxEzARBgNV +BAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlP +UzESMBAGA1UEAwwJVnlPUyBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +01HrLcNttqq4/PtoMua8rMWEkOdBu7vP94xzDO7A8C92ls1v86eePy4QllKCzIw3 +QxBIoCuH2peGRfWgPRdFsKNhMF8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSu ++JnU5ZC4mkuEpqg2+Mk4K79oeDAKBggqhkjOPQQDAgNHADBEAiBEFdzQ/Bc3Lftz +ngrY605UhA6UprHhAogKgROv7iR4QgIgEFUxTtW3xXJcnUPWhhUFhyZoqfn8dE93 ++dm/LDnp7C0= +""" + +key_data = """ +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPLpD0Ohhoq0g4nhx +2KMIuze7ucKUt/lBEB2wc03IxXyhRANCAATTUestw222qrj8+2gy5rysxYSQ50G7 +u8/3jHMM7sDwL3aWzW/zp54/LhCWUoLMjDdDEEigK4fal4ZF9aA9F0Ww +""" + +dh_data = """ +MIIBCAKCAQEApzGAPcQlLJiOyfGZgl1qxNgufXkdpjG7lMaOrO4TGr1giFe3jIFO +FxJNC/G9Dn+KSukaWssVVR+Jwr/JesZFPawihS03wC7cZsccykNRIjiteqJDwYJZ +UHieOxyCuCeY4pqOUCl1uswRGjLvIFtwynpnXKKuz2YtjNifma90PEgv/vVWKix+ +Q0TAbdbzJzO5xp8UVn9DuYfSr10k3LbDqDM7w5ezHZxFk24S5pN/yoOpdbxB8TS6 +7q3IYXxR3F+RseKu4J3AvkxXSP1j7COXddPpLnvbJT/SW8NrjuC/n0eKGvmeyqNv +108Y89jnT79MxMMRQk66iwlsd1m4pa/OYwIBAg== +""" + +ovpn_key_data = """ +443f2a710ac411c36894b2531e62c4550b079b8f3f08997f4be57c64abfdaaa4 +31d2396b01ecec3a2c0618959e8186d99f489742d25673ffb3268841ebb2e704 +2a2daabe584e79d51d2b1d7409bf8840f7e42efa3e660a521719b04ee88b9043 +e6315ae12da7c9abd55f67eeed71a9ee8c6e163b5d2661fc332cf90cb45658b4 +adf892f79537d37d3a3d90da283ce885adf325ffd2b5be92067cdf0345c7712c +9d36b642c170351b6d9ce9f6230c7a2617b0c181121bce7d5373404fb68e6521 +0b36e6d40ef2769cf8990503859f6f2db3c85ba74420430a6250d6a74ca51ece +4b85124bfdfec0c8a530cefa7350378d81a4539f74bed832a902ae4798142e4a +""" remote_port = '1194' protocol = 'udp' @@ -59,20 +95,28 @@ def get_vrf(interface): return tmp class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase): - def setUp(self): - self.cli_set(['interfaces', 'dummy', dummy_if, 'address', '192.0.2.1/32']) - self.cli_set(['vrf', 'name', vrf_name, 'table', '12345']) + @classmethod + def setUpClass(cls): + super(TestInterfacesOpenVPN, cls).setUpClass() - self.cli_set(['pki', 'ca', 'ovpn_test', 'certificate', cert_data]) - self.cli_set(['pki', 'certificate', 'ovpn_test', 'certificate', cert_data]) - self.cli_set(['pki', 'certificate', 'ovpn_test', 'private', 'key', key_data]) - self.cli_set(['pki', 'dh', 'ovpn_test', 'parameters', dh_data]) - self.cli_set(['pki', 'openvpn', 'shared-secret', 'ovpn_test', 'key', ovpn_key_data]) + cls.cli_set(cls, ['interfaces', 'dummy', dummy_if, 'address', '192.0.2.1/32']) + cls.cli_set(cls, ['vrf', 'name', vrf_name, 'table', '12345']) + + cls.cli_set(cls, ['pki', 'ca', 'ovpn_test', 'certificate', cert_data.replace('\n','')]) + cls.cli_set(cls, ['pki', 'certificate', 'ovpn_test', 'certificate', cert_data.replace('\n','')]) + cls.cli_set(cls, ['pki', 'certificate', 'ovpn_test', 'private', 'key', key_data.replace('\n','')]) + cls.cli_set(cls, ['pki', 'dh', 'ovpn_test', 'parameters', dh_data.replace('\n','')]) + cls.cli_set(cls, ['pki', 'openvpn', 'shared-secret', 'ovpn_test', 'key', ovpn_key_data.replace('\n','')]) + + @classmethod + def tearDownClass(cls): + cls.cli_delete(cls, ['interfaces', 'dummy', dummy_if]) + cls.cli_delete(cls, ['vrf']) + + super(TestInterfacesOpenVPN, cls).tearDownClass() def tearDown(self): self.cli_delete(base_path) - self.cli_delete(['interfaces', 'dummy', dummy_if]) - self.cli_delete(['vrf']) self.cli_commit() def test_openvpn_client_verify(self): @@ -532,6 +576,46 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase): self.cli_commit() + def test_openvpn_options(self): + # Ensure OpenVPN process restart on openvpn-option CLI node change + + interface = 'vtun5001' + path = base_path + [interface] + + self.cli_set(path + ['mode', 'site-to-site']) + self.cli_set(path + ['local-address', '10.0.0.2']) + self.cli_set(path + ['remote-address', '192.168.0.3']) + self.cli_set(path + ['shared-secret-key', 'ovpn_test']) + + self.cli_commit() + + # Now verify the OpenVPN "raw" option passing. Once an openvpn-option is + # added, modified or deleted from the CLI, OpenVPN daemon must be restarted + cur_pid = process_named_running('openvpn') + self.cli_set(path + ['openvpn-option', '--persist-tun']) + self.cli_commit() + + # PID must be different as OpenVPN Must be restarted + new_pid = process_named_running('openvpn') + self.assertNotEqual(cur_pid, new_pid) + cur_pid = new_pid + + self.cli_set(path + ['openvpn-option', '--persist-key']) + self.cli_commit() + + # PID must be different as OpenVPN Must be restarted + new_pid = process_named_running('openvpn') + self.assertNotEqual(cur_pid, new_pid) + cur_pid = new_pid + + self.cli_delete(path + ['openvpn-option']) + self.cli_commit() + + # PID must be different as OpenVPN Must be restarted + new_pid = process_named_running('openvpn') + self.assertNotEqual(cur_pid, new_pid) + cur_pid = new_pid + def test_openvpn_site2site_interfaces_tun(self): # Create two OpenVPN site-to-site interfaces diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py index 4f1e1ee99..8927121a8 100755 --- a/smoketest/scripts/cli/test_interfaces_pppoe.py +++ b/smoketest/scripts/cli/test_interfaces_pppoe.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2021 VyOS maintainers and contributors +# Copyright (C) 2019-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -34,9 +34,12 @@ def get_config_value(interface, key): # add a classmethod to setup a temporaray PPPoE server for "proper" validation class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase): - def setUp(self): - self._interfaces = ['pppoe10', 'pppoe20', 'pppoe30'] - self._source_interface = 'eth0' + @classmethod + def setUpClass(cls): + super(PPPoEInterfaceTest, cls).setUpClass() + + cls._interfaces = ['pppoe10', 'pppoe20', 'pppoe30'] + cls._source_interface = 'eth0' def tearDown(self): # Validate PPPoE client process @@ -60,7 +63,6 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + [interface, 'authentication', 'user', user]) self.cli_set(base_path + [interface, 'authentication', 'password', passwd]) - self.cli_set(base_path + [interface, 'default-route', 'auto']) self.cli_set(base_path + [interface, 'mtu', mtu]) self.cli_set(base_path + [interface, 'no-peer-dns']) @@ -136,7 +138,7 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase): for interface in self._interfaces: self.cli_set(base_path + [interface, 'authentication', 'user', 'vyos']) self.cli_set(base_path + [interface, 'authentication', 'password', 'vyos']) - self.cli_set(base_path + [interface, 'default-route', 'none']) + self.cli_set(base_path + [interface, 'no-default-route']) self.cli_set(base_path + [interface, 'no-peer-dns']) self.cli_set(base_path + [interface, 'source-interface', self._source_interface]) self.cli_set(base_path + [interface, 'ipv6', 'address', 'autoconf']) diff --git a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py b/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py index adcadc5eb..a51b8d52c 100755 --- a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py +++ b/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py @@ -48,7 +48,7 @@ class PEthInterfaceTest(BasicInterfaceTest.TestCase): cls._interfaces = list(cls._options) # call base-classes classmethod - super(cls, cls).setUpClass() + super(PEthInterfaceTest, cls).setUpClass() if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py index 99c25c374..44bfbb5f0 100755 --- a/smoketest/scripts/cli/test_interfaces_tunnel.py +++ b/smoketest/scripts/cli/test_interfaces_tunnel.py @@ -42,7 +42,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase): } cls._interfaces = list(cls._options) # call base-classes classmethod - super(cls, cls).setUpClass() + super(TunnelInterfaceTest, cls).setUpClass() # create some test interfaces cls.cli_set(cls, ['interfaces', 'dummy', source_if, 'address', cls.local_v4 + '/32']) diff --git a/smoketest/scripts/cli/test_interfaces_vxlan.py b/smoketest/scripts/cli/test_interfaces_vxlan.py index bb85f1936..058f13721 100755 --- a/smoketest/scripts/cli/test_interfaces_vxlan.py +++ b/smoketest/scripts/cli/test_interfaces_vxlan.py @@ -39,7 +39,7 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase): } cls._interfaces = list(cls._options) # call base-classes classmethod - super(cls, cls).setUpClass() + super(VXLANInterfaceTest, cls).setUpClass() def test_vxlan_parameters(self): tos = '40' diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py index aaf27a2c4..f3e9670f7 100755 --- a/smoketest/scripts/cli/test_interfaces_wireguard.py +++ b/smoketest/scripts/cli/test_interfaces_wireguard.py @@ -23,10 +23,13 @@ from vyos.configsession import ConfigSessionError base_path = ['interfaces', 'wireguard'] class WireGuardInterfaceTest(VyOSUnitTestSHIM.TestCase): - def setUp(self): - self._test_addr = ['192.0.2.1/26', '192.0.2.255/31', '192.0.2.64/32', + @classmethod + def setUpClass(cls): + super(WireGuardInterfaceTest, cls).setUpClass() + + cls._test_addr = ['192.0.2.1/26', '192.0.2.255/31', '192.0.2.64/32', '2001:db8:1::ffff/64', '2001:db8:101::1/112'] - self._interfaces = ['wg0', 'wg1'] + cls._interfaces = ['wg0', 'wg1'] def tearDown(self): self.cli_delete(base_path) diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py index 4f539a23c..a24f37d8d 100755 --- a/smoketest/scripts/cli/test_interfaces_wireless.py +++ b/smoketest/scripts/cli/test_interfaces_wireless.py @@ -48,7 +48,7 @@ class WirelessInterfaceTest(BasicInterfaceTest.TestCase): } cls._interfaces = list(cls._options) # call base-classes classmethod - super(cls, cls).setUpClass() + super(WirelessInterfaceTest, cls).setUpClass() def test_wireless_add_single_ip_address(self): # derived method to check if member interfaces are enslaved properly diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py index 2e1b8d431..408facfb3 100755 --- a/smoketest/scripts/cli/test_nat.py +++ b/smoketest/scripts/cli/test_nat.py @@ -30,7 +30,7 @@ dst_path = base_path + ['destination'] class TestNAT(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestNAT, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) @@ -59,36 +59,44 @@ class TestNAT(VyOSUnitTestSHIM.TestCase): self.cli_commit() - tmp = cmd('sudo nft -j list table nat') + tmp = cmd('sudo nft -j list chain ip nat POSTROUTING') data_json = jmespath.search('nftables[?rule].rule[?chain]', json.loads(tmp)) for idx in range(0, len(data_json)): - rule = str(rules[idx]) data = data_json[idx] - network = f'192.168.{rule}.0/24' - - self.assertEqual(data['chain'], 'POSTROUTING') - self.assertEqual(data['comment'], f'SRC-NAT-{rule}') - self.assertEqual(data['family'], 'ip') - self.assertEqual(data['table'], 'nat') + if idx == 0: + self.assertEqual(data['chain'], 'POSTROUTING') + self.assertEqual(data['family'], 'ip') + self.assertEqual(data['table'], 'nat') - iface = dict_search('match.right', data['expr'][0]) - direction = dict_search('match.left.payload.field', data['expr'][1]) - address = dict_search('match.right.prefix.addr', data['expr'][1]) - mask = dict_search('match.right.prefix.len', data['expr'][1]) - - if int(rule) < 200: - self.assertEqual(direction, 'saddr') - self.assertEqual(iface, outbound_iface_100) - # check for masquerade keyword - self.assertIn('masquerade', data['expr'][3]) + jump_target = dict_search('jump.target', data['expr'][1]) + self.assertEqual(jump_target,'VYOS_PRE_SNAT_HOOK') else: - self.assertEqual(direction, 'daddr') - self.assertEqual(iface, outbound_iface_200) - # check for return keyword due to 'exclude' - self.assertIn('return', data['expr'][3]) - - self.assertEqual(f'{address}/{mask}', network) + rule = str(rules[idx - 1]) + network = f'192.168.{rule}.0/24' + + self.assertEqual(data['chain'], 'POSTROUTING') + self.assertEqual(data['comment'], f'SRC-NAT-{rule}') + self.assertEqual(data['family'], 'ip') + self.assertEqual(data['table'], 'nat') + + iface = dict_search('match.right', data['expr'][0]) + direction = dict_search('match.left.payload.field', data['expr'][1]) + address = dict_search('match.right.prefix.addr', data['expr'][1]) + mask = dict_search('match.right.prefix.len', data['expr'][1]) + + if int(rule) < 200: + self.assertEqual(direction, 'saddr') + self.assertEqual(iface, outbound_iface_100) + # check for masquerade keyword + self.assertIn('masquerade', data['expr'][3]) + else: + self.assertEqual(direction, 'daddr') + self.assertEqual(iface, outbound_iface_200) + # check for return keyword due to 'exclude' + self.assertIn('return', data['expr'][3]) + + self.assertEqual(f'{address}/{mask}', network) def test_dnat(self): rules = ['100', '110', '120', '130', '200', '210', '220', '230'] @@ -111,33 +119,42 @@ class TestNAT(VyOSUnitTestSHIM.TestCase): self.cli_commit() - tmp = cmd('sudo nft -j list table nat') + tmp = cmd('sudo nft -j list chain ip nat PREROUTING') data_json = jmespath.search('nftables[?rule].rule[?chain]', json.loads(tmp)) for idx in range(0, len(data_json)): - rule = str(rules[idx]) data = data_json[idx] - port = int(f'10{rule}') - - self.assertEqual(data['chain'], 'PREROUTING') - self.assertEqual(data['comment'].split()[0], f'DST-NAT-{rule}') - self.assertEqual(data['family'], 'ip') - self.assertEqual(data['table'], 'nat') - - iface = dict_search('match.right', data['expr'][0]) - direction = dict_search('match.left.payload.field', data['expr'][1]) - protocol = dict_search('match.left.payload.protocol', data['expr'][1]) - dnat_addr = dict_search('dnat.addr', data['expr'][3]) - dnat_port = dict_search('dnat.port', data['expr'][3]) - - self.assertEqual(direction, 'sport') - self.assertEqual(dnat_addr, '192.0.2.1') - self.assertEqual(dnat_port, port) - if int(rule) < 200: - self.assertEqual(iface, inbound_iface_100) - self.assertEqual(protocol, inbound_proto_100) + if idx == 0: + self.assertEqual(data['chain'], 'PREROUTING') + self.assertEqual(data['family'], 'ip') + self.assertEqual(data['table'], 'nat') + + jump_target = dict_search('jump.target', data['expr'][1]) + self.assertEqual(jump_target,'VYOS_PRE_DNAT_HOOK') else: - self.assertEqual(iface, inbound_iface_200) + + rule = str(rules[idx - 1]) + port = int(f'10{rule}') + + self.assertEqual(data['chain'], 'PREROUTING') + self.assertEqual(data['comment'].split()[0], f'DST-NAT-{rule}') + self.assertEqual(data['family'], 'ip') + self.assertEqual(data['table'], 'nat') + + iface = dict_search('match.right', data['expr'][0]) + direction = dict_search('match.left.payload.field', data['expr'][1]) + protocol = dict_search('match.left.payload.protocol', data['expr'][1]) + dnat_addr = dict_search('dnat.addr', data['expr'][3]) + dnat_port = dict_search('dnat.port', data['expr'][3]) + + self.assertEqual(direction, 'sport') + self.assertEqual(dnat_addr, '192.0.2.1') + self.assertEqual(dnat_port, port) + if int(rule) < 200: + self.assertEqual(iface, inbound_iface_100) + self.assertEqual(protocol, inbound_proto_100) + else: + self.assertEqual(iface, inbound_iface_200) def test_snat_required_translation_address(self): # T2813: Ensure translation address is specified diff --git a/smoketest/scripts/cli/test_nat66.py b/smoketest/scripts/cli/test_nat66.py index 6b7b49792..aac6a30f9 100755 --- a/smoketest/scripts/cli/test_nat66.py +++ b/smoketest/scripts/cli/test_nat66.py @@ -32,7 +32,7 @@ dst_path = base_path + ['destination'] class TestNAT66(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestNAT66, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) diff --git a/smoketest/scripts/cli/test_pki.py b/smoketest/scripts/cli/test_pki.py index 45a4bd61e..e92123dbc 100755 --- a/smoketest/scripts/cli/test_pki.py +++ b/smoketest/scripts/cli/test_pki.py @@ -129,8 +129,13 @@ xGsJxVHfSKeooUQn6q76sg== """ class TestPKI(VyOSUnitTestSHIM.TestCase): - def setUp(self): - self.cli_delete(base_path) + @classmethod + def setUpClass(cls): + super(TestPKI, cls).setUpClass() + + # ensure we can also run this test on a live system - so lets clean + # out the current configuration :) + cls.cli_delete(cls, base_path) def tearDown(self): self.cli_delete(base_path) diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py index b232a2241..e8c6ff19b 100755 --- a/smoketest/scripts/cli/test_policy.py +++ b/smoketest/scripts/cli/test_policy.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -800,27 +800,28 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): '10' : { 'action' : 'deny', 'set' : { - 'aggregator-as' : '1234567890', - 'aggregator-ip' : '10.255.255.0', - 'as-path-exclude' : '1234', - 'as-path-prepend' : '1234567890 987654321', - 'atomic-aggregate' : '', - 'distance' : '110', - 'extcommunity-bw' : '20000', - 'extcommunity-rt' : '123:456', - 'extcommunity-soo' : '456:789', - 'ipv6-next-hop-global': '2001::1', - 'ipv6-next-hop-local' : 'fe80::1', - 'ip-next-hop' : '192.168.1.1', - 'large-community' : '100:200:300', - 'local-preference' : '500', - 'metric' : '150', - 'metric-type' : 'type-1', - 'origin' : 'incomplete', - 'originator-id' : '172.16.10.1', - 'src' : '100.0.0.1', - 'tag' : '65530', - 'weight' : '2', + 'aggregator-as' : '1234567890', + 'aggregator-ip' : '10.255.255.0', + 'as-path-exclude' : '1234', + 'as-path-prepend' : '1234567890 987654321', + 'as-path-prepend-last-as' : '5', + 'atomic-aggregate' : '', + 'distance' : '110', + 'extcommunity-bw' : '20000', + 'extcommunity-rt' : '123:456', + 'extcommunity-soo' : '456:789', + 'ipv6-next-hop-global' : '2001::1', + 'ipv6-next-hop-local' : 'fe80::1', + 'ip-next-hop' : '192.168.1.1', + 'large-community' : '100:200:300', + 'local-preference' : '500', + 'metric' : '150', + 'metric-type' : 'type-1', + 'origin' : 'incomplete', + 'originator-id' : '172.16.10.1', + 'src' : '100.0.0.1', + 'tag' : '65530', + 'weight' : '2', }, }, }, @@ -848,6 +849,13 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): 'evpn-vni' : '1234', }, }, + '20' : { + 'action' : 'permit', + 'set' : { + 'evpn-gateway-ipv4' : '192.0.2.99', + 'evpn-gateway-ipv6' : '2001:db8:f00::1', + }, + }, }, }, } @@ -958,9 +966,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): if 'aggregator-ip' in rule_config['set']: self.cli_set(path + ['rule', rule, 'set', 'aggregator', 'ip', rule_config['set']['aggregator-ip']]) if 'as-path-exclude' in rule_config['set']: - self.cli_set(path + ['rule', rule, 'set', 'as-path-exclude', rule_config['set']['as-path-exclude']]) + self.cli_set(path + ['rule', rule, 'set', 'as-path', 'exclude', rule_config['set']['as-path-exclude']]) if 'as-path-prepend' in rule_config['set']: - self.cli_set(path + ['rule', rule, 'set', 'as-path-prepend', rule_config['set']['as-path-prepend']]) + self.cli_set(path + ['rule', rule, 'set', 'as-path', 'prepend', rule_config['set']['as-path-prepend']]) if 'atomic-aggregate' in rule_config['set']: self.cli_set(path + ['rule', rule, 'set', 'atomic-aggregate']) if 'distance' in rule_config['set']: @@ -995,6 +1003,10 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): self.cli_set(path + ['rule', rule, 'set', 'tag', rule_config['set']['tag']]) if 'weight' in rule_config['set']: self.cli_set(path + ['rule', rule, 'set', 'weight', rule_config['set']['weight']]) + if 'evpn-gateway-ipv4' in rule_config['set']: + self.cli_set(path + ['rule', rule, 'set', 'evpn', 'gateway', 'ipv4', rule_config['set']['evpn-gateway-ipv4']]) + if 'evpn-gateway-ipv6' in rule_config['set']: + self.cli_set(path + ['rule', rule, 'set', 'evpn', 'gateway', 'ipv6', rule_config['set']['evpn-gateway-ipv6']]) self.cli_commit() @@ -1118,6 +1130,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): tmp += 'as-path exclude ' + rule_config['set']['as-path-exclude'] elif 'as-path-prepend' in rule_config['set']: tmp += 'as-path prepend ' + rule_config['set']['as-path-prepend'] + elif 'as-path-prepend-last-as' in rule_config['set']: + tmp += 'as-path prepend last-as' + rule_config['set']['as-path-prepend-last-as'] elif 'atomic-aggregate' in rule_config['set']: tmp += 'atomic-aggregate' elif 'distance' in rule_config['set']: @@ -1152,6 +1166,10 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): tmp += 'tag ' + rule_config['set']['tag'] elif 'weight' in rule_config['set']: tmp += 'weight ' + rule_config['set']['weight'] + elif 'vpn-gateway-ipv4' in rule_config['set']: + tmp += 'evpn gateway ipv4 ' + rule_config['set']['vpn-gateway-ipv4'] + elif 'vpn-gateway-ipv6' in rule_config['set']: + tmp += 'evpn gateway ipv6 ' + rule_config['set']['vpn-gateway-ipv6'] self.assertIn(tmp, config) diff --git a/smoketest/scripts/cli/test_policy_route.py b/smoketest/scripts/cli/test_policy_route.py index 9035f0832..e2d70f289 100755 --- a/smoketest/scripts/cli/test_policy_route.py +++ b/smoketest/scripts/cli/test_policy_route.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -23,15 +23,26 @@ from vyos.util import cmd mark = '100' table_mark_offset = 0x7fffffff table_id = '101' +interface = 'eth0' +interface_ip = '172.16.10.1/24' class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): - def setUp(self): - self.cli_set(['interfaces', 'ethernet', 'eth0', 'address', '172.16.10.1/24']) - self.cli_set(['protocols', 'static', 'table', '101', 'route', '0.0.0.0/0', 'interface', 'eth0']) + @classmethod + def setUpClass(cls): + super(TestPolicyRoute, cls).setUpClass() + + cls.cli_set(cls, ['interfaces', 'ethernet', interface, 'address', interface_ip]) + cls.cli_set(cls, ['protocols', 'static', 'table', table_id, 'route', '0.0.0.0/0', 'interface', interface]) + + @classmethod + def tearDownClass(cls): + cls.cli_delete(cls, ['interfaces', 'ethernet', interface, 'address', interface_ip]) + cls.cli_delete(cls, ['protocols', 'static', 'table', table_id]) + + super(TestPolicyRoute, cls).tearDownClass() def tearDown(self): - self.cli_delete(['interfaces', 'ethernet', 'eth0']) - self.cli_delete(['protocols', 'static']) + self.cli_delete(['interfaces', 'ethernet', interface, 'policy']) self.cli_delete(['policy', 'route']) self.cli_delete(['policy', 'route6']) self.cli_commit() @@ -41,14 +52,14 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'destination', 'address', '172.16.10.10']) self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'set', 'mark', mark]) - self.cli_set(['interfaces', 'ethernet', 'eth0', 'policy', 'route', 'smoketest']) + self.cli_set(['interfaces', 'ethernet', interface, 'policy', 'route', 'smoketest']) self.cli_commit() mark_hex = "{0:#010x}".format(int(mark)) nftables_search = [ - ['iifname "eth0"', 'jump VYOS_PBR_smoketest'], + [f'iifname "{interface}"','jump VYOS_PBR_smoketest'], ['ip daddr 172.16.10.10', 'ip saddr 172.16.20.10', 'meta mark set ' + mark_hex], ] @@ -72,8 +83,8 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '1', 'destination', 'port', '8888']) self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '1', 'set', 'table', table_id]) - self.cli_set(['interfaces', 'ethernet', 'eth0', 'policy', 'route', 'smoketest']) - self.cli_set(['interfaces', 'ethernet', 'eth0', 'policy', 'route6', 'smoketest6']) + self.cli_set(['interfaces', 'ethernet', interface, 'policy', 'route', 'smoketest']) + self.cli_set(['interfaces', 'ethernet', interface, 'policy', 'route6', 'smoketest6']) self.cli_commit() @@ -82,7 +93,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): # IPv4 nftables_search = [ - ['iifname "eth0"', 'jump VYOS_PBR_smoketest'], + [f'iifname "{interface}"', 'jump VYOS_PBR_smoketest'], ['tcp flags & (syn | ack) == syn', 'tcp dport { 8888 }', 'meta mark set ' + mark_hex] ] @@ -99,7 +110,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): # IPv6 nftables6_search = [ - ['iifname "eth0"', 'jump VYOS_PBR6_smoketest'], + [f'iifname "{interface}"', 'jump VYOS_PBR6_smoketest'], ['meta l4proto { tcp, udp }', 'th dport { 8888 }', 'meta mark set ' + mark_hex] ] diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index f1db5350a..9c0c93779 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -154,7 +154,7 @@ peer_group_config = { class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestProtocolsBGP, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) @@ -882,5 +882,44 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.assertIn(f' rt vpn import {rt_import}', afi_config) self.assertIn(f' exit-address-family', afi_config) + def test_bgp_14_remote_as_peer_group_override(self): + # Peer-group member cannot override remote-as of peer-group + remote_asn = str(int(ASN) + 150) + neighbor = '192.0.2.1' + peer_group = 'bar' + interface = 'eth0' + + self.cli_set(base_path + ['local-as', ASN]) + self.cli_set(base_path + ['neighbor', neighbor, 'remote-as', remote_asn]) + self.cli_set(base_path + ['neighbor', neighbor, 'peer-group', peer_group]) + self.cli_set(base_path + ['peer-group', peer_group, 'remote-as', remote_asn]) + + # Peer-group member cannot override remote-as of peer-group + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(base_path + ['neighbor', neighbor, 'remote-as']) + + # re-test with interface based peer-group + self.cli_set(base_path + ['neighbor', interface, 'interface', 'peer-group', peer_group]) + self.cli_set(base_path + ['neighbor', interface, 'interface', 'remote-as', 'external']) + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(base_path + ['neighbor', interface, 'interface', 'remote-as']) + + # re-test with interface based v6only peer-group + self.cli_set(base_path + ['neighbor', interface, 'interface', 'v6only', 'peer-group', peer_group]) + self.cli_set(base_path + ['neighbor', interface, 'interface', 'v6only', 'remote-as', 'external']) + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(base_path + ['neighbor', interface, 'interface', 'v6only', 'remote-as']) + + self.cli_commit() + + frrconfig = self.getFRRconfig(f'router bgp {ASN}') + self.assertIn(f'router bgp {ASN}', frrconfig) + self.assertIn(f' neighbor {neighbor} peer-group {peer_group}', frrconfig) + self.assertIn(f' neighbor {peer_group} peer-group', frrconfig) + self.assertIn(f' neighbor {peer_group} remote-as {remote_asn}', frrconfig) + if __name__ == '__main__': - unittest.main(verbosity=2, failfast=True) + unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_protocols_isis.py b/smoketest/scripts/cli/test_protocols_isis.py index 11c765793..ee4be0b37 100755 --- a/smoketest/scripts/cli/test_protocols_isis.py +++ b/smoketest/scripts/cli/test_protocols_isis.py @@ -33,7 +33,7 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): cls._interfaces = Section.interfaces('ethernet') # call base-classes classmethod - super(cls, cls).setUpClass() + super(TestProtocolsISIS, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) diff --git a/smoketest/scripts/cli/test_protocols_mpls.py b/smoketest/scripts/cli/test_protocols_mpls.py index c6751cc42..76e6ca35a 100755 --- a/smoketest/scripts/cli/test_protocols_mpls.py +++ b/smoketest/scripts/cli/test_protocols_mpls.py @@ -68,7 +68,7 @@ profiles = { class TestProtocolsMPLS(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestProtocolsMPLS, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) diff --git a/smoketest/scripts/cli/test_protocols_ospf.py b/smoketest/scripts/cli/test_protocols_ospf.py index e433d06d0..e15ea478b 100755 --- a/smoketest/scripts/cli/test_protocols_ospf.py +++ b/smoketest/scripts/cli/test_protocols_ospf.py @@ -35,7 +35,7 @@ log = logging.getLogger('TestProtocolsOSPF') class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestProtocolsOSPF, cls).setUpClass() cls.cli_set(cls, ['policy', 'route-map', route_map, 'rule', '10', 'action', 'permit']) cls.cli_set(cls, ['policy', 'route-map', route_map, 'rule', '20', 'action', 'permit']) @@ -47,7 +47,7 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase): @classmethod def tearDownClass(cls): cls.cli_delete(cls, ['policy', 'route-map', route_map]) - super(cls, cls).tearDownClass() + super(TestProtocolsOSPF, cls).tearDownClass() def tearDown(self): # Check for running process diff --git a/smoketest/scripts/cli/test_protocols_ospfv3.py b/smoketest/scripts/cli/test_protocols_ospfv3.py index 944190089..fa80ad555 100755 --- a/smoketest/scripts/cli/test_protocols_ospfv3.py +++ b/smoketest/scripts/cli/test_protocols_ospfv3.py @@ -33,7 +33,7 @@ default_area = '0' class TestProtocolsOSPFv3(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestProtocolsOSPFv3, cls).setUpClass() cls.cli_set(cls, ['policy', 'route-map', route_map, 'rule', '10', 'action', 'permit']) cls.cli_set(cls, ['policy', 'route-map', route_map, 'rule', '20', 'action', 'permit']) @@ -45,7 +45,7 @@ class TestProtocolsOSPFv3(VyOSUnitTestSHIM.TestCase): @classmethod def tearDownClass(cls): cls.cli_delete(cls, ['policy', 'route-map', route_map]) - super(cls, cls).tearDownClass() + super(TestProtocolsOSPFv3, cls).tearDownClass() def tearDown(self): # Check for running process diff --git a/smoketest/scripts/cli/test_protocols_static.py b/smoketest/scripts/cli/test_protocols_static.py index 3ef9c76d8..19efe7786 100755 --- a/smoketest/scripts/cli/test_protocols_static.py +++ b/smoketest/scripts/cli/test_protocols_static.py @@ -94,13 +94,13 @@ tables = ['80', '81', '82'] class TestProtocolsStatic(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestProtocolsStatic, cls).setUpClass() cls.cli_set(cls, ['vrf', 'name', 'black', 'table', '43210']) @classmethod def tearDownClass(cls): cls.cli_delete(cls, ['vrf']) - super(cls, cls).tearDownClass() + super(TestProtocolsStatic, cls).tearDownClass() def tearDown(self): for route, route_config in routes.items(): diff --git a/smoketest/scripts/cli/test_protocols_static_arp.py b/smoketest/scripts/cli/test_protocols_static_arp.py new file mode 100755 index 000000000..b61d8f854 --- /dev/null +++ b/smoketest/scripts/cli/test_protocols_static_arp.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import json +import unittest + +from base_vyostest_shim import VyOSUnitTestSHIM + +from vyos.util import cmd + +base_path = ['protocols', 'static', 'arp'] +interface = 'eth0' +address = '192.0.2.1/24' + +class TestARP(VyOSUnitTestSHIM.TestCase): + @classmethod + def setUpClass(cls): + super(TestARP, cls).setUpClass() + + # ensure we can also run this test on a live system - so lets clean + # out the current configuration :) + cls.cli_delete(cls, base_path) + + # we need a L2 interface with a L3 address to properly configure ARP entries + cls.cli_set(cls, ['interfaces', 'ethernet', interface, 'address', address]) + + @classmethod + def tearDownClass(cls): + # cleanuop L2 interface + cls.cli_delete(cls, ['interfaces', 'ethernet', interface, 'address', address]) + cls.cli_commit(cls) + + super(TestARP, cls).tearDownClass() + + def tearDown(self): + # delete test config + self.cli_delete(base_path) + self.cli_commit() + + def test_static_arp(self): + test_data = { + '192.0.2.10' : { 'mac' : '00:01:02:03:04:0a' }, + '192.0.2.11' : { 'mac' : '00:01:02:03:04:0b' }, + '192.0.2.12' : { 'mac' : '00:01:02:03:04:0c' }, + '192.0.2.13' : { 'mac' : '00:01:02:03:04:0d' }, + '192.0.2.14' : { 'mac' : '00:01:02:03:04:0e' }, + '192.0.2.15' : { 'mac' : '00:01:02:03:04:0f' }, + } + + for host, host_config in test_data.items(): + self.cli_set(base_path + ['interface', interface, 'address', host, 'mac', host_config['mac']]) + + self.cli_commit() + + arp_table = json.loads(cmd('ip -j -4 neigh show')) + for host, host_config in test_data.items(): + # As we search within a list of hosts we need to mark if it was + # found or not. This ensures all hosts from test_data are processed + found = False + for entry in arp_table: + # Other ARP entry - not related to this testcase + if entry['dst'] not in list(test_data): + continue + + if entry['dst'] == host: + self.assertEqual(entry['lladdr'], host_config['mac']) + self.assertEqual(entry['dev'], interface) + found = True + + if found == False: + print(entry) + self.assertTrue(found) + +if __name__ == '__main__': + unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py index 9adb9c042..9c9d6d9f1 100755 --- a/smoketest/scripts/cli/test_service_dhcp-server.py +++ b/smoketest/scripts/cli/test_service_dhcp-server.py @@ -38,7 +38,7 @@ domain_name = 'vyos.net' class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestServiceDHCPServer, cls).setUpClass() cidr_mask = subnet.split('/')[-1] cls.cli_set(cls, ['interfaces', 'dummy', 'dum8765', 'address', f'{router}/{cidr_mask}']) @@ -46,7 +46,7 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): @classmethod def tearDownClass(cls): cls.cli_delete(cls, ['interfaces', 'dummy', 'dum8765']) - super(cls, cls).tearDownClass() + super(TestServiceDHCPServer, cls).tearDownClass() def tearDown(self): self.cli_delete(base_path) diff --git a/smoketest/scripts/cli/test_service_dhcpv6-server.py b/smoketest/scripts/cli/test_service_dhcpv6-server.py index 7177f1505..f83453323 100755 --- a/smoketest/scripts/cli/test_service_dhcpv6-server.py +++ b/smoketest/scripts/cli/test_service_dhcpv6-server.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -32,16 +32,24 @@ dns_1 = '2001:db8::1' dns_2 = '2001:db8::2' domain = 'vyos.net' nis_servers = ['2001:db8:ffff::1', '2001:db8:ffff::2'] -interface = 'eth1' +interface = 'eth0' interface_addr = inc_ip(subnet, 1) + '/64' -class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): - def setUp(self): - self.cli_set(['interfaces', 'ethernet', interface, 'address', interface_addr]) +class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase): + @classmethod + def setUpClass(cls): + super(TestServiceDHCPv6Server, cls).setUpClass() + cls.cli_set(cls, ['interfaces', 'ethernet', interface, 'address', interface_addr]) + + @classmethod + def tearDownClass(cls): + cls.cli_delete(cls, ['interfaces', 'ethernet', interface, 'address', interface_addr]) + cls.cli_commit(cls) + + super(TestServiceDHCPv6Server, cls).tearDownClass() def tearDown(self): self.cli_delete(base_path) - self.cli_delete(['interfaces', 'ethernet', interface, 'address', interface_addr]) self.cli_commit() def test_single_pool(self): diff --git a/smoketest/scripts/cli/test_service_https.py b/smoketest/scripts/cli/test_service_https.py index 9413d22d1..71fb3e177 100755 --- a/smoketest/scripts/cli/test_service_https.py +++ b/smoketest/scripts/cli/test_service_https.py @@ -15,16 +15,15 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import unittest -import urllib3 from requests import request +from urllib3.exceptions import InsecureRequestWarning from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import ignore_warning from vyos.util import read_file from vyos.util import run -urllib3.disable_warnings() - base_path = ['service', 'https'] pki_base = ['pki'] @@ -100,6 +99,7 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase): ret = run('sudo /usr/sbin/nginx -t') self.assertEqual(ret, 0) + @ignore_warning(InsecureRequestWarning) def test_api_auth(self): vhost_id = 'example' address = '127.0.0.1' diff --git a/smoketest/scripts/cli/test_service_ids.py b/smoketest/scripts/cli/test_service_ids.py index ddb42e8f8..18f1b8ec5 100755 --- a/smoketest/scripts/cli/test_service_ids.py +++ b/smoketest/scripts/cli/test_service_ids.py @@ -30,7 +30,7 @@ base_path = ['service', 'ids', 'ddos-protection'] class TestServiceIDS(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestServiceIDS, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) diff --git a/smoketest/scripts/cli/test_service_lldp.py b/smoketest/scripts/cli/test_service_lldp.py index 64fdd9d1b..439c96c33 100755 --- a/smoketest/scripts/cli/test_service_lldp.py +++ b/smoketest/scripts/cli/test_service_lldp.py @@ -37,7 +37,7 @@ class TestServiceLLDP(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): # call base-classes classmethod - super(cls, cls).setUpClass() + super(TestServiceLLDP, cls).setUpClass() # create a test interfaces for addr in mgmt_addr: @@ -50,7 +50,7 @@ class TestServiceLLDP(VyOSUnitTestSHIM.TestCase): @classmethod def tearDownClass(cls): cls.cli_delete(cls, ['interfaces', 'dummy', mgmt_if]) - super().tearDownClass() + super(TestServiceLLDP, cls).tearDownClass() def tearDown(self): # service must be running after it was configured diff --git a/smoketest/scripts/cli/test_service_salt.py b/smoketest/scripts/cli/test_service_salt.py index d89861342..00a4f2020 100755 --- a/smoketest/scripts/cli/test_service_salt.py +++ b/smoketest/scripts/cli/test_service_salt.py @@ -32,7 +32,7 @@ interface = 'dum4456' class TestServiceSALT(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestServiceSALT, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) @@ -43,7 +43,7 @@ class TestServiceSALT(VyOSUnitTestSHIM.TestCase): @classmethod def tearDownClass(cls): cls.cli_delete(cls, ['interfaces', 'dummy', interface]) - super(cls, cls).tearDownClass() + super(TestServiceSALT, cls).tearDownClass() def tearDown(self): # Check for running process diff --git a/smoketest/scripts/cli/test_service_snmp.py b/smoketest/scripts/cli/test_service_snmp.py index fc24fd54e..e80c689cc 100755 --- a/smoketest/scripts/cli/test_service_snmp.py +++ b/smoketest/scripts/cli/test_service_snmp.py @@ -49,7 +49,7 @@ def get_config_value(key): class TestSNMPService(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestSNMPService, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py index 9ed263655..0b029dd00 100755 --- a/smoketest/scripts/cli/test_service_ssh.py +++ b/smoketest/scripts/cli/test_service_ssh.py @@ -46,7 +46,7 @@ def get_config_value(key): class TestServiceSSH(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestServiceSSH, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) @@ -213,5 +213,54 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase): usernames = [x[0] for x in getpwall()] self.assertNotIn(test_user, usernames) + def test_ssh_dynamic_protection(self): + # check sshguard service + + SSHGUARD_CONFIG = '/etc/sshguard/sshguard.conf' + SSHGUARD_WHITELIST = '/etc/sshguard/whitelist' + SSHGUARD_PROCESS = 'sshguard' + block_time = '123' + detect_time = '1804' + port = '22' + threshold = '10' + allow_list = ['192.0.2.0/24', '2001:db8::/48'] + + self.cli_set(base_path + ['dynamic-protection', 'block-time', block_time]) + self.cli_set(base_path + ['dynamic-protection', 'detect-time', detect_time]) + self.cli_set(base_path + ['dynamic-protection', 'threshold', threshold]) + for allow in allow_list: + self.cli_set(base_path + ['dynamic-protection', 'allow-from', allow]) + + # commit changes + self.cli_commit() + + # Check configured port + tmp = get_config_value('Port') + self.assertIn(port, tmp) + + # Check sshgurad service + self.assertTrue(process_named_running(SSHGUARD_PROCESS)) + + sshguard_lines = [ + f'THRESHOLD={threshold}', + f'BLOCK_TIME={block_time}', + f'DETECTION_TIME={detect_time}' + ] + + tmp_sshguard_conf = read_file(SSHGUARD_CONFIG) + for line in sshguard_lines: + self.assertIn(line, tmp_sshguard_conf) + + tmp_whitelist_conf = read_file(SSHGUARD_WHITELIST) + for allow in allow_list: + self.assertIn(allow, tmp_whitelist_conf) + + # Delete service ssh dynamic-protection + # but not service ssh itself + self.cli_delete(base_path + ['dynamic-protection']) + self.cli_commit() + + self.assertFalse(process_named_running(SSHGUARD_PROCESS)) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_service_upnp.py b/smoketest/scripts/cli/test_service_upnp.py index c3e9b600f..e4df88c1e 100755 --- a/smoketest/scripts/cli/test_service_upnp.py +++ b/smoketest/scripts/cli/test_service_upnp.py @@ -37,7 +37,7 @@ ipv6_addr = '2001:db8::1/64' class TestServiceUPnP(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestServiceUPnP, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) @@ -51,7 +51,7 @@ class TestServiceUPnP(VyOSUnitTestSHIM.TestCase): cls.cli_delete(cls, address_base) cls._session.commit() - super(cls, cls).tearDownClass() + super(TestServiceUPnP, cls).tearDownClass() def tearDown(self): # Check for running process diff --git a/smoketest/scripts/cli/test_service_webproxy.py b/smoketest/scripts/cli/test_service_webproxy.py index ebbd9fe55..772d6ab16 100755 --- a/smoketest/scripts/cli/test_service_webproxy.py +++ b/smoketest/scripts/cli/test_service_webproxy.py @@ -33,14 +33,14 @@ class TestServiceWebProxy(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): # call base-classes classmethod - super(cls, cls).setUpClass() + super(TestServiceWebProxy, cls).setUpClass() # create a test interfaces cls.cli_set(cls, ['interfaces', 'dummy', listen_if, 'address', listen_ip + '/32']) @classmethod def tearDownClass(cls): cls.cli_delete(cls, ['interfaces', 'dummy', listen_if]) - super().tearDownClass() + super(TestServiceWebProxy, cls).tearDownClass() def tearDown(self): self.cli_delete(base_path) diff --git a/smoketest/scripts/cli/test_system_flow-accounting.py b/smoketest/scripts/cli/test_system_flow-accounting.py index 84f17bcb0..5a73ebc7d 100755 --- a/smoketest/scripts/cli/test_system_flow-accounting.py +++ b/smoketest/scripts/cli/test_system_flow-accounting.py @@ -32,7 +32,7 @@ uacctd_conf = '/run/pmacct/uacctd.conf' class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestSystemFlowAccounting, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) diff --git a/smoketest/scripts/cli/test_system_ntp.py b/smoketest/scripts/cli/test_system_ntp.py index c8cf04b7d..e2821687c 100755 --- a/smoketest/scripts/cli/test_system_ntp.py +++ b/smoketest/scripts/cli/test_system_ntp.py @@ -31,7 +31,7 @@ base_path = ['system', 'ntp'] class TestSystemNTP(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestSystemNTP, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py index 1338fe81c..8a6514d57 100755 --- a/smoketest/scripts/cli/test_vpn_ipsec.py +++ b/smoketest/scripts/cli/test_vpn_ipsec.py @@ -114,7 +114,7 @@ rgiyCHemtMepq57Pl1Nmj49eEA== class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestVPNIPsec, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) cls.cli_delete(cls, base_path) @@ -123,8 +123,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): @classmethod def tearDownClass(cls): - super(cls, cls).tearDownClass() - + super(TestVPNIPsec, cls).tearDownClass() cls.cli_delete(cls, base_path + ['interface', f'{interface}.{vif}']) def setUp(self): diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py index 1f2c36f0d..bda279342 100755 --- a/smoketest/scripts/cli/test_vpn_openconnect.py +++ b/smoketest/scripts/cli/test_vpn_openconnect.py @@ -24,8 +24,27 @@ OCSERV_CONF = '/run/ocserv/ocserv.conf' base_path = ['vpn', 'openconnect'] pki_path = ['pki'] -cert_data = 'MIICFDCCAbugAwIBAgIUfMbIsB/ozMXijYgUYG80T1ry+mcwCgYIKoZIzj0EAwIwWTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MB4XDTIxMDcyMDEyNDUxMloXDTI2MDcxOTEyNDUxMlowWTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE01HrLcNttqq4/PtoMua8rMWEkOdBu7vP94xzDO7A8C92ls1v86eePy4QllKCzIw3QxBIoCuH2peGRfWgPRdFsKNhMF8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSu+JnU5ZC4mkuEpqg2+Mk4K79oeDAKBggqhkjOPQQDAgNHADBEAiBEFdzQ/Bc3LftzngrY605UhA6UprHhAogKgROv7iR4QgIgEFUxTtW3xXJcnUPWhhUFhyZoqfn8dE93+dm/LDnp7C0=' -key_data = 'MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPLpD0Ohhoq0g4nhx2KMIuze7ucKUt/lBEB2wc03IxXyhRANCAATTUestw222qrj8+2gy5rysxYSQ50G7u8/3jHMM7sDwL3aWzW/zp54/LhCWUoLMjDdDEEigK4fal4ZF9aA9F0Ww' + +cert_data = """ +MIICFDCCAbugAwIBAgIUfMbIsB/ozMXijYgUYG80T1ry+mcwCgYIKoZIzj0EAwIw +WTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNv +bWUtQ2l0eTENMAsGA1UECgwEVnlPUzESMBAGA1UEAwwJVnlPUyBUZXN0MB4XDTIx +MDcyMDEyNDUxMloXDTI2MDcxOTEyNDUxMlowWTELMAkGA1UEBhMCR0IxEzARBgNV +BAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlP +UzESMBAGA1UEAwwJVnlPUyBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +01HrLcNttqq4/PtoMua8rMWEkOdBu7vP94xzDO7A8C92ls1v86eePy4QllKCzIw3 +QxBIoCuH2peGRfWgPRdFsKNhMF8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSu ++JnU5ZC4mkuEpqg2+Mk4K79oeDAKBggqhkjOPQQDAgNHADBEAiBEFdzQ/Bc3Lftz +ngrY605UhA6UprHhAogKgROv7iR4QgIgEFUxTtW3xXJcnUPWhhUFhyZoqfn8dE93 ++dm/LDnp7C0= +""" + +key_data = """ +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPLpD0Ohhoq0g4nhx +2KMIuze7ucKUt/lBEB2wc03IxXyhRANCAATTUestw222qrj8+2gy5rysxYSQ50G7 +u8/3jHMM7sDwL3aWzW/zp54/LhCWUoLMjDdDEEigK4fal4ZF9aA9F0Ww +""" class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase): def tearDown(self): @@ -42,16 +61,16 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase): self.cli_delete(pki_path) self.cli_delete(base_path) - self.cli_set(pki_path + ['ca', 'openconnect', 'certificate', cert_data]) - self.cli_set(pki_path + ['certificate', 'openconnect', 'certificate', cert_data]) - self.cli_set(pki_path + ['certificate', 'openconnect', 'private', 'key', key_data]) + self.cli_set(pki_path + ['ca', 'openconnect', 'certificate', cert_data.replace('\n','')]) + self.cli_set(pki_path + ['certificate', 'openconnect', 'certificate', cert_data.replace('\n','')]) + self.cli_set(pki_path + ['certificate', 'openconnect', 'private', 'key', key_data.replace('\n','')]) - self.cli_set(base_path + ["authentication", "local-users", "username", user, "password", password]) - self.cli_set(base_path + ["authentication", "local-users", "username", user, "otp", "key", otp]) - self.cli_set(base_path + ["authentication", "mode", "local", "password-otp"]) - self.cli_set(base_path + ["network-settings", "client-ip-settings", "subnet", "192.0.2.0/24"]) - self.cli_set(base_path + ["ssl", "ca-certificate", 'openconnect']) - self.cli_set(base_path + ["ssl", "certificate", 'openconnect']) + self.cli_set(base_path + ['authentication', 'local-users', 'username', user, 'password', password]) + self.cli_set(base_path + ['authentication', 'local-users', 'username', user, 'otp', 'key', otp]) + self.cli_set(base_path + ['authentication', 'mode', 'local', 'password-otp']) + self.cli_set(base_path + ['network-settings', 'client-ip-settings', 'subnet', '192.0.2.0/24']) + self.cli_set(base_path + ['ssl', 'ca-certificate', 'openconnect']) + self.cli_set(base_path + ['ssl', 'certificate', 'openconnect']) self.cli_commit() diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py index c591d6cf5..176c095fb 100755 --- a/smoketest/scripts/cli/test_vrf.py +++ b/smoketest/scripts/cli/test_vrf.py @@ -49,7 +49,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): if not '.' in tmp: cls._interfaces.append(tmp) # call base-classes classmethod - super(cls, cls).setUpClass() + super(VRFTest, cls).setUpClass() def tearDown(self): # delete all VRFs @@ -127,6 +127,9 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): for vrf in vrfs: # Ensure VRF was created self.assertIn(vrf, interfaces()) + # Verify IP forwarding is 1 (enabled) + self.assertEqual(read_file(f'/proc/sys/net/ipv4/conf/{vrf}/forwarding'), '1') + self.assertEqual(read_file(f'/proc/sys/net/ipv6/conf/{vrf}/forwarding'), '1') # Test for proper loopback IP assignment for addr in loopbacks: self.assertTrue(is_intf_addr_assigned(vrf, addr)) @@ -267,5 +270,26 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): self.cli_delete(['interfaces', 'dummy', interface]) self.cli_commit() + def test_vrf_disable_forwarding(self): + table = '2000' + for vrf in vrfs: + base = base_path + ['name', vrf] + self.cli_set(base + ['table', table]) + self.cli_set(base + ['ip', 'disable-forwarding']) + self.cli_set(base + ['ipv6', 'disable-forwarding']) + table = str(int(table) + 1) + + # commit changes + self.cli_commit() + + # Verify VRF configuration + loopbacks = ['127.0.0.1', '::1'] + for vrf in vrfs: + # Ensure VRF was created + self.assertIn(vrf, interfaces()) + # Verify IP forwarding is 0 (disabled) + self.assertEqual(read_file(f'/proc/sys/net/ipv4/conf/{vrf}/forwarding'), '0') + self.assertEqual(read_file(f'/proc/sys/net/ipv6/conf/{vrf}/forwarding'), '0') + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_zone_policy.py b/smoketest/scripts/cli/test_zone_policy.py index 6e34f3179..2c580e2f1 100755 --- a/smoketest/scripts/cli/test_zone_policy.py +++ b/smoketest/scripts/cli/test_zone_policy.py @@ -23,13 +23,13 @@ from vyos.util import cmd class TestZonePolicy(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): - super(cls, cls).setUpClass() + super(TestZonePolicy, cls).setUpClass() cls.cli_set(cls, ['firewall', 'name', 'smoketest', 'default-action', 'drop']) @classmethod def tearDownClass(cls): cls.cli_delete(cls, ['firewall']) - super(cls, cls).tearDownClass() + super(TestZonePolicy, cls).tearDownClass() def tearDown(self): self.cli_delete(['zone-policy']) diff --git a/src/conf_mode/arp.py b/src/conf_mode/arp.py index aac07bd80..1cd8f5451 100755 --- a/src/conf_mode/arp.py +++ b/src/conf_mode/arp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018 VyOS maintainers and contributors +# Copyright (C) 2018-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -13,92 +13,62 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# -import sys -import os -import re -import syslog as sl +from sys import exit from vyos.config import Config +from vyos.configdict import node_changed from vyos.util import call from vyos import ConfigError - from vyos import airbag airbag.enable() -arp_cmd = '/usr/sbin/arp' - -def get_config(): - c = Config() - if not c.exists('protocols static arp'): - return None - - c.set_level('protocols static') - config_data = {} - - for ip_addr in c.list_nodes('arp'): - config_data.update( - { - ip_addr : c.return_value('arp ' + ip_addr + ' hwaddr') - } - ) +def get_config(config=None): + if config: + conf = config + else: + conf = Config() - return config_data + base = ['protocols', 'static', 'arp'] + arp = conf.get_config_dict(base, get_first_key=True) -def generate(c): - c_eff = Config() - c_eff.set_level('protocols static') - c_eff_cnf = {} - for ip_addr in c_eff.list_effective_nodes('arp'): - c_eff_cnf.update( - { - ip_addr : c_eff.return_effective_value('arp ' + ip_addr + ' hwaddr') - } - ) + if 'interface' in arp: + for interface in arp['interface']: + tmp = node_changed(conf, base + ['interface', interface, 'address'], recursive=True) + if tmp: arp['interface'][interface].update({'address_old' : tmp}) - config_data = { - 'remove' : [], - 'update' : {} - } - ### removal - if c == None: - for ip_addr in c_eff_cnf: - config_data['remove'].append(ip_addr) - else: - for ip_addr in c_eff_cnf: - if not ip_addr in c or c[ip_addr] == None: - config_data['remove'].append(ip_addr) + return arp - ### add/update - if c != None: - for ip_addr in c: - if not ip_addr in c_eff_cnf: - config_data['update'][ip_addr] = c[ip_addr] - if ip_addr in c_eff_cnf: - if c[ip_addr] != c_eff_cnf[ip_addr] and c[ip_addr] != None: - config_data['update'][ip_addr] = c[ip_addr] +def verify(arp): + pass - return config_data +def generate(arp): + pass -def apply(c): - for ip_addr in c['remove']: - sl.syslog(sl.LOG_NOTICE, "arp -d " + ip_addr) - call(f'{arp_cmd} -d {ip_addr} >/dev/null 2>&1') +def apply(arp): + if not arp: + return None - for ip_addr in c['update']: - sl.syslog(sl.LOG_NOTICE, "arp -s " + ip_addr + " " + c['update'][ip_addr]) - updated = c['update'][ip_addr] - call(f'{arp_cmd} -s {ip_addr} {updated}') + if 'interface' in arp: + for interface, interface_config in arp['interface'].items(): + # Delete old static ARP assignments first + if 'address_old' in interface_config: + for address in interface_config['address_old']: + call(f'ip neigh del {address} dev {interface}') + # Add new static ARP entries to interface + if 'address' not in interface_config: + continue + for address, address_config in interface_config['address'].items(): + mac = address_config['mac'] + call(f'ip neigh add {address} lladdr {mac} dev {interface}') if __name__ == '__main__': - try: - c = get_config() - ## syntax verification is done via cli - config = generate(c) - apply(config) - except ConfigError as e: - print(e) - sys.exit(1) + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/bcast_relay.py index d93a2a8f4..39a2971ce 100755 --- a/src/conf_mode/bcast_relay.py +++ b/src/conf_mode/bcast_relay.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2017-2020 VyOS maintainers and contributors +# Copyright (C) 2017-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -78,7 +78,7 @@ def generate(relay): continue config['instance'] = instance - render(config_file_base + instance, 'bcast-relay/udp-broadcast-relay.tmpl', + render(config_file_base + instance, 'bcast-relay/udp-broadcast-relay.j2', config) return None diff --git a/src/conf_mode/conntrack.py b/src/conf_mode/conntrack.py index aabf2bdf5..82289526f 100755 --- a/src/conf_mode/conntrack.py +++ b/src/conf_mode/conntrack.py @@ -101,9 +101,9 @@ def verify(conntrack): return None def generate(conntrack): - render(conntrack_config, 'conntrack/vyos_nf_conntrack.conf.tmpl', conntrack) - render(sysctl_file, 'conntrack/sysctl.conf.tmpl', conntrack) - render(nftables_ct_file, 'conntrack/nftables-ct.tmpl', conntrack) + render(conntrack_config, 'conntrack/vyos_nf_conntrack.conf.j2', conntrack) + render(sysctl_file, 'conntrack/sysctl.conf.j2', conntrack) + render(nftables_ct_file, 'conntrack/nftables-ct.j2', conntrack) # dry-run newly generated configuration tmp = run(f'nft -c -f {nftables_ct_file}') diff --git a/src/conf_mode/conntrack_sync.py b/src/conf_mode/conntrack_sync.py index 34d1f7398..c4b2bb488 100755 --- a/src/conf_mode/conntrack_sync.py +++ b/src/conf_mode/conntrack_sync.py @@ -111,11 +111,12 @@ def generate(conntrack): os.unlink(config_file) return None - render(config_file, 'conntrackd/conntrackd.conf.tmpl', conntrack) + render(config_file, 'conntrackd/conntrackd.conf.j2', conntrack) return None def apply(conntrack): + systemd_service = 'conntrackd.service' if not conntrack: # Failover mechanism daemon should be indicated that it no longer needs # to execute conntrackd actions on transition. This is only required @@ -123,7 +124,7 @@ def apply(conntrack): if process_named_running('conntrackd'): resync_vrrp() - call('systemctl stop conntrackd.service') + call(f'systemctl stop {systemd_service}') return None # Failover mechanism daemon should be indicated that it needs to execute @@ -132,7 +133,7 @@ def apply(conntrack): if not process_named_running('conntrackd'): resync_vrrp() - call('systemctl restart conntrackd.service') + call(f'systemctl reload-or-restart {systemd_service}') return None if __name__ == '__main__': diff --git a/src/conf_mode/containers.py b/src/conf_mode/container.py index 516671844..2110fd9e0 100755 --- a/src/conf_mode/containers.py +++ b/src/conf_mode/container.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -15,20 +15,19 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import os -import json from ipaddress import ip_address from ipaddress import ip_network from time import sleep from json import dumps as json_write +from vyos.base import Warning from vyos.config import Config from vyos.configdict import dict_merge from vyos.configdict import node_changed from vyos.util import call from vyos.util import cmd from vyos.util import run -from vyos.util import read_file from vyos.util import write_file from vyos.template import inc_ip from vyos.template import is_ipv4 @@ -42,6 +41,20 @@ airbag.enable() config_containers_registry = '/etc/containers/registries.conf' config_containers_storage = '/etc/containers/storage.conf' +def _run_rerun(container_cmd): + counter = 0 + while True: + if counter >= 10: + break + try: + _cmd(container_cmd) + break + except: + counter = counter +1 + sleep(0.5) + + return None + def _cmd(command): if os.path.exists('/tmp/vyos.container.debug'): print(command) @@ -77,10 +90,10 @@ def get_config(config=None): container['name'][name] = dict_merge(default_values, container['name'][name]) # Delete container network, delete containers - tmp = node_changed(conf, ['container', 'network']) + tmp = node_changed(conf, base + ['container', 'network']) if tmp: container.update({'network_remove' : tmp}) - tmp = node_changed(conf, ['container', 'name']) + tmp = node_changed(conf, base + ['container', 'name']) if tmp: container.update({'container_remove' : tmp}) return container @@ -93,6 +106,26 @@ def verify(container): # Add new container if 'name' in container: for name, container_config in container['name'].items(): + # Container image is a mandatory option + if 'image' not in container_config: + raise ConfigError(f'Container image for "{name}" is mandatory!') + + # Check if requested container image exists locally. If it does not + # exist locally - inform the user. This is required as there is a + # shared container image storage accross all VyOS images. A user can + # delete a container image from the system, boot into another version + # of VyOS and then it would fail to boot. This is to prevent any + # configuration error when container images are deleted from the + # global storage. A per image local storage would be a super waste + # of diskspace as there will be a full copy (up tu several GB/image) + # on upgrade. This is the "cheapest" and fastest solution in terms + # of image upgrade and deletion. + image = container_config['image'] + if run(f'podman image exists {image}') != 0: + Warning(f'Image "{image}" used in contianer "{name}" does not exist '\ + f'locally. Please use "add container image {image}" to add it '\ + f'to the system! Container "{name}" will not be started!') + if 'network' in container_config: if len(container_config['network']) > 1: raise ConfigError(f'Only one network can be specified for container "{name}"!') @@ -151,10 +184,6 @@ def verify(container): if not os.path.exists(source): raise ConfigError(f'Volume "{volume}" source path "{source}" does not exist!') - # Container image is a mandatory option - if 'image' not in container_config: - raise ConfigError(f'Container image for "{name}" is mandatory!') - # If 'allow-host-networks' or 'network' not set. if 'allow_host_networks' not in container_config and 'network' not in container_config: raise ConfigError(f'Must either set "network" or "allow-host-networks" for container "{name}"!') @@ -194,6 +223,10 @@ def verify(container): def generate(container): # bail out early - looks like removal from running config if not container: + if os.path.exists(config_containers_registry): + os.unlink(config_containers_registry) + if os.path.exists(config_containers_storage): + os.unlink(config_containers_storage) return None if 'network' in container: @@ -227,8 +260,8 @@ def generate(container): write_file(f'/etc/cni/net.d/{network}.conflist', json_write(tmp, indent=2)) - render(config_containers_registry, 'containers/registry.tmpl', container) - render(config_containers_storage, 'containers/storage.tmpl', container) + render(config_containers_registry, 'container/registries.conf.j2', container) + render(config_containers_storage, 'container/storage.conf.j2', container) return None @@ -252,6 +285,11 @@ def apply(container): for name, container_config in container['name'].items(): image = container_config['image'] + if run(f'podman image exists {image}') != 0: + # container image does not exist locally - user already got + # informed by a WARNING in verfiy() - bail out early + continue + if 'disable' in container_config: # check if there is a container by that name running tmp = _cmd('podman ps -a --format "{{.Names}}"') @@ -263,13 +301,6 @@ def apply(container): memory = container_config['memory'] restart = container_config['restart'] - # Check if requested container image exists locally. If it does not, we - # pull it. print() is the best way to have a good response from the - # polling process to the user to display progress. If the image exists - # locally, a user can update it running `update container image <name>` - tmp = run(f'podman image exists {image}') - if tmp != 0: print(os.system(f'podman pull {image}')) - # Add capability options. Should be in uppercase cap_add = '' if 'cap_add' in container_config: @@ -318,7 +349,7 @@ def apply(container): f'--memory {memory}m --memory-swap 0 --restart {restart} ' \ f'--name {name} {device} {port} {volume} {env_opt}' if 'allow_host_networks' in container_config: - run(f'{container_base_cmd} --net host {image}') + _run_rerun(f'{container_base_cmd} --net host {image}') else: for network in container_config['network']: ipparam = '' @@ -326,25 +357,10 @@ def apply(container): address = container_config['network'][network]['address'] ipparam = f'--ip {address}' - run(f'{container_base_cmd} --net {network} {ipparam} {image}') - - return None - -def run(container_cmd): - counter = 0 - while True: - if counter >= 10: - break - try: - _cmd(container_cmd) - break - except: - counter = counter +1 - sleep(0.5) + _run_rerun(f'{container_base_cmd} --net {network} {ipparam} {image}') return None - if __name__ == '__main__': try: c = get_config() diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index 9922f2c5c..078ff327c 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -41,7 +41,9 @@ def get_config(config=None): if not conf.exists(base): return None - dhcpv6 = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) + dhcpv6 = conf.get_config_dict(base, key_mangling=('-', '_'), + get_first_key=True, + no_tag_node_value_mangle=True) return dhcpv6 def verify(dhcpv6): @@ -51,7 +53,7 @@ def verify(dhcpv6): # If DHCP is enabled we need one share-network if 'shared_network_name' not in dhcpv6: - raise ConfigError('No DHCPv6 shared networks configured. At least\n' \ + raise ConfigError('No DHCPv6 shared networks configured. At least '\ 'one DHCPv6 shared network must be configured.') # Inspect shared-network/subnet @@ -60,8 +62,9 @@ def verify(dhcpv6): for network, network_config in dhcpv6['shared_network_name'].items(): # A shared-network requires a subnet definition if 'subnet' not in network_config: - raise ConfigError(f'No DHCPv6 lease subnets configured for "{network}". At least one\n' \ - 'lease subnet must be configured for each shared network!') + raise ConfigError(f'No DHCPv6 lease subnets configured for "{network}". '\ + 'At least one lease subnet must be configured for '\ + 'each shared network!') for subnet, subnet_config in network_config['subnet'].items(): if 'address_range' in subnet_config: @@ -83,20 +86,20 @@ def verify(dhcpv6): # Stop address must be greater or equal to start address if not ip_address(stop) >= ip_address(start): - raise ConfigError(f'address-range stop address "{stop}" must be greater or equal\n' \ + raise ConfigError(f'address-range stop address "{stop}" must be greater then or equal ' \ f'to the range start address "{start}"!') # DHCPv6 range start address must be unique - two ranges can't # start with the same address - makes no sense if start in range6_start: - raise ConfigError(f'Conflicting DHCPv6 lease range:\n' \ + raise ConfigError(f'Conflicting DHCPv6 lease range: '\ f'Pool start address "{start}" defined multipe times!') range6_start.append(start) # DHCPv6 range stop address must be unique - two ranges can't # end with the same address - makes no sense if stop in range6_stop: - raise ConfigError(f'Conflicting DHCPv6 lease range:\n' \ + raise ConfigError(f'Conflicting DHCPv6 lease range: '\ f'Pool stop address "{stop}" defined multipe times!') range6_stop.append(stop) @@ -112,7 +115,7 @@ def verify(dhcpv6): for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items(): if 'stop' not in prefix_config: - raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}"\n' + raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\ f'must be configured') if 'prefix_length' not in prefix_config: @@ -126,6 +129,10 @@ def verify(dhcpv6): if ip_address(mapping_config['ipv6_address']) not in ip_network(subnet): raise ConfigError(f'static-mapping address for mapping "{mapping}" is not in subnet "{subnet}"!') + if 'vendor_option' in subnet_config: + if len(dict_search('vendor_option.cisco.tftp_server', subnet_config)) > 2: + raise ConfigError(f'No more then two Cisco tftp-servers should be defined for subnet "{subnet}"!') + # Subnets must be unique if subnet in subnets: raise ConfigError(f'DHCPv6 subnets must be unique! Subnet {subnet} defined multiple times!') @@ -149,8 +156,8 @@ def verify(dhcpv6): raise ConfigError('DHCPv6 conflicting subnet ranges: {0} overlaps {1}'.format(net, net2)) if not listen_ok: - raise ConfigError('None of the DHCPv6 subnets are connected to a subnet6 on\n' \ - 'this machine. At least one subnet6 must be connected such that\n' \ + raise ConfigError('None of the DHCPv6 subnets are connected to a subnet6 on '\ + 'this machine. At least one subnet6 must be connected such that '\ 'DHCPv6 listens on an interface!') @@ -166,15 +173,15 @@ def generate(dhcpv6): def apply(dhcpv6): # bail out early - looks like removal from running config + service_name = 'isc-dhcp-server6.service' if not dhcpv6 or 'disable' in dhcpv6: # DHCP server is removed in the commit - call('systemctl stop isc-dhcp-server6.service') + call(f'systemctl stop {service_name}') if os.path.exists(config_file): os.unlink(config_file) - return None - call('systemctl restart isc-dhcp-server6.service') + call(f'systemctl restart {service_name}') return None if __name__ == '__main__': diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index de78d53a8..6924bf555 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -327,8 +327,8 @@ def generate(firewall): else: firewall['cleanup_commands'] = cleanup_commands(firewall) - render(nftables_conf, 'firewall/nftables.tmpl', firewall) - render(nftables_defines_conf, 'firewall/nftables-defines.tmpl', firewall) + render(nftables_conf, 'firewall/nftables.j2', firewall) + render(nftables_defines_conf, 'firewall/nftables-defines.j2', firewall) return None def apply_sysfs(firewall): diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index 25bf54790..7f7a98b04 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -239,8 +239,8 @@ def generate(flow_config): if not flow_config: return None - render(uacctd_conf_path, 'pmacct/uacctd.conf.tmpl', flow_config) - render(systemd_override, 'pmacct/override.conf.tmpl', flow_config) + render(uacctd_conf_path, 'pmacct/uacctd.conf.j2', flow_config) + render(systemd_override, 'pmacct/override.conf.j2', flow_config) # Reload systemd manager configuration call('systemctl daemon-reload') diff --git a/src/conf_mode/high-availability.py b/src/conf_mode/high-availability.py index 7d51bb393..e14050dd3 100755 --- a/src/conf_mode/high-availability.py +++ b/src/conf_mode/high-availability.py @@ -28,7 +28,6 @@ from vyos.template import render from vyos.template import is_ipv4 from vyos.template import is_ipv6 from vyos.util import call -from vyos.util import is_systemd_service_running from vyos.xml import defaults from vyos import ConfigError from vyos import airbag @@ -152,7 +151,7 @@ def generate(ha): if not ha: return None - render(VRRP.location['config'], 'high-availability/keepalived.conf.tmpl', ha) + render(VRRP.location['config'], 'high-availability/keepalived.conf.j2', ha) return None def apply(ha): @@ -161,12 +160,7 @@ def apply(ha): call(f'systemctl stop {service_name}') return None - # XXX: T3944 - reload keepalived configuration if service is already running - # to not cause any service disruption when applying changes. - if is_systemd_service_running(service_name): - call(f'systemctl reload {service_name}') - else: - call(f'systemctl restart {service_name}') + call(f'systemctl reload-or-restart {service_name}') return None if __name__ == '__main__': diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index 00f3d4f7f..4a7906c17 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -117,7 +117,7 @@ def generate(http_api): with open(api_conf_file, 'w') as f: json.dump(http_api, f, indent=2) - render(systemd_service, 'https/vyos-http-api.service.tmpl', http_api) + render(systemd_service, 'https/vyos-http-api.service.j2', http_api) return None def apply(http_api): diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 37fa36797..3057357fc 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -214,8 +214,8 @@ def generate(https): 'certbot': certbot } - render(config_file, 'https/nginx.default.tmpl', data) - render(systemd_override, 'https/override.conf.tmpl', https) + render(config_file, 'https/nginx.default.j2', data) + render(systemd_override, 'https/override.conf.j2', https) return None def apply(https): diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/igmp_proxy.py index 37df3dc92..de6a51c64 100755 --- a/src/conf_mode/igmp_proxy.py +++ b/src/conf_mode/igmp_proxy.py @@ -96,7 +96,7 @@ def generate(igmp_proxy): Warning('IGMP Proxy will be deactivated because it is disabled') return None - render(config_file, 'igmp-proxy/igmpproxy.conf.tmpl', igmp_proxy) + render(config_file, 'igmp-proxy/igmpproxy.conf.j2', igmp_proxy) return None diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index ad5a0f499..4167594e3 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -68,7 +68,7 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'bonding'] - bond = get_interface_dict(conf, base) + ifname, bond = get_interface_dict(conf, base) # To make our own life easier transfor the list of member interfaces # into a dictionary - we will use this to add additional information @@ -81,14 +81,14 @@ def get_config(config=None): if 'mode' in bond: bond['mode'] = get_bond_mode(bond['mode']) - tmp = leaf_node_changed(conf, ['mode']) + tmp = leaf_node_changed(conf, base + [ifname, 'mode']) if tmp: bond.update({'shutdown_required': {}}) - tmp = leaf_node_changed(conf, ['lacp-rate']) + tmp = leaf_node_changed(conf, base + [ifname, 'lacp-rate']) if tmp: bond.update({'shutdown_required': {}}) # determine which members have been removed - interfaces_removed = leaf_node_changed(conf, ['member', 'interface']) + interfaces_removed = leaf_node_changed(conf, base + [ifname, 'member', 'interface']) if interfaces_removed: bond.update({'shutdown_required': {}}) if 'member' not in bond: diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index b1f7e6d7c..38ae727c1 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -50,15 +50,15 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'bridge'] - bridge = get_interface_dict(conf, base) + ifname, bridge = get_interface_dict(conf, base) # determine which members have been removed - tmp = node_changed(conf, ['member', 'interface'], key_mangling=('-', '_')) + tmp = node_changed(conf, base + [ifname, 'member', 'interface'], key_mangling=('-', '_')) if tmp: if 'member' in bridge: - bridge['member'].update({'interface_remove': tmp }) + bridge['member'].update({'interface_remove' : tmp }) else: - bridge.update({'member': {'interface_remove': tmp }}) + bridge.update({'member' : {'interface_remove' : tmp }}) if dict_search('member.interface', bridge): # XXX: T2665: we need a copy of the dict keys for iteration, else we will get: diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces-dummy.py index 4a1eb7b93..e771581e1 100755 --- a/src/conf_mode/interfaces-dummy.py +++ b/src/conf_mode/interfaces-dummy.py @@ -37,7 +37,7 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'dummy'] - dummy = get_interface_dict(conf, base) + _, dummy = get_interface_dict(conf, base) return dummy def verify(dummy): diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index 333d39e0e..fec4456fb 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -65,7 +65,7 @@ def get_config(config=None): get_first_key=True, no_tag_node_value_mangle=True) base = ['interfaces', 'ethernet'] - ethernet = get_interface_dict(conf, base) + _, ethernet = get_interface_dict(conf, base) if 'deleted' not in ethernet: if pki: ethernet['pki'] = pki diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces-geneve.py index 26d248579..b9cf2fa3c 100755 --- a/src/conf_mode/interfaces-geneve.py +++ b/src/conf_mode/interfaces-geneve.py @@ -22,7 +22,7 @@ from netifaces import interfaces from vyos.config import Config from vyos.configdict import get_interface_dict from vyos.configdict import leaf_node_changed -from vyos.configdict import node_changed +from vyos.configdict import is_node_changed from vyos.configverify import verify_address from vyos.configverify import verify_mtu_ipv6 from vyos.configverify import verify_bridge_delete @@ -43,16 +43,16 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'geneve'] - geneve = get_interface_dict(conf, base) + ifname, geneve = get_interface_dict(conf, base) # GENEVE interfaces are picky and require recreation if certain parameters # change. But a GENEVE interface should - of course - not be re-created if # it's description or IP address is adjusted. Feels somehow logic doesn't it? for cli_option in ['remote', 'vni']: - if leaf_node_changed(conf, cli_option): + if leaf_node_changed(conf, base + [ifname, cli_option]): geneve.update({'rebuild_required': {}}) - if node_changed(conf, ['parameters'], recursive=True): + if is_node_changed(conf, base + [ifname, 'parameters']): geneve.update({'rebuild_required': {}}) return geneve diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 22256bf4f..6a486f969 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -45,15 +45,15 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'l2tpv3'] - l2tpv3 = get_interface_dict(conf, base) + ifname, l2tpv3 = get_interface_dict(conf, base) # To delete an l2tpv3 interface we need the current tunnel and session-id if 'deleted' in l2tpv3: - tmp = leaf_node_changed(conf, ['tunnel-id']) + tmp = leaf_node_changed(conf, base + [ifname, 'tunnel-id']) # leaf_node_changed() returns a list l2tpv3.update({'tunnel_id': tmp[0]}) - tmp = leaf_node_changed(conf, ['session-id']) + tmp = leaf_node_changed(conf, base + [ifname, 'session-id']) l2tpv3.update({'session_id': tmp[0]}) return l2tpv3 diff --git a/src/conf_mode/interfaces-loopback.py b/src/conf_mode/interfaces-loopback.py index e4bc15bb5..08d34477a 100755 --- a/src/conf_mode/interfaces-loopback.py +++ b/src/conf_mode/interfaces-loopback.py @@ -36,7 +36,7 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'loopback'] - loopback = get_interface_dict(conf, base) + _, loopback = get_interface_dict(conf, base) return loopback def verify(loopback): diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index c71863e61..279dd119b 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -48,7 +48,7 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'macsec'] - macsec = get_interface_dict(conf, base) + ifname, macsec = get_interface_dict(conf, base) # Check if interface has been removed if 'deleted' in macsec: diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index a9be093c2..4750ca3e8 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -32,7 +32,7 @@ from shutil import rmtree from vyos.config import Config from vyos.configdict import get_interface_dict -from vyos.configdict import leaf_node_changed +from vyos.configdict import is_node_changed from vyos.configverify import verify_vrf from vyos.configverify import verify_bridge_delete from vyos.configverify import verify_mirror_redirect @@ -85,13 +85,12 @@ def get_config(config=None): tmp_pki = conf.get_config_dict(['pki'], key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) - openvpn = get_interface_dict(conf, base) + ifname, openvpn = get_interface_dict(conf, base) if 'deleted' not in openvpn: openvpn['pki'] = tmp_pki - - tmp = leaf_node_changed(conf, ['openvpn-option']) - if tmp: openvpn['restart_required'] = '' + if is_node_changed(conf, base + [ifname, 'openvpn-option']): + openvpn.update({'restart_required': {}}) # We have to get the dict using 'get_config_dict' instead of 'get_interface_dict' # as 'get_interface_dict' merges the defaults in, so we can not check for defaults in there. diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py index bfb1fadd5..e2fdc7a42 100755 --- a/src/conf_mode/interfaces-pppoe.py +++ b/src/conf_mode/interfaces-pppoe.py @@ -22,7 +22,9 @@ from netifaces import interfaces from vyos.config import Config from vyos.configdict import get_interface_dict +from vyos.configdict import is_node_changed from vyos.configdict import leaf_node_changed +from vyos.configdict import get_pppoe_interfaces from vyos.configverify import verify_authentication from vyos.configverify import verify_source_interface from vyos.configverify import verify_interface_exists @@ -47,33 +49,17 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'pppoe'] - pppoe = get_interface_dict(conf, base) + ifname, pppoe = get_interface_dict(conf, base) # We should only terminate the PPPoE session if critical parameters change. # All parameters that can be changed on-the-fly (like interface description) # should not lead to a reconnect! - tmp = leaf_node_changed(conf, ['access-concentrator']) - if tmp: pppoe.update({'shutdown_required': {}}) - - tmp = leaf_node_changed(conf, ['connect-on-demand']) - if tmp: pppoe.update({'shutdown_required': {}}) - - tmp = leaf_node_changed(conf, ['service-name']) - if tmp: pppoe.update({'shutdown_required': {}}) - - tmp = leaf_node_changed(conf, ['source-interface']) - if tmp: pppoe.update({'shutdown_required': {}}) - - tmp = leaf_node_changed(conf, ['vrf']) - # leaf_node_changed() returns a list, as VRF is a non-multi node, there - # will be only one list element - if tmp: pppoe.update({'vrf_old': tmp[0]}) - - tmp = leaf_node_changed(conf, ['authentication', 'user']) - if tmp: pppoe.update({'shutdown_required': {}}) - - tmp = leaf_node_changed(conf, ['authentication', 'password']) - if tmp: pppoe.update({'shutdown_required': {}}) + for options in ['access-concentrator', 'connect-on-demand', 'service-name', + 'source-interface', 'vrf', 'no-default-route', 'authentication']: + if is_node_changed(conf, base + [ifname, options]): + pppoe.update({'shutdown_required': {}}) + # bail out early - no need to further process other nodes + break return pppoe @@ -106,7 +92,7 @@ def generate(pppoe): return None # Create PPP configuration files - render(config_pppoe, 'pppoe/peer.tmpl', pppoe, permission=0o640) + render(config_pppoe, 'pppoe/peer.j2', pppoe, permission=0o640) return None @@ -120,7 +106,7 @@ def apply(pppoe): return None # reconnect should only be necessary when certain config options change, - # like ACS name, authentication, no-peer-dns, source-interface + # like ACS name, authentication ... (see get_config() for details) if ((not is_systemd_service_running(f'ppp@{ifname}.service')) or 'shutdown_required' in pppoe): @@ -130,6 +116,9 @@ def apply(pppoe): p.remove() call(f'systemctl restart ppp@{ifname}.service') + # When interface comes "live" a hook is called: + # /etc/ppp/ip-up.d/99-vyos-pppoe-callback + # which triggers PPPoEIf.update() else: if os.path.isdir(f'/sys/class/net/{ifname}'): p = PPPoEIf(ifname) diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index f2c85554f..1cd3fe276 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -18,7 +18,7 @@ from sys import exit from vyos.config import Config from vyos.configdict import get_interface_dict -from vyos.configdict import leaf_node_changed +from vyos.configdict import is_node_changed from vyos.configverify import verify_vrf from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete @@ -42,14 +42,14 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'pseudo-ethernet'] - peth = get_interface_dict(conf, base) + ifname, peth = get_interface_dict(conf, base) - mode = leaf_node_changed(conf, ['mode']) - if mode: peth.update({'mode_old' : mode}) + mode = is_node_changed(conf, ['mode']) + if mode: peth.update({'shutdown_required' : {}}) if 'source_interface' in peth: - peth['parent'] = get_interface_dict(conf, ['interfaces', 'ethernet'], - peth['source_interface']) + _, peth['parent'] = get_interface_dict(conf, ['interfaces', 'ethernet'], + peth['source_interface']) return peth def verify(peth): diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index f4668d976..eff7f373c 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -48,10 +48,10 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'tunnel'] - tunnel = get_interface_dict(conf, base) + ifname, tunnel = get_interface_dict(conf, base) if 'deleted' not in tunnel: - tmp = leaf_node_changed(conf, ['encapsulation']) + tmp = leaf_node_changed(conf, base + [ifname, 'encapsulation']) if tmp: tunnel.update({'encapsulation_changed': {}}) # We also need to inspect other configured tunnels as there are Kernel diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py index f06fdff1b..f4b0436af 100755 --- a/src/conf_mode/interfaces-vti.py +++ b/src/conf_mode/interfaces-vti.py @@ -36,7 +36,7 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'vti'] - vti = get_interface_dict(conf, base) + _, vti = get_interface_dict(conf, base) return vti def verify(vti): diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 53704827e..f44d754ba 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -23,7 +23,7 @@ from vyos.base import Warning from vyos.config import Config from vyos.configdict import get_interface_dict from vyos.configdict import leaf_node_changed -from vyos.configdict import node_changed +from vyos.configdict import is_node_changed from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete from vyos.configverify import verify_mtu_ipv6 @@ -46,17 +46,17 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'vxlan'] - vxlan = get_interface_dict(conf, base) + ifname, vxlan = get_interface_dict(conf, base) # VXLAN interfaces are picky and require recreation if certain parameters # change. But a VXLAN interface should - of course - not be re-created if # it's description or IP address is adjusted. Feels somehow logic doesn't it? for cli_option in ['external', 'gpe', 'group', 'port', 'remote', 'source-address', 'source-interface', 'vni']: - if leaf_node_changed(conf, cli_option): + if leaf_node_changed(conf, base + [ifname, cli_option]): vxlan.update({'rebuild_required': {}}) - if node_changed(conf, ['parameters'], recursive=True): + if is_node_changed(conf, base + [ifname, 'parameters']): vxlan.update({'rebuild_required': {}}) # We need to verify that no other VXLAN tunnel is configured when external diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index b404375d6..180ffa507 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2020 VyOS maintainers and contributors +# Copyright (C) 2018-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -46,17 +46,17 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'wireguard'] - wireguard = get_interface_dict(conf, base) + ifname, wireguard = get_interface_dict(conf, base) # Check if a port was changed - wireguard['port_changed'] = leaf_node_changed(conf, ['port']) + wireguard['port_changed'] = leaf_node_changed(conf, base + [ifname, 'port']) # Determine which Wireguard peer has been removed. # Peers can only be removed with their public key! dict = {} - tmp = node_changed(conf, ['peer'], key_mangling=('-', '_')) + tmp = node_changed(conf, base + [ifname, 'peer'], key_mangling=('-', '_')) for peer in (tmp or []): - public_key = leaf_node_changed(conf, ['peer', peer, 'public_key']) + public_key = leaf_node_changed(conf, base + [ifname, 'peer', peer, 'public_key']) if public_key: dict = dict_merge({'peer_remove' : {peer : {'public_key' : public_key[0]}}}, dict) wireguard.update(dict) diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 7fc22cdab..d34297063 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -76,15 +76,19 @@ def get_config(config=None): conf = Config() base = ['interfaces', 'wireless'] - wifi = get_interface_dict(conf, base) + ifname, wifi = get_interface_dict(conf, base) # Cleanup "delete" default values when required user selectable values are # not defined at all - tmp = conf.get_config_dict([], key_mangling=('-', '_'), get_first_key=True) + tmp = conf.get_config_dict(base + [ifname], key_mangling=('-', '_'), + get_first_key=True) if not (dict_search('security.wpa.passphrase', tmp) or dict_search('security.wpa.radius', tmp)): if 'deleted' not in wifi: del wifi['security']['wpa'] + # if 'security' key is empty, drop it too + if len(wifi['security']) == 0: + del wifi['security'] # defaults include RADIUS server specifics per TAG node which need to be # added to individual RADIUS servers instead - so we can simply delete them diff --git a/src/conf_mode/interfaces-wwan.py b/src/conf_mode/interfaces-wwan.py index 9a33039a3..e275ace84 100755 --- a/src/conf_mode/interfaces-wwan.py +++ b/src/conf_mode/interfaces-wwan.py @@ -21,7 +21,7 @@ from time import sleep from vyos.config import Config from vyos.configdict import get_interface_dict -from vyos.configdict import leaf_node_changed +from vyos.configdict import is_node_changed from vyos.configverify import verify_authentication from vyos.configverify import verify_interface_exists from vyos.configverify import verify_mirror_redirect @@ -50,42 +50,36 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'wwan'] - wwan = get_interface_dict(conf, base) + ifname, wwan = get_interface_dict(conf, base) # We should only terminate the WWAN session if critical parameters change. # All parameters that can be changed on-the-fly (like interface description) # should not lead to a reconnect! - tmp = leaf_node_changed(conf, ['address']) + tmp = is_node_changed(conf, base + [ifname, 'address']) if tmp: wwan.update({'shutdown_required': {}}) - tmp = leaf_node_changed(conf, ['apn']) + tmp = is_node_changed(conf, base + [ifname, 'apn']) if tmp: wwan.update({'shutdown_required': {}}) - tmp = leaf_node_changed(conf, ['disable']) + tmp = is_node_changed(conf, base + [ifname, 'disable']) if tmp: wwan.update({'shutdown_required': {}}) - tmp = leaf_node_changed(conf, ['vrf']) - # leaf_node_changed() returns a list, as VRF is a non-multi node, there - # will be only one list element - if tmp: wwan.update({'vrf_old': tmp[0]}) - - tmp = leaf_node_changed(conf, ['authentication', 'user']) + tmp = is_node_changed(conf, base + [ifname, 'vrf']) if tmp: wwan.update({'shutdown_required': {}}) - tmp = leaf_node_changed(conf, ['authentication', 'password']) + tmp = is_node_changed(conf, base + [ifname, 'authentication']) if tmp: wwan.update({'shutdown_required': {}}) - tmp = leaf_node_changed(conf, ['ipv6', 'address', 'autoconf']) + tmp = is_node_changed(conf, base + [ifname, 'ipv6', 'address', 'autoconf']) if tmp: wwan.update({'shutdown_required': {}}) # We need to know the amount of other WWAN interfaces as ModemManager needs # to be started or stopped. conf.set_level(base) - wwan['other_interfaces'] = conf.get_config_dict([], key_mangling=('-', '_'), - get_first_key=True, - no_tag_node_value_mangle=True) + _, wwan['other_interfaces'] = conf.get_config_dict([], key_mangling=('-', '_'), + get_first_key=True, + no_tag_node_value_mangle=True) - ifname = wwan['ifname'] # This if-clause is just to be sure - it will always evaluate to true if ifname in wwan['other_interfaces']: del wwan['other_interfaces'][ifname] diff --git a/src/conf_mode/lldp.py b/src/conf_mode/lldp.py index 2bb615eb7..c703c1fe0 100755 --- a/src/conf_mode/lldp.py +++ b/src/conf_mode/lldp.py @@ -111,8 +111,8 @@ def generate(lldp): if lldp is None: return - render(config_file, 'lldp/lldpd.tmpl', lldp) - render(vyos_config_file, 'lldp/vyos.conf.tmpl', lldp) + render(config_file, 'lldp/lldpd.j2', lldp) + render(vyos_config_file, 'lldp/vyos.conf.j2', lldp) def apply(lldp): systemd_service = 'lldpd.service' diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 8aaebf9ff..85819a77e 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -181,7 +181,7 @@ def verify(nat): return None def generate(nat): - render(nftables_nat_config, 'firewall/nftables-nat.tmpl', nat) + render(nftables_nat_config, 'firewall/nftables-nat.j2', nat) # dry-run newly generated configuration tmp = run(f'nft -c -f {nftables_nat_config}') diff --git a/src/conf_mode/nat66.py b/src/conf_mode/nat66.py index 1cd15811f..0972151a0 100755 --- a/src/conf_mode/nat66.py +++ b/src/conf_mode/nat66.py @@ -146,8 +146,8 @@ def verify(nat): return None def generate(nat): - render(nftables_nat66_config, 'firewall/nftables-nat66.tmpl', nat, permission=0o755) - render(ndppd_config, 'ndppd/ndppd.conf.tmpl', nat, permission=0o755) + render(nftables_nat66_config, 'firewall/nftables-nat66.j2', nat, permission=0o755) + render(ndppd_config, 'ndppd/ndppd.conf.j2', nat, permission=0o755) return None def apply(nat): diff --git a/src/conf_mode/policy-route.py b/src/conf_mode/policy-route.py index 09d181d43..5de341beb 100755 --- a/src/conf_mode/policy-route.py +++ b/src/conf_mode/policy-route.py @@ -204,7 +204,7 @@ def generate(policy): else: policy['cleanup_commands'] = cleanup_commands(policy) - render(nftables_conf, 'firewall/nftables-policy.tmpl', policy) + render(nftables_conf, 'firewall/nftables-policy.j2', policy) return None def apply_table_marks(policy): diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 8d9d3e99a..cd46cbcb4 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -164,6 +164,22 @@ def verify(bgp): if not verify_remote_as(peer_config, bgp): raise ConfigError(f'Neighbor "{peer}" remote-as must be set!') + # Peer-group member cannot override remote-as of peer-group + if 'peer_group' in peer_config: + peer_group = peer_config['peer_group'] + if 'remote_as' in peer_config and 'remote_as' in bgp['peer_group'][peer_group]: + raise ConfigError(f'Peer-group member "{peer}" cannot override remote-as of peer-group "{peer_group}"!') + if 'interface' in peer_config: + if 'peer_group' in peer_config['interface']: + peer_group = peer_config['interface']['peer_group'] + if 'remote_as' in peer_config['interface'] and 'remote_as' in bgp['peer_group'][peer_group]: + raise ConfigError(f'Peer-group member "{peer}" cannot override remote-as of peer-group "{peer_group}"!') + if 'v6only' in peer_config['interface']: + if 'peer_group' in peer_config['interface']['v6only']: + peer_group = peer_config['interface']['v6only']['peer_group'] + if 'remote_as' in peer_config['interface']['v6only'] and 'remote_as' in bgp['peer_group'][peer_group]: + raise ConfigError(f'Peer-group member "{peer}" cannot override remote-as of peer-group "{peer_group}"!') + # Only checks for ipv4 and ipv6 neighbors # Check if neighbor address is assigned as system interface address vrf = None diff --git a/src/conf_mode/protocols_nhrp.py b/src/conf_mode/protocols_nhrp.py index 7eeb5cd30..b6371d09f 100755 --- a/src/conf_mode/protocols_nhrp.py +++ b/src/conf_mode/protocols_nhrp.py @@ -84,7 +84,7 @@ def verify(nhrp): return None def generate(nhrp): - render(opennhrp_conf, 'nhrp/opennhrp.conf.tmpl', nhrp) + render(opennhrp_conf, 'nhrp/opennhrp.conf.j2', nhrp) return None def apply(nhrp): diff --git a/src/conf_mode/protocols_static.py b/src/conf_mode/protocols_static.py index 87432bc1c..58e202928 100755 --- a/src/conf_mode/protocols_static.py +++ b/src/conf_mode/protocols_static.py @@ -22,6 +22,7 @@ from sys import argv from vyos.config import Config from vyos.configdict import dict_merge from vyos.configdict import get_dhcp_interfaces +from vyos.configdict import get_pppoe_interfaces from vyos.configverify import verify_common_route_maps from vyos.configverify import verify_vrf from vyos.template import render_to_string @@ -59,7 +60,9 @@ def get_config(config=None): # T3680 - get a list of all interfaces currently configured to use DHCP tmp = get_dhcp_interfaces(conf, vrf) - if tmp: static['dhcp'] = tmp + if tmp: static.update({'dhcp' : tmp}) + tmp = get_pppoe_interfaces(conf, vrf) + if tmp: static.update({'pppoe' : tmp}) return static diff --git a/src/conf_mode/service_console-server.py b/src/conf_mode/service_console-server.py index 51050e702..a2e411e49 100755 --- a/src/conf_mode/service_console-server.py +++ b/src/conf_mode/service_console-server.py @@ -81,7 +81,7 @@ def generate(proxy): if not proxy: return None - render(config_file, 'conserver/conserver.conf.tmpl', proxy) + render(config_file, 'conserver/conserver.conf.j2', proxy) if 'device' in proxy: for device, device_config in proxy['device'].items(): if 'ssh' not in device_config: @@ -92,7 +92,7 @@ def generate(proxy): 'port' : device_config['ssh']['port'], } render(dropbear_systemd_file.format(**tmp), - 'conserver/dropbear@.service.tmpl', tmp) + 'conserver/dropbear@.service.j2', tmp) return None diff --git a/src/conf_mode/service_ids_fastnetmon.py b/src/conf_mode/service_ids_fastnetmon.py index 67edeb630..ae7e582ec 100755 --- a/src/conf_mode/service_ids_fastnetmon.py +++ b/src/conf_mode/service_ids_fastnetmon.py @@ -67,8 +67,8 @@ def generate(fastnetmon): return - render(config_file, 'ids/fastnetmon.tmpl', fastnetmon) - render(networks_list, 'ids/fastnetmon_networks_list.tmpl', fastnetmon) + render(config_file, 'ids/fastnetmon.j2', fastnetmon) + render(networks_list, 'ids/fastnetmon_networks_list.j2', fastnetmon) return None diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index 2ebee8018..559d1bcd5 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -296,10 +296,10 @@ def generate(ipoe): if not ipoe: return None - render(ipoe_conf, 'accel-ppp/ipoe.config.tmpl', ipoe) + render(ipoe_conf, 'accel-ppp/ipoe.config.j2', ipoe) if ipoe['auth_mode'] == 'local': - render(ipoe_chap_secrets, 'accel-ppp/chap-secrets.ipoe.tmpl', ipoe) + render(ipoe_chap_secrets, 'accel-ppp/chap-secrets.ipoe.j2', ipoe) os.chmod(ipoe_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP) else: diff --git a/src/conf_mode/service_mdns-repeater.py b/src/conf_mode/service_mdns-repeater.py index d31a0c49e..2383a53fb 100755 --- a/src/conf_mode/service_mdns-repeater.py +++ b/src/conf_mode/service_mdns-repeater.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2017-2020 VyOS maintainers and contributors +# Copyright (C) 2017-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -92,7 +92,7 @@ def generate(mdns): if len(mdns['interface']) < 2: return None - render(config_file, 'mdns-repeater/avahi-daemon.tmpl', mdns) + render(config_file, 'mdns-repeater/avahi-daemon.j2', mdns) return None def apply(mdns): diff --git a/src/conf_mode/service_monitoring_telegraf.py b/src/conf_mode/service_monitoring_telegraf.py index 8a972b9fe..102a87318 100755 --- a/src/conf_mode/service_monitoring_telegraf.py +++ b/src/conf_mode/service_monitoring_telegraf.py @@ -99,6 +99,15 @@ def get_config(config=None): monitoring['interfaces_ethernet'] = get_interfaces('ethernet', vlan=False) monitoring['nft_chains'] = get_nft_filter_chains() + if 'authentication' in monitoring or \ + 'url' in monitoring: + monitoring['influxdb_configured'] = True + + # Ignore default XML values if config doesn't exists + # Delete key from dict + if not conf.exists(base + ['prometheus-client']): + del monitoring['prometheus_client'] + return monitoring def verify(monitoring): @@ -106,13 +115,23 @@ def verify(monitoring): if not monitoring: return None - if 'authentication' not in monitoring or \ - 'organization' not in monitoring['authentication'] or \ - 'token' not in monitoring['authentication']: - raise ConfigError(f'Authentication "organization and token" are mandatory!') + if 'influxdb_configured' in monitoring: + if 'authentication' not in monitoring or \ + 'organization' not in monitoring['authentication'] or \ + 'token' not in monitoring['authentication']: + raise ConfigError(f'Authentication "organization and token" are mandatory!') + + if 'url' not in monitoring: + raise ConfigError(f'Monitoring "url" is mandatory!') + + # Verify Splunk + if 'splunk' in monitoring: + if 'authentication' not in monitoring['splunk'] or \ + 'token' not in monitoring['splunk']['authentication']: + raise ConfigError(f'Authentication "organization and token" are mandatory!') - if 'url' not in monitoring: - raise ConfigError(f'Monitoring "url" is mandatory!') + if 'url' not in monitoring['splunk']: + raise ConfigError(f'Monitoring splunk "url" is mandatory!') return None @@ -145,10 +164,10 @@ def generate(monitoring): os.mkdir(custom_scripts_dir) # Render telegraf configuration and systemd override - render(config_telegraf, 'monitoring/telegraf.tmpl', monitoring) - render(systemd_telegraf_service, 'monitoring/systemd_vyos_telegraf_service.tmpl', monitoring) - render(systemd_override, 'monitoring/override.conf.tmpl', monitoring, permission=0o640) - render(syslog_telegraf, 'monitoring/syslog_telegraf.tmpl', monitoring) + render(config_telegraf, 'monitoring/telegraf.j2', monitoring) + render(systemd_telegraf_service, 'monitoring/systemd_vyos_telegraf_service.j2', monitoring) + render(systemd_override, 'monitoring/override.conf.j2', monitoring, permission=0o640) + render(syslog_telegraf, 'monitoring/syslog_telegraf.j2', monitoring) chown(base_dir, 'telegraf', 'telegraf') diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 1f31d132d..6086ef859 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -88,10 +88,10 @@ def generate(pppoe): for vlan_range in pppoe['interface'][iface]['vlan_range']: pppoe['interface'][iface]['regex'].append(range_to_regex(vlan_range)) - render(pppoe_conf, 'accel-ppp/pppoe.config.tmpl', pppoe) + render(pppoe_conf, 'accel-ppp/pppoe.config.j2', pppoe) if dict_search('authentication.mode', pppoe) == 'local': - render(pppoe_chap_secrets, 'accel-ppp/chap-secrets.config_dict.tmpl', + render(pppoe_chap_secrets, 'accel-ppp/chap-secrets.config_dict.j2', pppoe, permission=0o640) else: if os.path.exists(pppoe_chap_secrets): diff --git a/src/conf_mode/service_router-advert.py b/src/conf_mode/service_router-advert.py index 9afcdd63e..71b758399 100755 --- a/src/conf_mode/service_router-advert.py +++ b/src/conf_mode/service_router-advert.py @@ -101,7 +101,7 @@ def generate(rtradv): if not rtradv: return None - render(config_file, 'router-advert/radvd.conf.tmpl', rtradv, permission=0o644) + render(config_file, 'router-advert/radvd.conf.j2', rtradv, permission=0o644) return None def apply(rtradv): diff --git a/src/conf_mode/service_upnp.py b/src/conf_mode/service_upnp.py index d21b31990..36f3e18a7 100755 --- a/src/conf_mode/service_upnp.py +++ b/src/conf_mode/service_upnp.py @@ -135,7 +135,7 @@ def generate(upnpd): if os.path.isfile(config_file): os.unlink(config_file) - render(config_file, 'firewall/upnpd.conf.tmpl', upnpd) + render(config_file, 'firewall/upnpd.conf.j2', upnpd) def apply(upnpd): systemd_service_name = 'miniupnpd.service' diff --git a/src/conf_mode/service_webproxy.py b/src/conf_mode/service_webproxy.py index a16cc4aeb..32af31bde 100755 --- a/src/conf_mode/service_webproxy.py +++ b/src/conf_mode/service_webproxy.py @@ -61,7 +61,7 @@ def generate_sg_localdb(category, list_type, role, proxy): user=user_group, group=user_group) # temporary config file, deleted after generation - render(sg_tmp_file, 'squid/sg_acl.conf.tmpl', tmp, + render(sg_tmp_file, 'squid/sg_acl.conf.j2', tmp, user=user_group, group=user_group) call(f'su - {user_group} -c "squidGuard -d -c {sg_tmp_file} -C {db_file}"') @@ -166,8 +166,8 @@ def generate(proxy): if not proxy: return None - render(squid_config_file, 'squid/squid.conf.tmpl', proxy) - render(squidguard_config_file, 'squid/squidGuard.conf.tmpl', proxy) + render(squid_config_file, 'squid/squid.conf.j2', proxy) + render(squidguard_config_file, 'squid/squidGuard.conf.j2', proxy) cat_dict = { 'local-block' : 'domains', diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index e35bb8a0c..ae060580d 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -270,15 +270,15 @@ def generate(snmp): call(f'/opt/vyatta/sbin/my_delete service snmp v3 user "{user}" privacy plaintext-password > /dev/null') # Write client config file - render(config_file_client, 'snmp/etc.snmp.conf.tmpl', snmp) + render(config_file_client, 'snmp/etc.snmp.conf.j2', snmp) # Write server config file - render(config_file_daemon, 'snmp/etc.snmpd.conf.tmpl', snmp) + render(config_file_daemon, 'snmp/etc.snmpd.conf.j2', snmp) # Write access rights config file - render(config_file_access, 'snmp/usr.snmpd.conf.tmpl', snmp) + render(config_file_access, 'snmp/usr.snmpd.conf.j2', snmp) # Write access rights config file - render(config_file_user, 'snmp/var.snmpd.conf.tmpl', snmp) + render(config_file_user, 'snmp/var.snmpd.conf.j2', snmp) # Write daemon configuration file - render(systemd_override, 'snmp/override.conf.tmpl', snmp) + render(systemd_override, 'snmp/override.conf.j2', snmp) return None diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index 487e8c229..28669694b 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2021 VyOS maintainers and contributors +# Copyright (C) 2018-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -33,6 +33,9 @@ airbag.enable() config_file = r'/run/sshd/sshd_config' systemd_override = r'/etc/systemd/system/ssh.service.d/override.conf' +sshguard_config_file = '/etc/sshguard/sshguard.conf' +sshguard_whitelist = '/etc/sshguard/whitelist' + key_rsa = '/etc/ssh/ssh_host_rsa_key' key_dsa = '/etc/ssh/ssh_host_dsa_key' key_ed25519 = '/etc/ssh/ssh_host_ed25519_key' @@ -54,6 +57,11 @@ def get_config(config=None): # pass config file path - used in override template ssh['config_file'] = config_file + # Ignore default XML values if config doesn't exists + # Delete key from dict + if not conf.exists(base + ['dynamic-protection']): + del ssh['dynamic_protection'] + return ssh def verify(ssh): @@ -86,6 +94,10 @@ def generate(ssh): render(config_file, 'ssh/sshd_config.j2', ssh) render(systemd_override, 'ssh/override.conf.j2', ssh) + + if 'dynamic_protection' in ssh: + render(sshguard_config_file, 'ssh/sshguard_config.j2', ssh) + render(sshguard_whitelist, 'ssh/sshguard_whitelist.j2', ssh) # Reload systemd manager configuration call('systemctl daemon-reload') @@ -95,7 +107,12 @@ def apply(ssh): if not ssh: # SSH access is removed in the commit call('systemctl stop ssh.service') + call('systemctl stop sshguard.service') return None + if 'dynamic_protection' not in ssh: + call('systemctl stop sshguard.service') + else: + call('systemctl restart sshguard.service') call('systemctl restart ssh.service') return None diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index c9c6aa187..c717286ae 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -197,7 +197,7 @@ def generate(login): pass if 'radius' in login: - render(radius_config_file, 'login/pam_radius_auth.conf.tmpl', login, + render(radius_config_file, 'login/pam_radius_auth.conf.j2', login, permission=0o600, user='root', group='root') else: if os.path.isfile(radius_config_file): @@ -241,7 +241,7 @@ def apply(login): # # XXX: Should we deny using root at all? home_dir = getpwnam(user).pw_dir - render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.tmpl', + render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2', user_config, permission=0o600, formater=lambda _: _.replace(""", '"'), user=user, group='users') diff --git a/src/conf_mode/system-logs.py b/src/conf_mode/system-logs.py index e6296656d..c71938a79 100755 --- a/src/conf_mode/system-logs.py +++ b/src/conf_mode/system-logs.py @@ -57,13 +57,13 @@ def generate(logs_config): logrotate_atop = dict_search('logrotate.atop', logs_config) # generate new config file for atop syslog.debug('Adding logrotate config for atop') - render(logrotate_atop_file, 'logs/logrotate/vyos-atop.tmpl', logrotate_atop) + render(logrotate_atop_file, 'logs/logrotate/vyos-atop.j2', logrotate_atop) # get configuration for logrotate rsyslog logrotate_rsyslog = dict_search('logrotate.messages', logs_config) # generate new config file for rsyslog syslog.debug('Adding logrotate config for rsyslog') - render(logrotate_rsyslog_file, 'logs/logrotate/vyos-rsyslog.tmpl', + render(logrotate_rsyslog_file, 'logs/logrotate/vyos-rsyslog.j2', logrotate_rsyslog) diff --git a/src/conf_mode/system-option.py b/src/conf_mode/system-option.py index b1c63e316..36dbf155b 100755 --- a/src/conf_mode/system-option.py +++ b/src/conf_mode/system-option.py @@ -74,8 +74,8 @@ def verify(options): return None def generate(options): - render(curlrc_config, 'system/curlrc.tmpl', options) - render(ssh_config, 'system/ssh_config.tmpl', options) + render(curlrc_config, 'system/curlrc.j2', options) + render(ssh_config, 'system/ssh_config.j2', options) return None def apply(options): diff --git a/src/conf_mode/system-proxy.py b/src/conf_mode/system-proxy.py index 02536c2ab..079c43e7e 100755 --- a/src/conf_mode/system-proxy.py +++ b/src/conf_mode/system-proxy.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018 VyOS maintainers and contributors +# Copyright (C) 2018-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -13,83 +13,59 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# -import sys import os -import re -from vyos import ConfigError -from vyos.config import Config +from sys import exit +from vyos.config import Config +from vyos.template import render +from vyos import ConfigError from vyos import airbag airbag.enable() proxy_def = r'/etc/profile.d/vyos-system-proxy.sh' - -def get_config(): - c = Config() - if not c.exists('system proxy'): +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + base = ['system', 'proxy'] + if not conf.exists(base): return None - c.set_level('system proxy') + proxy = conf.get_config_dict(base, get_first_key=True) + return proxy - cnf = { - 'url': None, - 'port': None, - 'usr': None, - 'passwd': None - } +def verify(proxy): + if not proxy: + return - if c.exists('url'): - cnf['url'] = c.return_value('url') - if c.exists('port'): - cnf['port'] = c.return_value('port') - if c.exists('username'): - cnf['usr'] = c.return_value('username') - if c.exists('password'): - cnf['passwd'] = c.return_value('password') + if 'url' not in proxy or 'port' not in proxy: + raise ConfigError('Proxy URL and port require a value') - return cnf + if ('username' in proxy and 'password' not in proxy) or \ + ('username' not in proxy and 'password' in proxy): + raise ConfigError('Both username and password need to be defined!') +def generate(proxy): + if not proxy: + if os.path.isfile(proxy_def): + os.unlink(proxy_def) + return -def verify(c): - if not c: - return None - if not c['url'] or not c['port']: - raise ConfigError("proxy url and port requires a value") - elif c['usr'] and not c['passwd']: - raise ConfigError("proxy password requires a value") - elif not c['usr'] and c['passwd']: - raise ConfigError("proxy username requires a value") - + render(proxy_def, 'system/proxy.j2', proxy, permission=0o755) -def generate(c): - if not c: - return None - if not c['usr']: - return str("export http_proxy={url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy" - .format(url=c['url'], port=c['port'])) - else: - return str("export http_proxy=http://{usr}:{passwd}@{url}:{port}\nexport https_proxy=$http_proxy\nexport ftp_proxy=$http_proxy" - .format(url=re.sub('http://', '', c['url']), port=c['port'], usr=c['usr'], passwd=c['passwd'])) - - -def apply(ln): - if not ln and os.path.exists(proxy_def): - os.remove(proxy_def) - else: - open(proxy_def, 'w').write( - "# generated by system-proxy.py\n{}\n".format(ln)) +def apply(proxy): + pass if __name__ == '__main__': try: c = get_config() verify(c) - ln = generate(c) - apply(ln) + generate(c) + apply(c) except ConfigError as e: print(e) - sys.exit(1) + exit(1) diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index 309b4bdb0..a9d3bbe31 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -204,7 +204,7 @@ def generate(c): return None conf = '/etc/rsyslog.d/vyos-rsyslog.conf' - render(conf, 'syslog/rsyslog.conf.tmpl', c) + render(conf, 'syslog/rsyslog.conf.j2', c) # cleanup current logrotate config files logrotate_files = Path('/etc/logrotate.d/').glob('vyos-rsyslog-generated-*') @@ -216,7 +216,7 @@ def generate(c): for filename, fileconfig in c.get('files', {}).items(): if fileconfig['log-file'].startswith('/var/log/user/'): conf = '/etc/logrotate.d/vyos-rsyslog-generated-' + filename - render(conf, 'syslog/logrotate.tmpl', { 'config_render': fileconfig }) + render(conf, 'syslog/logrotate.j2', { 'config_render': fileconfig }) def verify(c): diff --git a/src/conf_mode/system_console.py b/src/conf_mode/system_console.py index 19b252513..86985d765 100755 --- a/src/conf_mode/system_console.py +++ b/src/conf_mode/system_console.py @@ -103,7 +103,7 @@ def generate(console): config_file = base_dir + f'/serial-getty@{device}.service' getty_wants_symlink = base_dir + f'/getty.target.wants/serial-getty@{device}.service' - render(config_file, 'getty/serial-getty.service.tmpl', device_config) + render(config_file, 'getty/serial-getty.service.j2', device_config) os.symlink(config_file, getty_wants_symlink) # GRUB diff --git a/src/conf_mode/system_lcd.py b/src/conf_mode/system_lcd.py index b5ce32beb..3341dd738 100755 --- a/src/conf_mode/system_lcd.py +++ b/src/conf_mode/system_lcd.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2020-2022 VyOS maintainers and contributors <maintainers@vyos.io> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -61,9 +61,9 @@ def generate(lcd): lcd['device'] = find_device_file(lcd['device']) # Render config file for daemon LCDd - render(lcdd_conf, 'lcd/LCDd.conf.tmpl', lcd) + render(lcdd_conf, 'lcd/LCDd.conf.j2', lcd) # Render config file for client lcdproc - render(lcdproc_conf, 'lcd/lcdproc.conf.tmpl', lcd) + render(lcdproc_conf, 'lcd/lcdproc.conf.j2', lcd) return None diff --git a/src/conf_mode/system_sysctl.py b/src/conf_mode/system_sysctl.py index 4f16d1ed6..2e0004ffa 100755 --- a/src/conf_mode/system_sysctl.py +++ b/src/conf_mode/system_sysctl.py @@ -50,7 +50,7 @@ def generate(sysctl): os.unlink(config_file) return None - render(config_file, 'system/sysctl.conf.tmpl', sysctl) + render(config_file, 'system/sysctl.conf.j2', sysctl) return None def apply(sysctl): diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/tftp_server.py index 95050624e..c5daccb7f 100755 --- a/src/conf_mode/tftp_server.py +++ b/src/conf_mode/tftp_server.py @@ -98,7 +98,7 @@ def generate(tftpd): config['vrf'] = address_config['vrf'] file = config_file + str(idx) - render(file, 'tftp-server/default.tmpl', config) + render(file, 'tftp-server/default.j2', config) idx = idx + 1 return None diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 99b82ca2d..bad9cfbd8 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -503,7 +503,7 @@ def generate(ipsec): charon_radius_conf, interface_conf, swanctl_conf]: if os.path.isfile(config_file): os.unlink(config_file) - render(charon_conf, 'ipsec/charon.tmpl', {'install_routes': default_install_routes}) + render(charon_conf, 'ipsec/charon.j2', {'install_routes': default_install_routes}) return if ipsec['dhcp_no_address']: @@ -553,25 +553,27 @@ def generate(ipsec): if not local_prefixes or not remote_prefixes: continue - passthrough = [] + passthrough = None for local_prefix in local_prefixes: for remote_prefix in remote_prefixes: local_net = ipaddress.ip_network(local_prefix) remote_net = ipaddress.ip_network(remote_prefix) if local_net.overlaps(remote_net): + if passthrough is None: + passthrough = [] passthrough.append(local_prefix) ipsec['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough - render(ipsec_conf, 'ipsec/ipsec.conf.tmpl', ipsec) - render(ipsec_secrets, 'ipsec/ipsec.secrets.tmpl', ipsec) - render(charon_conf, 'ipsec/charon.tmpl', ipsec) - render(charon_dhcp_conf, 'ipsec/charon/dhcp.conf.tmpl', ipsec) - render(charon_radius_conf, 'ipsec/charon/eap-radius.conf.tmpl', ipsec) - render(interface_conf, 'ipsec/interfaces_use.conf.tmpl', ipsec) - render(swanctl_conf, 'ipsec/swanctl.conf.tmpl', ipsec) + render(ipsec_conf, 'ipsec/ipsec.conf.j2', ipsec) + render(ipsec_secrets, 'ipsec/ipsec.secrets.j2', ipsec) + render(charon_conf, 'ipsec/charon.j2', ipsec) + render(charon_dhcp_conf, 'ipsec/charon/dhcp.conf.j2', ipsec) + render(charon_radius_conf, 'ipsec/charon/eap-radius.conf.j2', ipsec) + render(interface_conf, 'ipsec/interfaces_use.conf.j2', ipsec) + render(swanctl_conf, 'ipsec/swanctl.conf.j2', ipsec) def resync_nhrp(ipsec): if ipsec and not ipsec['nhrp_exists']: diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index 818e8fa0b..fd5a4acd8 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -358,10 +358,10 @@ def generate(l2tp): if not l2tp: return None - render(l2tp_conf, 'accel-ppp/l2tp.config.tmpl', l2tp) + render(l2tp_conf, 'accel-ppp/l2tp.config.j2', l2tp) if l2tp['auth_mode'] == 'local': - render(l2tp_chap_secrets, 'accel-ppp/chap-secrets.tmpl', l2tp) + render(l2tp_chap_secrets, 'accel-ppp/chap-secrets.j2', l2tp) os.chmod(l2tp_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP) else: diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py index 84d31f9a5..8e0e30bbf 100755 --- a/src/conf_mode/vpn_openconnect.py +++ b/src/conf_mode/vpn_openconnect.py @@ -157,9 +157,9 @@ def generate(ocserv): if "radius" in ocserv["authentication"]["mode"]: # Render radius client configuration - render(radius_cfg, 'ocserv/radius_conf.tmpl', ocserv["authentication"]["radius"]) + render(radius_cfg, 'ocserv/radius_conf.j2', ocserv["authentication"]["radius"]) # Render radius servers - render(radius_servers, 'ocserv/radius_servers.tmpl', ocserv["authentication"]["radius"]) + render(radius_servers, 'ocserv/radius_servers.j2', ocserv["authentication"]["radius"]) elif "local" in ocserv["authentication"]["mode"]: # if mode "OTP", generate OTP users file parameters if "otp" in ocserv["authentication"]["mode"]["local"]: @@ -184,24 +184,24 @@ def generate(ocserv): if "password-otp" in ocserv["authentication"]["mode"]["local"]: # Render local users ocpasswd - render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"]) # Render local users OTP keys - render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.j2', ocserv["authentication"]["local_users"]) elif "password" in ocserv["authentication"]["mode"]["local"]: # Render local users ocpasswd - render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"]) elif "otp" in ocserv["authentication"]["mode"]["local"]: # Render local users OTP keys - render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.j2', ocserv["authentication"]["local_users"]) else: # Render local users ocpasswd - render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"]) else: if "local_users" in ocserv["authentication"]: for user in ocserv["authentication"]["local_users"]["username"]: ocserv["authentication"]["local_users"]["username"][user]["hash"] = get_hash(ocserv["authentication"]["local_users"]["username"][user]["password"]) # Render local users - render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"]) if "ssl" in ocserv: cert_file_path = os.path.join(cfg_dir, 'cert.pem') @@ -227,7 +227,7 @@ def generate(ocserv): f.write(wrap_certificate(pki_ca_cert['certificate'])) # Render config - render(ocserv_conf, 'ocserv/ocserv_config.tmpl', ocserv) + render(ocserv_conf, 'ocserv/ocserv_config.j2', ocserv) def apply(ocserv): diff --git a/src/conf_mode/vpn_pptp.py b/src/conf_mode/vpn_pptp.py index 30abe4782..7550c411e 100755 --- a/src/conf_mode/vpn_pptp.py +++ b/src/conf_mode/vpn_pptp.py @@ -264,10 +264,10 @@ def generate(pptp): if not pptp: return None - render(pptp_conf, 'accel-ppp/pptp.config.tmpl', pptp) + render(pptp_conf, 'accel-ppp/pptp.config.j2', pptp) if pptp['local_users']: - render(pptp_chap_secrets, 'accel-ppp/chap-secrets.tmpl', pptp) + render(pptp_chap_secrets, 'accel-ppp/chap-secrets.j2', pptp) os.chmod(pptp_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP) else: if os.path.exists(pptp_chap_secrets): diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 68980e5ab..db53463cf 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -114,7 +114,7 @@ def generate(sstp): return None # accel-cmd reload doesn't work so any change results in a restart of the daemon - render(sstp_conf, 'accel-ppp/sstp.config.tmpl', sstp) + render(sstp_conf, 'accel-ppp/sstp.config.j2', sstp) cert_name = sstp['ssl']['certificate'] pki_cert = sstp['pki']['certificate'][cert_name] @@ -127,7 +127,7 @@ def generate(sstp): write_file(ca_cert_file_path, wrap_certificate(pki_ca['certificate'])) if dict_search('authentication.mode', sstp) == 'local': - render(sstp_chap_secrets, 'accel-ppp/chap-secrets.config_dict.tmpl', + render(sstp_chap_secrets, 'accel-ppp/chap-secrets.config_dict.j2', sstp, permission=0o640) else: if os.path.exists(sstp_chap_secrets): diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index f79c8a21e..972d0289b 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -83,7 +83,8 @@ def get_config(config=None): conf = Config() base = ['vrf'] - vrf = conf.get_config_dict(base, get_first_key=True) + vrf = conf.get_config_dict(base, key_mangling=('-', '_'), + no_tag_node_value_mangle=True, get_first_key=True) # determine which VRF has been removed for name in node_changed(conf, base + ['name']): @@ -133,10 +134,10 @@ def verify(vrf): def generate(vrf): - render(config_file, 'vrf/vrf.conf.tmpl', vrf) + render(config_file, 'vrf/vrf.conf.j2', vrf) # Render nftables zones config - render(nft_vrf_config, 'firewall/nftables-vrf-zones.tmpl', vrf) + render(nft_vrf_config, 'firewall/nftables-vrf-zones.j2', vrf) return None @@ -152,7 +153,7 @@ def apply(vrf): # set the default VRF global behaviour bind_all = '0' - if 'bind-to-all' in vrf: + if 'bind_to_all' in vrf: bind_all = '1' sysctl_write('net.ipv4.tcp_l3mdev_accept', bind_all) sysctl_write('net.ipv4.udp_l3mdev_accept', bind_all) @@ -222,6 +223,15 @@ def apply(vrf): # add VRF description if available vrf_if.set_alias(config.get('description', '')) + # Enable/Disable IPv4 forwarding + tmp = dict_search('ip.disable_forwarding', config) + value = '0' if (tmp != None) else '1' + vrf_if.set_ipv4_forwarding(value) + # Enable/Disable IPv6 forwarding + tmp = dict_search('ipv6.disable_forwarding', config) + value = '0' if (tmp != None) else '1' + vrf_if.set_ipv6_forwarding(value) + # Enable/Disable of an interface must always be done at the end of the # derived class to make use of the ref-counting set_admin_state() # function. We will only enable the interface if 'up' was called as diff --git a/src/conf_mode/zone_policy.py b/src/conf_mode/zone_policy.py index dc0617353..070a4deea 100755 --- a/src/conf_mode/zone_policy.py +++ b/src/conf_mode/zone_policy.py @@ -192,7 +192,7 @@ def generate(zone_policy): if 'local_zone' in zone_conf: zone_conf['from_local'] = get_local_from(data, zone) - render(nftables_conf, 'zone_policy/nftables.tmpl', data) + render(nftables_conf, 'zone_policy/nftables.j2', data) return None def apply(zone_policy): diff --git a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper index 74a7e83bf..5d879471d 100644 --- a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper +++ b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper @@ -26,7 +26,7 @@ function iptovtysh () { local VTYSH_GATEWAY="" local VTYSH_DEV="" local VTYSH_TAG="210" - local VTYSH_DISTANCE="" + local VTYSH_DISTANCE=$IF_METRIC # convert default route to 0.0.0.0/0 if [ "$4" == "default" ] ; then VTYSH_NETADDR="0.0.0.0/0" diff --git a/src/etc/ppp/ip-up.d/99-vyos-pppoe-callback b/src/etc/ppp/ip-up.d/99-vyos-pppoe-callback index bb918a468..fa1917ab1 100755 --- a/src/etc/ppp/ip-up.d/99-vyos-pppoe-callback +++ b/src/etc/ppp/ip-up.d/99-vyos-pppoe-callback @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -23,14 +23,9 @@ from sys import argv from sys import exit -from syslog import syslog -from syslog import openlog -from syslog import LOG_PID -from syslog import LOG_INFO - from vyos.configquery import ConfigTreeQuery +from vyos.configdict import get_interface_dict from vyos.ifconfig import PPPoEIf -from vyos.util import read_file # When the ppp link comes up, this script is called with the following # parameters @@ -45,15 +40,10 @@ if (len(argv) < 7): exit(1) interface = argv[6] -dialer_pid = read_file(f'/var/run/{interface}.pid') - -openlog(ident=f'pppd[{dialer_pid}]', facility=LOG_INFO) -syslog('executing ' + argv[0]) conf = ConfigTreeQuery() -pppoe = conf.get_config_dict(['interfaces', 'pppoe', argv[6]], - get_first_key=True, key_mangling=('-', '_')) -pppoe['ifname'] = argv[6] +_, pppoe = get_interface_dict(conf.config, ['interfaces', 'pppoe'], interface) -p = PPPoEIf(pppoe['ifname']) +# Update the config +p = PPPoEIf(interface) p.update(pppoe) diff --git a/src/migration-scripts/interfaces/25-to-26 b/src/migration-scripts/interfaces/25-to-26 new file mode 100755 index 000000000..a8936235e --- /dev/null +++ b/src/migration-scripts/interfaces/25-to-26 @@ -0,0 +1,54 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# T4384: pppoe: replace default-route CLI option with common CLI nodes already +# present for DHCP + +from sys import argv + +from vyos.ethtool import Ethtool +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['interfaces', 'pppoe'] +config = ConfigTree(config_file) + +if not config.exists(base): + exit(0) + +for ifname in config.list_nodes(base): + tmp_config = base + [ifname, 'default-route'] + if config.exists(tmp_config): + # Retrieve current config value + value = config.return_value(tmp_config) + # Delete old Config node + config.delete(tmp_config) + if value == 'none': + config.set(base + [ifname, 'no-default-route']) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print(f'Failed to save the modified config: {e}') + exit(1) diff --git a/src/migration-scripts/quagga/9-to-10 b/src/migration-scripts/quagga/9-to-10 new file mode 100755 index 000000000..249738822 --- /dev/null +++ b/src/migration-scripts/quagga/9-to-10 @@ -0,0 +1,62 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# re-organize route-map as-path + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree + +if (len(argv) < 2): + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['policy', 'route-map'] + +config = ConfigTree(config_file) +if not config.exists(base): + # Nothing to do + exit(0) + +for route_map in config.list_nodes(base): + # Bail out Early + if not config.exists(base + [route_map, 'rule']): + continue + + for rule in config.list_nodes(base + [route_map, 'rule']): + rule_base = base + [route_map, 'rule', rule] + if config.exists(rule_base + ['set', 'as-path-exclude']): + tmp = config.return_value(rule_base + ['set', 'as-path-exclude']) + config.delete(rule_base + ['set', 'as-path-exclude']) + config.set(rule_base + ['set', 'as-path', 'exclude'], value=tmp) + + if config.exists(rule_base + ['set', 'as-path-prepend']): + tmp = config.return_value(rule_base + ['set', 'as-path-prepend']) + config.delete(rule_base + ['set', 'as-path-prepend']) + config.set(rule_base + ['set', 'as-path', 'prepend'], value=tmp) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) diff --git a/src/migration-scripts/system/23-to-24 b/src/migration-scripts/system/23-to-24 new file mode 100755 index 000000000..5ea71d51a --- /dev/null +++ b/src/migration-scripts/system/23-to-24 @@ -0,0 +1,85 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os + +from ipaddress import ip_interface +from ipaddress import ip_address +from sys import exit, argv +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['protocols', 'static', 'arp'] +tmp_base = ['protocols', 'static', 'arp-tmp'] +config = ConfigTree(config_file) + +def fixup_cli(config, path, interface): + if config.exists(path + ['address']): + for address in config.return_values(path + ['address']): + tmp = ip_interface(address) + if ip_address(host) in tmp.network.hosts(): + mac = config.return_value(tmp_base + [host, 'hwaddr']) + iface_path = ['protocols', 'static', 'arp', 'interface'] + config.set(iface_path + [interface, 'address', host, 'mac'], value=mac) + config.set_tag(iface_path) + config.set_tag(iface_path + [interface, 'address']) + continue + +if not config.exists(base): + # Nothing to do + exit(0) + +# We need a temporary copy of the config tree as the original one needs to be +# deleted first due to a change iun thge tagNode structure. +config.copy(base, tmp_base) +config.delete(base) + +for host in config.list_nodes(tmp_base): + for type in config.list_nodes(['interfaces']): + for interface in config.list_nodes(['interfaces', type]): + if_base = ['interfaces', type, interface] + fixup_cli(config, if_base, interface) + + if config.exists(if_base + ['vif']): + for vif in config.list_nodes(if_base + ['vif']): + vif_base = ['interfaces', type, interface, 'vif', vif] + fixup_cli(config, vif_base, f'{interface}.{vif}') + + if config.exists(if_base + ['vif-s']): + for vif_s in config.list_nodes(if_base + ['vif-s']): + vif_s_base = ['interfaces', type, interface, 'vif-s', vif_s] + fixup_cli(config, vif_s_base, f'{interface}.{vif_s}') + + if config.exists(if_base + ['vif-s', vif_s, 'vif-c']): + for vif_c in config.list_nodes(if_base + ['vif-s', vif_s, 'vif-c']): + vif_c_base = ['interfaces', type, interface, 'vif-s', vif_s, 'vif-c', vif_c] + fixup_cli(config, vif_c_base, f'{interface}.{vif_s}.{vif_c}') + +config.delete(tmp_base) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print(f'Failed to save the modified config: {e}') + exit(1) diff --git a/src/op_mode/conntrack_sync.py b/src/op_mode/conntrack_sync.py index 89f6df4b9..e45c38f07 100755 --- a/src/op_mode/conntrack_sync.py +++ b/src/op_mode/conntrack_sync.py @@ -77,7 +77,7 @@ def xml_to_stdout(xml): parsed = xmltodict.parse(line) out.append(parsed) - print(render_to_string('conntrackd/conntrackd.op-mode.tmpl', {'data' : out})) + print(render_to_string('conntrackd/conntrackd.op-mode.j2', {'data' : out})) if __name__ == '__main__': args = parser.parse_args() diff --git a/src/op_mode/containers_op.py b/src/op_mode/containers_op.py deleted file mode 100755 index bc317029c..000000000 --- a/src/op_mode/containers_op.py +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2021 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -import argparse - -from getpass import getuser -from vyos.configquery import ConfigTreeQuery -from vyos.util import cmd - -parser = argparse.ArgumentParser() -parser.add_argument("-a", "--all", action="store_true", help="Show all containers") -parser.add_argument("-i", "--image", action="store_true", help="Show container images") -parser.add_argument("-n", "--networks", action="store_true", help="Show container images") -parser.add_argument("-p", "--pull", action="store", help="Pull image for container") -parser.add_argument("-d", "--remove", action="store", help="Delete container image") -parser.add_argument("-u", "--update", action="store", help="Update given container image") - -config = ConfigTreeQuery() -base = ['container'] -if not config.exists(base): - print('Containers not configured') - exit(0) - -if getuser() != 'root': - raise OSError('This functions needs to be run as root to return correct results!') - -if __name__ == '__main__': - args = parser.parse_args() - - if args.all: - print(cmd('podman ps --all')) - - elif args.image: - print(cmd('podman image ls')) - - elif args.networks: - print(cmd('podman network ls')) - - elif args.pull: - image = args.pull - try: - print(cmd(f'podman image pull {image}')) - except: - print(f'Can\'t find or download image "{image}"') - - elif args.remove: - image = args.remove - try: - print(cmd(f'podman image rm {image}')) - except: - print(f'Can\'t delete image "{image}"') - - elif args.update: - tmp = config.get_config_dict(base + ['name', args.update], - key_mangling=('-', '_'), get_first_key=True) - try: - image = tmp['image'] - print(cmd(f'podman image pull {image}')) - except: - print(f'Can\'t find or download image "{image}"') - else: - parser.print_help() - exit(1) - - exit(0) diff --git a/src/op_mode/generate_openconnect_otp_key.py b/src/op_mode/generate_openconnect_otp_key.py new file mode 100755 index 000000000..363bcf3ea --- /dev/null +++ b/src/op_mode/generate_openconnect_otp_key.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import argparse +import os + +from vyos.util import popen +from secrets import token_hex +from base64 import b32encode + +if os.geteuid() != 0: + exit("You need to have root privileges to run this script.\nPlease try again, this time using 'sudo'. Exiting.") + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser.add_argument("-u", "--username", type=str, help='Username used for authentication', required=True) + parser.add_argument("-i", "--interval", type=str, help='Duration of single time interval', default="30", required=False) + parser.add_argument("-d", "--digits", type=str, help='The number of digits in the one-time password', default="6", required=False) + args = parser.parse_args() + + hostname = os.uname()[1] + username = args.username + digits = args.digits + period = args.interval + + # check variables: + if int(digits) < 6 or int(digits) > 8: + print("") + quit("The number of digits in the one-time password must be between '6' and '8'") + + if int(period) < 5 or int(period) > 86400: + print("") + quit("Time token interval must be between '5' and '86400' seconds") + + # generate OTP key, URL & QR: + key_hex = token_hex(20) + key_base32 = b32encode(bytes.fromhex(key_hex)).decode() + + otp_url=''.join(["otpauth://totp/",username,"@",hostname,"?secret=",key_base32,"&digits=",digits,"&period=",period]) + qrcode,err = popen('qrencode -t ansiutf8', input=otp_url) + + print("# You can share it with the user, he just needs to scan the QR in his OTP app") + print("# username: ", username) + print("# OTP KEY: ", key_base32) + print("# OTP URL: ", otp_url) + print(qrcode) + print('# To add this OTP key to configuration, run the following commands:') + print(f"set vpn openconnect authentication local-users username {username} otp key '{key_hex}'") + if period != "30": + print(f"set vpn openconnect authentication local-users username {username} otp interval '{period}'") + if digits != "6": + print(f"set vpn openconnect authentication local-users username {username} otp otp-length '{digits}'") diff --git a/src/op_mode/generate_ovpn_client_file.py b/src/op_mode/generate_ovpn_client_file.py index 29db41e37..0628e6135 100755 --- a/src/op_mode/generate_ovpn_client_file.py +++ b/src/op_mode/generate_ovpn_client_file.py @@ -18,6 +18,7 @@ import argparse import os from jinja2 import Template +from textwrap import fill from vyos.configquery import ConfigTreeQuery from vyos.ifconfig import Section @@ -117,8 +118,11 @@ if __name__ == '__main__': exit(f'OpenVPN certificate key "{key}" does not exist!') ca = config.value(['pki', 'ca', ca, 'certificate']) + ca = fill(ca, width=64) cert = config.value(['pki', 'certificate', cert, 'certificate']) + cert = fill(cert, width=64) key = config.value(['pki', 'certificate', key, 'private', 'key']) + key = fill(key, width=64) remote_host = config.value(base + [interface, 'local-host']) ovpn_conf = config.get_config_dict(base + [interface], key_mangling=('-', '_'), get_first_key=True) diff --git a/src/op_mode/ikev2_profile_generator.py b/src/op_mode/ikev2_profile_generator.py index 990b06c12..21561d16f 100755 --- a/src/op_mode/ikev2_profile_generator.py +++ b/src/op_mode/ikev2_profile_generator.py @@ -222,9 +222,9 @@ except KeyboardInterrupt: print('\n\n==== <snip> ====') if args.os == 'ios': - print(render_to_string('ipsec/ios_profile.tmpl', data)) + print(render_to_string('ipsec/ios_profile.j2', data)) print('==== </snip> ====\n') print('Save the XML from above to a new file named "vyos.mobileconfig" and E-Mail it to your phone.') elif args.os == 'windows': - print(render_to_string('ipsec/windows_profile.tmpl', data)) + print(render_to_string('ipsec/windows_profile.j2', data)) print('==== </snip> ====\n') diff --git a/src/op_mode/show_openvpn.py b/src/op_mode/show_openvpn.py index f7b99cc0d..9a5adcffb 100755 --- a/src/op_mode/show_openvpn.py +++ b/src/op_mode/show_openvpn.py @@ -26,10 +26,10 @@ outp_tmpl = """ {% if clients %} OpenVPN status on {{ intf }} -Client CN Remote Host Local Host TX bytes RX bytes Connected Since ---------- ----------- ---------- -------- -------- --------------- +Client CN Remote Host Tunnel IP Local Host TX bytes RX bytes Connected Since +--------- ----------- --------- ---------- -------- -------- --------------- {% for c in clients %} -{{ "%-15s"|format(c.name) }} {{ "%-21s"|format(c.remote) }} {{ "%-21s"|format(local) }} {{ "%-9s"|format(c.tx_bytes) }} {{ "%-9s"|format(c.rx_bytes) }} {{ c.online_since }} +{{ "%-15s"|format(c.name) }} {{ "%-21s"|format(c.remote) }} {{ "%-15s"|format(c.tunnel) }} {{ "%-21s"|format(local) }} {{ "%-9s"|format(c.tx_bytes) }} {{ "%-9s"|format(c.rx_bytes) }} {{ c.online_since }} {% endfor %} {% endif %} """ @@ -50,6 +50,19 @@ def bytes2HR(size): output="{0:.1f} {1}".format(size, suff[suffIdx]) return output +def get_vpn_tunnel_address(peer, interface): + lst = [] + status_file = '/var/run/openvpn/{}.status'.format(interface) + + with open(status_file, 'r') as f: + lines = f.readlines() + for line in lines: + if peer in line: + lst.append(line) + tunnel_ip = lst[1].split(',')[0] + + return tunnel_ip + def get_status(mode, interface): status_file = '/var/run/openvpn/{}.status'.format(interface) # this is an empirical value - I assume we have no more then 999999 @@ -110,7 +123,7 @@ def get_status(mode, interface): 'tx_bytes': bytes2HR(line.split(',')[3]), 'online_since': line.split(',')[4] } - + client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface) data['clients'].append(client) continue else: @@ -173,5 +186,7 @@ if __name__ == '__main__': if len(remote_host) >= 1: client['remote'] = str(remote_host[0]) + ':' + remote_port + client['tunnel'] = 'N/A' + tmpl = jinja2.Template(outp_tmpl) print(tmpl.render(data)) diff --git a/src/op_mode/traceroute.py b/src/op_mode/traceroute.py new file mode 100755 index 000000000..4299d6e5f --- /dev/null +++ b/src/op_mode/traceroute.py @@ -0,0 +1,207 @@ +#! /usr/bin/env python3 + +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import sys +import socket +import ipaddress + +options = { + 'backward-hops': { + 'traceroute': '{command} --back', + 'type': 'noarg', + 'help': 'Display number of backward hops when they different from the forwarded path' + }, + 'bypass': { + 'traceroute': '{command} -r', + 'type': 'noarg', + 'help': 'Bypass the normal routing tables and send directly to a host on an attached network' + }, + 'do-not-fragment': { + 'traceroute': '{command} -F', + 'type': 'noarg', + 'help': 'Do not fragment probe packets.' + }, + 'first-ttl': { + 'traceroute': '{command} -f {value}', + 'type': '<ttl>', + 'help': 'Specifies with what TTL to start. Defaults to 1.' + }, + 'icmp': { + 'traceroute': '{command} -I', + 'type': 'noarg', + 'help': 'Use ICMP ECHO for tracerouting' + }, + 'interface': { + 'traceroute': '{command} -i {value}', + 'type': '<interface>', + 'help': 'Source interface' + }, + 'lookup-as': { + 'traceroute': '{command} -A', + 'type': 'noarg', + 'help': 'Perform AS path lookups' + }, + 'mark': { + 'traceroute': '{command} --fwmark={value}', + 'type': '<fwmark>', + 'help': 'Set the firewall mark for outgoing packets' + }, + 'no-resolve': { + 'traceroute': '{command} -n', + 'type': 'noarg', + 'help': 'Do not resolve hostnames' + }, + 'port': { + 'traceroute': '{command} -p {value}', + 'type': '<port>', + 'help': 'Destination port' + }, + 'source-address': { + 'traceroute': '{command} -s {value}', + 'type': '<x.x.x.x> <h:h:h:h:h:h:h:h>', + 'help': 'Specify source IP v4/v6 address' + }, + 'tcp': { + 'traceroute': '{command} -T', + 'type': 'noarg', + 'help': 'Use TCP SYN for tracerouting (default port is 80)' + }, + 'tos': { + 'traceroute': '{commad} -t {value}', + 'type': '<tos>', + 'help': 'Mark packets with specified TOS' + }, + 'ttl': { + 'traceroute': '{command} -m {value}', + 'type': '<ttl>', + 'help': 'Maximum number of hops' + }, + 'udp': { + 'traceroute': '{command} -U', + 'type': 'noarg', + 'help': 'Use UDP to particular port for tracerouting (default port is 53)' + }, + 'vrf': { + 'traceroute': 'sudo ip vrf exec {value} {command}', + 'type': '<vrf>', + 'help': 'Use specified VRF table', + 'dflt': 'default'} +} + +traceroute = { + 4: '/bin/traceroute -4', + 6: '/bin/traceroute -6', +} + + +class List (list): + def first (self): + return self.pop(0) if self else '' + + def last(self): + return self.pop() if self else '' + + def prepend(self,value): + self.insert(0,value) + + +def expension_failure(option, completions): + reason = 'Ambiguous' if completions else 'Invalid' + sys.stderr.write('\n\n {} command: {} [{}]\n\n'.format(reason,' '.join(sys.argv), option)) + if completions: + sys.stderr.write(' Possible completions:\n ') + sys.stderr.write('\n '.join(completions)) + sys.stderr.write('\n') + sys.stdout.write('<nocomps>') + sys.exit(1) + + +def complete(prefix): + return [o for o in options if o.startswith(prefix)] + + +def convert(command, args): + while args: + shortname = args.first() + longnames = complete(shortname) + if len(longnames) != 1: + expension_failure(shortname, longnames) + longname = longnames[0] + if options[longname]['type'] == 'noarg': + command = options[longname]['traceroute'].format( + command=command, value='') + elif not args: + sys.exit(f'traceroute: missing argument for {longname} option') + else: + command = options[longname]['traceroute'].format( + command=command, value=args.first()) + return command + + +if __name__ == '__main__': + args = List(sys.argv[1:]) + host = args.first() + + if not host: + sys.exit("traceroute: Missing host") + + if host == '--get-options': + args.first() # pop traceroute + args.first() # pop IP + while args: + option = args.first() + + matched = complete(option) + if not args: + sys.stdout.write(' '.join(matched)) + sys.exit(0) + + if len(matched) > 1 : + sys.stdout.write(' '.join(matched)) + sys.exit(0) + + if options[matched[0]]['type'] == 'noarg': + continue + + value = args.first() + if not args: + matched = complete(option) + sys.stdout.write(options[matched[0]]['type']) + sys.exit(0) + + for name,option in options.items(): + if 'dflt' in option and name not in args: + args.append(name) + args.append(option['dflt']) + + try: + ip = socket.gethostbyname(host) + except UnicodeError: + sys.exit(f'tracroute: Unknown host: {host}') + except socket.gaierror: + ip = host + + try: + version = ipaddress.ip_address(ip).version + except ValueError: + sys.exit(f'traceroute: Unknown host: {host}') + + command = convert(traceroute[version],args) + + # print(f'{command} {host}') + os.system(f'{command} {host}') + diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py index 40854fa8f..8955e5a59 100755 --- a/src/op_mode/vpn_ipsec.py +++ b/src/op_mode/vpn_ipsec.py @@ -88,7 +88,22 @@ def reset_profile(profile, tunnel): def debug_peer(peer, tunnel): if not peer or peer == "all": - call('sudo /usr/sbin/ipsec statusall') + debug_commands = [ + "sudo ipsec statusall", + "sudo swanctl -L", + "sudo swanctl -l", + "sudo swanctl -P", + "sudo ip x sa show", + "sudo ip x policy show", + "sudo ip tunnel show", + "sudo ip address", + "sudo ip rule show", + "sudo ip route | head -100", + "sudo ip route show table 220" + ] + for debug_cmd in debug_commands: + print(f'\n### {debug_cmd} ###') + call(debug_cmd) return if not tunnel or tunnel == 'all': diff --git a/src/validators/as-number-list b/src/validators/as-number-list new file mode 100755 index 000000000..432d44180 --- /dev/null +++ b/src/validators/as-number-list @@ -0,0 +1,29 @@ +#!/bin/sh +# +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +if [ $# -lt 1 ]; then + echo "Illegal number of parameters" + exit 1 +fi + +for var in "$@"; do + ${vyos_validators_dir}/numeric --range 1-4294967294 $var + if [ $? -ne 0 ]; then + exit 1 + fi +done + +exit 0 diff --git a/src/validators/port-multi b/src/validators/port-multi index cef371563..bd6f0ef60 100755 --- a/src/validators/port-multi +++ b/src/validators/port-multi @@ -1,6 +1,7 @@ #!/usr/bin/python3 -import sys +from sys import argv +from sys import exit import re from vyos.util import read_file @@ -13,12 +14,18 @@ def get_services(): for line in service_data.split("\n"): if not line or line[0] == '#': continue - names.append(line.split(None, 1)[0]) + tmp = line.split() + names.append(tmp[0]) + if len(tmp) > 2: + # Add port aliases to service list, too + names.extend(tmp[2:]) + # remove duplicate entries (e.g. echo) from list + names = list(dict.fromkeys(names)) return names if __name__ == '__main__': - if len(sys.argv)>1: - ports = sys.argv[1].split(",") + if len(argv)>1: + ports = argv[1].split(",") services = get_services() for port in ports: @@ -28,18 +35,18 @@ if __name__ == '__main__': port_1, port_2 = port.split('-') if int(port_1) not in range(1, 65536) or int(port_2) not in range(1, 65536): print(f'Error: {port} is not a valid port range') - sys.exit(1) + exit(1) if int(port_1) > int(port_2): print(f'Error: {port} is not a valid port range') - sys.exit(1) + exit(1) elif port.isnumeric(): if int(port) not in range(1, 65536): print(f'Error: {port} is not a valid port') - sys.exit(1) + exit(1) elif port not in services: print(f'Error: {port} is not a valid service name') - sys.exit(1) + exit(1) else: - sys.exit(2) + exit(2) - sys.exit(0) + exit(0) |