"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "go/testdata/bridged.t" between
Netspoc-6.032.tar.gz and Netspoc-6.033.tar.gz

About: NetSPoC is a network security policy compiler (using its own description language) to manage all the packet filter devices inside your network topology.

bridged.t  (Netspoc-6.032):bridged.t  (Netspoc-6.033)
skipping to change at line 281 skipping to change at line 281
interface:n1/left = { hardware = inside; } interface:n1/left = { hardware = inside; }
interface:n1/right = { hardware = outside; } interface:n1/right = { hardware = outside; }
} }
network:n1/right = { ip = 10.1.1.0/24; } network:n1/right = { ip = 10.1.1.0/24; }
=END= =END=
=ERROR= =ERROR=
Error: router:bridge1 can't bridge a single network Error: router:bridge1 can't bridge a single network
=END= =END=
############################################################ ############################################################
=TITLE=Bridge must connect at least two networks (2) =TITLE=Single device can't bridge different networks
=INPUT= =INPUT=
network:n1/left = { ip = 10.1.1.0/24; } network:n1/left = { ip = 10.1.1.0/24; }
router:bridge1 = { router:bridge1 = {
model = ASA; model = ASA;
managed; managed;
interface:n1 = { ip = 10.1.1.1; hardware = device; } interface:n1 = { ip = 10.1.1.1; hardware = device; }
interface:n1/left = { hardware = inside; } interface:n1/left = { hardware = inside; }
interface:n2/right = { hardware = outside; } interface:n2/right = { hardware = outside; }
} }
network:n2/right = { ip = 10.1.2.0/24; } network:n2/right = { ip = 10.1.2.0/24; }
skipping to change at line 390 skipping to change at line 390
=ERROR= =ERROR=
Error: Duplicate IP address for interface:r1.n1/left and interface:bridge.n1 Error: Duplicate IP address for interface:r1.n1/left and interface:bridge.n1
Error: Duplicate IP address for interface:r1.n1/left and interface:r2.n1/right Error: Duplicate IP address for interface:r1.n1/left and interface:r2.n1/right
Error: Duplicate IP address for interface:r1.n1/left and host:h1 Error: Duplicate IP address for interface:r1.n1/left and host:h1
Error: Duplicate IP address for host:h2a and host:h2b Error: Duplicate IP address for host:h2a and host:h2b
=END= =END=
############################################################ ############################################################
# Shared topology for multiple tests # Shared topology for multiple tests
=VAR=topology =VAR=topology
network:intern = { network:n1 = {
ip = 10.1.1.0/24; ip = 10.1.1.0/24;
host:netspoc = { ip = 10.1.1.111; } host:netspoc = { ip = 10.1.1.111; }
} }
network:n2/left = { ip = 10.1.2.0/24; }
network:n2/right = { ip = 10.1.2.0/24; }
network:n3 = { ip = 10.1.3.0/24; }
router:asa = { router:asa = {
model = IOS; model = IOS;
#managed; #managed;
interface:intern = { interface:n1 = { ip = 10.1.1.101; hardware = n1; }
ip = 10.1.1.101; interface:n2/left = { ip = 10.1.2.101; hardware = n2; }
hardware = Ethernet0;
}
interface:dmz/left = {
ip = 192.168.0.101;
hardware = Ethernet1;
}
} }
network:dmz/left = { ip = 192.168.0.0/24; }
router:bridge = { router:bridge = {
model = ASA; model = ASA;
managed; managed;
policy_distribution_point = host:netspoc; policy_distribution_point = host:netspoc;
interface:dmz = { ip = 192.168.0.9; hardware = device; } interface:n2 = { ip = 10.1.2.9; hardware = device; }
interface:dmz/left = { hardware = inside; } interface:n2/left = { hardware = inside; }
interface:dmz/right = { hardware = outside; } interface:n2/right = { hardware = outside; }
} }
network:dmz/right = { ip = 192.168.0.0/24;} router:r3 = {
router:extern = { interface:n2/right = { ip = 10.1.2.1; }
interface:dmz/right = { ip = 192.168.0.1; } interface:n3;
interface:extern;
} }
network:extern = { ip = 10.9.9.0/24; }
=END= =END=
############################################################ ############################################################
=TITLE=Admin access to bridge =TITLE=Admin access to bridge
=INPUT= =INPUT=
${topology} ${topology}
service:admin = { service:admin = {
user = interface:bridge.dmz; user = interface:bridge.n2;
permit src = network:intern; dst = user; prt = tcp 22; permit src = network:n1; dst = user; prt = tcp 22;
} }
=END= =END=
=OUTPUT= =OUTPUT=
--bridge --bridge
! [ IP = 192.168.0.9 ] ! [ IP = 10.1.2.9 ]
=END= =END=
############################################################ ############################################################
=TITLE=Admin access to bridge auto interface =TITLE=Admin access to bridge auto interface
=INPUT= =INPUT=
${topology} ${topology}
service:admin = { service:admin = {
user = interface:bridge.[auto]; user = interface:bridge.[auto];
permit src = network:intern; dst = user; prt = tcp 22; permit src = network:n1; dst = user; prt = tcp 22;
} }
=END= =END=
=OUTPUT= =OUTPUT=
--bridge --bridge
! [ IP = 192.168.0.9 ] ! [ IP = 10.1.2.9 ]
=END= =END=
############################################################ ############################################################
=TITLE=Admin access to bridge all interfaces =TITLE=Admin access to bridge all interfaces
=INPUT= =INPUT=
${topology} ${topology}
service:admin = { service:admin = {
user = interface:bridge.[all]; user = interface:bridge.[all];
permit src = network:intern; dst = user; prt = tcp 22; permit src = network:n1; dst = user; prt = tcp 22;
} }
=END= =END=
=OUTPUT= =OUTPUT=
--bridge --bridge
! [ IP = 192.168.0.9 ] ! [ IP = 10.1.2.9 ]
=END= =END=
############################################################ ############################################################
=TITLE=Access to both sides of bridged network =TITLE=Access to both sides of bridged network
=INPUT= =INPUT=
${topology} ${topology}
service:test = { service:test = {
user = network:dmz/left, network:dmz/right; user = network:n2/left, network:n2/right;
permit src = user; dst = host:[network:intern]; prt = tcp 80; permit src = user; dst = host:[network:n1]; prt = tcp 80;
} }
=END= =END=
=SUBST=/policy_distribution_point/#policy_distribution_point/ =SUBST=/policy_distribution_point/#policy_distribution_point/
=SUBST=/#managed/managed/ =SUBST=/#managed/managed/
=OUTPUT= =OUTPUT=
--bridge --bridge
access-list outside_in extended permit tcp 192.168.0.0 255.255.255.0 host 10.1.1 .111 eq 80 access-list outside_in extended permit tcp 10.1.2.0 255.255.255.0 host 10.1.1.11 1 eq 80
access-list outside_in extended deny ip any4 any4 access-list outside_in extended deny ip any4 any4
access-group outside_in in interface outside access-group outside_in in interface outside
=END= =END=
############################################################ ############################################################
=TITLE=Access through bridged ASA =TITLE=Access through bridged ASA
=INPUT= =INPUT=
${topology} ${topology}
service:test = { service:test = {
user = network:extern; user = network:n3;
permit src = user; dst = host:[network:intern]; prt = tcp 80; permit src = user; dst = host:[network:n1]; prt = tcp 80;
} }
=END= =END=
=SUBST=/policy_distribution_point/#policy_distribution_point/ =SUBST=/policy_distribution_point/#policy_distribution_point/
=SUBST=/#managed/managed/ =SUBST=/#managed/managed/
# Must not use bridged interface as next hop in static route. # Must not use bridged interface as next hop in static route.
=OUTPUT= =OUTPUT=
--bridge --bridge
access-list outside_in extended permit tcp 10.9.9.0 255.255.255.0 host 10.1.1.11 1 eq 80 access-list outside_in extended permit tcp 10.1.3.0 255.255.255.0 host 10.1.1.11 1 eq 80
access-list outside_in extended deny ip any4 any4 access-list outside_in extended deny ip any4 any4
access-group outside_in in interface outside access-group outside_in in interface outside
--asa --asa
! [ Routing ] ! [ Routing ]
ip route 10.9.9.0 255.255.255.0 192.168.0.1 ip route 10.1.3.0 255.255.255.0 10.1.2.1
=END= =END=
############################################################ ############################################################
=TITLE=Must not use bridged interface in rule =TITLE=Must not use bridged interface in rule
=INPUT= =INPUT=
${topology} ${topology}
service:test = { service:test = {
user = network:intern; user = network:n1;
permit src = user; dst = interface:bridge.dmz/right; prt = tcp 22; permit src = user; dst = interface:bridge.n2/right; prt = tcp 22;
permit src = interface:bridge.dmz/left; dst = user; prt = tcp 22; permit src = interface:bridge.n2/left; dst = user; prt = tcp 22;
} }
=END= =END=
=SUBST=/policy_distribution_point/#policy_distribution_point/ =SUBST=/policy_distribution_point/#policy_distribution_point/
=SUBST=/#managed/managed/ =SUBST=/#managed/managed/
=WARNING= =WARNING=
Warning: Ignoring bridged interface:bridge.dmz/right in dst of rule in service:t Warning: Ignoring bridged interface:bridge.n2/right in dst of rule in service:te
est st
Warning: Ignoring bridged interface:bridge.dmz/left in src of rule in service:te Warning: Ignoring bridged interface:bridge.n2/left in src of rule in service:tes
st t
=END= =END=
############################################################ ############################################################
=TITLE=Duplicate auto interface =TITLE=Duplicate auto interface
# Two auto interfaces are found in topology, # Two auto interfaces are found in topology,
# but are combined into a single layer 3 interface. # but are combined into a single layer 3 interface.
=INPUT= =INPUT=
network:n1/left = { ip = 10.1.1.0/24; } network:n1/left = { ip = 10.1.1.0/24; }
router:bridge = { router:bridge = {
model = ASA; model = ASA;
 End of changes. 20 change blocks. 
41 lines changed or deleted 36 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)