diff --new-file -cr ip_fil3.4.5/HISTORY ip_fil3.4.6/HISTORY *** ip_fil3.4.5/HISTORY Sat Jun 10 00:10:34 2000 --- ip_fil3.4.6/HISTORY Sun Jun 11 02:25:52 2000 *************** *** 20,25 **** --- 20,33 ---- # and especially those who have found the time to port IP Filter to new # platforms. # + 3.4.6 11/06/2000 - Released + + add extra regression tests for new nat functionality + + place restrictions on using '!' in map/rdr rules + + fix up solaris compile problems + 3.4.5 10/06/2000 - Released mention -sl in ipfstat.8 diff --new-file -cr ip_fil3.4.5/SunOS5/pkginfo ip_fil3.4.6/SunOS5/pkginfo *** ip_fil3.4.5/SunOS5/pkginfo Sat Jun 10 00:10:36 2000 --- ip_fil3.4.6/SunOS5/pkginfo Sun Jun 11 02:25:55 2000 *************** *** 5,11 **** PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.5 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed --- 5,11 ---- PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.6 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed diff --new-file -cr ip_fil3.4.5/ip_nat.c ip_fil3.4.6/ip_nat.c *** ip_fil3.4.5/ip_nat.c Mon Jun 5 23:09:54 2000 --- ip_fil3.4.6/ip_nat.c Sun Jun 11 01:52:22 2000 *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.12 2000/06/05 13:09:54 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.13 2000/06/10 15:52:22 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) *************** *** 473,482 **** n->in_next = NULL; *np = n; ! if (n->in_redir & NAT_REDIRECT) nat_addrdr(n); ! if (n->in_redir & (NAT_MAP|NAT_MAPBLK)) nat_addnat(n); n->in_use = 0; if (n->in_redir & NAT_MAPBLK) --- 473,486 ---- n->in_next = NULL; *np = n; ! if (n->in_redir & NAT_REDIRECT) { ! n->in_flags &= ~IPN_NOTDST; nat_addrdr(n); ! } ! if (n->in_redir & (NAT_MAP|NAT_MAPBLK)) { ! n->in_flags &= ~IPN_NOTSRC; nat_addnat(n); + } n->in_use = 0; if (n->in_redir & NAT_MAPBLK) *************** *** 1716,1735 **** if (fin->fin_out) { if (!(np->in_redir & (NAT_MAP|NAT_MAPBLK))) return 0; ! if (((fin->fin_fi.fi_saddr & np->in_inmsk) == np->in_inip) ! ^ (np->in_flags & IPN_NOTSRC)) return 0; ! if (((fin->fin_fi.fi_daddr & np->in_srcmsk) == np->in_srcip) ! ^ (np->in_flags & IPN_NOTDST)) return 0; } else { if (!(np->in_redir & NAT_REDIRECT)) return 0; ! if (((fin->fin_fi.fi_saddr & np->in_srcmsk) == np->in_srcip) ! ^ (np->in_flags & IPN_NOTSRC)) return 0; ! if (((fin->fin_fi.fi_daddr & np->in_inmsk) == np->in_inip) ! ^ (np->in_flags & IPN_NOTDST)) return 0; } --- 1720,1739 ---- if (fin->fin_out) { if (!(np->in_redir & (NAT_MAP|NAT_MAPBLK))) return 0; ! if (((fin->fin_fi.fi_saddr & np->in_inmsk) != np->in_inip) ! ^ ((np->in_flags & IPN_NOTSRC) != 0)) return 0; ! if (((fin->fin_fi.fi_daddr & np->in_srcmsk) != np->in_srcip) ! ^ ((np->in_flags & IPN_NOTDST) != 0)) return 0; } else { if (!(np->in_redir & NAT_REDIRECT)) return 0; ! if (((fin->fin_fi.fi_saddr & np->in_srcmsk) != np->in_srcip) ! ^ ((np->in_flags & IPN_NOTSRC) != 0)) return 0; ! if (((fin->fin_fi.fi_daddr & np->in_outmsk) != np->in_outip) ! ^ ((np->in_flags & IPN_NOTDST) != 0)) return 0; } *************** *** 2032,2038 **** } else if ((in.s_addr & np->in_outmsk) != np->in_outip) continue; if ((np->in_redir & NAT_REDIRECT) && ! (!np->in_pmin || ((ntohs(np->in_pmax) >= ntohs(dport)) && (ntohs(dport) >= ntohs(np->in_pmin))))) if ((nat = nat_new(np, ip, fin, nflags, --- 2036,2042 ---- } else if ((in.s_addr & np->in_outmsk) != np->in_outip) continue; if ((np->in_redir & NAT_REDIRECT) && ! (!np->in_pmin || (np->in_flags & IPN_FILTER) || ((ntohs(np->in_pmax) >= ntohs(dport)) && (ntohs(dport) >= ntohs(np->in_pmin))))) if ((nat = nat_new(np, ip, fin, nflags, diff --new-file -cr ip_fil3.4.5/ip_nat.h ip_fil3.4.6/ip_nat.h *** ip_fil3.4.5/ip_nat.h Mon May 29 03:27:08 2000 --- ip_fil3.4.6/ip_nat.h Sun Jun 11 01:52:25 2000 *************** *** 6,12 **** * to the original author and the contributors. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.17.2.2 2000/05/28 17:27:08 darrenr Exp $ */ #ifndef __IP_NAT_H__ --- 6,12 ---- * to the original author and the contributors. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.17.2.3 2000/06/10 15:52:25 darrenr Exp $ */ #ifndef __IP_NAT_H__ *************** *** 105,112 **** u_short in_pnext; u_short in_ppip; /* ports per IP */ u_short in_ippip; /* IP #'s per IP# */ - u_short in_flags; /* From here to in_dport must be reflected */ u_short in_port[2]; /* correctly in IPN_CMPSIZ */ struct in_addr in_in[2]; struct in_addr in_out[2]; struct in_addr in_src[2]; --- 105,113 ---- u_short in_pnext; u_short in_ppip; /* ports per IP */ u_short in_ippip; /* IP #'s per IP# */ u_short in_port[2]; /* correctly in IPN_CMPSIZ */ + u_short in_spare; + u_32_t in_flags; /* From here to in_dport must be reflected */ struct in_addr in_in[2]; struct in_addr in_out[2]; struct in_addr in_src[2]; diff --new-file -cr ip_fil3.4.5/ipl.h ip_fil3.4.6/ipl.h *** ip_fil3.4.5/ipl.h Sat Jun 10 00:10:33 2000 --- ip_fil3.4.6/ipl.h Sun Jun 11 02:25:54 2000 *************** *** 6,17 **** * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.6 2000/06/09 14:10:33 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.5" #endif --- 6,17 ---- * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.7 2000/06/10 16:25:54 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.6" #endif diff --new-file -cr ip_fil3.4.5/natparse.c ip_fil3.4.6/natparse.c *** ip_fil3.4.5/natparse.c Mon Jun 5 23:12:06 2000 --- ip_fil3.4.6/natparse.c Sun Jun 11 02:06:30 2000 *************** *** 54,60 **** #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.2 2000/06/05 13:12:06 darrenr Exp $"; #endif --- 54,60 ---- #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.4 2000/06/10 16:06:30 darrenr Exp $"; #endif *************** *** 119,126 **** printf(" !"); printf(" to "); if (np->in_redir == NAT_REDIRECT) ! printhostmask(4, (u_32_t *)&np->in_inip, ! (u_32_t *)&np->in_inmsk); else printhostmask(4, (u_32_t *)&np->in_srcip, (u_32_t *)&np->in_srcmsk); --- 119,126 ---- printf(" !"); printf(" to "); if (np->in_redir == NAT_REDIRECT) ! printhostmask(4, (u_32_t *)&np->in_outip, ! (u_32_t *)&np->in_outmsk); else printhostmask(4, (u_32_t *)&np->in_srcip, (u_32_t *)&np->in_srcmsk); *************** *** 136,147 **** printf("/%d ", bits); else printf("/%s ", inet_ntoa(np->in_out[1])); } ! if (np->in_pmin) ! printf("port %d ", ntohs(np->in_pmin)); ! if (np->in_pmax != np->in_pmin) ! printf("- %d ", ntohs(np->in_pmax)); ! printf("-> %s", inet_ntoa(np->in_in[0])); if (np->in_flags & IPN_SPLIT) printf(",%s", inet_ntoa(np->in_in[1])); if (np->in_pnext) --- 136,147 ---- printf("/%d ", bits); else printf("/%s ", inet_ntoa(np->in_out[1])); + if (np->in_pmin) + printf("port %d", ntohs(np->in_pmin)); + if (np->in_pmax != np->in_pmin) + printf("- %d", ntohs(np->in_pmax)); } ! printf(" -> %s", inet_ntoa(np->in_in[0])); if (np->in_flags & IPN_SPLIT) printf(",%s", inet_ntoa(np->in_in[1])); if (np->in_pnext) *************** *** 331,336 **** --- 331,341 ---- } ipn.in_flags |= IPN_NOTSRC; } + if ((ipn.in_flags & IPN_NOTSRC) && + (ipn.in_redir & (NAT_MAP|NAT_MAPBLK))) { + fprintf(stderr, "Cannot use '! from' with map\n"); + return NULL; + } ipn.in_flags |= IPN_FILTER; cpp++; *************** *** 363,380 **** linenum, *cpp); return NULL; } if (!*++cpp) { fprintf(stderr, "%d: missing host after to\n", linenum); return NULL; } if (ipn.in_redir == NAT_REDIRECT) { ! if (hostmask(&cpp, (u_32_t *)&ipn.in_inip, ! (u_32_t *)&ipn.in_inmsk, &ipn.in_dport, &ipn.in_dcmp, &ipn.in_dtop, linenum)) { return NULL; } } else { if (hostmask(&cpp, (u_32_t *)&ipn.in_srcip, (u_32_t *)&ipn.in_srcmsk, --- 368,391 ---- linenum, *cpp); return NULL; } + if ((ipn.in_flags & IPN_NOTDST) && + (ipn.in_redir & (NAT_REDIRECT))) { + fprintf(stderr, "Cannot use '! to' with rdr\n"); + return NULL; + } if (!*++cpp) { fprintf(stderr, "%d: missing host after to\n", linenum); return NULL; } if (ipn.in_redir == NAT_REDIRECT) { ! if (hostmask(&cpp, (u_32_t *)&ipn.in_outip, ! (u_32_t *)&ipn.in_outmsk, &ipn.in_dport, &ipn.in_dcmp, &ipn.in_dtop, linenum)) { return NULL; } + ipn.in_pmin = htons(ipn.in_dport); } else { if (hostmask(&cpp, (u_32_t *)&ipn.in_srcip, (u_32_t *)&ipn.in_srcmsk, *************** *** 700,707 **** return NULL; } cpp++; ! if (!*cpp) return NULL; if (!strcasecmp(*cpp, "tcp")) ipn.in_flags |= IPN_TCP; --- 711,721 ---- return NULL; } cpp++; ! if (!*cpp) { ! fprintf(stderr, "%d: missing expression following portmap\n", ! linenum); return NULL; + } if (!strcasecmp(*cpp, "tcp")) ipn.in_flags |= IPN_TCP; diff --new-file -cr ip_fil3.4.5/solaris.c ip_fil3.4.6/solaris.c *** ip_fil3.4.5/solaris.c Mon May 22 20:26:17 2000 --- ip_fil3.4.6/solaris.c Sun Jun 11 01:13:58 2000 *************** *** 6,12 **** * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.3 2000/05/22 10:26:17 darrenr Exp $" #include #include --- 6,12 ---- * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.4 2000/06/10 15:13:58 darrenr Exp $" #include #include *************** *** 1590,1597 **** #endif ! int ipfr_fastroute(qf, ip, mb, mpp, fin, fdp) ! qif_t *qf; ip_t *ip; mblk_t *mb, **mpp; fr_info_t *fin; --- 1590,1596 ---- #endif ! int ipfr_fastroute(ip, mb, mpp, fin, fdp) ip_t *ip; mblk_t *mb, **mpp; fr_info_t *fin; *************** *** 1608,1620 **** frentry_t *fr; frdest_t fd; ill_t *ifp; - qif_t *qif; u_char *s; int p; #ifndef sparc u_short __iplen, __ipoff; #endif /* * If this is a duplicate mblk then we want ip to point at that * data, not the original, if and only if it is already pointing at --- 1607,1621 ---- frentry_t *fr; frdest_t fd; ill_t *ifp; u_char *s; + qif_t *qf; int p; #ifndef sparc u_short __iplen, __ipoff; #endif + qf = fin->fin_qif; + /* * If this is a duplicate mblk then we want ip to point at that * data, not the original, if and only if it is already pointing at diff --new-file -cr ip_fil3.4.5/test/Makefile ip_fil3.4.6/test/Makefile *** ip_fil3.4.5/test/Makefile Thu Aug 5 03:31:27 1999 --- ip_fil3.4.6/test/Makefile Sun Jun 11 02:20:28 2000 *************** *** 20,26 **** # Rule parsing tests ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 ! ntests: n1 n2 n3 n4 0: @(cd ..; make ipftest; ) --- 20,26 ---- # Rule parsing tests ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 ! ntests: n1 n2 n3 n4 n5 n6 n7 0: @(cd ..; make ipftest; ) *************** *** 34,43 **** i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11: @/bin/sh ./itest $@ ! n1 n2 n3 n4: @/bin/sh ./nattest $@ clean: /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14 results/* /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 ! /bin/rm -f n1 n2 n3 n4 --- 34,43 ---- i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11: @/bin/sh ./itest $@ ! n1 n2 n3 n4 n5 n6 n7: @/bin/sh ./nattest $@ clean: /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14 results/* /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 ! /bin/rm -f n1 n2 n3 n4 n5 n6 n7 diff --new-file -cr ip_fil3.4.5/test/expected/n7 ip_fil3.4.6/test/expected/n7 *** ip_fil3.4.5/test/expected/n7 Thu Jan 1 10:00:00 1970 --- ip_fil3.4.6/test/expected/n7 Sun Jun 11 02:15:02 2000 *************** *** 0 **** --- 1,20 ---- + ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 + ip 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 + ip 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10050 + ip 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10079 + ip 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 + ip 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 + ip 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 + ip 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 + ip 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 + ------------------------------- + ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 + ip 40(20) 6 10.2.3.1,1231 > 10.1.1.1,23 + ip 40(20) 6 10.2.3.1,1232 > 10.1.1.1,50 + ip 40(20) 6 10.2.3.1,1233 > 10.1.1.1,79 + ip 40(20) 6 10.2.3.1,1234 > 10.2.2.1,3128 + ip 40(20) 6 10.2.3.1,1235 > 1.2.2.129,3128 + ip 40(20) 6 10.2.3.1,1236 > 10.2.2.1,3128 + ip 40(20) 6 10.2.3.1,1237 > 1.2.2.129,3128 + ip 40(20) 6 10.2.3.1,1238 > 10.2.2.1,3128 + ------------------------------- diff --new-file -cr ip_fil3.4.5/test/input/n5 ip_fil3.4.6/test/input/n5 *** ip_fil3.4.5/test/input/n5 Thu Jan 1 10:00:00 1970 --- ip_fil3.4.6/test/input/n5 Sun Jun 11 01:49:25 2000 *************** *** 0 **** --- 1,54 ---- + out on zx0 255 10.1.1.0 10.1.1.2 + out on zx0 255 10.1.1.1 10.1.1.2 + out on zx0 255 10.1.1.2 10.1.1.1 + out on zx0 tcp 10.1.1.2,1025 10.1.1.1,1025 + out on zx0 tcp 10.1.1.2,1026 10.1.1.1,1025 + out on zx0 255 10.2.2.1 10.1.2.1 + out on zx0 255 10.2.2.2 10.1.2.1 + in on zx0 255 10.1.1.1 10.1.1.2 + in on zx0 255 10.1.1.2 10.1.1.1 + in on zx0 255 10.2.2.1 10.2.1.1 + in on zx0 255 10.2.2.2 10.2.1.1 + in on zx0 255 10.2.2.3 10.1.1.1 + in on zx0 255 10.2.3.4 10.2.2.2 + in on zx0 255 10.1.1.1 10.2.2.2 + in on zx0 255 10.1.1.2 10.2.2.2 + in on zx0 255 10.1.1.0 10.3.4.5 + in on zx0 255 10.1.1.1 10.3.4.5 + in on zx0 255 10.1.1.2 10.3.4.5 + in on zx0 tcp 10.1.1.1,1025 10.3.4.5,1025 + out on zx0 icmp 10.1.1.1 10.4.3.2 + in on zx0 icmp 10.4.3.2 10.2.2.2 + in on zx0 icmp 10.4.3.2 10.3.4.3 + in on zx0 icmp 10.4.3.2 10.3.4.5 + out on zx0 34 10.1.1.2 10.4.3.2 + in on zx0 34 10.4.3.2 10.3.4.4 + out on zx0 34 10.1.1.2 10.4.3.4 + in on zx0 34 10.4.3.4 10.3.4.5 + out on zx0 34 10.1.1.3 10.4.3.4 + in on zx0 34 10.4.3.4 10.3.4.6 + out on zx0 35 10.1.1.3 10.4.3.4 + in on zx0 35 10.4.3.4 10.3.4.7 + out on zx0 tcp 10.1.1.1,1025 10.1.1.1,1025 + out on zx0 tcp 10.1.1.1,1025 10.1.1.2,1025 + out on zx0 10.1.1.0 10.1.1.2 + out on zx0 10.1.1.1 10.1.2.1 + out on zx0 tcp 10.1.1.2,1025 10.1.1.1,1025 + out on zx0 tcp 10.1.1.2,1025 10.1.1.1,1025 + out on zx0 tcp 10.1.1.2,1026 10.1.1.1,1025 + out on zx0 udp 10.1.1.2,1025 10.1.1.1,1025 + out on zx0 tcp 10.1.1.3,2000 10.1.2.1,80 + out on zx0 tcp 10.1.1.3,2001 10.1.3.1,80 + out on zx0 tcp 10.1.1.3,2002 10.1.4.1,80 + out on zx0 tcp 10.1.1.3,2003 10.1.4.1,80 + in on zx0 10.1.1.1 10.1.1.2 + in on zx0 tcp 10.1.1.1,1025 10.1.1.2,1025 + in on zx0 10.1.1.2 10.1.1.1 + out on zx0 tcp 10.1.1.1,1026 10.3.4.5,40000 + in on zx0 tcp 10.1.1.1,1026 10.3.4.5,40000 + out on zx0 tcp 10.1.1.1,1025 10.3.4.5,40000 + in on zx0 tcp 10.1.1.1,1025 10.3.4.5,40000 + out on zx0 udp 10.1.1.2,1025 10.3.4.5,40001 + in on zx0 udp 10.1.1.2,1025 10.3.4.5,40001 + out on zx0 tcp 10.1.2.1,80 10.3.4.5,40001 + in on zx0 tcp 10.1.2.1,80 10.3.4.5,40001 diff --new-file -cr ip_fil3.4.5/test/input/n6 ip_fil3.4.6/test/input/n6 *** ip_fil3.4.5/test/input/n6 Thu Jan 1 10:00:00 1970 --- ip_fil3.4.6/test/input/n6 Sun Jun 11 01:49:25 2000 *************** *** 0 **** --- 1,13 ---- + in on zx0 tcp 10.2.2.2,12345 10.1.1.1,23 + in on zx0 tcp 10.2.2.2,12345 10.1.1.2,23 + in on zx0 tcp 10.3.0.1,12345 10.1.2.2,23 + in on zx0 tcp 10.3.0.1,12345 10.2.2.2,23 + in on zx0 tcp 10.3.3.3,12345 10.1.1.1,23 + in on zx0 tcp 10.2.2.2,12345 10.1.1.1,53 + in on zx0 tcp 10.3.3.3,12345 10.1.1.1,53 + in on zx0 tcp 10.2.2.2,12345 10.1.0.0,23 + in on zx0 tcp 10.3.3.3,12345 10.1.0.0,23 + in on zx0 udp 10.2.2.2,12345 10.1.1.0,53 + in on zx0 udp 10.3.3.3,12345 10.1.1.0,53 + in on zx0 tcp 10.2.2.2,12345 10.1.1.0,53 + in on zx0 tcp 10.3.3.3,12345 10.1.1.0,53 diff --new-file -cr ip_fil3.4.5/test/input/n7 ip_fil3.4.6/test/input/n7 *** ip_fil3.4.5/test/input/n7 Thu Jan 1 10:00:00 1970 --- ip_fil3.4.6/test/input/n7 Sun Jun 11 02:15:02 2000 *************** *** 0 **** --- 1,9 ---- + in on zx0 tcp 10.2.3.1,1230 10.1.1.1,22 + in on zx0 tcp 10.2.3.1,1231 10.1.1.1,23 + in on zx0 tcp 10.2.3.1,1232 10.1.1.1,50 + in on zx0 tcp 10.2.3.1,1233 10.1.1.1,79 + in on zx0 tcp 10.2.3.1,1234 10.1.1.1,80 + in on zx0 tcp 10.2.3.1,1235 10.1.1.2,80 + in on zx0 tcp 10.2.3.1,1236 10.1.1.3,80 + in on zx0 tcp 10.2.3.1,1237 10.1.1.4,80 + in on zx0 tcp 10.2.3.1,1238 10.1.1.4,80 diff --new-file -cr ip_fil3.4.5/test/regress/n5 ip_fil3.4.6/test/regress/n5 *** ip_fil3.4.5/test/regress/n5 Thu Jan 1 10:00:00 1970 --- ip_fil3.4.6/test/regress/n5 Sun Jun 11 01:49:26 2000 *************** *** 0 **** --- 1,6 ---- + map zx0 10.1.1.1/32 -> 10.2.2.2/32 + map zx0 from 10.1.1.0/24 to 10.1.0.0/16 -> 10.3.4.5/32 + map zx0 from 10.1.1.0/24 ! to 10.1.0.0/16 -> 10.3.4.0/24 + map zx0 10.1.1.0/24 -> 10.3.4.5/32 portmap udp 10000:20000 + map zx0 10.1.0.0/16 -> 10.3.4.0/24 portmap tcp/udp 10000:20000 + map zx0 10.1.1.0/24 -> 10.3.4.5/32 portmap tcp/udp 40000:40001 diff --new-file -cr ip_fil3.4.5/test/regress/n6 ip_fil3.4.6/test/regress/n6 *** ip_fil3.4.5/test/regress/n6 Thu Jan 1 10:00:00 1970 --- ip_fil3.4.6/test/regress/n6 Sun Jun 11 01:49:26 2000 *************** *** 0 **** --- 1,5 ---- + rdr zx0 10.1.1.1/32 port 23 -> 10.2.2.1 port 10023 tcp + rdr zx0 from any to 10.1.1.0/24 port = 23 -> 10.2.2.1 port 10023 tcp + rdr zx0 from 10.2.0.0/16 to 10.1.1.0/24 port = 23 -> 10.2.2.1 port 10023 tcp + rdr zx0 from 10.3.0.0/16 to 10.1.0.0/16 port = 23 -> 10.2.2.1 port 10023 tcp + rdr zx0 ! from 10.2.0.0/16 to 10.1.1.0/24 port = 53 -> 10.2.2.1 port 10053 udp diff --new-file -cr ip_fil3.4.5/test/regress/n7 ip_fil3.4.6/test/regress/n7 *** ip_fil3.4.5/test/regress/n7 Thu Jan 1 10:00:00 1970 --- ip_fil3.4.6/test/regress/n7 Sun Jun 11 02:15:03 2000 *************** *** 0 **** --- 1,2 ---- + rdr zx0 10.1.1.1/32 port 23-79 -> 10.2.2.1 port 10023 tcp + rdr zx0 10.1.1.0/24 port 80 -> 10.2.2.1,1.2.2.129 port 3128 tcp