diff --new-file -cr ip_fil3.4.5/HISTORY ip_fil3.4.6/HISTORY
*** ip_fil3.4.5/HISTORY Sat Jun 10 00:10:34 2000
--- ip_fil3.4.6/HISTORY Sun Jun 11 02:25:52 2000
***************
*** 20,25 ****
--- 20,33 ----
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+ 3.4.6 11/06/2000 - Released
+
+ add extra regression tests for new nat functionality
+
+ place restrictions on using '!' in map/rdr rules
+
+ fix up solaris compile problems
+
3.4.5 10/06/2000 - Released
mention -sl in ipfstat.8
diff --new-file -cr ip_fil3.4.5/SunOS5/pkginfo ip_fil3.4.6/SunOS5/pkginfo
*** ip_fil3.4.5/SunOS5/pkginfo Sat Jun 10 00:10:36 2000
--- ip_fil3.4.6/SunOS5/pkginfo Sun Jun 11 02:25:55 2000
***************
*** 5,11 ****
PKG=ipf
NAME=IP Filter
ARCH=ARCH_updated_by_sed_when_package_is_built
! VERSION=3.4.5
CATEGORY=system
DESC=This package contains tools for building a firewall
VENDOR=Darren Reed
--- 5,11 ----
PKG=ipf
NAME=IP Filter
ARCH=ARCH_updated_by_sed_when_package_is_built
! VERSION=3.4.6
CATEGORY=system
DESC=This package contains tools for building a firewall
VENDOR=Darren Reed
diff --new-file -cr ip_fil3.4.5/ip_nat.c ip_fil3.4.6/ip_nat.c
*** ip_fil3.4.5/ip_nat.c Mon Jun 5 23:09:54 2000
--- ip_fil3.4.6/ip_nat.c Sun Jun 11 01:52:22 2000
***************
*** 9,15 ****
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.12 2000/06/05 13:09:54 darrenr Exp $";
#endif
#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
--- 9,15 ----
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.13 2000/06/10 15:52:22 darrenr Exp $";
#endif
#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
***************
*** 473,482 ****
n->in_next = NULL;
*np = n;
! if (n->in_redir & NAT_REDIRECT)
nat_addrdr(n);
! if (n->in_redir & (NAT_MAP|NAT_MAPBLK))
nat_addnat(n);
n->in_use = 0;
if (n->in_redir & NAT_MAPBLK)
--- 473,486 ----
n->in_next = NULL;
*np = n;
! if (n->in_redir & NAT_REDIRECT) {
! n->in_flags &= ~IPN_NOTDST;
nat_addrdr(n);
! }
! if (n->in_redir & (NAT_MAP|NAT_MAPBLK)) {
! n->in_flags &= ~IPN_NOTSRC;
nat_addnat(n);
+ }
n->in_use = 0;
if (n->in_redir & NAT_MAPBLK)
***************
*** 1716,1735 ****
if (fin->fin_out) {
if (!(np->in_redir & (NAT_MAP|NAT_MAPBLK)))
return 0;
! if (((fin->fin_fi.fi_saddr & np->in_inmsk) == np->in_inip)
! ^ (np->in_flags & IPN_NOTSRC))
return 0;
! if (((fin->fin_fi.fi_daddr & np->in_srcmsk) == np->in_srcip)
! ^ (np->in_flags & IPN_NOTDST))
return 0;
} else {
if (!(np->in_redir & NAT_REDIRECT))
return 0;
! if (((fin->fin_fi.fi_saddr & np->in_srcmsk) == np->in_srcip)
! ^ (np->in_flags & IPN_NOTSRC))
return 0;
! if (((fin->fin_fi.fi_daddr & np->in_inmsk) == np->in_inip)
! ^ (np->in_flags & IPN_NOTDST))
return 0;
}
--- 1720,1739 ----
if (fin->fin_out) {
if (!(np->in_redir & (NAT_MAP|NAT_MAPBLK)))
return 0;
! if (((fin->fin_fi.fi_saddr & np->in_inmsk) != np->in_inip)
! ^ ((np->in_flags & IPN_NOTSRC) != 0))
return 0;
! if (((fin->fin_fi.fi_daddr & np->in_srcmsk) != np->in_srcip)
! ^ ((np->in_flags & IPN_NOTDST) != 0))
return 0;
} else {
if (!(np->in_redir & NAT_REDIRECT))
return 0;
! if (((fin->fin_fi.fi_saddr & np->in_srcmsk) != np->in_srcip)
! ^ ((np->in_flags & IPN_NOTSRC) != 0))
return 0;
! if (((fin->fin_fi.fi_daddr & np->in_outmsk) != np->in_outip)
! ^ ((np->in_flags & IPN_NOTDST) != 0))
return 0;
}
***************
*** 2032,2038 ****
} else if ((in.s_addr & np->in_outmsk) != np->in_outip)
continue;
if ((np->in_redir & NAT_REDIRECT) &&
! (!np->in_pmin ||
((ntohs(np->in_pmax) >= ntohs(dport)) &&
(ntohs(dport) >= ntohs(np->in_pmin)))))
if ((nat = nat_new(np, ip, fin, nflags,
--- 2036,2042 ----
} else if ((in.s_addr & np->in_outmsk) != np->in_outip)
continue;
if ((np->in_redir & NAT_REDIRECT) &&
! (!np->in_pmin || (np->in_flags & IPN_FILTER) ||
((ntohs(np->in_pmax) >= ntohs(dport)) &&
(ntohs(dport) >= ntohs(np->in_pmin)))))
if ((nat = nat_new(np, ip, fin, nflags,
diff --new-file -cr ip_fil3.4.5/ip_nat.h ip_fil3.4.6/ip_nat.h
*** ip_fil3.4.5/ip_nat.h Mon May 29 03:27:08 2000
--- ip_fil3.4.6/ip_nat.h Sun Jun 11 01:52:25 2000
***************
*** 6,12 ****
* to the original author and the contributors.
*
* @(#)ip_nat.h 1.5 2/4/96
! * $Id: ip_nat.h,v 2.17.2.2 2000/05/28 17:27:08 darrenr Exp $
*/
#ifndef __IP_NAT_H__
--- 6,12 ----
* to the original author and the contributors.
*
* @(#)ip_nat.h 1.5 2/4/96
! * $Id: ip_nat.h,v 2.17.2.3 2000/06/10 15:52:25 darrenr Exp $
*/
#ifndef __IP_NAT_H__
***************
*** 105,112 ****
u_short in_pnext;
u_short in_ppip; /* ports per IP */
u_short in_ippip; /* IP #'s per IP# */
- u_short in_flags; /* From here to in_dport must be reflected */
u_short in_port[2]; /* correctly in IPN_CMPSIZ */
struct in_addr in_in[2];
struct in_addr in_out[2];
struct in_addr in_src[2];
--- 105,113 ----
u_short in_pnext;
u_short in_ppip; /* ports per IP */
u_short in_ippip; /* IP #'s per IP# */
u_short in_port[2]; /* correctly in IPN_CMPSIZ */
+ u_short in_spare;
+ u_32_t in_flags; /* From here to in_dport must be reflected */
struct in_addr in_in[2];
struct in_addr in_out[2];
struct in_addr in_src[2];
diff --new-file -cr ip_fil3.4.5/ipl.h ip_fil3.4.6/ipl.h
*** ip_fil3.4.5/ipl.h Sat Jun 10 00:10:33 2000
--- ip_fil3.4.6/ipl.h Sun Jun 11 02:25:54 2000
***************
*** 6,17 ****
* to the original author and the contributors.
*
* @(#)ipl.h 1.21 6/5/96
! * $Id: ipl.h,v 2.15.2.6 2000/06/09 14:10:33 darrenr Exp $
*/
#ifndef __IPL_H__
#define __IPL_H__
! #define IPL_VERSION "IP Filter: v3.4.5"
#endif
--- 6,17 ----
* to the original author and the contributors.
*
* @(#)ipl.h 1.21 6/5/96
! * $Id: ipl.h,v 2.15.2.7 2000/06/10 16:25:54 darrenr Exp $
*/
#ifndef __IPL_H__
#define __IPL_H__
! #define IPL_VERSION "IP Filter: v3.4.6"
#endif
diff --new-file -cr ip_fil3.4.5/natparse.c ip_fil3.4.6/natparse.c
*** ip_fil3.4.5/natparse.c Mon Jun 5 23:12:06 2000
--- ip_fil3.4.6/natparse.c Sun Jun 11 02:06:30 2000
***************
*** 54,60 ****
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.2 2000/06/05 13:12:06 darrenr Exp $";
#endif
--- 54,60 ----
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.4 2000/06/10 16:06:30 darrenr Exp $";
#endif
***************
*** 119,126 ****
printf(" !");
printf(" to ");
if (np->in_redir == NAT_REDIRECT)
! printhostmask(4, (u_32_t *)&np->in_inip,
! (u_32_t *)&np->in_inmsk);
else
printhostmask(4, (u_32_t *)&np->in_srcip,
(u_32_t *)&np->in_srcmsk);
--- 119,126 ----
printf(" !");
printf(" to ");
if (np->in_redir == NAT_REDIRECT)
! printhostmask(4, (u_32_t *)&np->in_outip,
! (u_32_t *)&np->in_outmsk);
else
printhostmask(4, (u_32_t *)&np->in_srcip,
(u_32_t *)&np->in_srcmsk);
***************
*** 136,147 ****
printf("/%d ", bits);
else
printf("/%s ", inet_ntoa(np->in_out[1]));
}
! if (np->in_pmin)
! printf("port %d ", ntohs(np->in_pmin));
! if (np->in_pmax != np->in_pmin)
! printf("- %d ", ntohs(np->in_pmax));
! printf("-> %s", inet_ntoa(np->in_in[0]));
if (np->in_flags & IPN_SPLIT)
printf(",%s", inet_ntoa(np->in_in[1]));
if (np->in_pnext)
--- 136,147 ----
printf("/%d ", bits);
else
printf("/%s ", inet_ntoa(np->in_out[1]));
+ if (np->in_pmin)
+ printf("port %d", ntohs(np->in_pmin));
+ if (np->in_pmax != np->in_pmin)
+ printf("- %d", ntohs(np->in_pmax));
}
! printf(" -> %s", inet_ntoa(np->in_in[0]));
if (np->in_flags & IPN_SPLIT)
printf(",%s", inet_ntoa(np->in_in[1]));
if (np->in_pnext)
***************
*** 331,336 ****
--- 331,341 ----
}
ipn.in_flags |= IPN_NOTSRC;
}
+ if ((ipn.in_flags & IPN_NOTSRC) &&
+ (ipn.in_redir & (NAT_MAP|NAT_MAPBLK))) {
+ fprintf(stderr, "Cannot use '! from' with map\n");
+ return NULL;
+ }
ipn.in_flags |= IPN_FILTER;
cpp++;
***************
*** 363,380 ****
linenum, *cpp);
return NULL;
}
if (!*++cpp) {
fprintf(stderr, "%d: missing host after to\n", linenum);
return NULL;
}
if (ipn.in_redir == NAT_REDIRECT) {
! if (hostmask(&cpp, (u_32_t *)&ipn.in_inip,
! (u_32_t *)&ipn.in_inmsk,
&ipn.in_dport, &ipn.in_dcmp,
&ipn.in_dtop, linenum)) {
return NULL;
}
} else {
if (hostmask(&cpp, (u_32_t *)&ipn.in_srcip,
(u_32_t *)&ipn.in_srcmsk,
--- 368,391 ----
linenum, *cpp);
return NULL;
}
+ if ((ipn.in_flags & IPN_NOTDST) &&
+ (ipn.in_redir & (NAT_REDIRECT))) {
+ fprintf(stderr, "Cannot use '! to' with rdr\n");
+ return NULL;
+ }
if (!*++cpp) {
fprintf(stderr, "%d: missing host after to\n", linenum);
return NULL;
}
if (ipn.in_redir == NAT_REDIRECT) {
! if (hostmask(&cpp, (u_32_t *)&ipn.in_outip,
! (u_32_t *)&ipn.in_outmsk,
&ipn.in_dport, &ipn.in_dcmp,
&ipn.in_dtop, linenum)) {
return NULL;
}
+ ipn.in_pmin = htons(ipn.in_dport);
} else {
if (hostmask(&cpp, (u_32_t *)&ipn.in_srcip,
(u_32_t *)&ipn.in_srcmsk,
***************
*** 700,707 ****
return NULL;
}
cpp++;
! if (!*cpp)
return NULL;
if (!strcasecmp(*cpp, "tcp"))
ipn.in_flags |= IPN_TCP;
--- 711,721 ----
return NULL;
}
cpp++;
! if (!*cpp) {
! fprintf(stderr, "%d: missing expression following portmap\n",
! linenum);
return NULL;
+ }
if (!strcasecmp(*cpp, "tcp"))
ipn.in_flags |= IPN_TCP;
diff --new-file -cr ip_fil3.4.5/solaris.c ip_fil3.4.6/solaris.c
*** ip_fil3.4.5/solaris.c Mon May 22 20:26:17 2000
--- ip_fil3.4.6/solaris.c Sun Jun 11 01:13:58 2000
***************
*** 6,12 ****
* to the original author and the contributors.
*/
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.3 2000/05/22 10:26:17 darrenr Exp $"
#include <sys/systm.h>
#include <sys/types.h>
--- 6,12 ----
* to the original author and the contributors.
*/
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.4 2000/06/10 15:13:58 darrenr Exp $"
#include <sys/systm.h>
#include <sys/types.h>
***************
*** 1590,1597 ****
#endif
! int ipfr_fastroute(qf, ip, mb, mpp, fin, fdp)
! qif_t *qf;
ip_t *ip;
mblk_t *mb, **mpp;
fr_info_t *fin;
--- 1590,1596 ----
#endif
! int ipfr_fastroute(ip, mb, mpp, fin, fdp)
ip_t *ip;
mblk_t *mb, **mpp;
fr_info_t *fin;
***************
*** 1608,1620 ****
frentry_t *fr;
frdest_t fd;
ill_t *ifp;
- qif_t *qif;
u_char *s;
int p;
#ifndef sparc
u_short __iplen, __ipoff;
#endif
/*
* If this is a duplicate mblk then we want ip to point at that
* data, not the original, if and only if it is already pointing at
--- 1607,1621 ----
frentry_t *fr;
frdest_t fd;
ill_t *ifp;
u_char *s;
+ qif_t *qf;
int p;
#ifndef sparc
u_short __iplen, __ipoff;
#endif
+ qf = fin->fin_qif;
+
/*
* If this is a duplicate mblk then we want ip to point at that
* data, not the original, if and only if it is already pointing at
diff --new-file -cr ip_fil3.4.5/test/Makefile ip_fil3.4.6/test/Makefile
*** ip_fil3.4.5/test/Makefile Thu Aug 5 03:31:27 1999
--- ip_fil3.4.6/test/Makefile Sun Jun 11 02:20:28 2000
***************
*** 20,26 ****
# Rule parsing tests
ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
! ntests: n1 n2 n3 n4
0:
@(cd ..; make ipftest; )
--- 20,26 ----
# Rule parsing tests
ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
! ntests: n1 n2 n3 n4 n5 n6 n7
0:
@(cd ..; make ipftest; )
***************
*** 34,43 ****
i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11:
@/bin/sh ./itest $@
! n1 n2 n3 n4:
@/bin/sh ./nattest $@
clean:
/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14 results/*
/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
! /bin/rm -f n1 n2 n3 n4
--- 34,43 ----
i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11:
@/bin/sh ./itest $@
! n1 n2 n3 n4 n5 n6 n7:
@/bin/sh ./nattest $@
clean:
/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14 results/*
/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
! /bin/rm -f n1 n2 n3 n4 n5 n6 n7
diff --new-file -cr ip_fil3.4.5/test/expected/n7 ip_fil3.4.6/test/expected/n7
*** ip_fil3.4.5/test/expected/n7 Thu Jan 1 10:00:00 1970
--- ip_fil3.4.6/test/expected/n7 Sun Jun 11 02:15:02 2000
***************
*** 0 ****
--- 1,20 ----
+ ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22
+ ip 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023
+ ip 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10050
+ ip 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10079
+ ip 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80
+ ip 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80
+ ip 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80
+ ip 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80
+ ip 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80
+ -------------------------------
+ ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22
+ ip 40(20) 6 10.2.3.1,1231 > 10.1.1.1,23
+ ip 40(20) 6 10.2.3.1,1232 > 10.1.1.1,50
+ ip 40(20) 6 10.2.3.1,1233 > 10.1.1.1,79
+ ip 40(20) 6 10.2.3.1,1234 > 10.2.2.1,3128
+ ip 40(20) 6 10.2.3.1,1235 > 1.2.2.129,3128
+ ip 40(20) 6 10.2.3.1,1236 > 10.2.2.1,3128
+ ip 40(20) 6 10.2.3.1,1237 > 1.2.2.129,3128
+ ip 40(20) 6 10.2.3.1,1238 > 10.2.2.1,3128
+ -------------------------------
diff --new-file -cr ip_fil3.4.5/test/input/n5 ip_fil3.4.6/test/input/n5
*** ip_fil3.4.5/test/input/n5 Thu Jan 1 10:00:00 1970
--- ip_fil3.4.6/test/input/n5 Sun Jun 11 01:49:25 2000
***************
*** 0 ****
--- 1,54 ----
+ out on zx0 255 10.1.1.0 10.1.1.2
+ out on zx0 255 10.1.1.1 10.1.1.2
+ out on zx0 255 10.1.1.2 10.1.1.1
+ out on zx0 tcp 10.1.1.2,1025 10.1.1.1,1025
+ out on zx0 tcp 10.1.1.2,1026 10.1.1.1,1025
+ out on zx0 255 10.2.2.1 10.1.2.1
+ out on zx0 255 10.2.2.2 10.1.2.1
+ in on zx0 255 10.1.1.1 10.1.1.2
+ in on zx0 255 10.1.1.2 10.1.1.1
+ in on zx0 255 10.2.2.1 10.2.1.1
+ in on zx0 255 10.2.2.2 10.2.1.1
+ in on zx0 255 10.2.2.3 10.1.1.1
+ in on zx0 255 10.2.3.4 10.2.2.2
+ in on zx0 255 10.1.1.1 10.2.2.2
+ in on zx0 255 10.1.1.2 10.2.2.2
+ in on zx0 255 10.1.1.0 10.3.4.5
+ in on zx0 255 10.1.1.1 10.3.4.5
+ in on zx0 255 10.1.1.2 10.3.4.5
+ in on zx0 tcp 10.1.1.1,1025 10.3.4.5,1025
+ out on zx0 icmp 10.1.1.1 10.4.3.2
+ in on zx0 icmp 10.4.3.2 10.2.2.2
+ in on zx0 icmp 10.4.3.2 10.3.4.3
+ in on zx0 icmp 10.4.3.2 10.3.4.5
+ out on zx0 34 10.1.1.2 10.4.3.2
+ in on zx0 34 10.4.3.2 10.3.4.4
+ out on zx0 34 10.1.1.2 10.4.3.4
+ in on zx0 34 10.4.3.4 10.3.4.5
+ out on zx0 34 10.1.1.3 10.4.3.4
+ in on zx0 34 10.4.3.4 10.3.4.6
+ out on zx0 35 10.1.1.3 10.4.3.4
+ in on zx0 35 10.4.3.4 10.3.4.7
+ out on zx0 tcp 10.1.1.1,1025 10.1.1.1,1025
+ out on zx0 tcp 10.1.1.1,1025 10.1.1.2,1025
+ out on zx0 10.1.1.0 10.1.1.2
+ out on zx0 10.1.1.1 10.1.2.1
+ out on zx0 tcp 10.1.1.2,1025 10.1.1.1,1025
+ out on zx0 tcp 10.1.1.2,1025 10.1.1.1,1025
+ out on zx0 tcp 10.1.1.2,1026 10.1.1.1,1025
+ out on zx0 udp 10.1.1.2,1025 10.1.1.1,1025
+ out on zx0 tcp 10.1.1.3,2000 10.1.2.1,80
+ out on zx0 tcp 10.1.1.3,2001 10.1.3.1,80
+ out on zx0 tcp 10.1.1.3,2002 10.1.4.1,80
+ out on zx0 tcp 10.1.1.3,2003 10.1.4.1,80
+ in on zx0 10.1.1.1 10.1.1.2
+ in on zx0 tcp 10.1.1.1,1025 10.1.1.2,1025
+ in on zx0 10.1.1.2 10.1.1.1
+ out on zx0 tcp 10.1.1.1,1026 10.3.4.5,40000
+ in on zx0 tcp 10.1.1.1,1026 10.3.4.5,40000
+ out on zx0 tcp 10.1.1.1,1025 10.3.4.5,40000
+ in on zx0 tcp 10.1.1.1,1025 10.3.4.5,40000
+ out on zx0 udp 10.1.1.2,1025 10.3.4.5,40001
+ in on zx0 udp 10.1.1.2,1025 10.3.4.5,40001
+ out on zx0 tcp 10.1.2.1,80 10.3.4.5,40001
+ in on zx0 tcp 10.1.2.1,80 10.3.4.5,40001
diff --new-file -cr ip_fil3.4.5/test/input/n6 ip_fil3.4.6/test/input/n6
*** ip_fil3.4.5/test/input/n6 Thu Jan 1 10:00:00 1970
--- ip_fil3.4.6/test/input/n6 Sun Jun 11 01:49:25 2000
***************
*** 0 ****
--- 1,13 ----
+ in on zx0 tcp 10.2.2.2,12345 10.1.1.1,23
+ in on zx0 tcp 10.2.2.2,12345 10.1.1.2,23
+ in on zx0 tcp 10.3.0.1,12345 10.1.2.2,23
+ in on zx0 tcp 10.3.0.1,12345 10.2.2.2,23
+ in on zx0 tcp 10.3.3.3,12345 10.1.1.1,23
+ in on zx0 tcp 10.2.2.2,12345 10.1.1.1,53
+ in on zx0 tcp 10.3.3.3,12345 10.1.1.1,53
+ in on zx0 tcp 10.2.2.2,12345 10.1.0.0,23
+ in on zx0 tcp 10.3.3.3,12345 10.1.0.0,23
+ in on zx0 udp 10.2.2.2,12345 10.1.1.0,53
+ in on zx0 udp 10.3.3.3,12345 10.1.1.0,53
+ in on zx0 tcp 10.2.2.2,12345 10.1.1.0,53
+ in on zx0 tcp 10.3.3.3,12345 10.1.1.0,53
diff --new-file -cr ip_fil3.4.5/test/input/n7 ip_fil3.4.6/test/input/n7
*** ip_fil3.4.5/test/input/n7 Thu Jan 1 10:00:00 1970
--- ip_fil3.4.6/test/input/n7 Sun Jun 11 02:15:02 2000
***************
*** 0 ****
--- 1,9 ----
+ in on zx0 tcp 10.2.3.1,1230 10.1.1.1,22
+ in on zx0 tcp 10.2.3.1,1231 10.1.1.1,23
+ in on zx0 tcp 10.2.3.1,1232 10.1.1.1,50
+ in on zx0 tcp 10.2.3.1,1233 10.1.1.1,79
+ in on zx0 tcp 10.2.3.1,1234 10.1.1.1,80
+ in on zx0 tcp 10.2.3.1,1235 10.1.1.2,80
+ in on zx0 tcp 10.2.3.1,1236 10.1.1.3,80
+ in on zx0 tcp 10.2.3.1,1237 10.1.1.4,80
+ in on zx0 tcp 10.2.3.1,1238 10.1.1.4,80
diff --new-file -cr ip_fil3.4.5/test/regress/n5 ip_fil3.4.6/test/regress/n5
*** ip_fil3.4.5/test/regress/n5 Thu Jan 1 10:00:00 1970
--- ip_fil3.4.6/test/regress/n5 Sun Jun 11 01:49:26 2000
***************
*** 0 ****
--- 1,6 ----
+ map zx0 10.1.1.1/32 -> 10.2.2.2/32
+ map zx0 from 10.1.1.0/24 to 10.1.0.0/16 -> 10.3.4.5/32
+ map zx0 from 10.1.1.0/24 ! to 10.1.0.0/16 -> 10.3.4.0/24
+ map zx0 10.1.1.0/24 -> 10.3.4.5/32 portmap udp 10000:20000
+ map zx0 10.1.0.0/16 -> 10.3.4.0/24 portmap tcp/udp 10000:20000
+ map zx0 10.1.1.0/24 -> 10.3.4.5/32 portmap tcp/udp 40000:40001
diff --new-file -cr ip_fil3.4.5/test/regress/n6 ip_fil3.4.6/test/regress/n6
*** ip_fil3.4.5/test/regress/n6 Thu Jan 1 10:00:00 1970
--- ip_fil3.4.6/test/regress/n6 Sun Jun 11 01:49:26 2000
***************
*** 0 ****
--- 1,5 ----
+ rdr zx0 10.1.1.1/32 port 23 -> 10.2.2.1 port 10023 tcp
+ rdr zx0 from any to 10.1.1.0/24 port = 23 -> 10.2.2.1 port 10023 tcp
+ rdr zx0 from 10.2.0.0/16 to 10.1.1.0/24 port = 23 -> 10.2.2.1 port 10023 tcp
+ rdr zx0 from 10.3.0.0/16 to 10.1.0.0/16 port = 23 -> 10.2.2.1 port 10023 tcp
+ rdr zx0 ! from 10.2.0.0/16 to 10.1.1.0/24 port = 53 -> 10.2.2.1 port 10053 udp
diff --new-file -cr ip_fil3.4.5/test/regress/n7 ip_fil3.4.6/test/regress/n7
*** ip_fil3.4.5/test/regress/n7 Thu Jan 1 10:00:00 1970
--- ip_fil3.4.6/test/regress/n7 Sun Jun 11 02:15:03 2000
***************
*** 0 ****
--- 1,2 ----
+ rdr zx0 10.1.1.1/32 port 23-79 -> 10.2.2.1 port 10023 tcp
+ rdr zx0 10.1.1.0/24 port 80 -> 10.2.2.1,1.2.2.129 port 3128 tcp