1 /*
2 
3                           Firewall Builder
4 
5                  Copyright (C) 2010 NetCitadel, LLC
6 
7   Author:  Vadim Kurland     vadim@vk.crocodile.org
8 
9   $Id$
10 
11   This program is free software which we release under the GNU General Public
12   License. You may redistribute and/or modify this program under the terms
13   of that license as published by the Free Software Foundation; either
14   version 2 of the License, or (at your option) any later version.
15 
16   This program is distributed in the hope that it will be useful,
17   but WITHOUT ANY WARRANTY; without even the implied warranty of
18   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19   GNU General Public License for more details.
20 
21   To get a copy of the GNU General Public License, write to the Free Software
22   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23 
24 */
25 
26 #include "PolicyCompiler_procurve_acl.h"
27 
28 #include "fwbuilder/Firewall.h"
29 #include "fwbuilder/Resources.h"
30 #include "fwbuilder/RuleSet.h"
31 
32 #include <iostream>
33 
34 #include <assert.h>
35 
36 #include <QStringList>
37 #include <QString>
38 
39 
40 using namespace libfwbuilder;
41 using namespace fwcompiler;
42 using namespace std;
43 
44 
printAccessGroupCmd(ciscoACL * acl,bool neg)45 string PolicyCompiler_procurve_acl::printAccessGroupCmd(ciscoACL *acl, bool neg)
46 {
47     if (getSourceRuleSet()->isTop())
48     {
49         QString dir;
50         if (acl->direction()=="in"  || acl->direction()=="Inbound")  dir="in";
51         if (acl->direction()=="out" || acl->direction()=="Outbound") dir="out";
52 
53         QString addr_family_prefix = "ip";
54         if (ipv6) addr_family_prefix = "ipv6";
55 
56         // ProCurve uses different syntax for vlan ACLs
57         Interface *intf = acl->getInterface();
58         FWOptions *ifopt = intf->getOptionsObject();
59         string itype = ifopt->getStr("type");
60 
61         if (itype == "8021q")
62         {
63             int vlan_id = ifopt->getInt("vlan_id");
64             QStringList outp;
65             if (neg) outp.push_back("no");
66             outp.push_back("vlan");
67             outp.push_back(QString("%1").arg(vlan_id));
68             outp.push_back(addr_family_prefix);
69             outp.push_back(getAccessGroupCommandForAddressFamily(ipv6).c_str());
70             outp.push_back(acl->workName().c_str());
71             outp.push_back(dir);
72             return outp.join(" ").toStdString() + "\n";
73         } else
74         {
75             QStringList outp;
76             QStringList outp_combined;
77             outp_combined.push_back(
78                 QString("interface %1").arg(intf->getName().c_str()));
79 
80             if (neg) outp.push_back("no");
81             outp.push_back(addr_family_prefix);
82             outp.push_back(getAccessGroupCommandForAddressFamily(ipv6).c_str());
83             outp.push_back(acl->workName().c_str());
84             outp.push_back(dir);
85 
86             outp_combined.push_back("  " + outp.join(" "));
87             outp_combined.push_back("exit");
88             outp_combined.push_back("");
89             return outp_combined.join("\n").toStdString();
90         }
91     }
92     return "";
93 }
94 
95 
96