-
Notifications
You must be signed in to change notification settings - Fork 228
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PAN: Support for rule-type in security rules (#6291)
* PAN: Support for rule-type in security rules * fix semantics * Remove invalid intrazone rules * test that warning is logged * reject rule-type line while parsing as well; move rule removal to conversion * fix comment * remove unneeded change * better error messages
- Loading branch information
Showing
6 changed files
with
234 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
35 changes: 35 additions & 0 deletions
35
...s/batfish/src/test/resources/org/batfish/grammar/palo_alto/testconfigs/rulebase-rule-type
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
set deviceconfig system hostname rulebase-rule-type | ||
set network interface ethernet ethernet1/1 layer3 ip 1.1.1.1/24 | ||
set network interface ethernet ethernet1/4 layer3 ip 1.1.4.1/24 | ||
set zone z1 network layer3 [ ethernet1/1 ] | ||
set zone z2 network layer3 ethernet1/4 | ||
|
||
set rulebase security rules INTER from z1 | ||
set rulebase security rules INTER to z2 | ||
set rulebase security rules INTER source any | ||
set rulebase security rules INTER destination any | ||
set rulebase security rules INTER rule-type interzone | ||
|
||
set rulebase security rules INTRA from z1 | ||
set rulebase security rules INTRA to z1 | ||
set rulebase security rules INTRA source any | ||
set rulebase security rules INTRA destination any | ||
set rulebase security rules INTRA rule-type intrazone | ||
|
||
set rulebase security rules BADINTRA from z1 | ||
set rulebase security rules BADINTRA to z2 | ||
set rulebase security rules BADINTRA source any | ||
set rulebase security rules BADINTRA destination any | ||
set rulebase security rules BADINTRA rule-type intrazone | ||
|
||
set rulebase security rules UNIVERSAL from z1 | ||
set rulebase security rules UNIVERSAL to z2 | ||
set rulebase security rules UNIVERSAL source any | ||
set rulebase security rules UNIVERSAL destination any | ||
set rulebase security rules UNIVERSAL rule-type universal | ||
|
||
set rulebase security rules DEFAULT from z1 | ||
set rulebase security rules DEFAULT to z2 | ||
set rulebase security rules DEFAULT source any | ||
set rulebase security rules DEFAULT destination any | ||
|